Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Antivirus 08? [CLOSED]


  • This topic is locked This topic is locked

#1
Lee-Dub

Lee-Dub

    Member

  • Member
  • PipPip
  • 19 posts
Computer atumatically downloaded this yesterday. Cannot remove or set to an earlier restore point than yesterday!?! Making it hard to do things quickly.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:54:35, on 18/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\lphcecwj0elgq.exe
C:\Program Files\rhcacwj0elgq\rhcacwj0elgq.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe
C:\WINDOWS\system32\pphcecwj0elgq.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.tiscali.co.uk/broadband
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lphcecwj0elgq] C:\WINDOWS\system32\lphcecwj0elgq.exe
O4 - HKLM\..\Run: [SMrhcacwj0elgq] C:\Program Files\rhcacwj0elgq\rhcacwj0elgq.exe
O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LimeWire Ultra Accelerator] "C:\Program Files\LimeWire Ultra Accelerator\LimeWire Ultra Accelerator.exe" -tray
O4 - HKCU\..\Run: [WinPro.exe] "C:\Program Files\Bitcomet\WebPro.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus D92 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE /FU "C:\WINDOWS\TEMP\E_S3E5.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [mRouterConfig] "C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe"
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.ado...obat/nos/gp.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{21A5D2D7-261B-48B4-97E8-6862A1BEC968}: NameServer = 212.139.132.20 212.139.132.21
O20 - AppInit_DLLs: ???C
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8461 bytes

Edited by Lee-Dub, 19 August 2008 - 12:32 PM.

  • 0

Advertisements


#2
SpySentinel

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Hey Lee-Dub,

Welcome to Geeks to Go! My name is SpySentinel and I will be helping you fix your computer problem.

Take note that I'm still in training, and my posts will have to be checked by an expert. This may cause delays in between my responses, I ask for your patience. Please stick with me until we get your computer cleaned up.

I'm currently analyzing your log now, and I'll post back with a fix ASAP. Thanks for your patience.
  • 0

#3
SpySentinel

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

However, if you do not have the resources to reinstall your computer and would like me to attempt to clean it, I will be happy to do so.

Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post.




You are using peer-to-peer programs, specifically BitComet and LimeWire.
These are what we call an optional removal. However, anytime you are running any type of peer-to-peer application, you are more prone to infection by malware, and this is probably how you became infected in the first place. The choice to remove them is entirely up to you, but I would strongly recommend that you do.
If you do not want to, please at least refrain from using any peer-to-peer programs for the remainder of my fix.
For more information about infections as a result of p2p programs, take a look here: http://p2p.malwareremoval.com/


Download SDFix and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(this is the drive that contains the Windows Directory, typically C:\SDFix). DO NOT use it just yet.


Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Open the SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
  • Finally copy and paste the contents of the results file Report.txt in your next reply along with a new HijackThis log.

  • 0

#4
Lee-Dub

Lee-Dub

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Oh dear. Sounds quite bad then. The antivirus program as gone thank god!

Hers my logs.

SDFix: Version 1.218
Run by Compaq_Owner on 21/08/2008 at 23:35

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\Documents and Settings\Compaq_Owner\Desktop\SDFix\SDFix

Checking Services :

Name :
sysrest.sys

Path :
\??\C:\WINDOWS\system32\sysrest.sys

sysrest.sys - Deleted



Restoring Default Security Values
Restoring Default Hosts File
Restoring Default Desktop Wallpaper
Restoring Default ScreenSaver value

