PDA

View Full Version : Ready to get rid of SmitFraud and others ... (Solved)



ChristineOM
2009-01-02, 00:40
Appreciate any help -
Have run the spybot and still have some stragglers. HJT log below -


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:20:00 PM, on 1/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Sm9obg\command.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\svchost.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: (no name) - _{965A592F-8EFA-4250-8630-7960230792F1} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\fphkn.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,pknnxxc.exe,ddjfihw.exe,vhljqdm.exe
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [bppoxa] C:\WINDOWS\system32\bxlwxc.exe reg_run
O4 - HKLM\..\Run: [ttrsfu] C:\WINDOWS\system32\bxlwxc.exe reg_run
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA3704] command /c del "C:\WINDOWS\SYSTEM32\DRIVERS\core.cache.dsk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8248] cmd /c del "C:\WINDOWS\SYSTEM32\DRIVERS\core.cache.dsk"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [wmwpy] C:\WINDOWS\system32\bxlwxc.exe reg_run
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB6158] command /c del "C:\WINDOWS\SYSTEM32\DRIVERS\core.cache.dsk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6190] command /c del "C:\WINDOWS\SYSTEM32\DRIVERS\core.cache.dsk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8874] cmd /c del "C:\WINDOWS\SYSTEM32\DRIVERS\core.cache.dsk"
O4 - HKCU\..\Policies\Explorer\Run: [smlctr] C:\WINDOWS\System32\smlctr.exe
O4 - HKUS\S-1-5-21-1685927933-1582333133-359561344-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: gncht.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: vzTCPConfig - http://www.verizon.net/checkmypc/fios/includes/vzTCPConfig.CAB
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\snetextlca.mht!http://snipernet.us/ext1/lca.chm::/bridge-c32.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4} - http://www.alwaysupdatednews.com/install/aun_0034.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://vpn2.safelnk.net/dana-cached/setup/JuniperSetupSP1.cab
O18 - Protocol: bw+0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: favttj.dll luqwtk.dll oovhxs.dll gwqfkv.dll rseofg.dll umiayd.dll kzbwld.dll dctlyf.dll demnva.dll uupvyd.dll gouxer.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Sm9obg\command.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe (file missing)
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Performance Logs and Alerts (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe (file missing)

--
End of file - 21373 bytes

katana
2009-01-06, 20:13
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)


If you can do those few things, everything should go smoothly http://www.countingcows.de/laechel.gif

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe

----------------------------------------------------------------------------------------

I apologize for the delay in responding, but as you can probably see the forums are quite busy.
Unfortunately there are far more people needing help than there are helpers.

If you still require help please do the following


Download and Run RSIT

Please download Random's System Information Tool by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:

log.txt will be opened maximized.
info.txt will be opened minimized.

Please post the contents of both log.txt and info.txt.

ChristineOM
2009-01-07, 02:18
Many thanks for your reply.
The log.txt is pasted below. I didn't see an info.txt (even minimized)

Logfile of random's system information tool 1.05 (written by random/random)
Run by Bryan at 2009-01-06 19:05:34
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 15 GB (39%) free of 38 GB
Total RAM: 511 MB (22% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:05:37 PM, on 1/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Sm9obg\command.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\svchost.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\dwwin.exe
C:\Documents and Settings\Bryan\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Bryan.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: (no name) - _{965A592F-8EFA-4250-8630-7960230792F1} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\fphkn.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,pknnxxc.exe,ddjfihw.exe,vhljqdm.exe
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {1E461F4D-2DF9-42E0-A7B8-014F949F58A0} - (no file)
O2 - BHO: {e4574c1b-c1f8-01fa-1b74-33aac57cc182} - {281cc75c-aa33-47b1-af10-8f1cb1c4754e} - C:\WINDOWS\system32\rrxlbm.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\opnNdbBU.dll
O2 - BHO: (no name) - {76D8F8CF-EF41-468B-902B-EF0B6F79D8FA} - (no file)
O2 - BHO: (no name) - {77AB5974-55A3-4737-9FD5-B93C64307F78} - C:\WINDOWS\system32\usxmwqxm.dll
O2 - BHO: (no name) - {CDB4CDC1-8D84-4D0B-A724-56939DEC3AEC} - (no file)
O2 - BHO: (no name) - {D90A6FC1-C776-4C15-978E-C93EBEEA67D0} - (no file)
O2 - BHO: (no name) - {E740C6B4-C3D9-46FF-BDC9-E1DF309DA7AF} - C:\WINDOWS\system32\fcccBQHX.dll
O2 - BHO: (no name) - {FF7521C4-CCC3-4EA5-8047-5B2923CD7FD5} - (no file)
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [bppoxa] C:\WINDOWS\system32\bxlwxc.exe reg_run
O4 - HKLM\..\Run: [ttrsfu] C:\WINDOWS\system32\bxlwxc.exe reg_run
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [wmwpy] C:\WINDOWS\system32\bxlwxc.exe reg_run
O4 - HKCU\..\Policies\Explorer\Run: [smlctr] C:\WINDOWS\System32\smlctr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: vzTCPConfig - http://www.verizon.net/checkmypc/fios/includes/vzTCPConfig.CAB
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\snetextlca.mht!http://snipernet.us/ext1/lca.chm::/bridge-c32.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4} - http://www.alwaysupdatednews.com/install/aun_0034.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://vpn2.safelnk.net/dana-cached/setup/JuniperSetupSP1.cab
O18 - Protocol: bw+0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: favttj.dll luqwtk.dll oovhxs.dll gwqfkv.dll rseofg.dll umiayd.dll kzbwld.dll dctlyf.dll demnva.dll uupvyd.dll gouxer.dll rrxlbm.dll
O20 - Winlogon Notify: opnNdbBU - C:\WINDOWS\SYSTEM32\opnNdbBU.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Sm9obg\command.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe (file missing)
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Performance Logs and Alerts (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe (file missing)

--
End of file - 22031 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\sirokxyw.job
C:\WINDOWS\tasks\Symantec NetDetect.job
C:\WINDOWS\tasks\teebdtox.job
C:\WINDOWS\tasks\WebReg Photosmart C7200 series.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E461F4D-2DF9-42E0-A7B8-014F949F58A0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{281cc75c-aa33-47b1-af10-8f1cb1c4754e}]
C:\WINDOWS\system32\rrxlbm.dll [2009-01-06 129024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22}]
Verizon Broadband Toolbar - C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL [2007-05-25 1904128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-08-14 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
C:\WINDOWS\system32\opnNdbBU.dll [2008-12-08 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{76D8F8CF-EF41-468B-902B-EF0B6F79D8FA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77AB5974-55A3-4737-9FD5-B93C64307F78}]
C:\WINDOWS\system32\usxmwqxm.dll [2009-01-06 116736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CDB4CDC1-8D84-4D0B-A724-56939DEC3AEC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D90A6FC1-C776-4C15-978E-C93EBEEA67D0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E740C6B4-C3D9-46FF-BDC9-E1DF309DA7AF}]
C:\WINDOWS\system32\fcccBQHX.dll [2008-12-08 302592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF7521C4-CCC3-4EA5-8047-5B2923CD7FD5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - Verizon Broadband Toolbar - C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL [2007-05-25 1904128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MMTray"=C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe [2002-02-27 90112]
"Dell|Alert"=C:\Program Files\Dell\Support\Alert\bin\DAMon.exe [2002-07-11 270336]
"MCUpdateExe"=c:\PROGRA~1\mcafee.com\agent\mcupdate.exe [2006-01-11 212992]
"MCAgentExe"=c:\PROGRA~1\mcafee.com\agent\mcagent.exe [2005-09-22 303104]
"MPFExe"=C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe [2005-11-11 1005096]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2007-06-29 286720]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-09-26 267064]
"bppoxa"=C:\WINDOWS\system32\bxlwxc.exe reg_run []
"ttrsfu"=C:\WINDOWS\system32\bxlwxc.exe reg_run []
"Verizon_McciTrayApp"=C:\Program Files\Verizon\McciTrayApp.exe [2007-09-28 936960]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"=C:\Program Files\Microsoft Works\WkDetect.exe []
"wmwpy"=C:\WINDOWS\system32\bxlwxc.exe reg_run []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"smlctr"=C:\WINDOWS\System32\smlctr.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4576695a6f56]
C:\WINDOWS\System32\BCMSM136.exe [2005-04-30 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2002-04-10 679936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AHQInit]
C:\Program Files\Creative\SBLive\Program\AHQInit.exe [2001-03-28 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aqadcup]
C:\WINDOWS\aqadcup.exe [2004-08-04 249856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AUNPS2]
RUNDLL32 AUNPS2.DLL []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMan]
C:\Documents and Settings\All Users\Application Data\msw\BMan1.exe [2005-03-10 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bppoxa]
C:\WINDOWS\system32\bxlwxc.exe reg_run []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cfgmgr51]
C:\WINDOWS\cfgmgr51.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jw7mRkJ7V]
isrcapp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KavSvc]
C:\WINDOWS\System32\uruplv.exe reg_run []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kbd103]
C:\WINDOWS\System32\kbd103.exe [2005-04-30 55687]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ktbyo]
C:\WINDOWS\System32\ogpgns.exe reg_run []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
\Program\ []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe [2005-09-22 303104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe [2006-01-11 212992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Microsoft Works\WkDetect.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe [2005-11-11 1005096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msresearch]
C:\WINDOWS\msresearch.exe [2005-08-02 40176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV Agent]
C:\PROGRA~1\NORTON~1\navapw32.exe [2002-02-27 75384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\System32\NvCpl.dll [2003-10-06 5058560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nxtwnq]
C:\WINDOWS\system32\ogpgns.exe reg_run []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProSiteFinder]
C:\Program Files\ProSiteFinder\prositefinder.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\razin]
C:\DOCUME~1\Bryan\LOCALS~1\Temp\rm05040901.Stub.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe [2002-09-28 26112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe [2004-11-02 218240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\storprop]
C:\WINDOWS\System32\storprop.exe [2001-08-10 54662]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe [2005-05-22 100056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VBouncer]
C:\PROGRA~1\VBouncer\VirtualBouncer.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Win Server Updt]
C:\WINDOWS\wupdt.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTools]
C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winupdtl]
C:\WINDOWS\System32\winupdt.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wmwpy]
C:\WINDOWS\system32\bxlwxc.exe reg_run []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2006-11-30 4662776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zkletqr]
C:\WINDOWS\zkletqr.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
C:\PROGRA~1\DIGITA~1\DLG.exe [2002-02-15 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^gncht.exe]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\gncht.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP OfficeJet Startup.lnk]
C:\PROGRA~1\HEWLET~1\HPOFFI~1\Bin\HPOstr05.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
C:\PROGRA~1\COMMON~1\MICROS~1\WORKSS~1\wkcalrem.exe [2001-08-07 24633]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkvMon.exe.lnk]
C:\PROGRA~1\Nikon\NkView5\NkvMon.exe [2002-07-23 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^rdri.exe]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\rdri.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Bryan^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
C:\Documents and Settings\Bryan\Local Settings\Temp\{F365626A-7FC9-4AB8-8F2C-030F89A101FF}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe /remind /language=ENU /PRNM=RollerCoaster Tycoon 3/PRMP=RCT3/SKUN=PCXX/GTYP=STRY []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"navapsvc"=2
"mnmsrvc"=3

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="favttj.dll luqwtk.dll oovhxs.dll gwqfkv.dll rseofg.dll umiayd.dll kzbwld.dll dctlyf.dll demnva.dll uupvyd.dll gouxer.dll rrxlbm.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnNdbBU]
C:\WINDOWS\system32\opnNdbBU.dll [2008-12-08 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=C:\WINDOWS\system32\opnNdbBU.dll [2008-12-08 34816]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\fcccBQHX

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=5F000000
""=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe"="C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"D:\setup\HPZNUI01.EXE"="D:\setup\HPZNUI01.EXE:*:Enabled:hpznui01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - D:\setup.EXE /autorun
shell\dxsetup\command - D:\directx\dxsetup.exe
shell\sampler\command - D:\sampler\sampler.exe
shell\setup\command - D:\setup.exe
shell\zoneb501\command - D:\sampler\demos\zone\zoneb501.exe


======List of files/folders created in the last 1 months======

2009-01-06 19:04:16 ----D---- C:\rsit
2009-01-06 15:45:11 ----A---- C:\WINDOWS\system32\usxmwqxm.dll
2009-01-06 15:43:16 ----A---- C:\WINDOWS\system32\rrxlbm.dll
2009-01-06 15:43:15 ----A---- C:\WINDOWS\system32\haxpmxtj.dll
2009-01-05 15:48:12 ----A---- C:\WINDOWS\system32\kdliib.dll
2009-01-05 15:48:11 ----A---- C:\WINDOWS\system32\gmmxeqsx.dll
2009-01-05 15:45:12 ----SH---- C:\WINDOWS\system32\akgnhnnr.ini
2009-01-05 15:45:11 ----A---- C:\WINDOWS\system32\rnnhngka.dll
2009-01-04 21:36:23 ----D---- C:\Rosary
2009-01-04 15:45:45 ----A---- C:\WINDOWS\system32\prvbgq.dll
2009-01-04 15:45:45 ----A---- C:\WINDOWS\system32\ckuammap.dll
2009-01-04 15:39:06 ----SH---- C:\WINDOWS\system32\vprlxkxq.ini
2009-01-04 15:38:57 ----N---- C:\WINDOWS\system32\qxkxlrpv.dll
2009-01-04 15:30:08 ----A---- C:\WINDOWS\system32\atmtd.dll._
2009-01-04 15:30:08 ----A---- C:\WINDOWS\system32\atmtd.dll
2009-01-03 15:32:22 ----A---- C:\WINDOWS\system32\rxrjjm.dll
2009-01-03 15:32:21 ----A---- C:\WINDOWS\system32\ebatwrhg.dll
2009-01-03 15:29:16 ----SH---- C:\WINDOWS\system32\npfwvlig.ini
2009-01-03 15:29:15 ----A---- C:\WINDOWS\system32\gilvwfpn.dll
2009-01-02 15:35:20 ----A---- C:\WINDOWS\system32\ggsnze.dll
2009-01-02 15:35:19 ----A---- C:\WINDOWS\system32\ylhroymt.dll
2009-01-02 15:35:16 ----SH---- C:\WINDOWS\system32\mlyupgbe.ini
2009-01-01 17:20:00 ----ASH---- C:\WINDOWS\system32\XHQBcccf.ini2
2009-01-01 15:35:16 ----A---- C:\WINDOWS\system32\gouxer.dll
2009-01-01 15:35:15 ----A---- C:\WINDOWS\system32\ddlkkhjq.dll
2009-01-01 15:32:20 ----SH---- C:\WINDOWS\system32\hidugfml.ini
2008-12-31 15:33:58 ----A---- C:\WINDOWS\system32\uupvyd.dll
2008-12-31 15:33:58 ----A---- C:\WINDOWS\system32\tinvvlic.dll
2008-12-31 15:27:58 ----A---- C:\WINDOWS\system32\pfpixslt.dll
2008-12-30 15:35:24 ----A---- C:\WINDOWS\system32\demnva.dll
2008-12-30 15:35:23 ----A---- C:\WINDOWS\system32\uiisxfcn.dll
2008-12-30 15:32:24 ----A---- C:\WINDOWS\system32\hafjmsjf.dll
2008-12-30 13:32:24 ----D---- C:\Program Files\Trend Micro
2008-12-29 15:29:29 ----A---- C:\WINDOWS\system32\wfsqdxks.dll
2008-12-29 15:29:29 ----A---- C:\WINDOWS\system32\dctlyf.dll
2008-12-29 15:26:47 ----A---- C:\WINDOWS\system32\afmageko.dll
2008-12-28 15:28:21 ----A---- C:\WINDOWS\system32\cmogdfgc.dll
2008-12-28 15:25:32 ----A---- C:\WINDOWS\system32\ouogxuvx.dll
2008-12-28 15:25:32 ----A---- C:\WINDOWS\system32\kzbwld.dll
2008-12-27 15:31:22 ----A---- C:\WINDOWS\system32\qhpueb.dll
2008-12-27 15:31:21 ----A---- C:\WINDOWS\system32\ccnfbfba.dll
2008-12-27 10:23:49 ----A---- C:\WINDOWS\system32\gkojvx.dll
2008-12-27 10:23:48 ----A---- C:\WINDOWS\system32\cjogrmlf.dll
2008-12-27 10:21:22 ----A---- C:\WINDOWS\system32\vjnvxhss.dll
2008-12-26 09:57:16 ----A---- C:\WINDOWS\system32\zgwmak.dll
2008-12-26 09:57:15 ----A---- C:\WINDOWS\system32\ysyiajle.dll
2008-12-26 09:53:19 ----A---- C:\WINDOWS\system32\fjlaatqg.dll
2008-12-23 22:13:11 ----A---- C:\WINDOWS\system32\rfdmgamj.dll
2008-12-23 22:04:12 ----A---- C:\WINDOWS\system32\umiayd.dll
2008-12-23 22:04:12 ----A---- C:\WINDOWS\system32\qgdtleih.dll
2008-12-22 22:04:12 ----A---- C:\WINDOWS\system32\rseofg.dll
2008-12-22 22:04:12 ----A---- C:\WINDOWS\system32\erbvohna.dll
2008-12-22 10:34:24 ----A---- C:\WINDOWS\system32\gwqfkv.dll
2008-12-22 10:34:23 ----A---- C:\WINDOWS\system32\vwxolaof.dll
2008-12-21 10:33:00 ----A---- C:\WINDOWS\system32\enrurk.dll
2008-12-21 10:32:59 ----A---- C:\WINDOWS\system32\npkupuxw.dll
2008-12-21 10:29:45 ----A---- C:\WINDOWS\system32\uwdoohys.dll
2008-12-20 05:06:39 ----A---- C:\WINDOWS\system32\trsjbfyp.dll
2008-12-20 05:03:40 ----A---- C:\WINDOWS\system32\ugnrgydt.dll
2008-12-20 05:03:40 ----A---- C:\WINDOWS\system32\oovhxs.dll
2008-12-19 05:03:40 ----A---- C:\WINDOWS\system32\luqwtk.dll
2008-12-19 05:03:40 ----A---- C:\WINDOWS\system32\eqmwctiy.dll
2008-12-18 05:06:39 ----A---- C:\WINDOWS\system32\ofztdj.dll
2008-12-18 05:06:39 ----A---- C:\WINDOWS\system32\lckpooal.dll
2008-12-18 02:57:04 ----D---- C:\WINDOWS\system32\LogFiles
2008-12-17 05:00:39 ----A---- C:\WINDOWS\system32\favttj.dll
2008-12-17 05:00:39 ----A---- C:\WINDOWS\system32\bjrkpdmo.dll
2008-12-16 17:27:53 ----A---- C:\WINDOWS\system32\eafkjp.dll
2008-12-16 17:27:52 ----A---- C:\WINDOWS\system32\aiajkvso.dll
2008-12-15 19:08:39 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-12-15 19:08:38 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2008-12-15 19:08:38 ----D---- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
2008-12-15 19:08:38 ----D---- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2008-12-15 16:02:19 ----A---- C:\WINDOWS\system32\suppdhkw.dll
2008-12-15 16:02:19 ----A---- C:\WINDOWS\system32\ftkusm.dll
2008-12-14 15:57:27 ----A---- C:\WINDOWS\system32\cakcmfsv.dll
2008-12-14 15:57:27 ----A---- C:\WINDOWS\system32\blhdsp.dll
2008-12-14 15:55:03 ----A---- C:\WINDOWS\system32\adkbnqlk.dll
2008-12-14 09:03:28 ----A---- C:\WINDOWS\system32\xittxkdt.dll
2008-12-14 09:03:28 ----A---- C:\WINDOWS\system32\adedbt.dll
2008-12-13 09:01:32 ----A---- C:\WINDOWS\system32\qvkler.dll
2008-12-13 09:01:31 ----A---- C:\WINDOWS\system32\hnuipfpo.dll
2008-12-11 19:35:52 ----A---- C:\WINDOWS\system32\eaqmcc.dll
2008-12-11 19:35:51 ----A---- C:\WINDOWS\system32\bmmvnfpd.dll
2008-12-11 19:35:06 ----A---- C:\WINDOWS\system32\ryynclkb.dll
2008-12-10 20:31:17 ----A---- C:\WINDOWS\system32\fgiozn.dll
2008-12-10 20:31:15 ----A---- C:\WINDOWS\system32\feeifjgx.dll
2008-12-10 20:30:25 ----A---- C:\WINDOWS\system32\adsgjyop.dll
2008-12-09 22:37:26 ----A---- C:\WINDOWS\wininit.ini
2008-12-08 23:30:38 ----A---- C:\WINDOWS\system32\ljJBttUK.dll
2008-12-08 12:44:41 ----SHD---- C:\WINDOWS\Sm9obg
2008-12-08 12:44:03 ----D---- C:\WINDOWS\system32\ki3
2008-12-08 12:44:03 ----D---- C:\WINDOWS\system32\in
2008-12-08 12:44:03 ----D---- C:\WINDOWS\system32\C
2008-12-08 12:43:05 ----A---- C:\WINDOWS\system32\iiffCUKc.dll
2008-12-08 12:42:03 ----A---- C:\WINDOWS\system32\rhuthw.dll
2008-12-08 12:41:59 ----A---- C:\WINDOWS\system32\pfnoirci.dll
2008-12-08 12:40:44 ----A---- C:\WINDOWS\system32\aqrndpal.dll
2008-12-08 12:40:07 ----A---- C:\WINDOWS\system32\cbdd6ed2-.txt
2008-12-08 12:38:50 ----ASH---- C:\WINDOWS\system32\XHQBcccf.ini
2008-12-08 12:38:44 ----A---- C:\WINDOWS\system32\fcccBQHX.dll
2008-12-08 12:34:09 ----A---- C:\WINDOWS\system32\byXrOGwV.dll
2008-12-08 12:33:36 ----A---- C:\WINDOWS\system32\opnNdbBU.dll
2008-12-08 12:32:38 ----A---- C:\WINDOWS\system32\prunnet.exe

======List of files/folders modified in the last 1 months======

2009-01-06 19:05:14 ----D---- C:\WINDOWS\Prefetch
2009-01-06 16:11:42 ----D---- C:\Program Files\Mozilla Firefox
2009-01-06 15:46:22 ----AD---- C:\WINDOWS\SYSTEM32
2009-01-06 15:39:27 ----D---- C:\WINDOWS\Temp
2009-01-06 15:24:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-05 18:52:52 ----SHD---- C:\WINDOWS\Installer
2009-01-05 18:44:58 ----AD---- C:\WINDOWS
2009-01-04 15:31:34 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-02 15:49:14 ----D---- C:\WINDOWS\Registration
2008-12-30 16:50:56 ----D---- C:\WINDOWS\Minidump
2008-12-30 13:32:24 ----AD---- C:\Program Files
2008-12-16 19:10:30 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-15 19:31:30 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-08 23:30:55 ----SD---- C:\WINDOWS\Tasks
2008-12-08 12:44:43 ----D---- C:\temp
2008-12-07 20:24:34 ----D---- C:\BryanSchool
2008-12-07 20:00:12 ----A---- C:\WINDOWS\HPODJC05.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2002-09-20 59440]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2002-09-20 23724]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2002-04-10 236032]
R1 hidbthh;hidbthh; C:\WINDOWS\System32\drivers\hidbthh.sys [2008-12-08 86272]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 MPFIREWL;MPFIREWL; C:\WINDOWS\System32\Drivers\MpFirewall.sys [2005-11-11 80640]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2002-04-10 117898]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-04-05 267192]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2002-04-10 206336]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2002-09-28 8552]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\PfModNT.sys []
R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [2001-08-17 3712]
R3 DM9102;DAVICOM 9102(A) PCI Fast Ethernet Based NT Driver; C:\WINDOWS\System32\DRIVERS\DM9PCI5.SYS [2001-08-17 29696]
R3 emu10k;Creative SB Live! Value (WDM); C:\WINDOWS\system32\drivers\emu10k1f.sys [2001-09-13 777088]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlface.sys [2001-07-11 6912]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2002-04-10 29638]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2003-11-09 28164]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-10-06 1550043]
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfman.sys [2001-08-31 36992]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-04 42496]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 Dot4;IEEE-1284.4 Driver; C:\WINDOWS\System32\DRIVERS\Dot4.sys [2004-08-04 207360]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\System32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2002-04-10 24554]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 hidgame;Microsoft Hid to Joystick Port Enabler; C:\WINDOWS\System32\DRIVERS\hidgame.sys [2001-08-17 8576]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys []
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys []
S3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\drivers\LVPr2Mon.sys []
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NAVAP;NAVAP; \??\C:\WINDOWS\System32\Drivers\NAVAP.SYS []
S3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20020227.005\NAVENG.SYS []
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20020227.005\NAVEX15.SYS []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 nv4;nv4; C:\WINDOWS\System32\DRIVERS\nv4.sys [2001-08-17 731648]
S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys []
S3 PID_08A0;Logitech QuickCam IM(PID_08A0); C:\WINDOWS\system32\DRIVERS\LV302AV.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 SNDP202;Dual Mode Camera (8008 VGA); C:\WINDOWS\system32\DRIVERS\sndp202.sys [2003-01-16 245120]
S3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\System32\DRIVERS\serscan.sys [2001-08-17 6784]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-04-05 17976]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2007-09-06 30336]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2004-08-04 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2004-08-04 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2004-08-04 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2004-08-04 5504]
S4 mchInjDrv;mchInjDrv; \??\C:\WINDOWS\TEMP\mc21.tmp []
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2004-08-04 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2004-08-04 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 cmdService;Command Service; C:\WINDOWS\Sm9obg\command.exe [2005-08-02 293888]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.EXE [1999-12-13 44032]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 HPSLPSVC;HP Network Devices Support; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 McDetect.exe;McAfee WSC Integration; c:\program files\mcafee.com\agent\mcdetect.exe [2005-10-13 126976]
R2 McTskshd.exe;McAfee Task Scheduler; c:\PROGRA~1\mcafee.com\agent\mctskshd.exe [2005-08-24 122368]
R2 mcupdmgr.exe;McAfee SecurityCenter Update Manager; C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe [2005-07-01 245760]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2003-10-06 81920]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 SymWSC;SymWMI Service; C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-11-02 316544]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2004-08-11 38912]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-06-26 53520]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-09-26 503608]
R3 MpfService;McAfee Personal Firewall Service; C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe [2005-11-11 548864]
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
S2 LVPrcSrv;Logitech Process Monitor; c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe []
S2 SBService;ScriptBlocking Service; C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe [2001-08-13 54408]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-04-05 206552]
S4 navapsvc;Norton AntiVirus Auto Protect Service; C:\Program Files\Norton AntiVirus\navapsvc.exe [2002-02-27 116344]

-----------------EOF-----------------

ChristineOM
2009-01-07, 02:22
Small bit of important info I left out ...
From the Task Manager, I have stopped the svchost.exe that ties up all the CPU. I can't do much of anything when that is running.
Also, as soon as I run spybot, I get the message that cmdService is running and I stop that.

katana
2009-01-07, 12:31
Information


AntiVirus
You appear to have Symantec and McAfee
First you should know that you're actually doing more harm than good by running more than one Anti Virus program.
When you do this the programs compete for resources, and the end result is none does it's best and can cause system instability.
I recommend that you choose one that you want to keep.
The other/s I would either uninstall, or disable from startup and use as "on demand" for an occasional scan.
----------------------------------------------------------- -----------------------------------------------------------

Step 1

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware (http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
Update Malwarebytes' Anti-Malware
and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If requested, please reboot
If you accidently close it, the log file is saved here and will be named like this:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


----------------------------------------------------------- -----------------------------------------------------------
Step 2

Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply
Re-enable all the programs that were disabled during the running of ComboFix..


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


----------------------------------------------------------- -----------------------------------------------------------
Step 3

Logs/Information to Post in Reply
Please post the following logs/Information in your reply

MalwareBytes Log
Combofix Log
C:\RSIT\Info.txt
How are things running now ?

ChristineOM
2009-01-08, 13:52
My poor, neglected, infected system ...
I am posting the mbam log here before I reboot. I'll run the ComboFix and post logs after I reboot.

Malwarebytes' Anti-Malware 1.32
Database version: 1629
Windows 5.1.2600 Service Pack 2

1/8/2009 6:43:40 AM
mbam-log-2009-01-08 (06-43-39).txt

Scan type: Full Scan (C:\|F:\|)
Objects scanned: 205393
Time elapsed: 6 hour(s), 34 minute(s), 31 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 20
Registry Keys Infected: 49
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 2
Files Infected: 119

Memory Processes Infected:
C:\WINDOWS\Sm9obg\command.exe (Adware.CommAd) -> Failed to unload process.