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\lphcecwj0elgq.exe - Deleted
C:\WINDOWS\system32\pphcecwj0elgq.exe - Deleted
C:\Program Files\rhcacwj0elgq\database.dat - Deleted
C:\Program Files\rhcacwj0elgq\license.txt - Deleted
C:\Program Files\rhcacwj0elgq\MFC71.dll - Deleted
C:\Program Files\rhcacwj0elgq\MFC71ENU.DLL - Deleted
C:\Program Files\rhcacwj0elgq\msvcp71.dll - Deleted
C:\Program Files\rhcacwj0elgq\msvcr71.dll - Deleted
C:\Program Files\rhcacwj0elgq\rhcacwj0elgq.exe - Deleted
C:\Program Files\rhcacwj0elgq\rhcacwj0elgq.exe.local - Deleted
C:\Program Files\rhcacwj0elgq\Uninstall.exe - Deleted
C:\WINDOWS\SYSTEM32\PPHCEC~1.EXE - Deleted
C:\WINDOWS\SYSTEM32\PHCECW~1.BMP - Deleted
C:\WINDOWS\system32\blphcecwj0elgq.scr - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt1.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt10.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt101.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt102.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt103.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt104.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt105.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt106.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt107.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt109.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt10A.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt10B.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt10C.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt10E.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt10F.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt11.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt110.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt111.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt113.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt114.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt115.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt116.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt117.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt119.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt11A.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt11B.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt11C.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt11D.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt11F.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt12.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt120.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt121.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt122.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt123.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt124.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt125.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt127.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt128.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt129.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt12B.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt12C.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt12D.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt12E.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt12F.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt13.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt130.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt131.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt133.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt134.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt135.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt136.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt137.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt138.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt139.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt13B.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt13C.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt13D.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt13E.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt13F.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt14.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt140.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt141.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt143.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt144.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt145.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt146.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt147.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt148.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt149.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt14B.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt14C.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt14D.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt14E.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt14F.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt15.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt150.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt151.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt153.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt154.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt155.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt156.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt157.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt158.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt159.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt15B.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt15C.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt15D.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt15E.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt15F.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt16.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt160.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt161.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt163.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt164.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt165.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt167.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt168.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt169.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt16B.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt16C.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt16D.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt16F.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt17.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt170.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt171.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt173.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt174.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt175.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt177.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt178.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt179.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt17B.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt17C.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt17D.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt17F.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt18.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt180.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt181.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt183.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt184.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt185.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt187.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt188.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt189.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt18B.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt18D.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt18F.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt19.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt191.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt193.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt194.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt195.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt197.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt198.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt1A.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt1B.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt1C.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt1D.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt1E.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt1F.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt2.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt20.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt21.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt22.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt23.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt24.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt25.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt27.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt28.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt29.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt2A.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt2B.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt2C.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt2D.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt2E.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt2F.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt3.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt31.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt32.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt33.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt35.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt36.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt37.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt38.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt39.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt3A.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt3B.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt3D.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt3E.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt3F.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt4.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt40.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt41.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt42.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt43.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt45.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt46.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt47.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt48.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt49.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt4A.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt4B.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt4C.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt4D.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt4E.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt4F.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt5.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt51.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt52.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt53.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt54.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt55.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt56.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt57.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt59.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt5A.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt5B.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt5C.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt5D.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt5E.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt5F.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt6.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt61.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt62.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt63.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt64.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt65.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt66.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt67.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt68.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt69.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt6A.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt6B.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt6D.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt6E.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt6F.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt7.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt70.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt71.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt72.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt73.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt74.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt75.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt76.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt77.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt78.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt79.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt7B.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt7C.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt7D.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt7E.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt7F.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt8.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt80.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt81.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt82.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt83.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt84.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt85.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt86.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt87.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt88.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt89.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt8A.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt8B.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt8C.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt8D.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt8E.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt8F.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt9.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt90.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt92.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt93.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt94.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt95.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt96.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt97.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt98.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt99.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt9B.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt9C.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt9D.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt9E.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt9F.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttA.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttA0.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttA1.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttA2.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttA3.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttA4.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttA5.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttA6.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttA7.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttA8.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttA9.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttAA.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttAB.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttAC.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttAD.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttAF.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttB.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttB0.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttB1.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttB2.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttB3.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttB4.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttB5.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttB6.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttB7.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttB8.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttB9.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttBA.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttBB.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttBC.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttBD.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttBF.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttC.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttC0.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttC1.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttC2.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttC3.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttC4.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttC5.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttC6.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttC7.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttC8.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttC9.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttCA.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttCB.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttCC.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttCD.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttCF.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttD.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttD0.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttD1.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttD2.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttD3.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttD4.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttD5.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttD6.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttD7.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttD8.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttD9.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttDA.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttDB.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttDD.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttDE.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttDF.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttE.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttE0.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttE1.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttE2.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttE3.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttE5.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttE6.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttE7.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttE8.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttE9.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttEA.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttEB.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttEC.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttED.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttEE.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttEF.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttF.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttF1.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttF2.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttF3.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttF4.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttF5.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttF6.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttF7.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttF8.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttF9.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttFA.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttFB.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttFC.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttFD.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttFE.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttFF.tmp - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt1.tmp.vbs - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt10.tmp.vbs - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt17.tmp.vbs - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt1C.tmp.vbs - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt2.tmp.vbs - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt22.tmp.vbs - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt3.tmp.vbs - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt5.tmp.vbs - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.tt9.tmp.vbs - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttA.tmp.vbs - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttC.tmp.vbs - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\.ttE.tmp.vbs - Deleted
C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk - Deleted
C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk - Deleted
C:\WINDOWS\system32\drivers\svchost.exe - Deleted
C:\WINDOWS\system32\sysrest32.exe - Deleted
C:\WINDOWS\system32\sysrest.sys - Deleted