Memory Modules Infected:
C:\WINDOWS\SYSTEM32\fcccBQHX.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\hxrhdjea.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\Sm9obg\asappsrv.dll (Adware.CommAd) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\opnNdbBU.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\favttj.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\luqwtk.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\oovhxs.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\gwqfkv.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\rseofg.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\umiayd.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\kzbwld.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\dctlyf.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\uupvyd.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\rxrjjm.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\ckuammap.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\gmmxeqsx.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\kdliib.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\haxpmxtj.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\rrxlbm.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\usxmwqxm.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnndbbu (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e740c6b4-c3d9-46ff-bdc9-e1df309da7af} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{e740c6b4-c3d9-46ff-bdc9-e1df309da7af} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77ab5974-55a3-4737-9fd5-b93c64307f78} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{77ab5974-55a3-4737-9fd5-b93c64307f78} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{43d59c57-3d62-42e0-89ca-da325ccda457} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{43d59c57-3d62-42e0-89ca-da325ccda457} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{12258ddf-f22f-4625-a2a2-f1f301c2d1f7} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{12258ddf-f22f-4625-a2a2-f1f301c2d1f7} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a189e6f0-fb27-494a-9e14-05bea9ebae9a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a189e6f0-fb27-494a-9e14-05bea9ebae9a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{578af4b5-2fef-465f-b3e2-2f9e06cd9147} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f5945edf-7050-4210-863b-6e3d59d26ae6} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f5945edf-7050-4210-863b-6e3d59d26ae6} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1968df45-6820-4255-9562-611e6d0e49bb} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{921f0f5a-6c25-483e-b90e-22515ecea5a8} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{921f0f5a-6c25-483e-b90e-22515ecea5a8} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{59fc4bff-3462-4d23-93b9-585a20e8307d} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{59fc4bff-3462-4d23-93b9-585a20e8307d} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cc9535ab-1ea9-4203-9760-87da5ec00f78} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cc9535ab-1ea9-4203-9760-87da5ec00f78} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e740c6b4-c3d9-46ff-bdc9-e1df309da7af} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdservice (Adware.CommAd) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdservice (Adware.CommAd) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdservice (Adware.CommAd) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{281cc75c-aa33-47b1-af10-8f1cb1c4754e} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{281cc75c-aa33-47b1-af10-8f1cb1c4754e} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{77ab5974-55a3-4737-9fd5-b93c64307f78} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prunnet (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\YourSiteBar (Trojan.Istbar) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\fcccbqhx -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\fcccbqhx

ChristineOM
2009-01-08, 16:18
ComboFix log -
The system did restart while ComboFix was running. I wasn't watching, so I didn't see what step it was on. When it came back up, the startup programs started so I had to kill the McA and Sym.

RSIT/info.txt below.


ComboFix 09-01-07.02 - Bryan 2009-01-08 8:29:03.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.204 [GMT -5:00]
Running from: c:\documents and settings\Bryan\Desktop\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Outdated)
FW: McAfee Personal Firewall Plus *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Bryan\Local Settings\Temporary Internet Files\Tvm.log
c:\documents and settings\David\Application Data\Sskdmns.dll
c:\documents and settings\John\Local Settings\Temporary Internet Files\bestwiner.stt
c:\documents and settings\John\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\John\Local Settings\Temporary Internet Files\Tvm.log
c:\temp\DIV55
c:\temp\DIV55\xDb.log
c:\temp\tn3
c:\windows\bundles
c:\windows\bundles\2504041019.exe_
c:\windows\bundles\77_350_i.exe
c:\windows\bundles\adv0ltc0m.exe_
c:\windows\bundles\bs5-vwqouc.exe_
c:\windows\bundles\CSV7P070.exe_
c:\windows\bundles\d_otbp.exe_
c:\windows\bundles\HelperInstaller.exe.tmp
c:\windows\bundles\HelperInstaller.exe_
c:\windows\bundles\ICMedia-350.exe
c:\windows\bundles\james_dh.exe
c:\windows\bundles\omni2.exe
c:\windows\bundles\optimizejames.exe_
c:\windows\bundles\runsearch.exe_
c:\windows\bundles\setup_silent_25040.exe
c:\windows\bundles\setup_silent_26221.exe_
c:\windows\bundles\setup356.exe
c:\windows\bundles\shopinst.exe_
c:\windows\bundles\thin-117-1-x-x.exe
c:\windows\bundles\traspec7.exe
c:\windows\bundles\TVM_B5_Bundle_8.EXE
c:\windows\bundles\txdesuf.exe_
c:\windows\bundles\vl_ezstub.exe_
c:\windows\IE4 Error Log.txt
c:\windows\system32\AutoRun.inf
c:\windows\system32\byXrOGwV.dll
c:\windows\system32\C
c:\windows\system32\Cache
c:\windows\system32\Cache\AUNIcons.exe
c:\windows\system32\Cache\dist006.exe
c:\windows\system32\Cache\HelperInstall.exe
c:\windows\system32\Cache\InstallAPS.exe
c:\windows\system32\Cache\installer_MARKETING17.exe
c:\windows\system32\Cache\mswinstall.exe
c:\windows\system32\Cache\setup1021.exe
c:\windows\system32\ddlkkhjq.dll
c:\windows\system32\demnva.dll
c:\windows\system32\dktvciab.dll
c:\windows\system32\dmonwv.dll
c:\windows\system32\gouxer.dll
c:\windows\system32\hidugfml.ini
c:\windows\system32\IN
c:\windows\system32\kbd103.exe
c:\windows\system32\ki3
c:\windows\system32\ljJBttUK.dll
c:\windows\system32\mlyupgbe.ini
c:\windows\system32\rfdmgamj.dll
c:\windows\system32\uiisxfcn.dll
c:\windows\system32\vjnvxhss.dll
c:\windows\system32\zihlwl.dll
c:\windows\Tasks\sirokxyw.job
c:\windows\Tasks\teebdtox.job

----- BITS: Possible infected sites -----

hxxp://childhe.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SVCPROC
-------\Legacy_ZESOFT


((((((((((((((((((((((((( Files Created from 2008-12-08 to 2009-01-08 )))))))))))))))))))))))))))))))
.

2009-01-07 17:03 . 2009-01-07 17:03 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-07 17:03 . 2009-01-07 17:03 <DIR> d-------- c:\documents and settings\Bryan\Application Data\Malwarebytes
2009-01-07 17:03 . 2009-01-07 17:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-07 17:03 . 2009-01-04 18:38 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2009-01-07 17:03 . 2009-01-04 18:38 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2009-01-07 07:25 . 2009-01-07 07:26 <DIR> d-------- c:\windows\3075C5C308074924AF8FFF27052C12AE.TMP
2009-01-06 19:08 . 2009-01-06 19:11 754 --a------ c:\windows\WORDPAD.INI
2009-01-06 19:04 . 2009-01-06 19:04 <DIR> d-------- C:\rsit
2009-01-04 21:36 . 2009-01-04 22:23 <DIR> d-------- C:\Rosary
2008-12-30 13:32 . 2008-12-30 13:32 <DIR> d-------- c:\program files\Trend Micro
2008-12-26 09:57 . 2008-12-26 09:57 <DIR> d-------- c:\documents and settings\LocalService\Application Data\AdobeUM
2008-12-26 09:55 . 2008-12-26 09:55 <DIR> d-------- c:\documents and settings\LocalService\Application Data\HPAppData
2008-12-18 02:57 . 2008-12-18 02:57 <DIR> d-------- c:\windows\SYSTEM32\LogFiles
2008-12-15 19:08 . 2008-12-15 19:08 <DIR> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-12-15 19:08 . 2008-12-15 19:12 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2008-12-15 19:08 . 2008-12-15 19:08 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-12-15 19:08 . 2008-12-15 19:08 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-12-09 22:37 . 2009-01-01 17:19 607 --a------ c:\windows\wininit.ini
2008-12-09 20:40 . 2008-12-15 20:20 <DIR> d-------- c:\documents and settings\John\Application Data\Twain
2008-12-08 12:44 . 2009-01-08 06:59 <DIR> d--hs---- c:\windows\Sm9obg

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-17 00:10 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-16 00:31 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-24 13:33 --------- d-----w c:\documents and settings\John\Application Data\Juniper Networks
2008-11-22 15:28 --------- d-----w c:\program files\EA SPORTS
2008-01-29 23:51 72,312 ----a-w c:\documents and settings\Bryan\Application Data\GDIPFONTCACHEV1.DAT
2007-11-17 18:10 72,312 ----a-w c:\documents and settings\John\Application Data\GDIPFONTCACHEV1.DAT
2004-10-25 22:40 66 ----a-w c:\documents and settings\Bryan\Application Data\tvmcwrd.dll
2004-10-25 22:40 64 ----a-w c:\documents and settings\Bryan\Application Data\tvmuknwrd.dll
2004-10-25 06:10 30 ----a-w c:\documents and settings\John\Application Data\tvmcwrd.dll
2008-12-22 15:36 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-22 15:36 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-22 15:36 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-22 15:36 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-22 15:36 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
1998-04-02 21:51 77,312 --sha-r c:\windows\ic.exe
1998-04-02 21:55 80,384 --sha-r c:\windows\icfire.exe
1997-07-23 16:03 11,338 --sha-r c:\windows\ts.dll
2005-07-29 21:24 472 --sha-r c:\windows\Sm9obg\mA6Cv0.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ktbyo"="c:\windows\system32\ogpgns.exe" [2006-02-27 219136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2002-02-27 90112]
"Dell|Alert"="c:\program files\Dell\Support\Alert\bin\DAMon.exe" [2002-07-11 270336]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 212992]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 1005096]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-26 267064]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2007-09-28 936960]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"nxtwnq"="c:\windows\system32\ogpgns.exe" [2006-02-27 219136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
gncht.exe [2006-02-27 219136]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe, c:\windows\system32\fphkn.exe"
"Userinit"="c:\windows\system32\userinit.exe,pknnxxc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= c:\windows\System32\ctmp3.acm
"aux"= ctwdm32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^gncht.exe]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\gncht.exe
backup=c:\windows\pss\gncht.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP OfficeJet Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP OfficeJet Startup.lnk
backup=c:\windows\pss\HP OfficeJet Startup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkvMon.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk
backup=c:\windows\pss\NkvMon.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^rdri.exe]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\rdri.exe
backup=c:\windows\pss\rdri.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Bryan^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=c:\documents and settings\Bryan\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=c:\windows\pss\RollerCoaster Tycoon 3 Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
\Program\ [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4576695a6f56]
--a------ 2005-04-30 14:12 90112 c:\windows\SYSTEM32\BCMSM136.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
--a------ 2002-04-10 16:44 679936 c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AHQInit]
--a------ 2001-03-28 01:00 102400 c:\program files\Creative\SBLive\Program\AHQINIT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aqadcup]
--a------ 2004-08-04 14:29 249856 c:\windows\aqadcup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMan]
--a------ 2005-03-10 16:33 45056 c:\documents and settings\All Users\Application Data\msw\BMan1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ktbyo]
--a------ 2006-02-27 06:32 219136 c:\windows\SYSTEM32\ogpgns.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
--a------ 2005-09-22 18:29 303104 c:\progra~1\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
--a------ 2006-01-11 12:05 212992 c:\progra~1\McAfee.com\Agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
--a------ 2005-11-11 17:00 1005096 c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msresearch]
--a------ 2005-08-02 10:37 40176 c:\windows\msresearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV Agent]
--a------ 2002-02-27 11:27 75384 c:\progra~1\NORTON~1\Navapw32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2003-10-06 13:16 5058560 c:\windows\SYSTEM32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nxtwnq]
--a------ 2006-02-27 06:32 219136 c:\windows\SYSTEM32\ogpgns.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2002-09-28 09:40 26112 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
--a------ 2004-11-02 15:59 218240 c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\storprop]
--a------ 2001-08-10 20:02 54662 c:\windows\SYSTEM32\storprop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
--a------ 2005-05-22 14:26 100056 c:\progra~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--------- 2006-11-30 21:49 4662776 c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AUNPS2]
--a------ 2005-04-30 13:59 24576 c:\windows\SYSTEM32\AUNPS2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
--a------ 2003-08-29 04:59 122880 c:\windows\BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2003-10-06 13:16 741376 c:\windows\SYSTEM32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"navapsvc"=2 (0x2)
"mnmsrvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WinTools"=c:\program files\Common Files\WinTools\WToolsA.exe
"AutoUpdater"="c:\program files\AutoUpdate\AutoUpdate.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

S1 hidbthh;hidbthh;c:\windows\system32\drivers\hidbthh.sys --> c:\windows\system32\drivers\hidbthh.sys [?]
S3 SNDP202;Dual Mode Camera (8008 VGA);c:\windows\SYSTEM32\DRIVERS\sndp202.sys [2007-10-09 245120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setup.EXE /autorun
\Shell\dxsetup\command - d:\directx\dxsetup.exe
\Shell\sampler\command - d:\sampler\sampler.exe
\Shell\setup\command - D:\setup.exe
\Shell\zoneb501\command - d:\sampler\demos\zone\zoneb501.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\e713b726-9869-409a-a312-71afe5e6ea0b]
c:\windows\System32\dcdmxbr.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-03 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job
- c:\progra~1\NORTON~1\NAVW32.exe [2002-02-27 11:28]

2009-01-08 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-14 11:24]

2009-01-08 c:\windows\Tasks\WebReg Photosmart C7200 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2007-03-11 20:27]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-_{965A592F-8EFA-4250-8630-7960230792F1} - (no file)
BHO-{1E461F4D-2DF9-42E0-A7B8-014F949F58A0} - (no file)
BHO-{76D8F8CF-EF41-468B-902B-EF0B6F79D8FA} - (no file)
BHO-{CDB4CDC1-8D84-4D0B-A724-56939DEC3AEC} - (no file)
BHO-{D90A6FC1-C776-4C15-978E-C93EBEEA67D0} - (no file)
BHO-{FF7521C4-CCC3-4EA5-8047-5B2923CD7FD5} - (no file)
HKCU-Run-Microsoft Works Update Detection - c:\program files\Microsoft Works\WkDetect.exe
HKCU-Explorer_Run-smlctr - c:\windows\System32\smlctr.exe
MSConfigStartUp-bppoxa - c:\windows\system32\bxlwxc.exe
MSConfigStartUp-cfgmgr51 - c:\windows\cfgmgr51.dll
MSConfigStartUp-KavSvc - c:\windows\System32\uruplv.exe
MSConfigStartUp-kbd103 - c:\windows\System32\kbd103.exe
MSConfigStartUp-Microsoft Works Update Detection - c:\program files\Microsoft Works\WkDetect.exe
MSConfigStartUp-ProSiteFinder - c:\program files\ProSiteFinder\prositefinder.exe
MSConfigStartUp-razin - c:\docume~1\Bryan\LOCALS~1\Temp\rm05040901.Stub.exe
MSConfigStartUp-VBouncer - c:\progra~1\VBouncer\VirtualBouncer.exe
MSConfigStartUp-Win Server Updt - c:\windows\wupdt.exe
MSConfigStartUp-WinTools - c:\progra~1\COMMON~1\WinTools\WToolsA.exe
MSConfigStartUp-winupdtl - c:\windows\System32\winupdt.exe
MSConfigStartUp-wmwpy - c:\windows\system32\bxlwxc.exe
MSConfigStartUp-zkletqr - c:\windows\zkletqr.exe
MSConfigStartUp-Jw7mRkJ7V - isrcapp.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://ie.search.msn.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\Downloaded Program Files\vzTCPConfig.dll - O16 -: vzTCPConfig
hxxp://www.verizon.net/checkmypc/fios/includes/vzTCPConfig.CAB
c:\windows\Downloaded Program Files\OSD22.OSD
FF - ProfilePath - c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\e2mv3zne.default\
FF - prefs.js: browser.search.selectedEngine - Verizon
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-08 08:51:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
MMTray = c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe?w???g@8??V??g@8??SOFTWARE\MusicMatch\MusicMatch Jukebox\4.0\TrayApp??????? ?w?????????????\?wp ?w???????w???g ?????&????g?????DY????????gB8??2???????????<?????@???X???X????????????????? ?Y???????Q?????
Dell|Alert = c:\program files\Dell\Support\Alert\bin\DAMon.exe?p?o?r?t?\?A?l?e?r?t?\?b?i?n?\?D?A?M?o?n?.?e?x?e????????????:??????x???????X???????????????P????(?w'(?w????????????(???s??????w????????????0????$?w7(?w?o?wS??w???w????????????X*@?????????X????????%@?e?????

scanning hidden files ...


c:\documents and settings\All Users\Start Menu\Programs\Startup\gncht.exe 219136 bytes executable
c:\windows\system32\ogpgns.exe 219136 bytes executable
c:\windows\system32\fphkn.exe 35328 bytes executable
c:\windows\system32\pknnxxc.exe 29696 bytes executable
c:\windows\system32\unpgebn.dll 71168 bytes executable
c:\windows\system32\kslya.dll 35840 bytes executable

scan completed successfully
hidden files: 6

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs]
@="repairs302972949.dll"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\CTSVCCDA.EXE
c:\program files\McAfee.com\Agent\Mcdetect.exe
c:\progra~1\McAfee.com\Agent\McTskshd.exe
c:\windows\SYSTEM32\nvsvc32.exe
c:\windows\SYSTEM32\wdfmgr.exe
c:\windows\SYSTEM32\MsPMSPSv.exe
c:\windows\SYSTEM32\devldr32.exe
c:\progra~1\McAfee.com\PERSON~1\MpfService.exe
c:\progra~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\SYSTEM32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2009-01-08 9:07:37 - machine was rebooted [Bryan]
ComboFix-quarantined-files.txt 2009-01-08 14:07:34

Pre-Run: 16,438,046,720 bytes free
Post-Run: 17,385,824,256 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

362 --- E O F --- 2008-11-22 08:00:52




info.txt logfile of random's system information tool 1.05 2009-01-06 19:04:36

======Uninstall list======

-->C:\Program Files\Creative\SBLive\Program\Upddrv2k.EXE
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\News\CTNews.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\AudioHQ.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\CTMixer.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\HTML.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Midi.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\PlayCenter2\Player2.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Recorder\Recorder.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Restore.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\SoundFont.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\WaveStudio\Wstudio.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Uninstall\Installer.isu"
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
3D Groove Playback Engine-->RunDll32 C:\WINDOWS\DOWNLO~1\GrooveAX.dll,_RemoveGroove@16
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG
Adobe Download Manager 2.0 (Remove Only)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Advertisement Service-->C:\WINDOWS\system32\prunnet.exe Uninstall
Amazon Trail 3rd Edition-->C:\WINDOWS\IsUninst.exe -f"C:\program files\The Learning Company\Amazon Trail 3.1\DeIsL2.isu"
Apple Mobile Device Support-->MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft Software Suite-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\Software Suite\Uninst.isu"
Atlantis - Search for the Journal-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{797D1AEA-4308-481F-86EE-83A93A65B413}\Setup.exe"
Backyard Baseball 2001-->C:\WINDOWS\IsUninst.exe -fC:\HEGames\Baseball2001\Uninst.isu
Backyard Football 2002-->C:\WINDOWS\IsUninst.exe -fC:\HEGames\Football2002\Uninst.isu -c"C:\HEGames\Football2002\Uninst.dll
BCM V.92 56K Modem-->C:\WINDOWS\BCMSMU.exe quiet
Bob the Builder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{36373CE1-6999-11D5-96DC-98302790D441}\SETUP.EXE"
Classic PhoneTools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}\setup.exe" -l0x9 ControlPanel
Dell | Support-->MsiExec.exe /X{91E8A85F-2960-40ED-BA84-7F4567BB00C0}
Dell Modem-On-Hold-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Dell Picture Studio - Dell Image Expert-->MsiExec.exe /I{151C555A-A9E7-4A2E-B6D7-165D04A3C956}
Dell Solution Center-->MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Disney's Toontown Online-->C:\PROGRA~1\Disney\DISNEY~1\Toontown\UNWISE.EXE /A C:\PROGRA~1\Disney\DISNEY~1\Toontown\INSTALL.LOG
Downhill Derby-->C:\PROGRA~1\CARTOO~1\DOWNHI~1\UNWISE.EXE C:\PROGRA~1\CARTOO~1\DOWNHI~1\INSTALL.LOG
Dreamship Tales-->C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\Dreamship Tales\Uninstall.xml"
Dual Mode Camera (8008 VGA)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E85397AD-D60E-4141-82E6-FAA312A09271}\Setup.exe" -l0x9
Easy CD Creator 5 Basic-->MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
Great Adventures Castle-->C:\Program Files\The Learning Company\Great Adventures Castle\uninstal.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Customer Participation Program 9.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 9.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 9.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart All-In-One Software 9.0-->C:\Program Files\HP\Digital Imaging\{B46AC30C-22D2-4610-B041-1DA7BB29EB57}\setup\hpzscr01.exe -datfile hposcr21.dat
HP Photosmart Essential 2.01-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP Smart Web Printing-->MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
HP Solution Center 9.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HPSSupply-->MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
IE Host R3-->C:\WINDOWS\System32\6TO4SVC5.exe
iTunes-->MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306}
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 2.6 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Madden NFL 2005-->C:\Program Files\EA SPORTS\Madden NFL 2005\EAUninstall.exe
McAfee Personal Firewall Plus-->c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=mpf /interact=1 /script_proactive=0 /start=C:\PROGRA~1\mcafee.com\agent\uninst\mpfrem.ui::uninstall.htm
McAfee SecurityCenter-->c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=msc /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
Microsoft Combat Flight Simulator-->"C:\Program Files\Microsoft Games\Combat Flight Simulator\UNINSTAL.EXE" /runtemp
Microsoft Command & Control Engine-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mscnc.inf, Uninstall
Microsoft Encarta Encyclopedia Standard 2002-->MsiExec.exe /I{01001202-823E-46CD-A70E-BEE818F97169}
Microsoft Money 2002 System Pack-->MsiExec.exe /I{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}
Microsoft Money 2002-->MsiExec.exe /I{E7298FD5-1386-11D5-8D6C-0050DAD32D95}
Microsoft Picture It! Photo 2002-->MsiExec.exe /I{C769A271-7E1C-48F9-B331-474600DD4C06}
Microsoft Speech API 3.0-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\spchapi.inf, Uninstall
Microsoft Speech Lexicon-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mslex.inf, Uninstall
Microsoft Streets and Trips 2002-->MsiExec.exe /I{12BDDF23-B1DB-49C8-92D3-3E6841CCED61}
Microsoft Word 2002-->MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works 2002 Setup Launcher-->C:\Program Files\Microsoft Works Suite 2002\Setup\Launcher.exe D:\
Microsoft Works 6.0-->MsiExec.exe /I{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}
Microsoft Works Suite Add-in for Microsoft Word-->MsiExec.exe /I{C3A439E4-7303-491F-A678-CEA36A87D517}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (2.0.0.20)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MUSICMATCH Jukebox-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\Uninst.isu" -cC:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.dll
Need For Speed Hot Pursuit 2-->C:\Program Files\EA Games\Need For Speed Hot Pursuit 2\EAUninstall.exe
Netscape Navigator (9.0.0.6)-->C:\Program Files\Netscape\Navigator 9\uninstall\helper.exe
Nikon View 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}\setup.exe" UNINSTALL
Norton AntiVirus 2002-->MsiExec.exe /I{3075C5C3-0807-4924-AF8F-FF27052C12AE}
Norton WMI Update-->MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvdd.inf
Paint Shop Pro 7-->MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
Personalized Learning Center-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\The Learning Company\Personalized Learning Center\Uninst.isu"
PhotoSuite 4 (Remove Only)-->"C:\Program Files\Roxio\PhotoSuite 4\System\MGIUninstall.exe" C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Roxio\PhotoSuite 4\Uninst.isu" -c"C:\Program Files\Roxio\PhotoSuite 4\System\CustomUninstall.dll"
PRO200WL-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{280C7673-2DF8-4E74-B031-D8F108BE2A6D}\SETUP.EXE" -uninst
ProSiteFinder-->C:\Program Files\ProSiteFinder\Uninstall.EXE
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Reader Rabbit Personalized Kindergarten-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\The Learning Company\Reader Rabbit Personalized Kindergarten\Uninst.isu"
Reader Rabbit Thinking Adventures Ages 4-6-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\The Learning Company\Reader Rabbit Thinking Adventures Ages 4-6\Uninst.isu"
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
RollerCoaster Tycoon 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\Setup.exe" -l0x9
Scooby-Doo(TM), Showdown in Ghost Town(TM)-->C:\Program Files\The Learning Company\Scooby-Doo(TM), Showdown in Ghost Town(TM)\uninstall.exe
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931768)-->"C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933566)-->"C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Shockwave-->C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
Sound Blaster Live! Value-->C:\Program Files\Creative\Uninstall\CTUNINST.EXE /U:UNINST1.INI
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
StarFlyers Royal Jewel Rescue-->C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\StarFlyers Royal Jewel Rescue\Uninstall.xml"
TuneLand-->C:\7thLevel\TuneLand\uninstal.exe
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update for Windows XP (KB946627)-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Verizon Broadband Toolbar-->C:\Program Files\vol_toolbar\uninstall.exe
Verizon Online Help and Support-->C:\PROGRA~1\Verizon\UNWISE.EXE C:\PROGRA~1\Verizon\INSTALL.LOG
Viewpoint Media Player (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
Zoo Tycoon 2-->"C:\Program Files\Microsoft Games\Zoo Tycoon 2\UNINSTAL.EXE" /runtemp /uninstall

======Security center information======

AV: Norton AntiVirus (disabled) (outdated)
FW: McAfee Personal Firewall Plus

System event log

Computer Name: KIDSCOMPUTER
Event Code: 7
Message: The device, \Device\Harddisk0\D, has a bad block.

Record Number: 52226
Source Name: Disk
Time Written: 20081224215435.000000-300
Event Type: error
User:

Computer Name: KIDSCOMPUTER
Event Code: 7023
Message: The Computer Browser service terminated with the following error:
The specified module could not be found.


Record Number: 52225
Source Name: Service Control Manager
Time Written: 20081224215435.000000-300
Event Type: error
User:

Computer Name: KIDSCOMPUTER
Event Code: 7036
Message: The Computer Browser service entered the stopped state.

Record Number: 52224
Source Name: Service Control Manager
Time Written: 20081224215424.000000-300
Event Type: information
User:

Computer Name: KIDSCOMPUTER
Event Code: 7035
Message: The Computer Browser service was successfully sent a start control.

Record Number: 52223
Source Name: Service Control Manager
Time Written: 20081224215414.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: KIDSCOMPUTER
Event Code: 7
Message: The device, \Device\Harddisk0\D, has a bad block.

Record Number: 52222
Source Name: Disk
Time Written: 20081224215413.000000-300
Event Type: error
User:

Application event log

Computer Name: KIDSCOMPUTER
Event Code: 1004
Message: Detection of product '{415CDA53-9100-476F-A7B2-476691E117C7}', feature 'BHO', component '{A0F2E614-9721-460B-BE65-B9892366E0D8}' failed. The resource 'C:\Documents and Settings\Bryan\Application Data\HPAppData\RegClean.dll' does not exist.

Record Number: 75562
Source Name: MsiInstaller
Time Written: 20080831134808.000000-240
Event Type: warning
User: KIDSCOMPUTER\David

Computer Name: KIDSCOMPUTER
Event Code: 11719
Message: Product: HP Smart Web Printing -- Error 1719.The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Record Number: 75561
Source Name: MsiInstaller
Time Written: 20080831134808.000000-240
Event Type: error
User: KIDSCOMPUTER\David

Computer Name: KIDSCOMPUTER
Event Code: 1001
Message: Detection of product '{415CDA53-9100-476F-A7B2-476691E117C7}', feature 'BHO' failed during request for component '{B3D8434E-FB30-46FD-96AC-3DC190A3D755}'

Record Number: 75560
Source Name: MsiInstaller
Time Written: 20080831134457.000000-240
Event Type: warning
User: KIDSCOMPUTER\David

Computer Name: KIDSCOMPUTER
Event Code: 1004
Message: Detection of product '{415CDA53-9100-476F-A7B2-476691E117C7}', feature 'BHO', component '{A0F2E614-9721-460B-BE65-B9892366E0D8}' failed. The resource 'C:\Documents and Settings\Bryan\Application Data\HPAppData\RegClean.dll' does not exist.

Record Number: 75559
Source Name: MsiInstaller
Time Written: 20080831134457.000000-240
Event Type: warning
User: KIDSCOMPUTER\David

Computer Name: KIDSCOMPUTER
Event Code: 1001
Message: Detection of product '{415CDA53-9100-476F-A7B2-476691E117C7}', feature 'BHO' failed during request for component '{B3D8434E-FB30-46FD-96AC-3DC190A3D755}'

Record Number: 75558
Source Name: MsiInstaller
Time Written: 20080831134412.000000-240
Event Type: warning
User: KIDSCOMPUTER\David

Security event log

Computer Name: KIDSCOMPUTER
Event Code: 538
Message: User Logoff:

User Name: Bryan

Domain: KIDSCOMPUTER

Logon ID: (0x0,0xA8E3C1)

Logon Type: 2


Record Number: 289144
Source Name: Security
Time Written: 20081221193109.000000-300
Event Type: audit success
User: KIDSCOMPUTER\Bryan

Computer Name: KIDSCOMPUTER
Event Code: 576
Message: Special privileges assigned to new logon:

User Name:

Domain:

Logon ID: (0x0,0xA8E3C1)

Privileges: SeChangeNotifyPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege

Record Number: 289143
Source Name: Security
Time Written: 20081221193109.000000-300
Event Type: audit success
User: KIDSCOMPUTER\Bryan

Computer Name: KIDSCOMPUTER
Event Code: 528
Message: Successful Logon:

User Name: Bryan

Domain: KIDSCOMPUTER

Logon ID: (0x0,0xA8E3C1)

Logon Type: 2

Logon Process: Advapi

Authentication Package: Negotiate

Workstation Name: KIDSCOMPUTER

Logon GUID: {00000000-0000-0000-0000-000000000000}

Record Number: 289142
Source Name: Security
Time Written: 20081221193109.000000-300
Event Type: audit success
User: KIDSCOMPUTER\Bryan

Computer Name: KIDSCOMPUTER
Event Code: 680
Message: Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0

Logon account: Bryan

Source Workstation: KIDSCOMPUTER

Error Code: 0x0


Record Number: 289141
Source Name: Security
Time Written: 20081221193109.000000-300
Event Type: audit success
User: NT AUTHORITY\SYSTEM

Computer Name: KIDSCOMPUTER
Event Code: 576
Message: Special privileges assigned to new logon:

User Name: NETWORK SERVICE

Domain: NT AUTHORITY

Logon ID: (0x0,0x3E4)

Privileges: SeAuditPrivilege
SeAssignPrimaryTokenPrivilege
SeChangeNotifyPrivilege

Record Number: 289140
Source Name: Security
Time Written: 20081221162542.000000-300
Event Type: audit success
User: NT AUTHORITY\NETWORK SERVICE

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\WINDOWS\system32;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0204
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

katana
2009-01-09, 12:57
Information

No Antivirus

I can see no indication of any current Antivirus software.

Use an AntiVirus Software - It is very important that you have anti-virus software running on your machine.
This alone can save you a lot of trouble with malware in the future.
Free AV list ( Home users only)
Avira AntiVir (http://www.free-av.com/)
Avast (http://www.avast.com/eng/products.html)

Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week.
If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

Antivirus is a MUST
----------------------------------------------------------- -----------------------------------------------------------

Step 1


Custom CFScript

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:



RootKit::
c:\documents and settings\All Users\Start Menu\Programs\Startup\gncht.exe
c:\windows\system32\ogpgns.exe
c:\windows\system32\fphkn.exe
c:\windows\system32\pknnxxc.exe
c:\windows\system32\unpgebn.dll
c:\windows\system32\kslya.dll
File::
c:\windows\aqadcup.exe
C:\WINDOWS\SYSTEM32\repairs302972949.dll
c:\windows\SYSTEM32\AUNPS2.dll
c:\windows\msresearch.exe
c:\windows\wininit.ini
c:\windows\System32\dcdmxbr.exe
c:\windows\SYSTEM32\storprop.exe
c:\documents and settings\Bryan\Application Data\tvmcwrd.dll
c:\documents and settings\Bryan\Application Data\tvmuknwrd.dll
c:\documents and settings\John\Application Data\tvmcwrd.dll
c:\documents and settings\All Users\Start Menu\Programs\Startup\rdri.exe
c:\windows\system32\ogpgns.exe
c:\windows\system32\fphkn.exe
c:\windows\system32\drivers\hidbthh.sys
Folder::
c:\program files\Common Files\WinTools
c:\windows\Sm9obg
c:\program files\AutoUpdate
c:\documents and settings\All Users\Application Data\msw
Driver::
hidbthh
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ktbyo"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MMTray"=-
"Dell|Alert"=-
"nxtwnq"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe"
"Userinit"="c:\\windows\\system32\\userinit.exe,"
[-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^rdri.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aqadcup]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMan]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ktbyo]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msresearch]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nxtwnq]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\storprop]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AUNPS2]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WinTools"=-
"AutoUpdater"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\e713b726-9869-409a-a312-71afe5e6ea0b]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs]
@=""

ADS::
Save this as CFScript.txt and place it on your desktop.


http://i51.photobucket.com/albums/f387/Katana_1970/CFScriptb.gif


Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


----------------------------------------------------------- -----------------------------------------------------------
Step 2

Active Scan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Please go to this site Link >> ActiveScan (http://www.pandasecurity.com/activescan/index/) << LINK

Click the Scan Now button
Follow the prompts to install the Active X if necessary
Go and make a cup of tea/coffee/beverage of your choice and watch some TV :)
When the scan is finished, a report will be generated
Next to Scan Details click the small export to notepad button and save the report to your desktop.
Please post the report in your reply.


----------------------------------------------------------- -----------------------------------------------------------
Step 3

Logs/Information to Post in Reply
Please post the following logs/Information in your reply

Combofix Log
Active Scan Log
How are things running now ?


----------------------------------------------------------- -----------------------------------------------------------

Additional Notes


Your Adobe Acrobat Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Adobe Reader is a large program and uses unnecessary space.
If you prefer a smaller program you can get Foxit 3.0 from http://www.foxitsoftware.com/pdf/rd_intro.php << Recommended

There is a newer version of Adobe Acrobat Reader available.

Please go to this link Adobe Acrobat Reader Download Link (http://www.adobe.com/products/acrobat/readstep2.html)
Click Download
On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
Click the Continue button
Click Run, and click Run again
Next click the Install Now button and follow the on screen prompts

When the installation is complete go to Add/Remove Programs and uninstall all previous versions.

Adobe Reader 7.0

ChristineOM
2009-01-10, 17:33
I left the ActiveScan running for several hours into the night.
My machine was restarted sometime after I started the ActiveScan. I checked for files created within the last day but couldn't find an ActiveScan log. Ideas?
System is definitely starting up faster.

I intentionally uninstalled the Norton/Sym but I don't know what happened to the McAfee AV during all this.

ComboFix log:


ComboFix 09-01-08.04 - Bryan 2009-01-09 8:06:00.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.85 [GMT -5:00]
Running from: c:\documents and settings\Bryan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Bryan\Desktop\CFScript.txt
FW: McAfee Personal Firewall Plus *enabled*
* Created a new restore point

FILE ::
c:\documents and settings\All Users\Start Menu\Programs\Startup\rdri.exe
c:\documents and settings\Bryan\Application Data\tvmcwrd.dll
c:\documents and settings\Bryan\Application Data\tvmuknwrd.dll
c:\documents and settings\John\Application Data\tvmcwrd.dll
c:\windows\aqadcup.exe
c:\windows\msresearch.exe
c:\windows\SYSTEM32\AUNPS2.dll
c:\windows\System32\dcdmxbr.exe
c:\windows\system32\drivers\hidbthh.sys
c:\windows\system32\fphkn.exe
c:\windows\system32\ogpgns.exe
c:\windows\SYSTEM32\repairs302972949.dll
c:\windows\SYSTEM32\storprop.exe
c:\windows\wininit.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\msw
c:\documents and settings\All Users\Application Data\msw\BMan.exe
c:\documents and settings\All Users\Application Data\msw\BMan1.exe
c:\documents and settings\All Users\Application Data\msw\link.dat
c:\documents and settings\All Users\Application Data\msw\MSW.exe
c:\documents and settings\All Users\Application Data\msw\msw_uninstall.exe
c:\documents and settings\All Users\Application Data\msw\user.dat
c:\documents and settings\All Users\Start Menu\Programs\Startup\gncht.exe
c:\documents and settings\Bryan\Application Data\tvmcwrd.dll
c:\documents and settings\Bryan\Application Data\tvmuknwrd.dll
c:\documents and settings\John\Application Data\tvmcwrd.dll
c:\windows\aqadcup.exe
c:\windows\msresearch.exe
c:\windows\Sm9obg
c:\windows\Sm9obg\mA6Cv0.vbs
c:\windows\SYSTEM32\AUNPS2.dll
c:\windows\system32\fphkn.exe
c:\windows\system32\kslya.dll
c:\windows\system32\ogpgns.exe
c:\windows\system32\pknnxxc.exe
c:\windows\SYSTEM32\storprop.exe
c:\windows\system32\unpgebn.dll
c:\windows\wininit.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_HIDBTHH
-------\Service_hidbthh


((((((((((((((((((((((((( Files Created from 2008-12-09 to 2009-01-09 )))))))))))))))))))))))))))))))
.

2009-01-08 20:13 . <DIR> c:\windows\LastGood.Tmp
2009-01-08 18:47 . 2009-01-08 18:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee
2009-01-07 17:03 . 2009-01-07 17:03 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-07 17:03 . 2009-01-07 17:03 <DIR> d-------- c:\documents and settings\Bryan\Application Data\Malwarebytes
2009-01-07 17:03 . 2009-01-07 17:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-07 17:03 . 2009-01-04 18:38 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2009-01-07 17:03 . 2009-01-04 18:38 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2009-01-06 19:08 . 2009-01-06 19:11 754 --a------ c:\windows\WORDPAD.INI
2009-01-06 19:04 . 2009-01-06 19:04 <DIR> d-------- C:\rsit
2009-01-04 21:36 . 2009-01-04 22:23 <DIR> d-------- C:\Rosary
2008-12-30 13:32 . 2008-12-30 13:32 <DIR> d-------- c:\program files\Trend Micro
2008-12-26 09:57 . 2008-12-26 09:57 <DIR> d-------- c:\documents and settings\LocalService\Application Data\AdobeUM
2008-12-26 09:55 . 2008-12-26 09:55 <DIR> d-------- c:\documents and settings\LocalService\Application Data\HPAppData
2008-12-18 02:57 . 2008-12-18 02:57 <DIR> d-------- c:\windows\SYSTEM32\LogFiles
2008-12-15 19:08 . 2008-12-15 19:08 <DIR> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-12-15 19:08 . 2008-12-15 19:12 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2008-12-15 19:08 . 2008-12-15 19:08 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-12-15 19:08 . 2008-12-15 19:08 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-12-09 20:40 . 2008-12-15 20:20 <DIR> d-------- c:\documents and settings\John\Application Data\Twain

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-08 23:27 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-08 22:45 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-08 22:16 --------- d-----w c:\program files\Norton AntiVirus
2009-01-08 22:16 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-12-17 00:10 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-16 00:31 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-24 13:33 --------- d-----w c:\documents and settings\John\Application Data\Juniper Networks
2008-10-24 11:10 453,632 ------w c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys
2008-10-16 19:13 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\SYSTEM32\DLLCACHE\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\SYSTEM32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\SYSTEM32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\SYSTEM32\DLLCACHE\wups.dll
2008-10-15 16:57 332,800 ------w c:\windows\SYSTEM32\DLLCACHE\netapi32.dll
2008-01-29 23:51 72,312 ----a-w c:\documents and settings\Bryan\Application Data\GDIPFONTCACHEV1.DAT
2007-11-17 18:10 72,312 ----a-w c:\documents and settings\John\Application Data\GDIPFONTCACHEV1.DAT
2008-12-22 15:36 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-22 15:36 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-22 15:36 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-22 15:36 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-22 15:36 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
1998-04-02 21:51 77,312 --sha-r c:\windows\ic.exe
1998-04-02 21:55 80,384 --sha-r c:\windows\icfire.exe
1997-07-23 16:03 11,338 --sha-r c:\windows\ts.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-08_ 8.57.19.71 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 212992]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 1005096]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-26 267064]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2007-09-28 936960]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= c:\windows\System32\ctmp3.acm
"aux"= ctwdm32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^gncht.exe]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\gncht.exe
backup=c:\windows\pss\gncht.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP OfficeJet Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP OfficeJet Startup.lnk
backup=c:\windows\pss\HP OfficeJet Startup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkvMon.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk
backup=c:\windows\pss\NkvMon.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Bryan^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=c:\documents and settings\Bryan\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=c:\windows\pss\RollerCoaster Tycoon 3 Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4576695a6f56]
--a------ 2005-04-30 14:12 90112 c:\windows\SYSTEM32\BCMSM136.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
--a------ 2002-04-10 16:44 679936 c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AHQInit]
--a------ 2001-03-28 01:00 102400 c:\program files\Creative\SBLive\Program\AHQINIT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
--a------ 2005-09-22 18:29 303104 c:\progra~1\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
--a------ 2006-01-11 12:05 212992 c:\progra~1\McAfee.com\Agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
--a------ 2005-11-11 17:00 1005096 c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2003-10-06 13:16 5058560 c:\windows\SYSTEM32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2002-09-28 09:40 26112 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
--a------ 2005-05-22 14:26 100056 c:\progra~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--------- 2006-11-30 21:49 4662776 c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
--a------ 2003-08-29 04:59 122880 c:\windows\BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2003-10-06 13:16 741376 c:\windows\SYSTEM32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"navapsvc"=2 (0x2)
"mnmsrvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

S3 SNDP202;Dual Mode Camera (8008 VGA);c:\windows\SYSTEM32\DRIVERS\sndp202.sys [2007-10-09 245120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder

2009-01-09 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-14 11:24]

2009-01-09 c:\windows\Tasks\WebReg Photosmart C7200 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2007-03-11 20:27]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-NAV Agent - c:\progra~1\NORTON~1\navapw32.exe
MSConfigStartUp-SSC_UserPrompt - c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://ie.search.msn.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\Downloaded Program Files\vzTCPConfig.dll - O16 -: vzTCPConfig
hxxp://www.verizon.net/checkmypc/fios/includes/vzTCPConfig.CAB
c:\windows\Downloaded Program Files\OSD22.OSD
FF - ProfilePath - c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\e2mv3zne.default\
FF - prefs.js: browser.search.selectedEngine - Verizon
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-09 08:21:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs]
@=""
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\CTSVCCDA.EXE
c:\program files\McAfee.com\Agent\Mcdetect.exe
c:\progra~1\McAfee.com\Agent\McTskshd.exe
c:\windows\SYSTEM32\nvsvc32.exe
c:\windows\SYSTEM32\wdfmgr.exe
c:\windows\SYSTEM32\MsPMSPSv.exe
c:\windows\SYSTEM32\devldr32.exe
c:\progra~1\McAfee.com\PERSON~1\MpfService.exe
c:\progra~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\iTunes\iTunes.exe
.
**************************************************************************
.
Completion time: 2009-01-09 8:34:13 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-09 13:34:10
ComboFix2.txt 2009-01-08 14:07:39

Pre-Run: 19,949,318,144 bytes free
Post-Run: 19,940,978,688 bytes free

273 --- E O F --- 2008-11-22 08:00:52

katana
2009-01-10, 20:12
Please try the Active Scan again, I need to see a log from it.

ChristineOM
2009-01-11, 04:58
Finally- here is the ActiveScan log (1 of 3 parts)
I had to stop a svcHost.exe from the TaskManager that was using all the CPU and keeping the ActiveScan (and everything else) from getting time ...
The svcHost.exe continues to hog CPU again on restart.
I appreciate your patience and your help!


;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-01-10 21:42:36
PROTECTIONS: 0
MALWARE: 243
SUSPECTS: 7
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00020255 Exploit/ByteVerify HackTools No 0 Yes No C:\Documents and Settings\John\.jpi_cache\jar\1.0\loaderadv325.jar-6096a995-6bab4b20.zip[Dummy.class]
00020302 adware/ncase Adware No 0 Yes No c:\windows\system32\fleok
00020900 spyware/apropos Spyware No 1 Yes No c:\program files\aprps
00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentamwr2.zip
00029459 spyware/betterinet Spyware No 1 Yes No c:\windows\inf\satmat.inf
00029767 adware/delfinmedia Adware No 1 Yes No hkey_local_machine\software\dvx
00032724 adware/portalscan Adware No 0 Yes No hkey_local_machine\software\pgtaff
00032724 adware/portalscan Adware No 0 Yes No hkey_current_user\software\bundles
00032724 adware/portalscan Adware No 0 Yes No hkey_current_user\software\winupdt
00032724 adware/portalscan Adware No 0 Yes No c:\windows\system32\winupdt.008
00032724 adware/portalscan Adware No 0 Yes No c:\windows\system32\winupdt.bin
00034291 adware/surfaccuracy Adware No 1 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\sacc
00034463 adware/wupd Adware No 0 Yes No c:\windows\downloaded program files\mediagatewayx.dll
00039205 adware/prositefinder Adware No 0 Yes No hkey_local_machine\software\prositefinder1
00039205 adware/prositefinder Adware No 0 Yes No hkey_local_machine\software\prositefinder
00039209 adware/virtualbouncer Adware No 0 Yes No c:\mypcsearch.exe
00040415 adware/wintools Adware No 0 Yes No hkey_local_machine\system\currentcontrolset\enum\root\legacy_wintoolssvc
00040415 adware/wintools Adware No 0 Yes No hkey_local_machine\system\controlset001\enum\root\legacy_wintoolssvc
00042191 adware/ist.yoursitebar Adware No 0 Yes No hkey_local_machine\software\yoursitebar
00047257 vbs/psyme.gen Virus/Trojan No 0 Yes No c:\program files\windows media player\wmplayer.exe.tmp
00047993 adware/powerscan Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\power scan
00048488 dialer.vz Dialers No 0 Yes No c:\casino.ico
00048935 Exploit/ByteVerify HackTools No 0 Yes No C:\Documents and Settings\John\.jpi_cache\file\1.0\VerifierBug.class-2955075b-4aba85dc.class
00048935 Exploit/ByteVerify HackTools No 0 Yes No C:\Documents and Settings\John\.jpi_cache\file\1.0\VerifierBug.class-559f225b-2b0a361a.class
00048935 Exploit/ByteVerify HackTools No 0 Yes No C:\Documents and Settings\John\.jpi_cache\file\1.0\VerifierBug.class-207f16ed-415ebc82.class
00048936 Exploit/ByteVerify HackTools No 0 Yes No C:\Documents and Settings\John\.jpi_cache\file\1.0\Dummy.class-3161f485-4a3794af.class
00048937 Exploit/ByteVerify HackTools No 0 Yes No C:\Documents and Settings\John\.jpi_cache\file\1.0\BlackBox.class-7b67fdbf-1e6f380c.class
00049490 Exploit/ByteVerify HackTools No 0 Yes No C:\Documents and Settings\John\.jpi_cache\file\1.0\Dummy.class-498f6d05-546b74a9.class
00049490 Exploit/ByteVerify HackTools No 0 Yes No C:\Documents and Settings\John\.jpi_cache\file\1.0\Dummy.class-fff1517-66462c7a.class
00049499 Exploit/ByteVerify HackTools No 0 Yes No C:\Documents and Settings\John\.jpi_cache\jar\1.0\classload.jar-11faa9ed-1c91901b.zip[Dummy.class]
00049499 Exploit/ByteVerify HackTools No 0 Yes No C:\Documents and Settings\John\.jpi_cache\jar\1.0\classload.jar-11faa9ed-6ae1ba12.zip[Dummy.class]
00065260 adware/ipinsight Adware No 0 Yes No c:\windows\inf\polall1r.inf
00065260 adware/ipinsight Adware No 0 Yes No c:\windows\inf\conscorr.inf
00066038 Exploit/ByteVerify HackTools No 0 Yes No C:\Documents and Settings\John\.jpi_cache\jar\1.0\loaderadv325.jar-6096a995-6bab4b20.zip[Parser.class]
00096718 adware/twain-tech Adware No 0 Yes No c:\windows\satmat.ini
00098897 Exploit/ByteVerify HackTools No 0 Yes No C:\Documents and Settings\John\.jpi_cache\jar\1.0\classload.jar-11faa9ed-6ae1ba12.zip[InsecureClassLoader.class]
00098897 Exploit/ByteVerify HackTools No 0 Yes No C:\Documents and Settings\John\.jpi_cache\jar\1.0\classload.jar-11faa9ed-1c91901b.zip[InsecureClassLoader.class]
00098898 Exploit/ByteVerify HackTools No 0 Yes No C:\Documents and Settings\John\.jpi_cache\jar\1.0\classload.jar-11faa9ed-6ae1ba12.zip[Installer.class]
00098898 Exploit/ByteVerify HackTools No 0 Yes No C:\Documents and Settings\John\.jpi_cache\jar\1.0\classload.jar-11faa9ed-1c91901b.zip[Installer.class]
00098899 Exploit/ByteVerify HackTools No 0 Yes No C:\Documents and Settings\John\.jpi_cache\jar\1.0\classload.jar-11faa9ed-1c91901b.zip[GetAccess.class]
00098899 Exploit/ByteVerify HackTools No 0 Yes No C:\Documents and Settings\John\.jpi_cache\jar\1.0\classload.jar-11faa9ed-6ae1ba12.zip[GetAccess.class]
00099408 Exploit/ByteVerify HackTools No 0 Yes No C:\Documents and Settings\John\.jpi_cache\jar\1.0\loaderadv325.jar-6096a995-6bab4b20.zip[Counter.class]
00103967 adware/dealhelper Adware No 0 Yes No c:\windows\dsearch1.bin
00110471 adware/fizzle Adware No 0 Yes No c:\program files\fwbartemp
00117813 Bck/Agent.K Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\aqadcup.exe.vir
00118082 Exploit/ByteVerify HackTools No 0 Yes No C:\Documents and Settings\John\.jpi_cache\jar\1.0\loaderadv325.jar-6096a995-6bab4b20.zip[Matrix.class]
00118417 Adware/TVMedia Adware No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\bundles\TVM_B5_Bundle_8.EXE.vir
00120302 Adware/eZula Adware No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\bundles\vl_ezstub.exe_.vir
00120325 Bck/Agent.K Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\bundles\txdesuf.exe_.vir
00120357 Adware/AdLogix Adware No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\bundles\shopinst.exe_.vir
00120447 Spyware/Apropos Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\dssley.exe_
00120449 Spyware/Apropos Spyware No 1 Yes No C:\WINDOWS\cxtpls_loader.exe_
00122155 Adware/Fizzle Adware No 0 Yes No C:\Program Files\FwBarTemp\searchbar.exe
00122155 Adware/Fizzle Adware No 0 No No C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\Cache\dist006.exe.vir[searchbar.exe]
00125829 Trj/Delf.EB Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\bundles\HelperInstaller.exe.tmp.vir
00125829 Trj/Delf.EB Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\Cache\HelperInstall.exe.vir
00125829 Trj/Delf.EB Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\bundles\HelperInstaller.exe_.vir
00132447 adware program Adware No 0 Yes No c:\windows\system32\key.~
00132447 adware program Adware No 0 Yes No c:\windows\system32\log.~
00135099 adware/powerstrip Adware No 0 Yes No c:\windows\system32\lmd.bin
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@trafficmp[1].txt
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@trafficmp[1].txt
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Application Data\Mozilla\Profiles\default\cmifm10q.slt\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Application Data\Netscape\Navigator\Profiles\ylolruys.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Application Data\Netscape\Navigator\Profiles\ylolruys.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\cljb00jp.slt\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Application Data\Netscape\Navigator\Profiles\ylolruys.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\John\Application Data\Mozilla\Profiles\default\eozgb9vq.slt\cookies.txt[.trafficmp.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Cookies\christy@casalemedia[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@casalemedia[2].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@casalemedia[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@casalemedia[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@doubleclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Cookies\christy@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9ml4e773.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Netscape\Navigator\Profiles\2zxi1jgy.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Application Data\Netscape\Navigator\Profiles\ylolruys.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Cookies\christy@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9ml4e773.default\cookies.txt[.atdmt.com/]
00144867 Adware/Exact.BargainBuddy Adware No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\Cache\installer_MARKETING17.exe.vir
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@tradedoubler[1].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@tradedoubler[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@247realmedia[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.247realmedia.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.247realmedia.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[.247realmedia.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.247realmedia.com/]
00145454 Cookie/Centralmedia TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Cookies\christy@centralmedia[2].txt
00145454 Cookie/Centralmedia TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@centralmedia[1].txt
00145454 Cookie/Centralmedia TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@centralmedia[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@fastclick[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Cookies\christy@fastclick[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@fastclick[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Application Data\Netscape\Navigator\Profiles\ylolruys.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@tribalfusion[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@tribalfusion[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Cookies\christy@tribalfusion[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9ml4e773.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@tribalfusion[1].txt
00145737 Cookie/TopRebates.com TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@www.toprebates[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Cookies\christy@mediaplex[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@mediaplex[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@mediaplex[2].txt
00145739 Cookie/Abetterinternet TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@abetterinternet[2].txt
00145739 Cookie/Abetterinternet TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@abetterinternet[1].txt
00145745 Cookie/OfferOptimizer TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Cookies\christy@offeroptimizer[1].txt
00145745 Cookie/OfferOptimizer TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@offeroptimizer[1].txt
00145745 Cookie/OfferOptimizer TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@offeroptimizer[2].txt
00145770 Cookie/CentrPort TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Application Data\Mozilla\Profiles\default\cmifm10q.slt\cookies.txt[.centrport.net/]
00145770 Cookie/CentrPort TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Application Data\Mozilla\Profiles\default\cmifm10q.slt\cookies.txt[.centrport.net/]
00145770 Cookie/CentrPort TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Application Data\Netscape\Navigator\Profiles\ylolruys.default\cookies.txt[.centrport.net/]
00145770 Cookie/CentrPort TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Application Data\Netscape\Navigator\Profiles\ylolruys.default\cookies.txt[.centrport.net/]
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@linksynergy[2].txt
00147796 Cookie/Entrepreneur TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@entrepreneur[2].txt
00147796 Cookie/Entrepreneur TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@entrepreneur[2].txt
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@clickbank[1].txt
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Cookies\christy@clickbank[1].txt
00149064 Cookie/Maxserving TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@maxserving[1].txt
00149064 Cookie/Maxserving TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\cljb00jp.slt\cookies.txt[.maxserving.com/]
00149064 Cookie/Maxserving TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\cljb00jp.slt\cookies.txt[.maxserving.com/]
00152401 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@belnk[1].txt
00152401 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@belnk[1].txt
00152401 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Cookies\christy@belnk[1].txt
00154673 Spyware/UrlSpy Spyware No 0 No No C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\Cache\setup1021.exe.vir[uninstal.exe]
00156422 Adware/DelFinMedia Adware No 1 Yes No C:\WINDOWS\SYSTEM32\delfin0414.dll
00156759 Trj/Downloader.BOD Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\Cache\AUNIcons.exe.vir
00158564 adware/alwaysupdatednews Adware No 0 Yes No c:\windows\system32\free cell phone.ico
00158564 adware/alwaysupdatednews Adware No 0 Yes No c:\windows\system32\nba giveaway.ico
00158564 adware/alwaysupdatednews Adware No 0 Yes No c:\windows\system32\free laptop computer.ico
00158564 adware/alwaysupdatednews Adware No 0 Yes No c:\windows\system32\free ringtones!.ico
00158564 adware/alwaysupdatednews Adware No 0 Yes No c:\windows\system32\free sony playstation.ico
00158564 adware/alwaysupdatednews Adware No 0 Yes No c:\windows\system32\free u2 ipod.ico
00159005 adware/searchtheweb Adware No 0 Yes No hkey_local_machine\software\msw
00159006 Adware/SearchTheWeb Adware No 0 Yes No C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\msw\BMan1.exe.vir
00159008 Adware/SearchTheWeb Adware No 0 Yes No C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\msw\MSW.exe.vir
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@revenue[2].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[.revenue.net/]
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@revenue[1].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Cookies\christy@revenue[2].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\cljb00jp.slt\cookies.txt[.revenue.net/]
00160284 Cookie/Findwhat TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@findwhat[1].txt
00160623 Trj/Clicker.DJ Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\AUNPS2.dll.vir
00160734 Adware/DealHelper Adware No 0 Yes No C:\WINDOWS\SYSTEM32\Alzxpl.exe
00160740 Adware/PortalScan Adware No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\Cache\InstallAPS.exe.vir
00160741 Adware/PortalScan Adware No 0 Yes No C:\temporary\aun_0001.exe
00161883 Cookie/Twain-Tech TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@cliks[1].txt
00162730 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@dist.belnk[2].txt
00162730 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@dist.belnk[2].txt
00162730 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Cookies\christy@dist.belnk[2].txt
00165488 Spyware/UrlSpy Spyware No 0 No No C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\Cache\setup1021.exe.vir[IEHost30.exe]
00165489 Spyware/UrlSpy Spyware No 0 No No C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\Cache\setup1021.exe.vir[pinstaller.exe]
00165490 Spyware/UrlSpy Spyware No 0 No No C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\Cache\setup1021.exe.vir[IEDll300.dll]
00167430 Cookie/myaffiliateprogram TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@www.myaffiliateprogram[2].txt
00167430 Cookie/myaffiliateprogram TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@www.myaffiliateprogram[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\John\Application Data\Mozilla\Profiles\default\eozgb9vq.slt\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\John\Application Data\Mozilla\Profiles\default\eozgb9vq.slt\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@com[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@com[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.com.com/]
00167690 Cookie/Rightmedia TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\cljb00jp.slt\cookies.txt[rightmedia.net/]
00167690 Cookie/Rightmedia TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@rightmedia[1].txt
00167690 Cookie/Rightmedia TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\cljb00jp.slt\cookies.txt[rightmedia.net/]
00167690 Cookie/Rightmedia TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\cljb00jp.slt\cookies.txt[rightmedia.net/]
00167690 Cookie/Rightmedia TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\cljb00jp.slt\cookies.txt[rightmedia.net/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Cookies\christy@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Application Data\Netscape\Navigator\Profiles\ylolruys.default\cookies.txt[.xiti.com/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[.xiti.com/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@xiti[1].txt
00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[fe.lea.lycos.fr/]
00167714 Cookie/64.62.232 TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@64.62.232[4].txt
00167726 Cookie/Tickle TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@tickle[2].txt
00167726 Cookie/Tickle TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@tickle[1].txt
00167738 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[fe.lea.lycos.es/]
00167744 Cookie/GoStats TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@gostats[1].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Cookies\christy@azjmp[2].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@azjmp[2].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@azjmp[2].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@azjmp[2].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@toplist[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@statcounter[2].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Cookies\christy@statcounter[2].txt
00167765 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@hg1.hitbox[1].txt
00167776 Cookie/Kount TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@kount[2].txt
00167815 Adware/MyDailyHoroscope Adware No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\bundles\setup_silent_26221.exe_.vir
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[.perf.overture.com/]
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@perf.overture[1].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@perf.overture[1].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Application Data\Netscape\Navigator\Profiles\ylolruys.default\cookies.txt[.perf.overture.com/]
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Application Data\Mozilla\Profiles\default\cmifm10q.slt\cookies.txt[.perf.overture.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Application Data\Netscape\Navigator\Profiles\ylolruys.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Application Data\Netscape\Navigator\Profiles\ylolruys.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Application Data\Mozilla\Profiles\default\cmifm10q.slt\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Application Data\Netscape\Navigator\Profiles\ylolruys.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Cookies\christy@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Cookies\christy@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9ml4e773.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9ml4e773.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9ml4e773.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9ml4e773.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Application Data\Netscape\Navigator\Profiles\ylolruys.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@apmebf[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@apmebf[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Cookies\christy@apmebf[1].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@burstnet[1].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@burstnet[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Cookies\christy@burstnet[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@burstnet[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@serving-sys[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Application Data\Netscape\Navigator\Profiles\ylolruys.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Application Data\Netscape\Navigator\Profiles\ylolruys.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Application Data\Netscape\Navigator\Profiles\ylolruys.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Application Data\Netscape\Navigator\Profiles\ylolruys.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Cookies\christy@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Application Data\Netscape\Navigator\Profiles\ylolruys.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Application Data\Netscape\Navigator\Profiles\ylolruys.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@serving-sys[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@bs.serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Application Data\Netscape\Navigator\Profiles\ylolruys.default\cookies.txt[.bs.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Cookies\christy@bs.serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.bs.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@bs.serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@bs.serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@bs.serving-sys[3].txt
00168095 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Cookies\christy@888[2].txt
00168095 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@888[1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@www.burstbeacon[2].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Cookies\christy@www.burstbeacon[1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[www.burstbeacon.com/]
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@www.burstbeacon[1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\cljb00jp.slt\cookies.txt[www.burstbeacon.com/]
00168108 Cookie/Tickle TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@web.tickle[1].txt
00168108 Cookie/Tickle TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@web.tickle[2].txt
00168108 Cookie/Tickle TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Cookies\christy@web.tickle[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.adtech.de/]
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@adtech[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[.adtech.de/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@server.iad.liveperson[1].txt
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@stat.onestat[2].txt
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@stat.onestat[2].txt
========================================================================================================================

ChristineOM
2009-01-11, 05:00
ActiveScan log (2 of 3)

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9ml4e773.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Netscape\Navigator\Profiles\2zxi1jgy.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9ml4e773.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Netscape\Navigator\Profiles\2zxi1jgy.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9ml4e773.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9ml4e773.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\John\Application Data\Netscape\Navigator\Profiles\ttezpgl4.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\John\Application Data\Netscape\Navigator\Profiles\ttezpgl4.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Application Data\Netscape\Navigator\Profiles\ylolruys.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Application Data\Netscape\Navigator\Profiles\ylolruys.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Application Data\Netscape\Navigator\Profiles\ylolruys.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Application Data\Netscape\Navigator\Profiles\ylolruys.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9ml4e773.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Cookies\christy@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9ml4e773.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Application Data\Netscape\Navigator\Profiles\ylolruys.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\John\Application Data\Netscape\Navigator\Profiles\ttezpgl4.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\John\Application Data\Netscape\Navigator\Profiles\ttezpgl4.default\cookies.txt[.advertising.com/]
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@adrevolver[1].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Cookies\christy@adrevolver[3].txt
00170083 Cookie/Ysbweb TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@ysbweb[1].txt
00170087 Cookie/Hbmediapro TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@adopt.hbmediapro[2].txt
00170087 Cookie/Hbmediapro TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Cookies\christy@adopt.hbmediapro[2].txt
00170087 Cookie/Hbmediapro TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@adopt.hbmediapro[1].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@statse.webtrendslive[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Application Data\Mozilla\Profiles\default\cmifm10q.slt\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Application Data\Mozilla\Profiles\default\cmifm10q.slt\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Application Data\Netscape\Navigator\Profiles\ylolruys.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Application Data\Netscape\Navigator\Profiles\ylolruys.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Application Data\Netscape\Navigator\Profiles\ylolruys.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Application Data\Netscape\Navigator\Profiles\ylolruys.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\cljb00jp.slt\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\cljb00jp.slt\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\cljb00jp.slt\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Application Data\Mozilla\Profiles\default\cmifm10q.slt\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Application Data\Netscape\Navigator\Profiles\ylolruys.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Application Data\Netscape\Navigator\Profiles\ylolruys.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Application Data\Netscape\Navigator\Profiles\ylolruys.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Application Data\Netscape\Navigator\Profiles\ylolruys.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Application Data\Netscape\Navigator\Profiles\ylolruys.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@ads.pointroll[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Application Data\Netscape\Navigator\Profiles\ylolruys.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@ads.pointroll[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@ads.pointroll[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Cookies\christy@ads.pointroll[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[.ads.pointroll.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@overture[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@overture[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Application Data\Mozilla\Profiles\default\cmifm10q.slt\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Cookies\christy@overture[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\John\Application Data\Mozilla\Profiles\default\eozgb9vq.slt\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Application Data\Netscape\Navigator\Profiles\ylolruys.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.overture.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\John\Application Data\Mozilla\Profiles\default\eozgb9vq.slt\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Cookies\christy@realmedia[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@realmedia[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@realmedia[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[.realmedia.com/]
00171633 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Cookies\christy@cgi-bin[3].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Cookies\christy@questionmarket[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@questionmarket[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Application Data\Netscape\Navigator\Profiles\ylolruys.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Application Data\Netscape\Navigator\Profiles\ylolruys.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@questionmarket[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\cljb00jp.slt\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@questionmarket[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9ml4e773.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9ml4e773.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.questionmarket.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@zedo[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@zedo[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Cookies\christy@zedo[2].txt
00172483 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@888[2].txt
00172483 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@888[2].txt
00172484 Cookie/Cassava TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@cassava[1].txt
00172484 Cookie/Cassava TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@cassava[1].txt
00173416 Cookie/Thecoolbar TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@www.thecoolbar[2].txt
00173545 Cookie/Rn11 TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@rn11[1].txt
00173545 Cookie/Rn11 TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Cookies\christy@rn11[2].txt
00173701 Adware/BookedSpace Adware No 0 Yes No C:\WINDOWS\tvbklrog.exe
00174851 Adware/ClkOptimizer Adware No 0 Yes No C:\WINDOWS\pss\rdri.exeCommon Startup
00177346 Trj/Downloader.BYZ Virus/Trojan No 0 Yes No C:\WINDOWS\SYSTEM32\1800414.dll
00177348 Spyware/BetterInet Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\better0503.dll
00183114 Adware/EnhSrch Adware No 0 Yes No C:\WINDOWS\wupdt.exe_
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Cookies\christy@adrevolver[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@adrevolver[3].txt
00185873 Adware/Adtomi Adware No 0 Yes No C:\command.exe
00186469 Cookie/Reliablestats TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@stats1.reliablestats[1].txt
00188480 Cookie/Paypopup TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Cookies\christy@paypopup[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Cookies\christy@go[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Application Data\Mozilla\Profiles\default\cmifm10q.slt\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Application Data\Netscape\Navigator\Profiles\ylolruys.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@go[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@go[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\John\Application Data\Mozilla\Profiles\default\eozgb9vq.slt\cookies.txt[.go.com/]
00194587 Adware/TopRebates Adware No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\bundles\traspec7.exe.vir
00196236 Adware/WinTools Adware No 0 Yes No C:\temp\ZCWEDowST3.exe
00196960 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@ath.belnk[2].txt
00196960 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@ath.belnk[1].txt
00196960 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Cookies\christy@ath.belnk[2].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Cookies\christy@searchportal.information[1].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@searchportal.information[2].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@searchportal.information[1].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[.searchportal.information.com/]
00200121 Adware/IST.YourSiteBar Adware No 0 Yes No C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ysbactivex.dll
00200862 Cookie/Btgrab TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@btg.btgrab[1].txt
00200862 Cookie/Btgrab TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@btg.btgrab[2].txt
00202035 Adware/StartPage.L Adware No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\msresearch.exe.vir
00204907 Adware/Aurora Adware No 0 Yes No C:\WINDOWS\hrxdomksbq.exe
00206592 Adware/IST.ISTBar Adware No 1 Yes No C:\WINDOWS\Downloaded Program Files\CONFLICT.2\ysbactivex.dll
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.target.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\9ml4e773.default\cookies.txt[.target.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@target[2].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\John\Cookies\john@target[1].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@target[2].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[.target.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.target.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[.target.com/]
00207712 Cookie/360i TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@ct.360i[2].txt
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@did-it[2].txt
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@did-it[1].txt
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Cookies\christy@did-it[1].txt
00213141 Cookie/GoStats TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@c3.gostats[1].txt
00213516 Adware/DealHelper Adware No 0 Yes No C:\WINDOWS\SYSTEM32\dun.exe
00213645 Spyware/Apropos Spyware No 1 Yes No C:\Program Files\Aprps\CxtPls.dll
00216065 Cookie/Screensavers TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@i.screensavers[1].txt
00216065 Cookie/Screensavers TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@i.screensavers[2].txt
00216065 Cookie/Screensavers TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Cookies\christy@i.screensavers[1].txt
00217990 Cookie/WinFixer TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@winfixer[2].txt
00217990 Cookie/WinFixer TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Cookies\christy@winfixer[2].txt
00219235 Adware/CommAd Adware No 0 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271087.dll
00219238 Adware/CommAd Adware No 0 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271089.exe
00224496 Spyware/Apropos Spyware No 1 Yes No C:\Program Files\Aprps\CxtPls.exe
00224652 Spyware/Apropos Spyware No 1 Yes No C:\Program Files\Aprps\WinGenerics.dll
00225945 adware/enhancemsearch Adware No 0 Yes No c:\windows\helper101.dll
00238746 Adware/Zango Adware No 0 Yes No C:\Program Files\Netscape\Netscape\Plugins\npzango.dll
00248517 Cookie/Advnt TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@www.advnt01[1].txt
00250251 Adware/ISearch Adware No 0 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271073.exe
00251146 Adware/SearchAid Adware No 0 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1989\A0266224.vbs

ChristineOM
2009-01-11, 05:00
ActiveScan log (3 of 3) Ugly, I know!!


00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Firefox\Profiles\5o7d5nbn.default\cookies.txt[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Application Data\Netscape\Navigator\Profiles\ylolruys.default\cookies.txt[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@atwola[2].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\John\Application Data\Netscape\Navigator\Profiles\ttezpgl4.default\cookies.txt[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Mozilla\Profiles\default\s7hd8ehx.slt\cookies.txt[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Cookies\christy@atwola[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Application Data\Mozilla\Profiles\default\cmifm10q.slt\cookies.txt[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Application Data\Netscape\Navigator\Profiles\2zxi1jgy.default\cookies.txt[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\4lvzvgjd.default\cookies.txt[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\cljb00jp.slt\cookies.txt[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@atwola[2].txt
00262021 Cookie/Kmpads TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Cookies\christy@kmpads[2].txt
00262021 Cookie/Kmpads TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@kmpads[1].txt
00262024 Cookie/ErrorSafe TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@www.errorsafe[2].txt
00262024 Cookie/ErrorSafe TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Cookies\christy@www.errorsafe[1].txt
00262025 Cookie/ErrorSafe TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@errorsafe[2].txt
00262025 Cookie/ErrorSafe TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Cookies\christy@errorsafe[1].txt
00262492 Adware/CommAd Adware No 0 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2028\A0271611.vbs
00262492 Adware/CommAd Adware No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\Sm9obg\mA6Cv0.vbs.vir
00286732 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@cgi-bin[2].txt
00286738 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@cgi-bin[5].txt
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@ehg-dig.hitbox[2].txt
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Cookies\christy@ehg-dig.hitbox[1].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Cookies\christy@ads.addynamix[1].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@ads.addynamix[1].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@ads.addynamix[2].txt
00296583 Cookie/DriveCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Cookies\christy@stats.drivecleaner[2].txt
00296583 Cookie/DriveCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@stats.drivecleaner[2].txt
00296583 Cookie/DriveCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@stats.drivecleaner[2].txt
00296584 Cookie/DriveCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Cookies\christy@drivecleaner[2].txt
00296584 Cookie/DriveCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@drivecleaner[2].txt
00296584 Cookie/DriveCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@drivecleaner[2].txt
00320977 Cookie/Winantivirus TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@www.winantivirus[2].txt
00320978 Cookie/Winantivirus TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@winantivirus[2].txt
00320978 Cookie/Winantivirus TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Cookies\christy@winantivirus[1].txt
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\cljb00jp.slt\cookies.txt[citi.bridgetrack.com/]
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\cljb00jp.slt\cookies.txt[citi.bridgetrack.com/]
00329272 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Cookies\christy@www.systemdoctor[1].txt
00329272 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@www.systemdoctor[2].txt
00332832 Adware/DollarRevenue Adware No 1 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271075.dll
00332832 Adware/DollarRevenue Adware No 1 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1996\A0267526.dll
00332832 Adware/DollarRevenue Adware No 1 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1989\A0266223.dll
00332832 Adware/DollarRevenue Adware No 1 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2015\A0270898.dll
00332832 Adware/DollarRevenue Adware No 1 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2013\A0269885.dll
00332832 Adware/DollarRevenue Adware No 1 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2012\A0268923.dll
00332832 Adware/DollarRevenue Adware No 1 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1997\A0267551.dll
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@systemdoctor[1].txt
00351416 Cookie/Systemdoctor TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Cookies\christy@systemdoctor[2].txt
00433667 Adware/Qoologic.R Virus/Trojan No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\_unpgebn_.dll.zip[unpgebn.dll]
00446434 Adware/Qoologic.R Virus/Trojan No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\fphkn.exe.vir
00465363 W32/Nuwar.C.worm HackTools No 0 Yes No C:\WINDOWS\pss\gncht.exeCommon Startup
00465363 W32/Nuwar.C.worm HackTools No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ogpgns.exe.vir
00465363 W32/Nuwar.C.worm HackTools No 0 Yes No C:\WINDOWS\SYSTEM32\tdfjy.dat
00465363 W32/Nuwar.C.worm HackTools No 0 Yes No C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Start Menu\Programs\Startup\_gncht_.exe.zip[gncht.exe]
00475958 Spyware/MSJuan Spyware No 0 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271060.dll
00475958 Spyware/MSJuan Spyware No 0 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271053.dll
00478453 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271026.dll
00483522 Trj/Qhost.FM Virus/Trojan No 1 Yes No C:\WINDOWS\asupdate.exe
00484747 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271047.dll
00484747 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271059.dll
00484925 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271028.dll
00484925 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271021.dll
00484925 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271069.dll
00484925 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271030.dll
00486677 Bck/Galapoper.LQ Virus/Trojan No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\dmonwv.dll.vir
00487659 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271027.dll
00487659 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271034.dll
00487659 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271025.dll
00487659 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271092.dll
00489214 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271022.dll
00489231 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271061.dll
00489234 Adware/Qoologic.R Virus/Trojan No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\_pknnxxc_.exe.zip[pknnxxc.exe]
00490771 Spyware/MSJuan Spyware No 0 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271101.dll
00490771 Spyware/MSJuan Spyware No 0 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271038.dll
00492156 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271051.dll
00492156 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271049.dll
00492704 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271043.dll
00492704 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271062.dll
00494482 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271057.dll
00494482 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271107.dll
00497213 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271032.dll
00497213 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271045.dll
00497213 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271031.dll
00497213 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271058.dll
00497812 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271100.dll
00497812 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271052.dll
00500684 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2022\A0271226.dll
00500684 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2022\A0271219.dll
00500684 Spyware/Virtumonde Spyware No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\demnva.dll.vir
00500684 Spyware/Virtumonde Spyware No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\uiisxfcn.dll.vir
00500700 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271071.dll
00500700 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271072.dll
00500722 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271068.dll
00500722 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271091.dll
00531475 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271033.dll
00532563 Spyware/MSJuan Spyware No 0 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271106.dll
00532563 Spyware/MSJuan Spyware No 0 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271044.dll
00532563 Spyware/MSJuan Spyware No 0 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271070.dll
00532563 Spyware/MSJuan Spyware No 0 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271036.dll
00532973 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271046.dll
00533293 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271018.dll
00533297 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271094.dll
00533297 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271099.dll
00570565 Trj/Downloader.MDW Virus/Trojan No 0 Yes No C:\WINDOWS\SYSTEM32\golden513.dll
00578923 Trj/Downloader.MDW Virus/Trojan No 0 Yes No C:\WINDOWS\SYSTEM32\blizzard.dll
00581769 Bck/Galapoper.LQ Virus/Trojan No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\_kslya_.dll.zip[kslya.dll]
00584399 Bck/Galapoper.LQ Virus/Trojan No 1 Yes No C:\WINDOWS\SYSTEM32\resmm.cpl
00584410 Adware/VirtualBouncer Adware No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\bundles\2504041019.exe_.vir
00786395 Adware/Searcher Adware No 0 Yes No C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\msw\BMan.exe.vir
00958358 Bck/Galapoper.LQ Virus/Trojan No 1 Yes No C:\Program Files\Aprps\uninstaller.exe
00958362 Bck/Galapoper.LQ Virus/Trojan No 1 Yes No C:\Program Files\Aprps\libexpat.dll
01048537 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\Aprps\atl.dll
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2028\A0271620.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2028\A0271649.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2022\A0271249.EXE
01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@enhance[2].txt
01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@enhance[1].txt
01196326 Cookie/GoClick TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@goclick[2].txt
01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@adserver.easyad[1].txt
01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@adserver.easyad[1].txt
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2028\A0271632.sys
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2022\A0271233.sys
02908816 Cookie/Starware TrackingCookie No 0 Yes No C:\Documents and Settings\Christy\Cookies\christy@h.starware[1].txt
02908816 Cookie/Starware TrackingCookie No 0 Yes No C:\Documents and Settings\Bryan\Cookies\bryan@h.starware[2].txt
02908816 Cookie/Starware TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@h.starware[2].txt
02914651 Spyware/Apropos Spyware No 1 Yes No C:\Program Files\Aprps\ace.dll
02974799 Adware/Naupoint Adware No 0 Yes No C:\Program Files\vol_toolbar\vol_toolbar.dll
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\vjnvxhss.dll.vir
04329800 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271040.dll
04329800 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271041.dll
04333409 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271023.dll
04334621 Adware/AccesMembre Adware No 0 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271055.exe
04345326 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2022\A0271217.dll
04345326 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2022\A0271223.dll
04345326 Spyware/Virtumonde Spyware No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ljJBttUK.dll.vir
04345326 Spyware/Virtumonde Spyware No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\byXrOGwV.dll.vir
04358006 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271035.dll
04358006 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271029.dll
04429702 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271064.dll
04430586 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271066.dll
04430642 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271050.dll
04430642 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271037.dll
04434705 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271102.dll
04434705 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271065.dll
04438438 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2007\A0267817.dll
04438479 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271095.dll
04438479 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271067.dll
04463600 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271039.dll
04463600 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271105.dll
04463628 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2007\A0267818.dll
04482783 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271042.dll
04533266 Generic Trojan Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ddlkkhjq.dll.vir
04533266 Generic Trojan Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\gouxer.dll.vir
04533266 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2022\A0271218.dll
04533266 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2022\A0271221.dll
04536041 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271056.dll
04536041 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271088.dll
04541613 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271016.dll
04542227 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271013.dll
04557938 Generic Trojan Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\rfdmgamj.dll.vir
04557938 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2022\A0271225.dll
04560212 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271104.dll
04560212 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271096.dll
04577113 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271109.dll
04577113 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271063.dll
04577555 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2022\A0271220.dll
04577555 Generic Trojan Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\dktvciab.dll.vir
04577555 Generic Trojan Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\zihlwl.dll.vir
04577555 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2022\A0271228.dll
04578555 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2021\A0271024.dll
;===================================================================================================================================================================================
SUSPECTS
Sent Location 1
;===================================================================================================================================================================================
No C:\Documents and Settings\John\Application Data\Atari\moggi.exe 1
No C:\Program Files\FwBarTemp\cohelper.exe 1
No C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\Cache\dist006.exe.vir[cohelper.exe] 1
No C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\kbd103.exe.vir 1
No C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\storprop.exe.vir 1
No C:\WINDOWS\rmkrewt.exe 1
No C:\WINDOWS\SYSTEM32\BCMSM136.exe 1
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description 1
;===================================================================================================================================================================================
;===================================================================================================================================================================================

katana
2009-01-11, 19:18
These all look like very old infections, have you installed an up-to date AV yet ?


Submit a File For Analysis
We need to have the files below Scanned by Uploading them/it to Virus Total

Please visit Virustotal (http://www.virustotal.com/en/indexf.html)
Copy/paste the the following file path into the window
C:\Documents and Settings\John\Application Data\Atari\moggi.exe
Click Submit/Send File
Please post back, to let me know the results.

Please do the same for the following file
C:\WINDOWS\rmkrewt.exe

If Virustotal is too busy please try Jotti (http://virusscan.jotti.org/)


OTMoveIt
Please download OTMoveIt3 by OldTimer (http://oldtimer.geekstogo.com/OTMoveIt3.exe) and save it to your desktop

Double-click OTMoveIt3.exe to run it.
Copy the lines in the codebox below. ( Make sure you include :Processes )



:Processes
explorer.exe
:Services
:Reg
[-hkey_current_user\software\bundles]
[-hkey_current_user\software\winupdt]
[-hkey_local_machine\software\dvx]
[-hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\power scan]
[-hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\sacc]
[-hkey_local_machine\software\msw]
[-hkey_local_machine\software\pgtaff]
[-hkey_local_machine\software\prositefinder]
[-hkey_local_machine\software\prositefinder1]
[-hkey_local_machine\software\yoursitebar]
[-hkey_local_machine\system\controlset001\enum\root\legacy_wintoolssvc]
[-hkey_local_machine\system\currentcontrolset\enum\root\legacy_wintoolssvc]
:Files
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\*.*
C:\Documents and Settings\John\.jpi_cache\file\1.0
C:\Program Files\Aprps
C:\Program Files\FwBarTemp
C:\Program Files\Netscape\Netscape\Plugins\npzango.dll
C:\Program Files\vol_toolbar\vol_toolbar.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ysbactivex.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\ysbactivex.dll
C:\WINDOWS\SYSTEM32\1800414.dll
C:\WINDOWS\SYSTEM32\Alzxpl.exe
C:\WINDOWS\SYSTEM32\better0503.dll
C:\WINDOWS\SYSTEM32\blizzard.dll
C:\WINDOWS\SYSTEM32\delfin0414.dll
C:\WINDOWS\SYSTEM32\dssley.exe_
C:\WINDOWS\SYSTEM32\dun.exe
C:\WINDOWS\SYSTEM32\golden513.dll
C:\WINDOWS\SYSTEM32\resmm.cpl
C:\WINDOWS\SYSTEM32\tdfjy.dat
C:\WINDOWS\asupdate.exe
C:\WINDOWS\cxtpls_loader.exe_
C:\WINDOWS\hrxdomksbq.exe
C:\WINDOWS\pss\gncht.exeCommon Startup
C:\WINDOWS\pss\rdri.exeCommon Startup
C:\WINDOWS\tvbklrog.exe
C:\WINDOWS\wupdt.exe_
C:\command.exe
C:\temp\*.*
C:\temporary\*.*
c:\casino.ico
c:\mypcsearch.exe
c:\program files\windows media player\wmplayer.exe.tmp
c:\windows\downloaded program files\mediagatewayx.dll
c:\windows\dsearch1.bin
c:\windows\helper101.dll
c:\windows\inf\conscorr.inf
c:\windows\inf\polall1r.inf
c:\windows\inf\satmat.inf
c:\windows\satmat.ini
c:\windows\system32\fleok
c:\windows\system32\free cell phone.ico
c:\windows\system32\free laptop computer.ico
c:\windows\system32\free ringtones!.ico
c:\windows\system32\free sony playstation.ico
c:\windows\system32\free u2 ipod.ico
c:\windows\system32\key.~
c:\windows\system32\lmd.bin
c:\windows\system32\log.~
c:\windows\system32\nba giveaway.ico
c:\windows\system32\winupdt.008
c:\windows\system32\winupdt.bin
:Commands
[Purity]
[EmptyTemp]
[Start Explorer]
[Reboot]



Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.


- Close ALL open windows (especially Internet Explorer!)-
Click the red Moveit! button.
Copy everything in the Results window (under the green bar), and paste it in your next reply.
Close OTMoveIt3


If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



ATF Cleaner by Atribune

Please Download ATF Cleaner (http://www.atribune.org/index.php?option=com_content&task=view&id=25&Itemid=25)
Double click ATF.exe
Put a check mark next to the items with an X
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
History
Prefetch
Java Cache
Recycle Bin
Select All X


Now click Empty Selected then Exit


1. Click on Start > All Programs > Accessories > System Tools > Disk Cleanup.
2. Select C drive and click OK.
3. Select the More Options tab.
4. Under System Restore, click on Clean up....
5. You will be prompted. Click Yes.
6. When done, click OK.
7. You will be prompted again. Press Yes to confirm.
8. When done, Disk Cleanup will close automatically.


Eset NOD32 Online AntiVirus


Run Eset NOD32 Online AntiVirus
http://www.eset.eu/online-scanner
Note: You will need to use Internet Explorer for this scan.

Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Disable your current Antivirus software. You can usually do this with its Notfication Tray icon near the clock.
Click Start
Make sure that the option "Remove found threats" is Un-checked, and the option "Scan unwanted applications" is checked
Click Scan
Wait for the scan to finish
Re-enable your Anvirisus software.
A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

ChristineOM
2009-01-12, 02:47
VirusTotal Log:

>>Please visit Virustotal
>>Copy/paste the the following file path into the window
>>C:\Documents and Settings\John\Application Data\Atari\moggi.exe
>>Click Submit/Send File
>>Please post back, to let me know the results.


When I ran virustotal, I got a msg that the file had already been scanned (although
I've never done that.)
I picked show last report and pasted. Then I picked analyze again and posted
those results below.


***********************************************************************************************
File has already been analysed:
MD5: 6006277f69777e8aa189cc077ed06919
First received: 10.30.2008 09:29:00 (CET)
Date: 10.30.2008 09:29:00 (CET) [>73D]
Results: 3/36
Permalink: analisis/224c64d8217085ef51dc858034abf74f


File moggi.exe received on 10.30.2008 09:29:00 (CET)
Current status: finished
Result: 3/36 (8.33%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - Suspicious File
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - -
Fortinet - - -
GData - - -
Ikarus - - -
K7AntiVirus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32 - - -
Norman - - -
Panda - - -
PCTools - - -
Prevx1 - - -
Rising - - -
SecureWeb-Gateway - - Virus.Win32.Malware.dam (suspicious)
Sophos - - -
Sunbelt - - VIPRE.Suspicious
Symantec - - -
TheHacker - - -
TrendMicro - - -
VBA32 - - -
ViRobot - - -
VirusBuster - - -
Additional information
MD5: 6006277f69777e8aa189cc077ed06919
SHA1: c49f23deadd525fc634667ddd36311affbde3802
SHA256: 9ffd482d3bc75a12147f31ee6b5c36fb46660052f5174c321b3b2b08cbc99d9d
SHA512: 7392ff4f54084196124c2b88a922e1c2ceef1bb76a47eec7a4f146692e8f20a51ba35b348484eccdf1b32a10748ae8ed6ddfa49bddc41c8a0bf007b519eb6178



****************************************************
New scan:


File moggi.exe received on 01.11.2009 22:46:59 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 6/38 (15.79%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 38 and 55 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
a-squared 4.0.0.73 2009.01.11 -
AhnLab-V3 2009.1.10.0 2009.01.11 -
AntiVir 7.9.0.54 2009.01.11 TR/Drop.Clicker.G
Authentium 5.1.0.4 2009.01.10 -
Avast 4.8.1281.0 2009.01.11 -
AVG 8.0.0.229 2009.01.11 -
BitDefender 7.2 2009.01.11 -
CAT-QuickHeal 10.00 2009.01.09 -
ClamAV 0.94.1 2009.01.11 -
Comodo 915 2009.01.11 -
DrWeb 4.44.0.09170 2009.01.11 -
eSafe 7.0.17.0 2009.01.11 Suspicious File
eTrust-Vet 31.6.6301 2009.01.10 -
F-Prot 4.4.4.56 2009.01.11 W32/Damaged_File.gen!Eldorado
F-Secure 8.0.14470.0 2009.01.11 -
Fortinet 3.117.0.0 2009.01.11 -
GData 19 2009.01.11 -
Ikarus T3.1.1.45.0 2009.01.11 -
K7AntiVirus 7.10.584 2009.01.09 -
Kaspersky 7.0.0.125 2009.01.11 -
McAfee 5492 2009.01.11 -
McAfee+Artemis 5492 2009.01.11 -
Microsoft 1.4205 2009.01.11 Trojan:Win32/FakeIA.D
NOD32 3757 2009.01.11 -
Norman 5.99.02 2009.01.09 -
Panda 9.4.3.3 2009.01.11 -
PCTools 4.4.2.0 2009.01.11 -
Prevx1 V2 2009.01.11 -
Rising 21.11.62.00 2009.01.11 -
SecureWeb-Gateway 6.7.6 2009.01.11 Trojan.Drop.Clicker.G
Sophos 4.37.0 2009.01.11 -
Sunbelt 3.2.1831.2 2009.01.09 VIPRE.Suspicious
Symantec 10 2009.01.11 -
TheHacker 6.3.1.4.217 2009.01.10 -
TrendMicro 8.700.0.1004 2009.01.11 -
VBA32 3.12.8.10 2009.01.10 -
ViRobot 2009.1.10.1553 2009.01.10 -
VirusBuster 4.5.11.0 2009.01.11 -
Additional information
File size: 45612 bytes
MD5...: 6006277f69777e8aa189cc077ed06919
SHA1..: c49f23deadd525fc634667ddd36311affbde3802
SHA256: 9ffd482d3bc75a12147f31ee6b5c36fb46660052f5174c321b3b2b08cbc99d9d
SHA512: 7392ff4f54084196124c2b88a922e1c2ceef1bb76a47eec7a4f146692e8f20a5
1ba35b348484eccdf1b32a10748ae8ed6ddfa49bddc41c8a0bf007b519eb6178
ssdeep: 768:2nLqKQijRrcME63FiT1UMp7raaX/yy9CpqFQ6wuG1C:ULqKQOcVQ2CM5GGMp
qFQng
PEiD..: -
TrID..: File type identification
Win16/32 Executable Delphi generic (34.0%)
Generic Win/DOS Executable (32.9%)
DOS Executable Generic (32.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: -










***********************************************************************
File rmkrewt.exe received on 01.11.2009 22:54:17 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 31/38 (81.58%)
Loading server information...
Your file is queued in position: 2.
Estimated start time is between 46 and 66 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
a-squared 4.0.0.73 2009.01.11 AdWare.BiSpy.W!IK
AhnLab-V3 2009.1.10.0 2009.01.11 Win-Trojan/Clicker.203776.C
AntiVir 7.9.0.54 2009.01.11 ADSPY/BiSpy.W
Authentium 5.1.0.4 2009.01.10 W32/Downloader.N.gen!Eldorado
Avast 4.8.1281.0 2009.01.11 Win32:Adan-115
AVG 8.0.0.229 2009.01.10 Win32/Heur
BitDefender 7.2 2009.01.11 Adware.Bispy.W
CAT-QuickHeal 10.00 2009.01.09 (Suspicious) - DNAScan
ClamAV 0.94.1 2009.01.11 -
Comodo 915 2009.01.11 -
DrWeb 4.44.0.09170 2009.01.11 Adware.BetterInternet
eSafe 7.0.17.0 2009.01.11 Suspicious File
eTrust-Vet 31.6.6301 2009.01.10 -
F-Prot 4.4.4.56 2009.01.10 W32/Downloader.N.gen!Eldorado
F-Secure 8.0.14470.0 2009.01.11 W32/Malware
Fortinet 3.117.0.0 2009.01.11 Adware/BetterInternet
GData 19 2009.01.11 Adware.Bispy.W
Ikarus T3.1.1.45.0 2009.01.11 AdWare.BiSpy.W
K7AntiVirus 7.10.584 2009.01.09 Non-Virus:AdWare.Win32.BiSpy.w
Kaspersky 7.0.0.125 2009.01.11 not-a-virus:AdWare.Win32.BiSpy.w
McAfee 5492 2009.01.11 potentially unwanted program Adware-abetterintrnt
McAfee+Artemis 5491 2009.01.10 potentially unwanted program Adware-abetterintrnt
Microsoft 1.4205 2009.01.11 Adware:Win32/ABetterInternet.G
NOD32 3756 2009.01.10 a variant of Win32/Adware.BetterInternet
Norman 5.99.02 2009.01.09 W32/Small.DE
Panda 9.4.3.3 2009.01.11 -
PCTools 4.4.2.0 2009.01.10 Adware.Transponder_Bolger
Prevx1 V2 2009.01.11 -
Rising 21.11.62.00 2009.01.11 Hack.Anti.Win32.Agent.k
SecureWeb-Gateway 6.7.6 2009.01.11 Ad-Spyware.BiSpy.W
Sophos 4.37.0 2009.01.11 Mal/EncPk-EB
Sunbelt 3.2.1831.2 2009.01.09 ABetterInternet.Aurora (v)
Symantec 10 2009.01.11 Adware.Aurora
TheHacker 6.3.1.4.217 2009.01.10 Adware/BiSpy.w
TrendMicro 8.700.0.1004 2009.01.09 -
VBA32 3.12.8.10 2009.01.10 AdWare.Win32.BetterInternet.p
ViRobot 2009.1.10.1553 2009.01.10 -
VirusBuster 4.5.11.0 2009.01.11 Adware.BiSpy.N
Additional information
File size: 203776 bytes
MD5...: ac8c94b9eda250dd2bd9e0551c038c23
SHA1..: 5d2d623948bbeb71c66b7111dee37a4afbf3daa6
SHA256: df34e8ec8faf5162677b1e6eb593008b3dad6668a6175f344cb2eb6e7d55d022
SHA512: bff556df2a3fc3de3b480c053adea4cbade1f53f75cc9f61881fa6946bd26636
07c8d90f98622020cf3a92eb22d4efc489d1c8fd46d576df5da57afd7e09dc52
ssdeep: 6144:qJYvJdg1Zv1HAzc625uZtjkN2BQwFcey9jKY371z:q+ngjCzc6HZiN4Qwhq
GUz
PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4390d4
timedatestamp.....: 0x405fdcbe (Tue Mar 23 06:44:14 2004)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x38000 0x2ec00 7.96 de213a4aa18fbcd0221647ba915923d9
.data 0x39000 0xec0 0x1000 7.09 933dbc749e70ecaa4e6ee3f25746b0fc
.rsrc 0x3a000 0x214 0x400 1.89 7b05162796380b3256114f138d7deda3
.reloc 0x3b000 0x168c 0x1800 6.55 b6179e64cfd0d05acff6dace29cf05c4

( 1 imports )
> kernel32.dll: GetProcAddress, GetModuleHandleA, LoadLibraryA

( 0 exports )
packers (F-Prot): PE-Crypt.PFD
packers (Authentium): PE-Crypt.PFD
**************************************************************
******************************************************

ChristineOM
2009-01-12, 02:50
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry key hkey_current_user\software\bundles\\ not found.
Registry key hkey_current_user\software\winupdt\\ not found.
Registry key hkey_local_machine\software\dvx\\ deleted successfully.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\power scan\\ deleted successfully.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\sacc\\ deleted successfully.
Registry key hkey_local_machine\software\msw\\ deleted successfully.
Registry key hkey_local_machine\software\pgtaff\\ deleted successfully.
Registry key hkey_local_machine\software\prositefinder\\ deleted successfully.
Registry key hkey_local_machine\software\prositefinder1\\ deleted successfully.
Unable to delete registry key hkey_local_machine\software\yoursitebar\\ .
Registry key hkey_local_machine\system\controlset001\enum\root\legacy_wintoolssvc\\ deleted successfully.
Registry key hkey_local_machine\system\currentcontrolset\enum\root\legacy_wintoolssvc\\ not found.
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AbetterInternet.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AbetterInternet1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AbetterInternet2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AbetterInternet3.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AbetterInternetAurora.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AbetterInternetAurora1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AbetterInternetAurora2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AbetterInternetAurora3.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AbetterInternetAurora4.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AbetterInternetAurora5.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AbetterInternetAurora6.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AbetterInternetAurora7.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AbetterInternetAurora8.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdDestroyer.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdDestroyer1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdDestroyer2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdDestroyer3.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdDestroyer4.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdRotator.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdRotator1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia3.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia4.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia5.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia6.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia7.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AskMyGlobalSearch.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AskMyGlobalSearch1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AskMyGlobalSearch10.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AskMyGlobalSearch11.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AskMyGlobalSearch12.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AskMyGlobalSearch13.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AskMyGlobalSearch14.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AskMyGlobalSearch15.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AskMyGlobalSearch16.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AskMyGlobalSearch17.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AskMyGlobalSearch18.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AskMyGlobalSearch19.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AskMyGlobalSearch2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AskMyGlobalSearch20.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AskMyGlobalSearch21.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AskMyGlobalSearch3.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AskMyGlobalSearch4.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AskMyGlobalSearch5.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AskMyGlobalSearch6.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AskMyGlobalSearch7.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AskMyGlobalSearch8.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AskMyGlobalSearch9.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AstaKiller.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite10.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite11.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite12.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite13.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite14.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite15.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite16.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite17.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite18.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite19.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite20.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite21.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite22.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite23.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite24.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite25.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite26.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite27.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite28.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite29.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite3.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite30.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite31.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite32.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite33.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite34.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite35.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite36.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite37.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite38.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite39.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite4.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite40.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite41.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite42.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite43.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite44.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite45.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite46.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite47.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite48.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite49.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite5.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite50.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite51.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite52.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite53.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite54.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite55.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite56.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite6.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite7.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite8.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite9.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace3.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BraveSentry.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz10.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz11.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz12.zip moved successfully.

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz13.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz14.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz15.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz16.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz17.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz18.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz19.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz20.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz21.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz22.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz23.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz24.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz25.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz26.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz27.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz28.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz29.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz3.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz30.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz31.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz32.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz33.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz34.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz35.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz36.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz37.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz38.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz39.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz4.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz40.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz41.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz42.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz43.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz44.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz45.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz46.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz5.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz6.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz7.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz8.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz9.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Casinopalazzo.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CleverIEHookerJeired.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CleverIEHookerJeired1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CleverIEHookerJeired2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CleverIEHookerJeired3.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CleverIEHookerJeired4.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CleverIEHookerJeired5.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService10.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService11.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService12.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService13.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService14.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService15.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService16.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService17.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService18.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService19.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService20.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService21.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService22.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService23.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService24.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService25.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService26.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService27.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService28.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService29.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService3.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService30.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService31.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService32.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService33.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService34.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService35.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService36.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService37.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService38.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService39.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService4.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService40.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService41.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService42.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService43.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService44.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService45.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService46.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService47.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService48.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService49.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService5.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService50.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService51.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService52.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService53.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService6.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService7.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService8.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService9.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch10.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch11.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch12.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch13.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch14.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch15.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch16.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch17.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch18.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch19.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch20.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch3.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch4.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch5.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch6.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch7.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch8.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch9.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank10.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank11.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank12.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank13.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank14.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank15.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank16.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank17.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank18.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank19.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank20.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank21.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank22.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank23.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank24.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank25.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank26.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank27.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank28.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank29.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank3.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank30.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank31.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank32.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank33.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank34.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank35.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank36.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank37.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank38.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank39.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank4.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank40.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank41.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank42.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank43.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank44.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank45.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank46.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank47.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank48.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank49.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank5.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank50.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank51.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank52.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank53.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank54.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank55.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank56.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank57.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank58.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank59.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank6.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank60.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank61.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank62.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank63.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank64.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank65.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank66.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank67.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank68.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank69.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank7.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank70.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank71.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank72.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank73.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank74.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank75.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank76.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank77.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank78.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank79.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank8.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank80.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank81.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank9.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchSvchost.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchSvchost1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CramToolbar.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DownloadAcceleratorPlus.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DriveCleaner.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DriveCleaner1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DriveCleaner2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DriveCleaner3.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DriveCleaner4.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DropSpam.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit10.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit11.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit12.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit13.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit14.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit15.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit16.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit17.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit18.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit19.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit20.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit21.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit22.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit23.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit24.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit25.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit26.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit27.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit28.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit29.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit3.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit30.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit31.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit4.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit5.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit6.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit7.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit8.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit9.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSSAgent.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSSAgent1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSSAgent10.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSSAgent2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSSAgent3.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSSAgent4.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSSAgent5.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSSAgent6.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSSAgent7.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSSAgent8.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSSAgent9.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCA.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCA1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCA10.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCA2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCA3.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCA4.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCA5.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCA6.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCA7.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCA8.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCA9.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer10.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer3.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer4.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer5.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer6.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer7.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer8.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer9.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\EffectiveBandToolbar.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\EffectiveBandToolbar1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\EffectiveBandToolbar2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\EGive.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ElitumEliteBar.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ElitumEliteBar1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ElitumEliteBar2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy10.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy11.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy12.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy13.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy14.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy15.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy16.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy17.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy18.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy19.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy20.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy21.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy22.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy23.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy24.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy25.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy26.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy27.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy28.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy29.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy3.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy30.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy31.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy32.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy33.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy34.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy35.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy36.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy37.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy38.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy39.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy4.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy40.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy41.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy42.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy43.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy44.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy45.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy46.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy47.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy48.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy49.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy5.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy50.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy51.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy52.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy53.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy54.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy55.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy6.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy7.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy8.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy9.zip moved successfully.

ChristineOM
2009-01-12, 02:53
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText10.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText11.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText12.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText13.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText14.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText15.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText16.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText17.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText18.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText19.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText20.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText21.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText22.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText23.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText24.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText25.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText26.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText27.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText28.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText29.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText3.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText30.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText31.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText32.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText33.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText34.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText35.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText36.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText37.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText38.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText39.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText4.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText40.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText41.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText42.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText43.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText44.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText45.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText46.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText47.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText48.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText49.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText5.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText50.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText51.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText52.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText53.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText54.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText55.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText56.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText57.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText58.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText59.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText6.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText60.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText61.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText62.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText63.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText64.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText65.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText66.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText67.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText68.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText69.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText7.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText70.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText71.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText72.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText73.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText74.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText75.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText76.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText8.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText9.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FakeJavacore.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FakeJavacore1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FakeJavacore2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FakeJavacore3.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FakeJavacore4.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FakeJavacore5.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FakeJavacore6.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FatPickle.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FatPickle1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Fizzlebar.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Fizzlebar1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Fizzlebar2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Fizzlebar3.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Fizzlebar4.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Fizzlebar5.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudPersonalDefender.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudPersonalDefender1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HuntBar.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HuntBar1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HuntBar2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HuntBar3.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HuntBar4.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hyperlinker.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hyperlinker1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hyperlinker2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hyperlinker3.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hyperlinker4.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IBISToolbar.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin10.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin11.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin12.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin13.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin14.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin15.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin16.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin17.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin18.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin19.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin20.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin21.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin22.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin23.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin24.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin25.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin26.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin27.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin28.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin29.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin3.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin30.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin4.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin5.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin6.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin7.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin8.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin9.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InterSysInc.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IntexpD.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IntexpD1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IntexpD2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IntexpD3.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IntexpD4.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IRCcrt.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IRCcrt1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\IRCcrt2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTactiveX.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTactiveX1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTactiveX2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTactiveX3.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTbar.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTDownloader.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTDownloader1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTsvc.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTsvc1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTsvcUpdater.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechPowerScan.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechPowerScan1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechPowerScan10.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechPowerScan11.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechPowerScan12.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechPowerScan13.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechPowerScan14.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechPowerScan15.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechPowerScan2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechPowerScan3.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechPowerScan4.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechPowerScan5.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechPowerScan6.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechPowerScan7.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechPowerScan8.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechPowerScan9.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechSideFind.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechSideFind1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechSideFind10.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechSideFind11.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechSideFind12.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechSideFind13.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechSideFind14.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechSideFind15.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechSideFind16.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechSideFind17.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechSideFind18.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechSideFind19.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechSideFind2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechSideFind20.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechSideFind21.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechSideFind22.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechSideFind3.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechSideFind4.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechSideFind5.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechSideFind6.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechSideFind7.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechSideFind8.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechSideFind9.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechSlotch.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechSlotch1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechSlotch2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechSlotch3.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechSlotch4.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechSlotch5.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechSlotch6.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechYSB.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechYSB1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechYSB10.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechYSB11.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechYSB12.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechYSB13.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechYSB14.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechYSB15.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechYSB16.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechYSB17.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechYSB18.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechYSB19.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechYSB2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechYSB20.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechYSB21.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechYSB22.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechYSB23.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechYSB24.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechYSB25.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechYSB26.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechYSB27.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechYSB28.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechYSB29.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechYSB3.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechYSB30.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechYSB31.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechYSB32.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechYSB33.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechYSB34.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechYSB4.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechYSB5.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechYSB6.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechYSB7.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechYSB8.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechYSB9.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\LookMeTopconverting.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\LookMeTopconverting1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\LookMeTopconverting2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\LookMeTopconverting3.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\LookMeTopconverting4.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\LookMeTopconverting5.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\LookMeTopconverting6.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\LookMeTopconverting7.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\LookMeTopconverting8.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusDisableNotify.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusDisableNotify1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusDisableNotify2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusDisableNotify3.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisableNotify.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisableNotify1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisableNotify2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisableNotify3.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMySearch.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\nCase.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\nCase1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\nCase10.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\nCase11.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\nCase12.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\nCase13.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\nCase14.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\nCase15.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\nCase16.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\nCase2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\nCase3.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\nCase4.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\nCase5.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\nCase6.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\nCase7.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\nCase8.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\nCase9.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkEssentialsSmartpopOops.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkEssentialsSmartpopOops1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkEssentialsSmartpopOops2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkEssentialsSmartpopOops3.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkEssentialsSmartpopOops4.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkEssentialsSmartpopOops5.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkEssentialsSmartpopOops6.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor3.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor4.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor5.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor6.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor7.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NewsUpdate.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NewsUpdate1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NewsUpdate2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NewsUpdate3.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NewsUpdate4.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NewsUpdate5.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NewsUpdate6.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Pacimedia.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Pacimedia1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Pacimedia2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PeopleOnPage.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PeopleOnPage1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PeopleOnPage2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PeopleOnPage3.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PeopleOnPage4.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PeopleOnPage5.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PeopleOnPage6.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PeopleOnPage7.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PeopleOnPageContextPlus.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SDWinWebsearch.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SecondThoughtSTCLoader.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SecondThoughtSTCLoader1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SeekSeek.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SeekSeek1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SeekSeek2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SeekSeek3.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SexList.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ShopAtHome.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ShopAtHome1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ShopAtHome2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ShopAtHome3.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ShopAtHome4.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC10.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC11.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC12.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC13.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC14.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC4.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC5.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC6.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC7.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC8.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC9.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCCoreService.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCCoreService1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCCoreService2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCCoreService3.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCCoreService4.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCCoreService5.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsMediaGatewayX.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\StartpageAP.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\StartpageAP1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfAccuracy.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfAccuracy1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfAccuracy2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick10.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick11.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick12.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick13.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick14.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick15.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick16.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick17.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick18.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick19.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick20.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick21.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick22.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick23.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick24.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick25.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick26.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick27.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick28.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick29.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick3.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick30.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick31.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick32.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick33.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick34.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick35.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick36.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick37.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick38.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick39.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick4.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick40.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick41.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick42.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick43.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick44.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick45.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick46.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick5.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick6.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick7.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick8.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick9.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Tango.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Topconverting.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Topconverting1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Topconverting2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Topconverting3.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TVMedia.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Unknown.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Unknown1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Unknown10.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Unknown11.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Unknown2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Unknown3.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Unknown4.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Unknown5.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Unknown6.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Unknown7.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Unknown8.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Unknown9.zip moved successfully.

ChristineOM
2009-01-12, 02:54
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VBouncer.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VBouncer1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VBouncer2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VBouncer3.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VBouncer4.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtualBouncer.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtualBouncer1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtualBouncer10.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtualBouncer11.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtualBouncer12.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtualBouncer13.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtualBouncer14.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtualBouncer15.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtualBouncer16.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtualBouncer17.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtualBouncer18.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtualBouncer19.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtualBouncer2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtualBouncer20.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtualBouncer21.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtualBouncer22.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtualBouncer23.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtualBouncer24.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtualBouncer3.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtualBouncer4.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtualBouncer5.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtualBouncer6.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtualBouncer7.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtualBouncer8.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtualBouncer9.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde10.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde11.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde12.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde13.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde14.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde15.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde16.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde17.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde18.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde19.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde20.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde21.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde22.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde23.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde24.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde25.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde26.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde27.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde28.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde29.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde3.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde30.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde31.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde32.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde33.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde34.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde35.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde36.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde37.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde38.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde39.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde4.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde40.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde41.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde42.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde43.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde44.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde45.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde46.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde47.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde48.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde49.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde5.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde50.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde51.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde52.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde53.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde54.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde6.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde7.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde8.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde9.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric10.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric11.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric12.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric13.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric14.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric15.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric16.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric17.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric3.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric4.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric5.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric6.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric7.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric8.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric9.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondeprx1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VXf.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VXf1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VXf2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VXf3.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VXf4.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VXf5.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VXFavoriteman.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VXFavoriteman1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VXLocalNRD.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebNexus.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebNexus1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebNexus2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebNexus3.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebRebatesTopRebates.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebRebatesTopRebates1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebRebatesTopRebates2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebRebatesTopRebates3.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebtoolstCPV.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentamwr.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentamwr1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentamwr2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsAdTools.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterTaskManager.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Winsecure.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Winsecure1.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Winsecure2.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Winsecure3.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Winsecure4.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Winsecure5.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinSmallbuy.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinSmallbuy1.zip moved successfully.
C:\Documents and Settings\John\.jpi_cache\file\1.0 moved successfully.
C:\Program Files\Aprps moved successfully.
C:\Program Files\FwBarTemp moved successfully.
DllUnregisterServer procedure not found in C:\Program Files\Netscape\Netscape\Plugins\npzango.dll
C:\Program Files\Netscape\Netscape\Plugins\npzango.dll NOT unregistered.
C:\Program Files\Netscape\Netscape\Plugins\npzango.dll moved successfully.
C:\Program Files\vol_toolbar\vol_toolbar.dll unregistered successfully.
C:\Program Files\vol_toolbar\vol_toolbar.dll moved successfully.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ysbactivex.dll unregistered successfully.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ysbactivex.dll moved successfully.
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\ysbactivex.dll unregistered successfully.
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\ysbactivex.dll moved successfully.
C:\WINDOWS\SYSTEM32\1800414.dll unregistered successfully.
C:\WINDOWS\SYSTEM32\1800414.dll moved successfully.
C:\WINDOWS\SYSTEM32\Alzxpl.exe moved successfully.
C:\WINDOWS\SYSTEM32\better0503.dll unregistered successfully.
C:\WINDOWS\SYSTEM32\better0503.dll moved successfully.
C:\WINDOWS\SYSTEM32\blizzard.dll unregistered successfully.
C:\WINDOWS\SYSTEM32\blizzard.dll moved successfully.
C:\WINDOWS\SYSTEM32\delfin0414.dll unregistered successfully.
C:\WINDOWS\SYSTEM32\delfin0414.dll moved successfully.
C:\WINDOWS\SYSTEM32\dssley.exe_ moved successfully.
C:\WINDOWS\SYSTEM32\dun.exe moved successfully.
C:\WINDOWS\SYSTEM32\golden513.dll unregistered successfully.
C:\WINDOWS\SYSTEM32\golden513.dll moved successfully.
C:\WINDOWS\SYSTEM32\resmm.cpl moved successfully.
C:\WINDOWS\SYSTEM32\tdfjy.dat moved successfully.
C:\WINDOWS\asupdate.exe moved successfully.
C:\WINDOWS\cxtpls_loader.exe_ moved successfully.
C:\WINDOWS\hrxdomksbq.exe moved successfully.
C:\WINDOWS\pss\gncht.exeCommon Startup moved successfully.
C:\WINDOWS\pss\rdri.exeCommon Startup moved successfully.
C:\WINDOWS\tvbklrog.exe moved successfully.
C:\WINDOWS\wupdt.exe_ moved successfully.
C:\command.exe moved successfully.
C:\temp\ZCWEDowST3.exe moved successfully.
C:\temporary\aun_0001.exe moved successfully.
c:\casino.ico moved successfully.
c:\myPcsearch.exe moved successfully.
c:\program files\windows media player\wmplayer.exe.tmp moved successfully.
c:\windows\downloaded program files\MediaGatewayX.dll unregistered successfully.
c:\windows\downloaded program files\MediaGatewayX.dll moved successfully.
c:\windows\dsearch1.bin moved successfully.
c:\windows\Helper101.dll unregistered successfully.
c:\windows\Helper101.dll moved successfully.
c:\windows\inf\conscorr.inf moved successfully.
c:\windows\inf\polall1r.inf moved successfully.
c:\windows\inf\satmat.inf moved successfully.
c:\windows\satmat.ini moved successfully.
c:\windows\system32\FLEOK moved successfully.
c:\windows\system32\Free Cell Phone.ico moved successfully.
c:\windows\system32\Free LapTop Computer.ico moved successfully.
c:\windows\system32\Free Ringtones!.ico moved successfully.
c:\windows\system32\Free Sony Playstation.ico moved successfully.
c:\windows\system32\Free U2 iPod.ico moved successfully.
c:\windows\system32\key.~ moved successfully.
c:\windows\system32\lmd.bin moved successfully.
c:\windows\system32\log.~ moved successfully.
c:\windows\system32\NBA Giveaway.ico moved successfully.
c:\windows\system32\winupdt.008 moved successfully.
c:\windows\system32\winupdt.bin moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01112009_165913

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT scheduled to be moved on reboot.

ChristineOM
2009-01-12, 04:38
I installed the AVast but I lost my internet access.
I uninstalled it so I could finish this part. Then I'll try to reinstall.
Thanks for your patience.


*********************
Eset log below:
********************

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3757 (20090111)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=01bcfc18fdcaec46a73a7972b5f00e81
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2009-01-12 02:18:19
# local_time=2009-01-11 09:18:19 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=252374
# found=100
# scan_time=3511
C:\Documents and Settings\John\.jpi_cache\jar\1.0\classload.jar-11faa9ed-1c91901b.zip multiple infiltrations 8BE223E929475D1921D8D543B6B380A2
C:\Documents and Settings\John\.jpi_cache\jar\1.0\classload.jar-11faa9ed-1c91901b.zip »ZIP »GetAccess.class Java/Exploit.Bytverify.F trojan 00000000000000000000000000000000
C:\Documents and Settings\John\.jpi_cache\jar\1.0\classload.jar-11faa9ed-1c91901b.zip »ZIP »InsecureClassLoader.class Java/Exploit.Bytverify.F trojan 00000000000000000000000000000000
C:\Documents and Settings\John\.jpi_cache\jar\1.0\classload.jar-11faa9ed-1c91901b.zip »ZIP »Dummy.class JS/IEStart trojan 00000000000000000000000000000000
C:\Documents and Settings\John\.jpi_cache\jar\1.0\classload.jar-11faa9ed-1c91901b.zip »ZIP »Installer.class Java/OpenConnection.F trojan 00000000000000000000000000000000
C:\Documents and Settings\John\.jpi_cache\jar\1.0\classload.jar-11faa9ed-6ae1ba12.zip multiple infiltrations 8BE223E929475D1921D8D543B6B380A2
C:\Documents and Settings\John\.jpi_cache\jar\1.0\classload.jar-11faa9ed-6ae1ba12.zip »ZIP »GetAccess.class Java/Exploit.Bytverify.F trojan 00000000000000000000000000000000
C:\Documents and Settings\John\.jpi_cache\jar\1.0\classload.jar-11faa9ed-6ae1ba12.zip »ZIP »InsecureClassLoader.class Java/Exploit.Bytverify.F trojan 00000000000000000000000000000000
C:\Documents and Settings\John\.jpi_cache\jar\1.0\classload.jar-11faa9ed-6ae1ba12.zip »ZIP »Dummy.class JS/IEStart trojan 00000000000000000000000000000000
C:\Documents and Settings\John\.jpi_cache\jar\1.0\classload.jar-11faa9ed-6ae1ba12.zip »ZIP »Installer.class Java/OpenConnection.F trojan 00000000000000000000000000000000
C:\Documents and Settings\John\.jpi_cache\jar\1.0\loaderadv325.jar-6096a995-6bab4b20.zip multiple infiltrations 7B113281D8C161D63E29E8FEAFC1F33F
C:\Documents and Settings\John\.jpi_cache\jar\1.0\loaderadv325.jar-6096a995-6bab4b20.zip »ZIP »Counter.class Java/ClassLoader.H trojan 00000000000000000000000000000000
C:\Documents and Settings\John\.jpi_cache\jar\1.0\loaderadv325.jar-6096a995-6bab4b20.zip »ZIP »Dummy.class Java/Dummy trojan 00000000000000000000000000000000
C:\Documents and Settings\John\.jpi_cache\jar\1.0\loaderadv325.jar-6096a995-6bab4b20.zip »ZIP »Matrix.class a variant of Java/TrojanDownloader.OpenStream.C trojan 00000000000000000000000000000000
C:\Documents and Settings\John\.jpi_cache\jar\1.0\loaderadv325.jar-6096a995-6bab4b20.zip »ZIP »Parser.class Java/ClassLoader.B trojan 00000000000000000000000000000000
C:\Program Files\ProSiteFinder\4bmgrnzd.DLL Win32/Adware.ClearSearch application 13A90A32585AD88A9F4734C64C84E1D5
C:\Program Files\ProSiteFinder\prositefinderh.exe Win32/Adware.ClearSearch application 88B783015990A61811624C80F8F6F7B5
C:\Program Files\ProSiteFinder\rucbxyy6.DLL Win32/Adware.ClearSearch application 3F788BB5165DC844E2AAB370BA0ABE40
C:\Program Files\ProSiteFinder\ProSiteFinder1\prositefinder1.dll Win32/Adware.ClearSearch application F1B068C2B29AF2EC732AB56B1B9E0D3E
C:\Program Files\ProSiteFinder\ProSiteFinder1\prositefinder1.exe Win32/Adware.ClearSearch application EFA656A910EE8F618B08583937F75892
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Start Menu\Programs\Startup\_gncht_.exe.zip a variant of Win32/TrojanDownloader.Qoologic trojan CA57D1C72093B187A79BBEC87AFD006A
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Start Menu\Programs\Startup\_gncht_.exe.zip »ZIP »gncht.exe a variant of Win32/TrojanDownloader.Qoologic trojan 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\aqadcup.exe.vir Win32/Agent.CO trojan 82E9DC16FA89D4F5FA848D65314BD4B4
C:\Qoobox\Quarantine\C\WINDOWS\msresearch.exe.vir a variant of Win32/TrojanDownloader.VB.WG trojan 4269C8A2C9F6B1D4036B9C5A4765863D
C:\Qoobox\Quarantine\C\WINDOWS\bundles\2504041019.exe_.vir Win32/Adware.VirtualBouncer application 95B14F7B7C1A59FE0A1A7AE42DDADC2F
C:\Qoobox\Quarantine\C\WINDOWS\bundles\2504041019.exe_.vir »WISE »InstallT.exe Win32/Adware.VirtualBouncer application 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\bundles\HelperInstaller.exe.tmp.vir Win32/TrojanClicker.Delf.NAA trojan 5EA08B3833A5CA2CE5051B05F93DF7C6
C:\Qoobox\Quarantine\C\WINDOWS\bundles\HelperInstaller.exe_.vir Win32/TrojanClicker.Delf.NAA trojan 5EA08B3833A5CA2CE5051B05F93DF7C6
C:\Qoobox\Quarantine\C\WINDOWS\bundles\setup_silent_26221.exe_.vir Win32/Adware.Horoscope application E6E2CA5682D7E8C7C3B59E91170A041F
C:\Qoobox\Quarantine\C\WINDOWS\bundles\shopinst.exe_.vir Win32/TrojanDownloader.Small.WJ trojan 3BD34E4A37C44A07C72687D559BC2BC0
C:\Qoobox\Quarantine\C\WINDOWS\bundles\traspec7.exe.vir Win32/Adware.Rebate application AEA61EA205865E4830D8FD65CC056DED
C:\Qoobox\Quarantine\C\WINDOWS\bundles\TVM_B5_Bundle_8.EXE.vir Win32/TrojanDropper.Small.HT trojan 26D3287A2AA9FD3A60E738AD08ADBA95
C:\Qoobox\Quarantine\C\WINDOWS\bundles\txdesuf.exe_.vir Win32/Agent.NAE trojan A0BE820DE580145F3CF9813178663D8A
C:\Qoobox\Quarantine\C\WINDOWS\bundles\vl_ezstub.exe_.vir Win32/Adware.Ezula application 3E91E6CDBB2707E3F9C34EEB80475CEB
C:\Qoobox\Quarantine\C\WINDOWS\Sm9obg\mA6Cv0.vbs.vir Win32/Adware.ISearch application 387EDBB90A5275D1B464EB31F3162C40
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\AUNPS2.dll.vir Win32/TrojanClicker.Small.EZ trojan 47405130C1016ED70FF4934E609765C0
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\byXrOGwV.dll.vir Win32/TrojanClicker.Agent.NFA trojan 11A3740706BDA3DE57CB4F3F14302DAA
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\fphkn.exe.vir Win32/TrojanDownloader.Qoologic.BK trojan 46AF89E5A32C3FA2173A3BAD585A3475
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\kbd103.exe.vir a variant of Win32/TrojanDownloader.Agent.ACR trojan 3890A197929FAFF077662A11B7086A83
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ljJBttUK.dll.vir Win32/TrojanClicker.Agent.NFA trojan 11A3740706BDA3DE57CB4F3F14302DAA
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ogpgns.exe.vir a variant of Win32/TrojanDownloader.Qoologic trojan 864FEB37FA648544642064105541BCC5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\storprop.exe.vir Win32/TrojanDownloader.Agent.AM trojan F104A888706FCA4DA22828A94B319B58
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\_pknnxxc_.exe.zip Win32/TrojanDownloader.Qoologic.BK trojan EF223CDD06F51587D541C500F1296AF0
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\_pknnxxc_.exe.zip »ZIP »pknnxxc.exe Win32/TrojanDownloader.Qoologic.BK trojan 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\Cache\AUNIcons.exe.vir Win32/TrojanDownloader.Agent.NCH trojan 48CF77E085B930AED4486990DDE153DD
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\Cache\dist006.exe.vir Win32/TrojanDownloader.VB.EU trojan C3FF74BF715C1DBE6267FA473AED0D7E
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\Cache\dist006.exe.vir »NSIS »searchbar.exe Win32/TrojanDownloader.VB.EU trojan 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\Cache\HelperInstall.exe.vir Win32/TrojanClicker.Delf.NAA trojan 66AE7528624B4A8F772DD04D9453390E
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\Cache\InstallAPS.exe.vir Win32/TrojanClicker.Small.EZ trojan D8335736912BDD71065C922D71EF70EF
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\Cache\installer_MARKETING17.exe.vir Win32/TrojanDownloader.Adload.A.gen trojan 9D1B73F71274E360B2FE4B27E722BB19
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\Cache\setup1021.exe.vir Win32/Adware.URLSpy application 86A85B6F7CAB5CA14F4790D765DCB6B5
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\Cache\setup1021.exe.vir »NSIS »IEHost30.exe Win32/Adware.URLSpy application 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\Cache\setup1021.exe.vir »NSIS »IEDll300.dll Win32/Adware.URLSpy application 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\Cache\setup1021.exe.vir »NSIS »uninstal.exe Win32/Adware.URLSpy application 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\Cache\setup1021.exe.vir »NSIS »pinstaller.exe Win32/Adware.URLSpy application 00000000000000000000000000000000
C:\WINDOWS\rmkrewt.exe a variant of Win32/Adware.BetterInternet application AC8C94B9EDA250DD2BD9E0551C038C23
C:\WINDOWS\Downloaded Program Files\site.ocx Win32/TrojanDownloader.Agent.EX trojan 48CF15F4D35E66D75F4B225D7559A582
C:\WINDOWS\SYSTEM32\6TO4SVC5.exe Win32/Adware.URLSpy application F0382A3136417C91215DC27104C2AEB2
C:\WINDOWS\SYSTEM32\AVICAP32.exe_ Win32/Adware.URLSpy application 2F518256AE544AA26CCFB800792A4E94
C:\WINDOWS\SYSTEM32\BCMSM136.exe Win32/Adware.URLSpy application 1D0EEBCECC205DE7033EBF9709D57AF6
C:\WINDOWS\SYSTEM32\Cuiofd.exe a variant of Win32/Adware.DealHelper application A338D634A989473E68A9D9265117BD5D
C:\WINDOWS\SYSTEM32\Ntilsf.exe a variant of Win32/Adware.DealHelper application A338D634A989473E68A9D9265117BD5D
C:\_OTMoveIt\MovedFiles\01112009_165913\command.exe Win32/TrojanDropper.Delf.EV trojan 4775B2FB155B64D3B8C8881BC2CA9E45
C:\_OTMoveIt\MovedFiles\01112009_165913\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudPersonalDefender1.zip Win32/Bagle.gen.zip worm 50C81C2E15DA2F165B88007BF9C9320D
C:\_OTMoveIt\MovedFiles\01112009_165913\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC8.zip Win32/Bagle.gen.zip worm 10596DB8520020355CA01146612B93B6
C:\_OTMoveIt\MovedFiles\01112009_165913\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentamwr2.zip Win32/Bagle.gen.zip worm 7DB96C125B2E5292BCEBD142BB6D9A60
C:\_OTMoveIt\MovedFiles\01112009_165913\Documents and Settings\John\.jpi_cache\file\1.0\BlackBox.class-1a9f5079-24eb3631.class Java/ClassLoader.E trojan 276A52500A6AE74CDD6F2011141FCB5B
C:\_OTMoveIt\MovedFiles\01112009_165913\Documents and Settings\John\.jpi_cache\file\1.0\BlackBox.class-6fc4ee1b-319d4ba8.class Java/ClassLoader.E trojan 276A52500A6AE74CDD6F2011141FCB5B
C:\_OTMoveIt\MovedFiles\01112009_165913\Documents and Settings\John\.jpi_cache\file\1.0\BlackBox.class-7b67fdbf-1e6f380c.class Java/ClassLoader.B trojan CB594A116CA272B9325311C631EC4804
C:\_OTMoveIt\MovedFiles\01112009_165913\Documents and Settings\John\.jpi_cache\file\1.0\Dummy.class-3161f485-4a3794af.class Java/ClassLoader.B trojan 05B561531A97EE7A3BB4523761BA29B6
C:\_OTMoveIt\MovedFiles\01112009_165913\Documents and Settings\John\.jpi_cache\file\1.0\Dummy.class-498f6d05-546b74a9.class Java/ClassLoader.Dummy.C trojan EF7A8439A4ECD5E445815018711E3513
C:\_OTMoveIt\MovedFiles\01112009_165913\Documents and Settings\John\.jpi_cache\file\1.0\Dummy.class-fff1517-66462c7a.class Java/ClassLoader.Dummy.C trojan EF7A8439A4ECD5E445815018711E3513
C:\_OTMoveIt\MovedFiles\01112009_165913\Documents and Settings\John\.jpi_cache\file\1.0\VerifierBug.class-207f16ed-415ebc82.class Java/Exploit.Bytverify trojan D9FB01E2A8444112C095748596C246C3
C:\_OTMoveIt\MovedFiles\01112009_165913\Documents and Settings\John\.jpi_cache\file\1.0\VerifierBug.class-2955075b-4aba85dc.class Java/Exploit.Bytverify trojan D9FB01E2A8444112C095748596C246C3
C:\_OTMoveIt\MovedFiles\01112009_165913\Documents and Settings\John\.jpi_cache\file\1.0\VerifierBug.class-559f225b-2b0a361a.class Java/Exploit.Bytverify trojan D9FB01E2A8444112C095748596C246C3
C:\_OTMoveIt\MovedFiles\01112009_165913\Program Files\Aprps\CxtPls.dll probably a variant of Win32/TrojanDownloader.Agent trojan 013EA1D93186BBAB0875579062364263
C:\_OTMoveIt\MovedFiles\01112009_165913\Program Files\Aprps\CxtPls.exe probably a variant of Win32/TrojanDownloader.Agent trojan 7BCA3DEB724410EA44C68321D2E4B884
C:\_OTMoveIt\MovedFiles\01112009_165913\Program Files\FwBarTemp\searchbar.exe Win32/TrojanDownloader.VB.EU trojan 78AEFA75A5BF090EFB27A5F953C28591
C:\_OTMoveIt\MovedFiles\01112009_165913\Program Files\Netscape\Netscape\Plugins\npzango.dll Win32/Adware.WinAd application 1DFBCDF5D76AD7D30A2396912106B623
C:\_OTMoveIt\MovedFiles\01112009_165913\Program Files\windows media player\wmplayer.exe.tmp Win32/TrojanDownloader.Small.APM trojan 22BB0D60044D69058579EE0AE9B4AC52
C:\_OTMoveIt\MovedFiles\01112009_165913\temp\ZCWEDowST3.exe Win32/TrojanDropper.Agent.RS trojan 2B5BB6C107D11464C6226F1E9E967476
C:\_OTMoveIt\MovedFiles\01112009_165913\temporary\aun_0001.exe Win32/TrojanDownloader.Small.NCU trojan B64C00966283EC190229AE1B29B57B20
C:\_OTMoveIt\MovedFiles\01112009_165913\WINDOWS\asupdate.exe Win32/Qhost trojan C3657513C9B8C560ECCB8F77FDCF5941
C:\_OTMoveIt\MovedFiles\01112009_165913\WINDOWS\cxtpls_loader.exe_ Win32/Adware.Apropos application 262CF7EBD18BDBC6D08A0AFE1339B326
C:\_OTMoveIt\MovedFiles\01112009_165913\WINDOWS\Helper101.dll Win32/TrojanClicker.Delf.NAA trojan BFE37D0E867B06AA20ED125C1E4FA2AE
C:\_OTMoveIt\MovedFiles\01112009_165913\WINDOWS\hrxdomksbq.exe Win32/Adware.BetterInternet application F4A7A068D941BC6BB4297D76F5363266
C:\_OTMoveIt\MovedFiles\01112009_165913\WINDOWS\tvbklrog.exe Win32/Adware.BkdSpace application BE92B91F52C12D5B8C6DC54ACB0C6333
C:\_OTMoveIt\MovedFiles\01112009_165913\WINDOWS\wupdt.exe_ Win32/TrojanDownloader.Intexp.C trojan C6FA71B2555C0D85C0F3B490F58B2658
C:\_OTMoveIt\MovedFiles\01112009_165913\WINDOWS\Downloaded Program Files\MediaGatewayX.dll Win32/Adware.WinAd application 126E6EEAC26F5EC81BFD7EBC1CDD2B88
C:\_OTMoveIt\MovedFiles\01112009_165913\WINDOWS\Downloaded Program Files\CONFLICT.1\ysbactivex.dll Win32/TrojanDownloader.IstBar trojan 0F583EBEDA6325C6FF867EDE8328E165
C:\_OTMoveIt\MovedFiles\01112009_165913\WINDOWS\Downloaded Program Files\CONFLICT.2\ysbactivex.dll Win32/TrojanDownloader.IstBar trojan 2CBD09163F9ABE96508031FDD36C2485
C:\_OTMoveIt\MovedFiles\01112009_165913\WINDOWS\pss\gncht.exeCommon Startup a variant of Win32/TrojanDownloader.Qoologic trojan 864FEB37FA648544642064105541BCC5
C:\_OTMoveIt\MovedFiles\01112009_165913\WINDOWS\pss\rdri.exeCommon Startup Win32/TrojanDownloader.Qoologic trojan 804313F75F3CD38E15695C3E41F2D26F
C:\_OTMoveIt\MovedFiles\01112009_165913\WINDOWS\SYSTEM32\1800414.dll a variant of Win32/Adware.180Solutions application 4FAE41FA4536027447885AAC28400DED
C:\_OTMoveIt\MovedFiles\01112009_165913\WINDOWS\SYSTEM32\Alzxpl.exe Win32/Adware.DealHelper application B0A1EF46662BBE5590B3D47F6B823B2A
C:\_OTMoveIt\MovedFiles\01112009_165913\WINDOWS\SYSTEM32\better0503.dll Win32/Adware.BetterInternet application DD9CD7A77910FCD6253A7010934E192C
C:\_OTMoveIt\MovedFiles\01112009_165913\WINDOWS\SYSTEM32\delfin0414.dll a variant of Win32/TrojanDownloader.Delmed trojan 7CCDF911570A16F887700F4BE4C1C726
C:\_OTMoveIt\MovedFiles\01112009_165913\WINDOWS\SYSTEM32\dssley.exe_ Win32/TrojanDownloader.Agent.ED trojan 54EA5E9D9250ECD1256C529ACED07BD3
C:\_OTMoveIt\MovedFiles\01112009_165913\WINDOWS\SYSTEM32\dun.exe a variant of Win32/Adware.DealHelper application E9AC186BC7D1E1129B69A699D43983F1
C:\_OTMoveIt\MovedFiles\01112009_165913\WINDOWS\SYSTEM32\tdfjy.dat a variant of Win32/TrojanDownloader.Qoologic trojan 864FEB37FA648544642064105541BCC5

katana
2009-01-12, 15:42
OTMoveIt


Double-click OTMoveIt3.exe to run it.
Copy the lines in the codebox below. ( Make sure you include :Processes )



:Processes
:Files
C:\Documents and Settings\John\.jpi_cache\jar\1.0
C:\Program Files\
C:\WINDOWS\rmkrewt.exe
C:\WINDOWS\Downloaded Program Files\site.ocx
C:\WINDOWS\SYSTEM32\6TO4SVC5.exe
C:\WINDOWS\SYSTEM32\AVICAP32.exe_
C:\WINDOWS\SYSTEM32\BCMSM136.exe
C:\WINDOWS\SYSTEM32\Cuiofd.exe
C:\WINDOWS\SYSTEM32\Ntilsf.exe




Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.


- Close ALL open windows (especially Internet Explorer!)-
Click the red Moveit! button.
Copy everything in the Results window (under the green bar), and paste it in your next reply.
Close OTMoveIt3


If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


How are things running now, any problems still ?

ChristineOM
2009-01-13, 04:52
Not sure what you had in mind under Program Files.
I installed avast again but can't get it to behave so that I can get my internet connection. I had to uninstall so I could post. I'll do some reading to figure out what I'm missing.

System is running much better although I still have a svcHost.exe that uses up to 95% CPU. Need to figure out if this is a legit hog or something more sinister.

========== PROCESSES ==========
========== FILES ==========
C:\Documents and Settings\John\.jpi_cache\jar\1.0 moved successfully.
Item C:\Program Files is whitelisted and cannot be moved.
C:\WINDOWS\rmkrewt.exe moved successfully.
C:\WINDOWS\Downloaded Program Files\site.ocx unregistered successfully.
C:\WINDOWS\Downloaded Program Files\site.ocx moved successfully.
C:\WINDOWS\SYSTEM32\6TO4SVC5.exe moved successfully.
C:\WINDOWS\SYSTEM32\AVICAP32.exe_ moved successfully.
C:\WINDOWS\SYSTEM32\BCMSM136.exe moved successfully.
C:\WINDOWS\SYSTEM32\Cuiofd.exe moved successfully.
C:\WINDOWS\SYSTEM32\Ntilsf.exe moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01122009_181838

katana
2009-01-13, 16:19
1) Not sure what you had in mind under Program Files.
2) I installed avast again but can't get it to behave so that I can get my internet connection.

1) That would be C:\Program Files\ProSiteFinder, It's a good job OT is cleverer than I am :)
2) It may be a firewall setting, have you tried disabling Mcafee when Avast is installed ?



OTMoveIt

Double-click OTMoveIt3.exe to run it.
Copy the lines in the codebox below. ( Make sure you include :Processes )



:Processes
:Files
C:\Program Files\ProSiteFinder


Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.


- Close ALL open windows (especially Internet Explorer!)-
Click the red Moveit! button.
Copy everything in the Results window (under the green bar), and paste it in your next reply.
Close OTMoveIt3


If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Please post a fresh RSIT log also

ChristineOM
2009-01-14, 04:58
Tried installing the avast with the firewall disabled but after the restart, the internet connection didn't restore.
I'll try the AntiVir

========== PROCESSES ==========
========== FILES ==========
C:\Program Files\ProSiteFinder\ProSiteFinder1 moved successfully.
C:\Program Files\ProSiteFinder moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01132009_203123

***************************************************
Logfile of random's system information tool 1.05 (written by random/random)
Run by Bryan at 2009-01-13 21:52:08
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 21 GB (54%) free of 38 GB
Total RAM: 511 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:52:09 PM, on 1/13/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Bryan\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Bryan.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: vzTCPConfig - http://www.verizon.net/checkmypc/fios/includes/vzTCPConfig.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://vpn2.safelnk.net/dana-cached/setup/JuniperSetupSP1.cab
O18 - Protocol: bw+0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe (file missing)
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Performance Logs and Alerts (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe (file missing)

--
End of file - 18771 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\WebReg Photosmart C7200 series.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-11-18 333192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-08-14 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-11-18 333192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MCUpdateExe"=C:\PROGRA~1\mcafee.com\agent\McUpdate.exe [2006-01-11 212992]
"MCAgentExe"=c:\PROGRA~1\mcafee.com\agent\mcagent.exe [2005-09-22 303104]
"MPFExe"=C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe [2005-11-11 1005096]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2007-06-29 286720]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-09-26 267064]
"Verizon_McciTrayApp"=C:\Program Files\Verizon\McciTrayApp.exe [2007-09-28 936960]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2003-10-06 5058560]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"=C:\Program Files\Microsoft Works\WkDetect.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4576695a6f56]
C:\WINDOWS\System32\BCMSM136.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2002-04-10 679936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AHQInit]
C:\Program Files\Creative\SBLive\Program\AHQInit.exe [2001-03-28 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe [2005-09-22 303104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe [2006-01-11 212992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe [2005-11-11 1005096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\System32\NvCpl.dll [2003-10-06 5058560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe [2002-09-28 26112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe [2005-05-22 100056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2006-11-30 4662776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
C:\PROGRA~1\DIGITA~1\DLG.exe [2002-02-15 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^gncht.exe]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\gncht.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP OfficeJet Startup.lnk]
C:\PROGRA~1\HEWLET~1\HPOFFI~1\Bin\HPOstr05.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
C:\PROGRA~1\COMMON~1\MICROS~1\WORKSS~1\wkcalrem.exe [2001-08-07 24633]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkvMon.exe.lnk]
C:\PROGRA~1\Nikon\NkView5\NkvMon.exe [2002-07-23 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Bryan^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
C:\Documents and Settings\Bryan\Local Settings\Temp\{F365626A-7FC9-4AB8-8F2C-030F89A101FF}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe /remind /language=ENU /PRNM=RollerCoaster Tycoon 3/PRMP=RCT3/SKUN=PCXX/GTYP=STRY []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"navapsvc"=2
"mnmsrvc"=3

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
""=
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe"="C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

======List of files/folders created in the last 1 months======

2009-01-11 20:18:25 ----D---- C:\Program Files\EsetOnlineScanner
2009-01-11 16:59:28 ----SHD---- C:\RECYCLER
2009-01-11 16:59:13 ----D---- C:\_OTMoveIt
2009-01-11 16:56:09 ----A---- C:\VirusTotal.txt
2009-01-11 16:29:46 ----D---- C:\Program Files\Alwil Software
2009-01-11 03:02:07 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-01-11 03:01:44 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2009-01-11 03:01:27 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2009-01-10 10:36:25 ----D---- C:\Program Files\AskBarDis
2009-01-10 10:36:13 ----D---- C:\Program Files\Foxit Software
2009-01-10 10:36:13 ----D---- C:\Documents and Settings\Bryan\Application Data\Foxit
2009-01-10 03:02:02 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-01-10 03:01:48 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-01-10 03:01:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-01-09 11:46:31 ----D---- C:\Program Files\Panda Security
2009-01-09 08:34:15 ----A---- C:\ComboFix.txt
2009-01-08 18:47:11 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-01-08 17:45:25 ----A---- C:\WINDOWS\system32\LuResult.txt
2009-01-08 07:57:21 ----A---- C:\Boot.bak
2009-01-08 07:56:59 ----RASHD---- C:\cmdcons
2009-01-08 07:55:20 ----A---- C:\WINDOWS\zip.exe
2009-01-08 07:55:20 ----A---- C:\WINDOWS\VFIND.exe
2009-01-08 07:55:20 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-01-08 07:55:20 ----A---- C:\WINDOWS\SWSC.exe
2009-01-08 07:55:20 ----A---- C:\WINDOWS\SWREG.exe
2009-01-08 07:55:20 ----A---- C:\WINDOWS\sed.exe
2009-01-08 07:55:20 ----A---- C:\WINDOWS\NIRCMD.exe
2009-01-08 07:55:20 ----A---- C:\WINDOWS\grep.exe
2009-01-08 07:55:20 ----A---- C:\WINDOWS\fdsv.exe
2009-01-08 07:34:18 ----D---- C:\WINDOWS\ERDNT
2009-01-08 07:34:18 ----D---- C:\Qoobox
2009-01-07 17:03:33 ----D---- C:\Documents and Settings\Bryan\Application Data\Malwarebytes
2009-01-07 17:03:07 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-07 17:03:07 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-06 19:08:20 ----A---- C:\WINDOWS\WORDPAD.INI
2009-01-06 19:04:16 ----D---- C:\rsit
2009-01-04 21:36:23 ----D---- C:\Rosary
2008-12-30 13:32:24 ----D---- C:\Program Files\Trend Micro
2008-12-18 02:57:04 ----D---- C:\WINDOWS\system32\LogFiles
2008-12-15 19:08:39 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-12-15 19:08:38 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2008-12-15 19:08:38 ----D---- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
2008-12-15 19:08:38 ----D---- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)

======List of files/folders modified in the last 1 months======

2009-01-13 21:44:15 ----D---- C:\WINDOWS\Prefetch
2009-01-13 21:43:03 ----D---- C:\Program Files\Mozilla Firefox
2009-01-13 21:41:43 ----D---- C:\WINDOWS\Temp
2009-01-13 21:35:26 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-13 21:27:43 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-13 21:26:40 ----AD---- C:\WINDOWS\SYSTEM32
2009-01-13 21:26:34 ----D---- C:\WINDOWS\system32\DRIVERS
2009-01-13 20:31:23 ----AD---- C:\Program Files
2009-01-12 19:52:38 ----SD---- C:\WINDOWS\Tasks
2009-01-12 18:19:59 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-12 18:19:59 ----AD---- C:\WINDOWS
2009-01-11 19:27:22 ----D---- C:\WINDOWS\Minidump
2009-01-11 17:04:16 ----D---- C:\WINDOWS\system32\CONFIG
2009-01-11 16:59:25 ----HD---- C:\WINDOWS\INF
2009-01-11 16:59:24 ----D---- C:\WINDOWS\pss
2009-01-11 16:59:24 ----D---- C:\temporary
2009-01-11 16:59:24 ----D---- C:\temp
2009-01-11 16:59:24 ----D---- C:\Program Files\Windows Media Player
2009-01-11 16:59:23 ----D---- C:\Program Files\vol_toolbar
2009-01-11 03:02:12 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-01-11 03:02:04 ----A---- C:\WINDOWS\imsins.BAK
2009-01-11 03:01:55 ----D---- C:\Program Files\Internet Explorer
2009-01-11 03:01:41 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-10 11:28:00 ----D---- C:\Documents and Settings\Bryan\Application Data\Mozilla
2009-01-10 10:38:50 ----SHD---- C:\WINDOWS\Installer
2009-01-10 10:38:49 ----HD---- C:\Config.Msi
2009-01-10 10:38:40 ----D---- C:\Program Files\Common Files\Adobe
2009-01-09 08:21:51 ----A---- C:\WINDOWS\system.ini
2009-01-09 08:10:52 ----AD---- C:\Program Files\Common Files
2009-01-09 08:10:51 ----D---- C:\WINDOWS\AppPatch
2009-01-08 18:27:59 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-08 17:45:25 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-01-08 17:16:40 ----D---- C:\Program Files\Norton AntiVirus
2009-01-08 17:16:40 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-01-08 07:57:21 ----ASH---- C:\BOOT.INI
2009-01-07 15:40:33 ----A---- C:\WINDOWS\system32\cbdd6ed2-.txt
2009-01-02 15:49:14 ----D---- C:\WINDOWS\Registration
2008-12-16 19:10:30 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-15 19:31:30 ----D---- C:\Program Files\Spybot - Search & Destroy

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2002-09-20 59440]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2002-09-20 23724]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2002-04-10 236032]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 MPFIREWL;MPFIREWL; C:\WINDOWS\System32\Drivers\MpFirewall.sys [2005-11-11 80640]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2002-04-10 117898]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-04-05 267192]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2002-04-10 206336]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2002-09-28 8552]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\PfModNT.sys []
R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [2001-08-17 3712]
R3 DM9102;DAVICOM 9102(A) PCI Fast Ethernet Based NT Driver; C:\WINDOWS\System32\DRIVERS\DM9PCI5.SYS [2001-08-17 29696]
R3 emu10k;Creative SB Live! Value (WDM); C:\WINDOWS\system32\drivers\emu10k1f.sys [2001-09-13 777088]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlface.sys [2001-07-11 6912]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2002-04-10 29638]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2003-11-09 28164]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-10-06 1550043]
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfman.sys [2001-08-31 36992]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-04 42496]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 Dot4;IEEE-1284.4 Driver; C:\WINDOWS\System32\DRIVERS\Dot4.sys [2004-08-04 207360]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\System32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2002-04-10 24554]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 hidgame;Microsoft Hid to Joystick Port Enabler; C:\WINDOWS\System32\DRIVERS\hidgame.sys [2001-08-17 8576]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys []
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys []
S3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\drivers\LVPr2Mon.sys []
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 nv4;nv4; C:\WINDOWS\System32\DRIVERS\nv4.sys [2001-08-17 731648]
S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys []
S3 PID_08A0;Logitech QuickCam IM(PID_08A0); C:\WINDOWS\system32\DRIVERS\LV302AV.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 SNDP202;Dual Mode Camera (8008 VGA); C:\WINDOWS\system32\DRIVERS\sndp202.sys [2003-01-16 245120]
S3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\System32\DRIVERS\serscan.sys [2001-08-17 6784]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-04-05 17976]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2007-09-06 30336]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2004-08-04 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2004-08-04 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2004-08-04 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2004-08-04 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2004-08-04 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2004-08-04 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.EXE [1999-12-13 44032]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 HPSLPSVC;HP Network Devices Support; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 McDetect.exe;McAfee WSC Integration; c:\program files\mcafee.com\agent\mcdetect.exe [2005-10-13 126976]
R2 McTskshd.exe;McAfee Task Scheduler; c:\PROGRA~1\mcafee.com\agent\mctskshd.exe [2005-08-24 122368]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2003-10-06 81920]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2004-08-11 38912]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-06-26 53520]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-09-26 503608]
R3 MpfService;McAfee Personal Firewall Service; C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe [2005-11-11 548864]
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
S2 LVPrcSrv;Logitech Process Monitor; c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager; C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe [2005-07-01 245760]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-04-05 206552]

-----------------EOF-----------------

ChristineOM
2009-01-14, 04:59
info.txt logfile of random's system information tool 1.05 2009-01-13 21:52:12

======Uninstall list======

-->C:\Program Files\Creative\SBLive\Program\Upddrv2k.EXE
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\News\CTNews.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\AudioHQ.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\CTMixer.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\HTML.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Midi.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\PlayCenter2\Player2.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Recorder\Recorder.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Restore.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\SoundFont.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\WaveStudio\Wstudio.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Uninstall\Installer.isu"
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
3D Groove Playback Engine-->RunDll32 C:\WINDOWS\DOWNLO~1\GrooveAX.dll,_RemoveGroove@16
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG
Adobe Download Manager 2.0 (Remove Only)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Apple Mobile Device Support-->MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft Software Suite-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\Software Suite\Uninst.isu"
Ask Toolbar-->"C:\Program Files\AskBarDis\unins000.exe"
Backyard Baseball 2001-->C:\WINDOWS\IsUninst.exe -fC:\HEGames\Baseball2001\Uninst.isu
Backyard Football 2002-->C:\WINDOWS\IsUninst.exe -fC:\HEGames\Football2002\Uninst.isu -c"C:\HEGames\Football2002\Uninst.dll
BCM V.92 56K Modem-->C:\WINDOWS\BCMSMU.exe quiet
Bob the Builder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{36373CE1-6999-11D5-96DC-98302790D441}\SETUP.EXE"
Classic PhoneTools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}\setup.exe" -l0x9 ControlPanel
Dell | Support-->MsiExec.exe /X{91E8A85F-2960-40ED-BA84-7F4567BB00C0}
Dell Modem-On-Hold-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Dell Picture Studio - Dell Image Expert-->MsiExec.exe /I{151C555A-A9E7-4A2E-B6D7-165D04A3C956}
Dell Solution Center-->MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Disney's Toontown Online-->C:\PROGRA~1\Disney\DISNEY~1\Toontown\UNWISE.EXE /A C:\PROGRA~1\Disney\DISNEY~1\Toontown\INSTALL.LOG
Downhill Derby-->C:\PROGRA~1\CARTOO~1\DOWNHI~1\UNWISE.EXE C:\PROGRA~1\CARTOO~1\DOWNHI~1\INSTALL.LOG
Dreamship Tales-->C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\Dreamship Tales\Uninstall.xml"
Dual Mode Camera (8008 VGA)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E85397AD-D60E-4141-82E6-FAA312A09271}\Setup.exe" -l0x9
Easy CD Creator 5 Basic-->MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
ESET Online Scanner-->C:\WINDOWS\system32\OnlineScannerUninstaller.exe
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Great Adventures Castle-->C:\Program Files\The Learning Company\Great Adventures Castle\uninstal.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Customer Participation Program 9.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 9.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 9.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart All-In-One Software 9.0-->C:\Program Files\HP\Digital Imaging\{B46AC30C-22D2-4610-B041-1DA7BB29EB57}\setup\hpzscr01.exe -datfile hposcr21.dat
HP Photosmart Essential 2.01-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP Smart Web Printing-->MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
HP Solution Center 9.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HPSSupply-->MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
IE Host R3-->C:\WINDOWS\System32\6TO4SVC5.exe
iTunes-->MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306}
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 2.6 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee Personal Firewall Plus-->c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=mpf /interact=1 /script_proactive=0 /start=C:\PROGRA~1\mcafee.com\agent\uninst\mpfrem.ui::uninstall.htm
McAfee SecurityCenter-->c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=msc /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
Microsoft Combat Flight Simulator-->"C:\Program Files\Microsoft Games\Combat Flight Simulator\UNINSTAL.EXE" /runtemp
Microsoft Command & Control Engine-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mscnc.inf, Uninstall
Microsoft Encarta Encyclopedia Standard 2002-->MsiExec.exe /I{01001202-823E-46CD-A70E-BEE818F97169}
Microsoft Money 2002 System Pack-->MsiExec.exe /I{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}
Microsoft Money 2002-->MsiExec.exe /I{E7298FD5-1386-11D5-8D6C-0050DAD32D95}
Microsoft Picture It! Photo 2002-->MsiExec.exe /I{C769A271-7E1C-48F9-B331-474600DD4C06}
Microsoft Speech API 3.0-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\spchapi.inf, Uninstall
Microsoft Speech Lexicon-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mslex.inf, Uninstall
Microsoft Streets and Trips 2002-->MsiExec.exe /I{12BDDF23-B1DB-49C8-92D3-3E6841CCED61}
Microsoft Word 2002-->MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works 2002 Setup Launcher-->C:\Program Files\Microsoft Works Suite 2002\Setup\Launcher.exe D:\
Microsoft Works 6.0-->MsiExec.exe /I{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}
Microsoft Works Suite Add-in for Microsoft Word-->MsiExec.exe /I{C3A439E4-7303-491F-A678-CEA36A87D517}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MUSICMATCH Jukebox-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\Uninst.isu" -cC:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.dll
Need For Speed Hot Pursuit 2-->C:\Program Files\EA Games\Need For Speed Hot Pursuit 2\EAUninstall.exe
Netscape Navigator (9.0.0.6)-->C:\Program Files\Netscape\Navigator 9\uninstall\helper.exe
Nikon View 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}\setup.exe" UNINSTALL
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvdd.inf
Paint Shop Pro 7-->MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Personalized Learning Center-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\The Learning Company\Personalized Learning Center\Uninst.isu"
PhotoSuite 4 (Remove Only)-->"C:\Program Files\Roxio\PhotoSuite 4\System\MGIUninstall.exe" C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Roxio\PhotoSuite 4\Uninst.isu" -c"C:\Program Files\Roxio\PhotoSuite 4\System\CustomUninstall.dll"
PRO200WL-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{280C7673-2DF8-4E74-B031-D8F108BE2A6D}\SETUP.EXE" -uninst
ProSiteFinder-->C:\Program Files\ProSiteFinder\Uninstall.EXE
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
RollerCoaster Tycoon 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\Setup.exe" -l0x9
Scooby-Doo(TM), Showdown in Ghost Town(TM)-->C:\Program Files\The Learning Company\Scooby-Doo(TM), Showdown in Ghost Town(TM)\uninstall.exe
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931768)-->"C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933566)-->"C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Shockwave-->C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
Sound Blaster Live! Value-->C:\Program Files\Creative\Uninstall\CTUNINST.EXE /U:UNINST1.INI
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
StarFlyers Royal Jewel Rescue-->C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\StarFlyers Royal Jewel Rescue\Uninstall.xml"
TuneLand-->C:\7thLevel\TuneLand\uninstal.exe
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update for Windows XP (KB946627)-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Verizon Online Help and Support-->C:\PROGRA~1\Verizon\UNWISE.EXE C:\PROGRA~1\Verizon\INSTALL.LOG
Viewpoint Media Player (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
Zoo Tycoon 2-->"C:\Program Files\Microsoft Games\Zoo Tycoon 2\UNINSTAL.EXE" /runtemp /uninstall

======Security center information======

FW: McAfee Personal Firewall Plus

System event log

Computer Name: KIDSCOMPUTER
Event Code: 7
Message: The device, \Device\Harddisk0\D, has a bad block.

Record Number: 57450
Source Name: Disk
Time Written: 20090110104100.000000-300
Event Type: error
User:

Computer Name: KIDSCOMPUTER
Event Code: 7
Message: The device, \Device\Harddisk0\D, has a bad block.

Record Number: 57449
Source Name: Disk
Time Written: 20090110104054.000000-300
Event Type: error
User:

Computer Name: KIDSCOMPUTER
Event Code: 7036
Message: The Application Management service entered the stopped state.

Record Number: 57448
Source Name: Service Control Manager
Time Written: 20090110104049.000000-300
Event Type: information
User:

Computer Name: KIDSCOMPUTER
Event Code: 7
Message: The device, \Device\Harddisk0\D, has a bad block.

Record Number: 57447
Source Name: Disk
Time Written: 20090110104049.000000-300
Event Type: error
User:

Computer Name: KIDSCOMPUTER
Event Code: 7
Message: The device, \Device\Harddisk0\D, has a bad block.

Record Number: 57446
Source Name: Disk
Time Written: 20090110104044.000000-300
Event Type: error
User:

Application event log

Computer Name: KIDSCOMPUTER
Event Code: 1004
Message: Detection of product '{C769A271-7E1C-48F9-B331-474600DD4C06}', feature 'Minimal_Install', component '{E4C1C410-606B-4DFD-98D8-C3EB776ABC8C}' failed. The resource 'C:\WINDOWS\System32\ltfil11n.DLL' does not exist.

Record Number: 75784
Source Name: MsiInstaller
Time Written: 20080922165129.000000-240
Event Type: warning
User: KIDSCOMPUTER\Bryan

Computer Name: KIDSCOMPUTER
Event Code: 1004
Message: Detection of product '{C769A271-7E1C-48F9-B331-474600DD4C06}', feature 'Minimal_Install', component '{E4C1C410-606B-4DFD-98D8-C3EB776ABC8C}' failed. The resource 'C:\WINDOWS\System32\ltfil11n.DLL' does not exist.

Record Number: 75783
Source Name: MsiInstaller
Time Written: 20080922165129.000000-240
Event Type: warning
User: KIDSCOMPUTER\Bryan

Computer Name: KIDSCOMPUTER
Event Code: 1004
Message: Detection of product '{C769A271-7E1C-48F9-B331-474600DD4C06}', feature 'Minimal_Install', component '{E4C1C410-606B-4DFD-98D8-C3EB776ABC8C}' failed. The resource 'C:\WINDOWS\System32\ltfil11n.DLL' does not exist.

Record Number: 75782
Source Name: MsiInstaller
Time Written: 20080922165128.000000-240
Event Type: warning
User: KIDSCOMPUTER\Bryan

Computer Name: KIDSCOMPUTER
Event Code: 1004
Message: Detection of product '{C769A271-7E1C-48F9-B331-474600DD4C06}', feature 'Minimal_Install', component '{E4C1C410-606B-4DFD-98D8-C3EB776ABC8C}' failed. The resource 'C:\WINDOWS\System32\ltfil11n.DLL' does not exist.

Record Number: 75781
Source Name: MsiInstaller
Time Written: 20080922165128.000000-240
Event Type: warning
User: KIDSCOMPUTER\Bryan

Computer Name: KIDSCOMPUTER
Event Code: 1004
Message: Detection of product '{C769A271-7E1C-48F9-B331-474600DD4C06}', feature 'Minimal_Install', component '{E4C1C410-606B-4DFD-98D8-C3EB776ABC8C}' failed. The resource 'C:\WINDOWS\System32\ltfil11n.DLL' does not exist.

Record Number: 75780
Source Name: MsiInstaller
Time Written: 20080922165128.000000-240
Event Type: warning
User: KIDSCOMPUTER\Bryan

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0204
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

katana
2009-01-14, 13:41
Run CheckDisc
Start >> Run
in the open window copy/paste
chkdsk c:
Click "OK" or press enter



Please download FileLook by jpshortstuff from one of these mirrors:
Link 1 (http://jpshortstuff.247fixes.com/FileLook.exe)
Link 2 (http://images.malwareremoval.com/jpshortstuff/FileLook.exe)
Double-click FileLook.exe to run it.
Ensure that the BBCode Ouput checkbox is checked.
Copy the content of the following codebox into the main textfield:


smlogsvc.exe /s
ltfil11n.DLL /s

Click the FileLook button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at C:\fl_log.txt




Please delete the folder C:RSIT, and run RSIT.exe again

ChristineOM
2009-01-15, 03:45
FileLook.exe v2.0 by jpshortstuff
Log created at 19:54 on 14/01/2009
==================================
FileSearch - "SMLOGSVC.EXE"

C:\I386\SMLOGSVC.EXE (86016 bytes - created on 26/09/2002 at 22:00, modified on 18/08/2001 at 11:00)
C:\WINDOWS\ServicePackFiles\i386\smlogsvc.exe (89600 bytes - created on 04/08/2004 at 07:56, modified on 04/08/2004 at 07:56)
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\smlogsvc.exe (89600 bytes - created on 29/10/2008 at 11:30, modified on 14/04/2008 at 00:12)
C:\WINDOWS\SYSTEM32\SMLOGSVC.EXE_ (86016 bytes - created on 18/08/2001 at 11:00, modified on 18/08/2001 at 11:00)
==================================
FileLook - "tfil11n.DLL"

Unable to find file.

==============================

=EOF=



info.txt logfile of random's system information tool 1.05 2009-01-14 20:32:18

======Uninstall list======

-->C:\Program Files\Creative\SBLive\Program\Upddrv2k.EXE
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\News\CTNews.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\AudioHQ.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\CTMixer.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\HTML.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Midi.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\PlayCenter2\Player2.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Recorder\Recorder.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Restore.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\SoundFont.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\WaveStudio\Wstudio.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Uninstall\Installer.isu"
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
3D Groove Playback Engine-->RunDll32 C:\WINDOWS\DOWNLO~1\GrooveAX.dll,_RemoveGroove@16
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG
Adobe Download Manager 2.0 (Remove Only)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Apple Mobile Device Support-->MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft Software Suite-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\Software Suite\Uninst.isu"
Ask Toolbar-->"C:\Program Files\AskBarDis\unins000.exe"
Backyard Baseball 2001-->C:\WINDOWS\IsUninst.exe -fC:\HEGames\Baseball2001\Uninst.isu
Backyard Football 2002-->C:\WINDOWS\IsUninst.exe -fC:\HEGames\Football2002\Uninst.isu -c"C:\HEGames\Football2002\Uninst.dll
BCM V.92 56K Modem-->C:\WINDOWS\BCMSMU.exe quiet
Bob the Builder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{36373CE1-6999-11D5-96DC-98302790D441}\SETUP.EXE"
Classic PhoneTools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}\setup.exe" -l0x9 ControlPanel
Dell | Support-->MsiExec.exe /X{91E8A85F-2960-40ED-BA84-7F4567BB00C0}
Dell Modem-On-Hold-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Dell Picture Studio - Dell Image Expert-->MsiExec.exe /I{151C555A-A9E7-4A2E-B6D7-165D04A3C956}
Dell Solution Center-->MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Disney's Toontown Online-->C:\PROGRA~1\Disney\DISNEY~1\Toontown\UNWISE.EXE /A C:\PROGRA~1\Disney\DISNEY~1\Toontown\INSTALL.LOG
Downhill Derby-->C:\PROGRA~1\CARTOO~1\DOWNHI~1\UNWISE.EXE C:\PROGRA~1\CARTOO~1\DOWNHI~1\INSTALL.LOG
Dreamship Tales-->C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\Dreamship Tales\Uninstall.xml"
Dual Mode Camera (8008 VGA)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E85397AD-D60E-4141-82E6-FAA312A09271}\Setup.exe" -l0x9
Easy CD Creator 5 Basic-->MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
ESET Online Scanner-->C:\WINDOWS\system32\OnlineScannerUninstaller.exe
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Great Adventures Castle-->C:\Program Files\The Learning Company\Great Adventures Castle\uninstal.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Customer Participation Program 9.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 9.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 9.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart All-In-One Software 9.0-->C:\Program Files\HP\Digital Imaging\{B46AC30C-22D2-4610-B041-1DA7BB29EB57}\setup\hpzscr01.exe -datfile hposcr21.dat
HP Photosmart Essential 2.01-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP Smart Web Printing-->MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
HP Solution Center 9.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HPSSupply-->MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
IE Host R3-->C:\WINDOWS\System32\6TO4SVC5.exe
iTunes-->MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306}
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 2.6 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee Personal Firewall Plus-->c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=mpf /interact=1 /script_proactive=0 /start=C:\PROGRA~1\mcafee.com\agent\uninst\mpfrem.ui::uninstall.htm
McAfee SecurityCenter-->c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=msc /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
Microsoft Combat Flight Simulator-->"C:\Program Files\Microsoft Games\Combat Flight Simulator\UNINSTAL.EXE" /runtemp
Microsoft Command & Control Engine-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mscnc.inf, Uninstall
Microsoft Encarta Encyclopedia Standard 2002-->MsiExec.exe /I{01001202-823E-46CD-A70E-BEE818F97169}
Microsoft Money 2002 System Pack-->MsiExec.exe /I{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}
Microsoft Money 2002-->MsiExec.exe /I{E7298FD5-1386-11D5-8D6C-0050DAD32D95}
Microsoft Picture It! Photo 2002-->MsiExec.exe /I{C769A271-7E1C-48F9-B331-474600DD4C06}
Microsoft Speech API 3.0-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\spchapi.inf, Uninstall
Microsoft Speech Lexicon-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mslex.inf, Uninstall
Microsoft Streets and Trips 2002-->MsiExec.exe /I{12BDDF23-B1DB-49C8-92D3-3E6841CCED61}
Microsoft Word 2002-->MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works 2002 Setup Launcher-->C:\Program Files\Microsoft Works Suite 2002\Setup\Launcher.exe D:\
Microsoft Works 6.0-->MsiExec.exe /I{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}
Microsoft Works Suite Add-in for Microsoft Word-->MsiExec.exe /I{C3A439E4-7303-491F-A678-CEA36A87D517}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MUSICMATCH Jukebox-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\Uninst.isu" -cC:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.dll
Need For Speed Hot Pursuit 2-->C:\Program Files\EA Games\Need For Speed Hot Pursuit 2\EAUninstall.exe
Netscape Navigator (9.0.0.6)-->C:\Program Files\Netscape\Navigator 9\uninstall\helper.exe
Nikon View 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}\setup.exe" UNINSTALL
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvdd.inf
Paint Shop Pro 7-->MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Personalized Learning Center-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\The Learning Company\Personalized Learning Center\Uninst.isu"
PhotoSuite 4 (Remove Only)-->"C:\Program Files\Roxio\PhotoSuite 4\System\MGIUninstall.exe" C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Roxio\PhotoSuite 4\Uninst.isu" -c"C:\Program Files\Roxio\PhotoSuite 4\System\CustomUninstall.dll"
PRO200WL-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{280C7673-2DF8-4E74-B031-D8F108BE2A6D}\SETUP.EXE" -uninst
ProSiteFinder-->C:\Program Files\ProSiteFinder\Uninstall.EXE
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
RollerCoaster Tycoon 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\Setup.exe" -l0x9
Scooby-Doo(TM), Showdown in Ghost Town(TM)-->C:\Program Files\The Learning Company\Scooby-Doo(TM), Showdown in Ghost Town(TM)\uninstall.exe
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931768)-->"C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933566)-->"C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Security Update for Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Shockwave-->C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
Sound Blaster Live! Value-->C:\Program Files\Creative\Uninstall\CTUNINST.EXE /U:UNINST1.INI
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
StarFlyers Royal Jewel Rescue-->C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\StarFlyers Royal Jewel Rescue\Uninstall.xml"
TuneLand-->C:\7thLevel\TuneLand\uninstal.exe
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update for Windows XP (KB946627)-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Verizon Online Help and Support-->C:\PROGRA~1\Verizon\UNWISE.EXE C:\PROGRA~1\Verizon\INSTALL.LOG
Viewpoint Media Player (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
Zoo Tycoon 2-->"C:\Program Files\Microsoft Games\Zoo Tycoon 2\UNINSTAL.EXE" /runtemp /uninstall

======Security center information======

FW: McAfee Personal Firewall Plus

System event log

Computer Name: KIDSCOMPUTER
Event Code: 7
Message: The device, \Device\Harddisk0\D, has a bad block.

Record Number: 57484
Source Name: Disk
Time Written: 20090110104600.000000-300
Event Type: error
User:

Computer Name: KIDSCOMPUTER
Event Code: 7
Message: The device, \Device\Harddisk0\D, has a bad block.

Record Number: 57483
Source Name: Disk
Time Written: 20090110104600.000000-300
Event Type: error
User:

Computer Name: KIDSCOMPUTER
Event Code: 7023
Message: The Computer Browser service terminated with the following error:
The specified module could not be found.


Record Number: 57482
Source Name: Service Control Manager
Time Written: 20090110104600.000000-300
Event Type: error
User:

Computer Name: KIDSCOMPUTER
Event Code: 7000
Message: The Logitech Process Monitor service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 57481
Source Name: Service Control Manager
Time Written: 20090110104549.000000-300
Event Type: error
User:

Computer Name: KIDSCOMPUTER
Event Code: 7
Message: The device, \Device\Harddisk0\D, has a bad block.

Record Number: 57480
Source Name: Disk
Time Written: 20090110104548.000000-300
Event Type: error
User:

Application event log

Computer Name: KIDSCOMPUTER
Event Code: 1001
Message: Detection of product '{415CDA53-9100-476F-A7B2-476691E117C7}', feature 'BHO' failed during request for component '{B3D8434E-FB30-46FD-96AC-3DC190A3D755}'

Record Number: 75810
Source Name: MsiInstaller
Time Written: 20080927115328.000000-240
Event Type: warning
User: KIDSCOMPUTER\David

Computer Name: KIDSCOMPUTER
Event Code: 1004
Message: Detection of product '{415CDA53-9100-476F-A7B2-476691E117C7}', feature 'BHO', component '{A0F2E614-9721-460B-BE65-B9892366E0D8}' failed. The resource 'C:\Documents and Settings\Bryan\Application Data\HPAppData\RegClean.dll' does not exist.

Record Number: 75809
Source Name: MsiInstaller
Time Written: 20080927115328.000000-240
Event Type: warning
User: KIDSCOMPUTER\David

Computer Name: KIDSCOMPUTER
Event Code: 11729
Message: Product: HP Smart Web Printing -- Configuration failed.

Record Number: 75808
Source Name: MsiInstaller
Time Written: 20080927082140.000000-240
Event Type: information
User: KIDSCOMPUTER\David

Computer Name: KIDSCOMPUTER
Event Code: 11706
Message: Product: HP Smart Web Printing -- Error 1706.No valid source could be found for product HP Smart Web Printing. The Windows Installer cannot continue.

Record Number: 75807
Source Name: MsiInstaller
Time Written: 20080927082140.000000-240
Event Type: error
User: KIDSCOMPUTER\David

Computer Name: KIDSCOMPUTER
Event Code: 1001
Message: Detection of product '{415CDA53-9100-476F-A7B2-476691E117C7}', feature 'BHO' failed during request for component '{B3D8434E-FB30-46FD-96AC-3DC190A3D755}'

Record Number: 75806
Source Name: MsiInstaller
Time Written: 20080927082121.000000-240
Event Type: warning
User: KIDSCOMPUTER\David

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0204
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

ChristineOM
2009-01-15, 03:55
Logfile of random's system information tool 1.05 (written by random/random)
Run by Bryan at 2009-01-14 20:32:11
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 21 GB (54%) free of 38 GB
Total RAM: 511 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:32:15 PM, on 1/14/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Bryan\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Bryan.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: vzTCPConfig - http://www.verizon.net/checkmypc/fios/includes/vzTCPConfig.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://vpn2.safelnk.net/dana-cached/setup/JuniperSetupSP1.cab
O18 - Protocol: bw+0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {0A8887F1-EF83-4122-A7DD-D372C2DC2604} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe (file missing)
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Performance Logs and Alerts (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe (file missing)

--
End of file - 18771 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\WebReg Photosmart C7200 series.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-11-18 333192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-08-14 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-11-18 333192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MCUpdateExe"=c:\PROGRA~1\mcafee.com\agent\mcupdate.exe [2006-01-11 212992]
"MCAgentExe"=c:\PROGRA~1\mcafee.com\agent\mcagent.exe [2005-09-22 303104]
"MPFExe"=C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe [2005-11-11 1005096]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2007-06-29 286720]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-09-26 267064]
"Verizon_McciTrayApp"=C:\Program Files\Verizon\McciTrayApp.exe [2007-09-28 936960]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2003-10-06 5058560]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"=C:\Program Files\Microsoft Works\WkDetect.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4576695a6f56]
C:\WINDOWS\System32\BCMSM136.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2002-04-10 679936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AHQInit]
C:\Program Files\Creative\SBLive\Program\AHQInit.exe [2001-03-28 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe [2005-09-22 303104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe [2006-01-11 212992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe [2005-11-11 1005096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\System32\NvCpl.dll [2003-10-06 5058560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe [2002-09-28 26112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe [2005-05-22 100056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2006-11-30 4662776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
C:\PROGRA~1\DIGITA~1\DLG.exe [2002-02-15 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^gncht.exe]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\gncht.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP OfficeJet Startup.lnk]
C:\PROGRA~1\HEWLET~1\HPOFFI~1\Bin\HPOstr05.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
C:\PROGRA~1\COMMON~1\MICROS~1\WORKSS~1\wkcalrem.exe [2001-08-07 24633]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkvMon.exe.lnk]
C:\PROGRA~1\Nikon\NkView5\NkvMon.exe [2002-07-23 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Bryan^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
C:\Documents and Settings\Bryan\Local Settings\Temp\{F365626A-7FC9-4AB8-8F2C-030F89A101FF}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe /remind /language=ENU /PRNM=RollerCoaster Tycoon 3/PRMP=RCT3/SKUN=PCXX/GTYP=STRY []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"navapsvc"=2
"mnmsrvc"=3

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
""=
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe"="C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

======List of files/folders created in the last 1 months======

2009-01-14 20:32:11 ----D---- C:\rsit
2009-01-14 19:54:33 ----A---- C:\FileLook.txt
2009-01-11 20:18:25 ----D---- C:\Program Files\EsetOnlineScanner
2009-01-11 16:59:28 ----SHD---- C:\RECYCLER
2009-01-11 16:59:13 ----D---- C:\_OTMoveIt
2009-01-11 16:56:09 ----A---- C:\VirusTotal.txt
2009-01-11 16:29:46 ----D---- C:\Program Files\Alwil Software
2009-01-11 03:02:07 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-01-11 03:01:44 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2009-01-11 03:01:27 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2009-01-10 10:36:25 ----D---- C:\Program Files\AskBarDis
2009-01-10 10:36:13 ----D---- C:\Program Files\Foxit Software
2009-01-10 10:36:13 ----D---- C:\Documents and Settings\Bryan\Application Data\Foxit
2009-01-10 03:02:02 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-01-10 03:01:48 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-01-10 03:01:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-01-09 11:46:31 ----D---- C:\Program Files\Panda Security
2009-01-09 08:34:15 ----A---- C:\ComboFix.txt
2009-01-08 18:47:11 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-01-08 17:45:25 ----A---- C:\WINDOWS\system32\LuResult.txt
2009-01-08 07:57:21 ----A---- C:\Boot.bak
2009-01-08 07:56:59 ----RASHD---- C:\cmdcons
2009-01-08 07:55:20 ----A---- C:\WINDOWS\zip.exe
2009-01-08 07:55:20 ----A---- C:\WINDOWS\VFIND.exe
2009-01-08 07:55:20 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-01-08 07:55:20 ----A---- C:\WINDOWS\SWSC.exe
2009-01-08 07:55:20 ----A---- C:\WINDOWS\SWREG.exe
2009-01-08 07:55:20 ----A---- C:\WINDOWS\sed.exe
2009-01-08 07:55:20 ----A---- C:\WINDOWS\NIRCMD.exe
2009-01-08 07:55:20 ----A---- C:\WINDOWS\grep.exe
2009-01-08 07:55:20 ----A---- C:\WINDOWS\fdsv.exe
2009-01-08 07:34:18 ----D---- C:\WINDOWS\ERDNT
2009-01-08 07:34:18 ----D---- C:\Qoobox
2009-01-07 17:03:33 ----D---- C:\Documents and Settings\Bryan\Application Data\Malwarebytes
2009-01-07 17:03:07 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-07 17:03:07 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-06 19:08:20 ----A---- C:\WINDOWS\WORDPAD.INI
2009-01-04 21:36:23 ----D---- C:\Rosary
2008-12-30 13:32:24 ----D---- C:\Program Files\Trend Micro
2008-12-18 02:57:04 ----D---- C:\WINDOWS\system32\LogFiles
2008-12-15 19:08:39 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-12-15 19:08:38 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2008-12-15 19:08:38 ----D---- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
2008-12-15 19:08:38 ----D---- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)

======List of files/folders modified in the last 1 months======

2009-01-14 19:54:23 ----D---- C:\WINDOWS\Prefetch
2009-01-14 11:03:03 ----D---- C:\Program Files\Mozilla Firefox
2009-01-13 21:41:43 ----D---- C:\WINDOWS\Temp
2009-01-13 21:35:26 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-13 21:27:43 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-13 21:26:40 ----AD---- C:\WINDOWS\SYSTEM32
2009-01-13 21:26:34 ----D---- C:\WINDOWS\system32\DRIVERS
2009-01-13 20:31:23 ----AD---- C:\Program Files
2009-01-12 19:52:38 ----SD---- C:\WINDOWS\Tasks
2009-01-12 18:19:59 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-12 18:19:59 ----AD---- C:\WINDOWS
2009-01-11 19:27:22 ----D---- C:\WINDOWS\Minidump
2009-01-11 17:04:16 ----D---- C:\WINDOWS\system32\CONFIG
2009-01-11 16:59:25 ----HD---- C:\WINDOWS\INF
2009-01-11 16:59:24 ----D---- C:\WINDOWS\pss
2009-01-11 16:59:24 ----D---- C:\temporary
2009-01-11 16:59:24 ----D---- C:\temp
2009-01-11 16:59:24 ----D---- C:\Program Files\Windows Media Player
2009-01-11 16:59:23 ----D---- C:\Program Files\vol_toolbar
2009-01-11 03:02:12 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-01-11 03:02:04 ----A---- C:\WINDOWS\imsins.BAK
2009-01-11 03:01:55 ----D---- C:\Program Files\Internet Explorer
2009-01-11 03:01:41 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-10 11:28:00 ----D---- C:\Documents and Settings\Bryan\Application Data\Mozilla
2009-01-10 10:38:50 ----SHD---- C:\WINDOWS\Installer
2009-01-10 10:38:49 ----HD---- C:\Config.Msi
2009-01-10 10:38:40 ----D---- C:\Program Files\Common Files\Adobe
2009-01-09 08:21:51 ----A---- C:\WINDOWS\system.ini
2009-01-09 08:10:52 ----AD---- C:\Program Files\Common Files
2009-01-09 08:10:51 ----D---- C:\WINDOWS\AppPatch
2009-01-08 18:27:59 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-08 17:45:25 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-01-08 17:16:40 ----D---- C:\Program Files\Norton AntiVirus
2009-01-08 17:16:40 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-01-08 07:57:21 ----ASH---- C:\BOOT.INI
2009-01-07 15:40:33 ----A---- C:\WINDOWS\system32\cbdd6ed2-.txt
2009-01-02 15:49:14 ----D---- C:\WINDOWS\Registration
2008-12-16 19:10:30 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-15 19:31:30 ----D---- C:\Program Files\Spybot - Search & Destroy

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2002-09-20 59440]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2002-09-20 23724]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2002-04-10 236032]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 MPFIREWL;MPFIREWL; C:\WINDOWS\System32\Drivers\MpFirewall.sys [2005-11-11 80640]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2002-04-10 117898]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-04-05 267192]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2002-04-10 206336]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2002-09-28 8552]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\PfModNT.sys []
R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [2001-08-17 3712]
R3 DM9102;DAVICOM 9102(A) PCI Fast Ethernet Based NT Driver; C:\WINDOWS\System32\DRIVERS\DM9PCI5.SYS [2001-08-17 29696]
R3 emu10k;Creative SB Live! Value (WDM); C:\WINDOWS\system32\drivers\emu10k1f.sys [2001-09-13 777088]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlface.sys [2001-07-11 6912]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2002-04-10 29638]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2003-11-09 28164]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-10-06 1550043]
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfman.sys [2001-08-31 36992]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2007-09-06 30336]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-04 42496]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 Dot4;IEEE-1284.4 Driver; C:\WINDOWS\System32\DRIVERS\Dot4.sys [2004-08-04 207360]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\System32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2002-04-10 24554]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 hidgame;Microsoft Hid to Joystick Port Enabler; C:\WINDOWS\System32\DRIVERS\hidgame.sys [2001-08-17 8576]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys []
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys []
S3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\drivers\LVPr2Mon.sys []
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 nv4;nv4; C:\WINDOWS\System32\DRIVERS\nv4.sys [2001-08-17 731648]
S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys []
S3 PID_08A0;Logitech QuickCam IM(PID_08A0); C:\WINDOWS\system32\DRIVERS\LV302AV.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 SNDP202;Dual Mode Camera (8008 VGA); C:\WINDOWS\system32\DRIVERS\sndp202.sys [2003-01-16 245120]
S3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\System32\DRIVERS\serscan.sys [2001-08-17 6784]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-04-05 17976]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2004-08-04 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2004-08-04 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2004-08-04 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2004-08-04 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2004-08-04 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2004-08-04 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.EXE [1999-12-13 44032]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 HPSLPSVC;HP Network Devices Support; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 McDetect.exe;McAfee WSC Integration; c:\program files\mcafee.com\agent\mcdetect.exe [2005-10-13 126976]
R2 McTskshd.exe;McAfee Task Scheduler; c:\PROGRA~1\mcafee.com\agent\mctskshd.exe [2005-08-24 122368]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2003-10-06 81920]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2004-08-11 38912]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-06-26 53520]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-09-26 503608]
R3 MpfService;McAfee Personal Firewall Service; C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe [2005-11-11 548864]
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
S2 LVPrcSrv;Logitech Process Monitor; c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager; C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe [2005-07-01 245760]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-04-05 206552]

-----------------EOF-----------------

katana
2009-01-15, 14:11
Remove Norton

Please click HERE (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039?Open&src=&docid=2001092114452606&nsf=nav.nsf&view=docid&dtype=&prod=&ver=&osv=&osv_lvl=) and follow the instructions to download and run the norton removal tool


Custom CFScript

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:



FCopy::
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\smlogsvc.exe|C:\WINDOWS\SYSTEM32\SMLOGSVC.EXE
File::

Save this as CFScript.txt and place it on your desktop.


http://i51.photobucket.com/albums/f387/Katana_1970/CFScriptb.gif


Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper





Please Download GMER to your desktop

Download GMER (http://www.gmer.net/gmer.zip) and extract it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click Yes.

Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.

GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.
If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked. Click the Scan button and let the program do its work. GMER will produce a log.
Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.


DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.

ChristineOM
2009-01-16, 05:55
I've used up quite a bit of your time at this point ... I really appreciate your help at what point is it time for you to cut me loose and tell me to just reformat and start again??


I ran the Norton Removal. I don't see any of the Symantech residuals but I still have the Norton folder with the LiveUpdate installer in it. Can I just remove those?


GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-15 22:41:54
Windows 5.1.2600 Service Pack 2


---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\Tcpip \Device\Ip MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
AttachedDevice \Driver\Tcpip \Device\Ip ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
AttachedDevice \Driver\Tcpip \Device\Tcp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)

Device ACPI.sys (ACPI Driver for NT/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
AttachedDevice \Driver\Tcpip \Device\Udp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
AttachedDevice \Driver\Tcpip \Device\RawIp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)

---- EOF - GMER 1.0.14 ----


ComboFix 09-01-13.04 - Bryan 2009-01-15 21:30:10.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.193 [GMT -5:00]
Running from: c:\documents and settings\Bryan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Bryan\Desktop\CFscript.txt
FW: McAfee Personal Firewall Plus *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\smlogsvc.exe --> c:\windows\SYSTEM32\SMLOGSVC.EXE
.
((((((((((((((((((((((((( Files Created from 2008-12-16 to 2009-01-16 )))))))))))))))))))))))))))))))
.

2009-01-15 21:31 . 2009-01-15 21:31 <DIR> d-------- c:\windows\LastGood
2009-01-15 21:31 . 2008-04-13 19:12 89,600 --a------ c:\windows\SYSTEM32\OLD18.tmp
2009-01-15 21:30 . 2004-08-04 02:56 89,600 --a------ c:\windows\SYSTEM32\smlogsvc.exe
2009-01-15 21:30 . 2004-08-04 02:56 89,600 --a------ c:\windows\SYSTEM32\DLLCACHE\smlogsvc.exe
2009-01-15 20:52 . 2009-01-15 20:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-01-14 20:32 . 2009-01-14 20:32 <DIR> d-------- C:\rsit
2009-01-11 20:18 . 2009-01-11 21:18 <DIR> d-------- c:\program files\EsetOnlineScanner
2009-01-11 16:59 . 2009-01-11 16:59 <DIR> d-------- C:\_OTMoveIt
2009-01-11 16:29 . 2009-01-11 16:29 <DIR> d-------- c:\program files\Alwil Software
2009-01-10 10:36 . 2009-01-10 10:36 <DIR> d-------- c:\program files\Foxit Software
2009-01-10 10:36 . 2009-01-10 10:36 <DIR> d-------- c:\program files\AskBarDis
2009-01-10 10:36 . 2009-01-10 10:36 <DIR> d-------- c:\documents and settings\Bryan\Application Data\Foxit
2009-01-09 11:47 . 2008-06-19 17:24 28,544 --a------ c:\windows\SYSTEM32\DRIVERS\pavboot.sys
2009-01-09 11:46 . 2009-01-09 11:46 <DIR> d-------- c:\program files\Panda Security
2009-01-08 18:47 . 2009-01-08 18:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee
2009-01-07 17:03 . 2009-01-07 17:03 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-07 17:03 . 2009-01-07 17:03 <DIR> d-------- c:\documents and settings\Bryan\Application Data\Malwarebytes
2009-01-07 17:03 . 2009-01-07 17:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-07 17:03 . 2009-01-04 18:38 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2009-01-07 17:03 . 2009-01-04 18:38 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2009-01-06 19:08 . 2009-01-06 19:11 754 --a------ c:\windows\WORDPAD.INI
2009-01-04 21:36 . 2009-01-04 22:23 <DIR> d-------- C:\Rosary
2008-12-30 13:32 . 2008-12-30 13:32 <DIR> d-------- c:\program files\Trend Micro
2008-12-26 09:57 . 2008-12-26 09:57 <DIR> d-------- c:\documents and settings\LocalService\Application Data\AdobeUM
2008-12-26 09:55 . 2008-12-26 09:55 <DIR> d-------- c:\documents and settings\LocalService\Application Data\HPAppData
2008-12-18 02:57 . 2008-12-18 02:57 <DIR> d-------- c:\windows\SYSTEM32\LogFiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-11 21:59 --------- d-----w c:\program files\vol_toolbar
2009-01-10 15:38 --------- d-----w c:\program files\Common Files\Adobe
2009-01-08 23:27 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-08 22:16 --------- d-----w c:\program files\Norton AntiVirus
2008-12-17 00:10 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-16 01:20 --------- d-----w c:\documents and settings\John\Application Data\Twain
2008-12-16 00:31 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-16 00:12 --------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
2008-12-16 00:08 --------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-12-16 00:08 --------- d-----w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-12-16 00:08 --------- d-----w c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-12-12 17:33 3,060,224 ------w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 11:57 333,184 ------w c:\windows\SYSTEM32\DLLCACHE\srv.sys
2008-11-24 13:33 --------- d-----w c:\documents and settings\John\Application Data\Juniper Networks
2008-10-24 11:10 453,632 ------w c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys
2008-10-23 13:01 283,648 ----a-w c:\windows\SYSTEM32\gdi32.dll
2008-10-23 13:01 283,648 ------w c:\windows\SYSTEM32\DLLCACHE\gdi32.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\SYSTEM32\DLLCACHE\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\SYSTEM32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\SYSTEM32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\SYSTEM32\DLLCACHE\wups.dll
2008-01-29 23:51 72,312 ----a-w c:\documents and settings\Bryan\Application Data\GDIPFONTCACHEV1.DAT
2007-11-17 18:10 72,312 ----a-w c:\documents and settings\John\Application Data\GDIPFONTCACHEV1.DAT
1998-04-02 21:51 77,312 --sha-r c:\windows\ic.exe
1998-04-02 21:55 80,384 --sha-r c:\windows\icfire.exe
1997-07-23 16:03 11,338 --sha-r c:\windows\ts.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-08_ 8.57.19.71 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-22 09:47:25 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP2QFE\tzchange.exe
+ 2008-10-23 10:06:59 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3GDR\tzchange.exe
+ 2008-10-23 10:17:49 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB955839\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB955839\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB955839\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB955839\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB955839\update\updspapi.dll
+ 2008-10-23 12:51:04 284,160 ----a-w c:\windows\$hf_mig$\KB956802\SP2QFE\gdi32.dll
+ 2008-10-23 12:36:14 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3GDR\gdi32.dll
+ 2008-10-23 12:43:42 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll
+ 2008-07-08 13:02:01 17,272 ----a-w c:\windows\$hf_mig$\KB956802\spmsg.dll
+ 2008-07-08 13:02:02 231,288 ----a-w c:\windows\$hf_mig$\KB956802\spuninst.exe
+ 2008-07-08 13:02:01 26,488 ----a-w c:\windows\$hf_mig$\KB956802\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB956802\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB956802\update\updspapi.dll
+ 2008-04-14 00:12:35 89,600 ----a-w c:\windows\LastGood\system32\smlogsvc.exe
- 2000-08-31 13:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 13:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
- 2008-08-20 05:38:45 1,023,488 ----a-w c:\windows\SYSTEM32\browseui.dll
+ 2008-10-16 10:37:04 1,023,488 ----a-w c:\windows\SYSTEM32\browseui.dll
- 2008-08-20 05:38:39 151,040 ----a-w c:\windows\SYSTEM32\cdfview.dll
+ 2008-10-16 10:37:02 151,040 ----a-w c:\windows\SYSTEM32\cdfview.dll
- 2008-08-20 05:38:40 1,054,208 ----a-w c:\windows\SYSTEM32\danim.dll
+ 2008-10-16 10:37:02 1,054,208 ----a-w c:\windows\SYSTEM32\danim.dll
- 2008-08-20 05:38:45 1,023,488 ------w c:\windows\SYSTEM32\DLLCACHE\browseui.dll
+ 2008-10-16 10:37:04 1,023,488 ------w c:\windows\SYSTEM32\DLLCACHE\browseui.dll
- 2008-08-20 05:38:39 151,040 ------w c:\windows\SYSTEM32\DLLCACHE\cdfview.dll
+ 2008-10-16 10:37:02 151,040 ------w c:\windows\SYSTEM32\DLLCACHE\cdfview.dll
- 2008-08-20 05:38:40 1,054,208 ------w c:\windows\SYSTEM32\DLLCACHE\danim.dll
+ 2008-10-16 10:37:02 1,054,208 ------w c:\windows\SYSTEM32\DLLCACHE\danim.dll
- 2008-08-20 05:38:40 357,888 ------w c:\windows\SYSTEM32\DLLCACHE\dxtmsft.dll
+ 2008-10-16 10:37:02 357,888 ------w c:\windows\SYSTEM32\DLLCACHE\dxtmsft.dll
- 2008-08-20 05:38:40 205,312 ------w c:\windows\SYSTEM32\DLLCACHE\dxtrans.dll
+ 2008-10-16 10:37:02 205,312 ------w c:\windows\SYSTEM32\DLLCACHE\dxtrans.dll
- 2008-08-20 05:38:40 55,808 ------w c:\windows\SYSTEM32\DLLCACHE\extmgr.dll
+ 2008-10-16 10:37:02 55,808 ------w c:\windows\SYSTEM32\DLLCACHE\extmgr.dll
- 2008-08-19 09:30:39 18,432 ------w c:\windows\SYSTEM32\DLLCACHE\iedw.exe
+ 2008-10-15 09:45:01 18,432 ------w c:\windows\SYSTEM32\DLLCACHE\iedw.exe
- 2008-08-20 05:38:41 251,392 ------w c:\windows\SYSTEM32\DLLCACHE\iepeers.dll
+ 2008-10-16 10:37:02 251,392 ------w c:\windows\SYSTEM32\DLLCACHE\iepeers.dll
- 2008-08-20 05:38:41 96,256 ------w c:\windows\SYSTEM32\DLLCACHE\inseng.dll
+ 2008-10-16 10:37:02 96,256 ------w c:\windows\SYSTEM32\DLLCACHE\inseng.dll
- 2008-08-20 05:38:44 16,384 ------w c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll
+ 2008-10-16 10:37:03 16,384 ------w c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll
- 2004-08-11 06:45:04 96,768 ----a-w c:\windows\SYSTEM32\DLLCACHE\logagent.exe
+ 2008-06-10 14:17:42 96,768 ----a-w c:\windows\SYSTEM32\DLLCACHE\logagent.exe
- 2008-08-20 05:38:43 449,024 ------w c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll
+ 2008-10-16 10:37:03 449,024 ------w c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll
- 2008-08-20 05:38:41 146,432 ------w c:\windows\SYSTEM32\DLLCACHE\msrating.dll
+ 2008-10-16 10:37:02 146,432 ------w c:\windows\SYSTEM32\DLLCACHE\msrating.dll
- 2008-08-20 05:38:41 532,480 ------w c:\windows\SYSTEM32\DLLCACHE\mstime.dll
+ 2008-10-16 10:37:02 532,480 ------w c:\windows\SYSTEM32\DLLCACHE\mstime.dll
- 2008-08-20 05:38:41 39,424 ------w c:\windows\SYSTEM32\DLLCACHE\pngfilt.dll
+ 2008-10-16 10:37:02 39,424 ------w c:\windows\SYSTEM32\DLLCACHE\pngfilt.dll
- 2008-08-20 05:38:42 1,494,528 ------w c:\windows\SYSTEM32\DLLCACHE\shdocvw.dll
+ 2008-10-16 10:37:03 1,494,528 ------w c:\windows\SYSTEM32\DLLCACHE\shdocvw.dll
- 2008-08-20 05:38:44 474,112 ------w c:\windows\SYSTEM32\DLLCACHE\shlwapi.dll
+ 2008-10-16 10:37:03 474,112 ------w c:\windows\SYSTEM32\DLLCACHE\shlwapi.dll
- 2006-08-21 14:52:08 246,814 ------w c:\windows\SYSTEM32\DLLCACHE\strmdll.dll
+ 2008-10-03 10:15:47 247,326 ------w c:\windows\SYSTEM32\DLLCACHE\strmdll.dll
- 2008-08-20 05:38:45 615,936 ------w c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
+ 2008-10-16 10:37:04 615,936 ------w c:\windows\SYSTEM32\DLLCACHE\urlmon.dll
- 2008-08-20 05:38:43 659,456 ------w c:\windows\SYSTEM32\DLLCACHE\wininet.dll
+ 2008-10-16 10:37:03 659,456 ------w c:\windows\SYSTEM32\DLLCACHE\wininet.dll
- 2004-08-11 06:45:04 1,027,072 ----a-w c:\windows\SYSTEM32\DLLCACHE\wmnetmgr.dll
+ 2008-06-10 16:37:02 1,026,048 ----a-w c:\windows\SYSTEM32\DLLCACHE\WMNetmgr.dll
- 2006-12-07 06:40:49 2,362,184 ----a-w c:\windows\SYSTEM32\DLLCACHE\wmvcore.dll
+ 2008-06-10 16:57:40 2,364,472 ----a-w c:\windows\SYSTEM32\DLLCACHE\WMVCore.dll
- 2008-08-20 05:38:40 357,888 ----a-w c:\windows\SYSTEM32\dxtmsft.dll
+ 2008-10-16 10:37:02 357,888 ----a-w c:\windows\SYSTEM32\dxtmsft.dll
- 2008-08-20 05:38:40 205,312 ----a-w c:\windows\SYSTEM32\dxtrans.dll
+ 2008-10-16 10:37:02 205,312 ----a-w c:\windows\SYSTEM32\dxtrans.dll
- 2008-08-20 05:38:40 55,808 ------w c:\windows\SYSTEM32\extmgr.dll
+ 2008-10-16 10:37:02 55,808 ------w c:\windows\SYSTEM32\extmgr.dll
- 2008-10-19 07:11:26 255,064 ----a-w c:\windows\SYSTEM32\FNTCACHE.DAT
+ 2009-01-11 22:24:12 255,064 ----a-w c:\windows\SYSTEM32\FNTCACHE.DAT
- 2008-08-20 05:38:41 251,392 ----a-w c:\windows\SYSTEM32\iepeers.dll
+ 2008-10-16 10:37:02 251,392 ----a-w c:\windows\SYSTEM32\iepeers.dll
- 2008-08-20 05:38:41 96,256 ----a-w c:\windows\SYSTEM32\inseng.dll
+ 2008-10-16 10:37:02 96,256 ----a-w c:\windows\SYSTEM32\inseng.dll
- 2008-08-20 05:38:44 16,384 ----a-w c:\windows\SYSTEM32\jsproxy.dll
+ 2008-10-16 10:37:03 16,384 ----a-w c:\windows\SYSTEM32\jsproxy.dll
+ 2007-07-27 20:49:02 196,683 ----a-w c:\windows\SYSTEM32\lnod32apiA.dll
+ 2007-07-27 20:49:02 225,355 ----a-w c:\windows\SYSTEM32\lnod32apiW.dll
+ 2005-12-06 01:25:22 139,264 ----a-w c:\windows\SYSTEM32\lnod32umc.dll
+ 2005-12-05 18:37:10 106,496 ----a-w c:\windows\SYSTEM32\lnod32upd.dll
- 2004-08-11 06:45:04 96,768 ----a-w c:\windows\SYSTEM32\logagent.exe
+ 2008-06-10 14:17:42 96,768 ----a-w c:\windows\SYSTEM32\logagent.exe
- 2008-08-20 05:38:47 3,060,224 ----a-w c:\windows\SYSTEM32\mshtml.dll
+ 2008-12-12 17:33:23 3,060,224 ----a-w c:\windows\SYSTEM32\mshtml.dll
- 2008-08-20 05:38:43 449,024 ----a-w c:\windows\SYSTEM32\mshtmled.dll
+ 2008-10-16 10:37:03 449,024 ----a-w c:\windows\SYSTEM32\mshtmled.dll
- 2008-08-20 05:38:41 146,432 ----a-w c:\windows\SYSTEM32\msrating.dll
+ 2008-10-16 10:37:02 146,432 ----a-w c:\windows\SYSTEM32\msrating.dll
- 2008-08-20 05:38:41 532,480 ----a-w c:\windows\SYSTEM32\mstime.dll
+ 2008-10-16 10:37:02 532,480 ----a-w c:\windows\SYSTEM32\mstime.dll
+ 2007-08-02 23:11:28 253,952 ----a-w c:\windows\SYSTEM32\OnlineScannerDLLA.dll
+ 2007-08-02 23:11:14 241,664 ----a-w c:\windows\SYSTEM32\OnlineScannerDLLW.dll
+ 2007-08-06 18:17:40 19,456 ----a-w c:\windows\SYSTEM32\OnlineScannerLang.dll
+ 2007-06-13 16:10:34 77,824 ----a-w c:\windows\SYSTEM32\OnlineScannerUninstaller.exe
- 2008-08-20 05:38:41 39,424 ----a-w c:\windows\SYSTEM32\pngfilt.dll
+ 2008-10-16 10:37:02 39,424 ----a-w c:\windows\SYSTEM32\pngfilt.dll
- 2008-08-20 05:38:42 1,494,528 ----a-w c:\windows\SYSTEM32\shdocvw.dll
+ 2008-10-16 10:37:03 1,494,528 ----a-w c:\windows\SYSTEM32\shdocvw.dll
- 2008-08-20 05:38:44 474,112 ----a-w c:\windows\SYSTEM32\shlwapi.dll
+ 2008-10-16 10:37:03 474,112 ----a-w c:\windows\SYSTEM32\shlwapi.dll
- 2008-07-08 13:02:01 17,272 ------w c:\windows\SYSTEM32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ------w c:\windows\SYSTEM32\spmsg.dll
- 2006-08-21 14:52:08 246,814 ----a-w c:\windows\SYSTEM32\strmdll.dll
+ 2008-10-03 10:15:47 247,326 ----a-w c:\windows\SYSTEM32\strmdll.dll
- 2008-07-14 11:09:18 62,976 ------w c:\windows\SYSTEM32\tzchange.exe
+ 2008-10-22 09:47:07 62,976 ------w c:\windows\SYSTEM32\tzchange.exe
+ 2004-12-07 16:11:34 258,352 ----a-w c:\windows\SYSTEM32\unicows.dll
- 2008-08-20 05:38:45 615,936 ----a-w c:\windows\SYSTEM32\urlmon.dll
+ 2008-10-16 10:37:04 615,936 ----a-w c:\windows\SYSTEM32\urlmon.dll
- 2008-08-20 05:38:43 659,456 ----a-w c:\windows\SYSTEM32\wininet.dll
+ 2008-10-16 10:37:03 659,456 ----a-w c:\windows\SYSTEM32\wininet.dll
- 2004-08-11 06:45:04 1,027,072 ----a-w c:\windows\SYSTEM32\wmnetmgr.dll
+ 2008-06-10 16:37:02 1,026,048 ----a-w c:\windows\SYSTEM32\WMNetmgr.dll
- 2006-12-07 06:40:49 2,362,184 ----a-w c:\windows\SYSTEM32\wmvcore.dll
+ 2008-06-10 16:57:40 2,364,472 ----a-w c:\windows\SYSTEM32\WMVCore.dll
- 2008-08-19 09:20:32 351,744 ----a-w c:\windows\SYSTEM32\xpsp3res.dll
+ 2008-10-15 14:00:41 351,744 ----a-w c:\windows\SYSTEM32\xpsp3res.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 12:58 333192 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 1005096]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-26 267064]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2007-09-28 936960]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2002-02-27 90112]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= c:\windows\System32\ctmp3.acm
"aux"= ctwdm32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^gncht.exe]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\gncht.exe
backup=c:\windows\pss\gncht.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP OfficeJet Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP OfficeJet Startup.lnk
backup=c:\windows\pss\HP OfficeJet Startup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkvMon.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk
backup=c:\windows\pss\NkvMon.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Bryan^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=c:\documents and settings\Bryan\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=c:\windows\pss\RollerCoaster Tycoon 3 Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
--a------ 2002-04-10 16:44 679936 c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AHQInit]
--a------ 2001-03-28 01:00 102400 c:\program files\Creative\SBLive\Program\AHQINIT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
--a------ 2005-09-22 18:29 303104 c:\progra~1\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
--a------ 2006-01-11 12:05 212992 c:\progra~1\McAfee.com\Agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
--a------ 2005-11-11 17:00 1005096 c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2003-10-06 13:16 5058560 c:\windows\SYSTEM32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2002-09-28 09:40 26112 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--------- 2006-11-30 21:49 4662776 c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
--a------ 2003-08-29 04:59 122880 c:\windows\BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2003-10-06 13:16 741376 c:\windows\SYSTEM32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"navapsvc"=2 (0x2)
"mnmsrvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

R0 pavboot;pavboot;c:\windows\SYSTEM32\DRIVERS\pavboot.sys [2009-01-09 28544]
S3 SNDP202;Dual Mode Camera (8008 VGA);c:\windows\SYSTEM32\DRIVERS\sndp202.sys [2007-10-09 245120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder

2009-01-16 c:\windows\Tasks\WebReg Photosmart C7200 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2007-03-11 20:27]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-4576695a6f56 - c:\windows\System32\BCMSM136.exe
MSConfigStartUp-Symantec NetDriver Monitor - c:\progra~1\SYMNET~1\SNDMon.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://ie.search.msn.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\Downloaded Program Files\vzTCPConfig.dll - O16 -: vzTCPConfig
hxxp://www.verizon.net/checkmypc/fios/includes/vzTCPConfig.CAB
c:\windows\Downloaded Program Files\OSD22.OSD
FF - ProfilePath - c:\documents and settings\Bryan\Application Data\Mozilla\Firefox\Profiles\e2mv3zne.default\
FF - prefs.js: browser.search.selectedEngine - Verizon
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-15 21:36:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
MMTray = c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe?w???g????V??g????SOFTWARE\MusicMatch\MusicMatch Jukebox\4.0\TrayApp??????? ?w?????????????\?wp ?w???????w???g ??????????g?????DY????????s????2???????????<?????@???X???X????????????????? ?Y???????Q?????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs]
@=""
.
Completion time: 2009-01-15 21:39:19
ComboFix-quarantined-files.txt 2009-01-16 02:38:27
ComboFix2.txt 2009-01-09 13:34:15
ComboFix3.txt 2009-01-08 14:07:39

Pre-Run: 21,690,134,528 bytes free
Post-Run: 21,689,778,176 bytes free

363 --- E O F --- 2009-01-15 08:01:32

katana
2009-01-16, 16:15
I've used up quite a bit of your time at this point ... I really appreciate your help at what point is it time for you to cut me loose
I'm afraid we are there now, there is no malware left that is causing problems but there are files missing and some HardDrive errors that need attention.
Unfortunately you are now outside my area of knowledge, but I would ask on a Tech forum before reformatting, as the disc errors may not be solved by a reformat.

http://www.techsupportforum.com/
http://www.bleepingcomputer.com/forums/
http://forums.whatthetech.com/forums.html

All the forums above have good support for software/OS problems, and I'm sure they will be able to help.

When you start your thread, explain what the problem is and let them know that you have been checked for malware.



----------------------------------------------------------- -----------------------------------------------------------


Congratulations your logs look clean :)

Let's see if I can help you keep it that way

First lets tidy up

Please delete RSIT.exe and C:\RSIT (entire folder)
You can also delete any logs we have produced, and empty your Recycle bin.


Uninstall Combofix
This will clear your System Volume Information restore points and remove all the infected files that were quarantined
Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png


Uninstall OTMoveIt
Open OTMoveIt Click Cleanup,
When a box pops up click YES.

----------------------------------------------------------- -----------------------------------------------------------

The following is some info to help you stay safe and clean.


You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html

!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE (http://secunia.com/software_inspector/) for details

AntiSpyware
AntiSpyware is not the same thing as Antivirus.
Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
Most of the programs in this list have a free (for Home Users ) and paid versions,
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
Spybot - Search & Destroy (http://www.safer-networking.org/) <<< A must have program It includes host protection and registry protection A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
MalwareBytes Anti-malware (http://www.malwarebytes.org/mbam.php) <<< A New and effective program
a-squared Free (http://www.emsisoft.com/en/software/free/) <<< A good "realtime" or "on demand" scanner
superantispyware (http://www.superantispyware.com/) <<< A good "realtime" or "on demand" scanner

Prevention
These programs don't detect malware, they help stop it getting on your machine in the first place.
Each does a different job, so you can have more than one
Winpatrol (http://www.winpatrol.com) An excellent startup manager and then some !! Notifies you if programs are added to startup Allows delayed startup A must have addition
SpywareBlaster 4.0 (http://www.javacoolsoftware.com/spywareblaster.html) SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
SpywareGuard 2.2 (http://www.javacoolsoftware.com/spywareguard.html) SpywareGuard provides real-time protection against spyware. Not required if you have other "realtime" antispyware or Winpatrol
ZonedOut (http://www.funkytoad.com/index.php?option=com_content&view=article&id=15&Itemid=33) Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.zip) This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial (http://www.mvps.org/winhelp2002/hosts.htm) by WinHelp2002. Not required if you are using other host file protections

Internet Browsers
Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
Using a different web browser can help stop malware getting on your machine.

Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.

Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.

Next press the Apply button and then the OK to exit the Internet Properties page.

If you are still using IE6 then either update, or get one of the following.
FireFox (http://www.mozilla.com/en-US/firefox/) With many addons available that make customization easy this is a very popular choice NoScript and AdBlockPlus addons are essential
Opera (http://www.opera.com/) Another popular alternative
Netscape (http://browser.netscape.com/addons) Another popular alternative Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies
Temporary Internet Files are mainly the files that are downloaded when you open a web page.
Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
It is a good idea to empty the Temporary Internet Files folder on a regular basis.

Tracking Cookies are files that websites use to monitor which sites you visit and how often.
A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords

Both of these can be cleaned manually, but a quicker option is to use a program
ATF Cleaner (http://www.atribune.org/index.php?option=com_content&task=view&id=25&Itemid=25) Free and very simple to use
CCleaner (http://www.ccleaner.com/) Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place (http://forum.malwareremoval.com/viewtopic.php?t=4959)

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again :D


If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'

ChristineOM
2009-01-22, 00:51
Sorry for the delay - busy weekend around here.

Everything is running ok. Have some cleanup to do.
Will post other issues in another forum.

Thanks-

katana
2009-01-22, 01:38
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.