Folder C:\Program Files\rhcacwj0elgq - Removed
Folder C:\Documents and Settings\Compaq_Owner\Application Data\rhcacwj0elgq - Removed


Removing Temp Files

ADS Check :

Edited by Lee-Dub, 21 August 2008 - 04:49 PM.

  • 0

#5
Lee-Dub

Lee-Dub

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:48:00, on 21/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.tiscali.co.uk/broadband
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LimeWire Ultra Accelerator] "C:\Program Files\LimeWire Ultra Accelerator\LimeWire Ultra Accelerator.exe" -tray
O4 - HKCU\..\Run: [WinPro.exe] "C:\Program Files\Bitcomet\WebPro.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus D92 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE /FU "C:\WINDOWS\TEMP\E_S3E5.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [mRouterConfig] "C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe"
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.ado...obat/nos/gp.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{21A5D2D7-261B-48B4-97E8-6862A1BEC968}: NameServer = 212.139.132.4 212.139.132.5
O20 - AppInit_DLLs: ???C
O21 - SSODL: gqEmxmS - {730AFEC7-D9A0-546D-7C9C-8D3E831B8235} - C:\WINDOWS\system32\md.dll
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7967 bytes
  • 0

#6
SpySentinel

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
You are using peer-to-peer programs, specifically BitComet and LimeWire.
These are what we call an optional removal. However, anytime you are running any type of peer-to-peer application, you are more prone to infection by malware, and this is probably how you became infected in the first place. The choice to remove them is entirely up to you, but I would strongly recommend that you do.
If you do not want to, please at least refrain from using any peer-to-peer programs for the remainder of my fix.
For more information about infections as a result of p2p programs, take a look here: http://p2p.malwareremoval.com/

  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:

    • C:\WINDOWS\system32\md.dll
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.



Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
O4 - HKCU\..\Run: [LimeWire Ultra Accelerator] "C:\Program Files\LimeWire Ultra Accelerator\LimeWire Ultra Accelerator.exe" -tray
O4 - HKCU\..\Run: [WinPro.exe] "C:\Program Files\Bitcomet\WebPro.exe"

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):


BitComet
LimeWire


Please note any other programs that you don't recognize in that list in your next response.

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\Program Files\LimeWire Ultra Accelerator
    C:\Program Files\Bitcomet
    purity 
    EmptyTemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste Standard List of Files/Folders to Move" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


After that, Reboot

Please download Runscanner to your desktop and run it.
  • When the first page comes up select Beginner Mode
  • On the next page select Save a binary .Run file (Recommended) then click Start full scan at the top.
  • At this time Runscanner.exe may request access to the Internet through your firewall please allow it to do so, it will then run for two or three minutes.
  • On completion it will ask for a location to save the file and a name. It will do this for both the .run file and the log file
  • Call the .run file "Select a name" and save it to your desktop. You will see the .run file on your desktop. Upload that file here.

  • 0

#7
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP