Virtumonde, Monder, Trojan, SDFix, Malwarebyte, HijackThis [RESOLVED] - Geeks to Go Forums

Jump to content

Log in Register Register Malware removal guide How it works

Virtumonde, Monder, Trojan, SDFix, Malwarebyte, HijackThis [RESOLVED] What do I do now?

#1 lysistrata7

  • Group: Member
  • Posts: 41
  • Joined: 25-November 08

Posted 25 November 2008 - 10:36 AM

I have downloaded and tried so many programs in the last few days I am currently at a loss as to what to do now. I have tried CCleaner both in and not in Safe Mode, ErrorSmart and its adaware program, RegCure, Spybot, SDFix, Malwarebyte's Anti-Malware, and HiJackThis. I have attached the log files from the last three mentioned. I generated this log files by downloading each program, running SDFix and following these instructions:

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows
icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, the Advanced Options Menu should appear;
* Select the first option, to run Windows in Safe Mode, then press Enter.
* Choose your usual account.

* Open the extracted SDFix folder and double click RunThis.cmd to start the script.
* Type Y to begin the cleanup process.
* It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load
your desktop icons.
* Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the
forum).
* Finally paste the contents of the SDFix Report.txt back on the forum with a new HijackThis log







NEXT**

Please download Malwarebytes' Anti-Malware to your desktop

Additional Link

* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location.
* You can also access the log by doing the following:

o Click on the Malwarebytes' Anti-Malware icon to launch the program.
o Click on the Logs tab.
o Click on the log at the bottom of those listed to highlight it.
o Click Open.

Tutorial if needed
http://thespykiller....pic,5946.0.html

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



In your next reply post:
SDFix report.txt
Malwarebytes' Anti-Malware log
New HJT log

What do I do now?

Attached File(s)


#2 andrewuk

  • Group: Malware Removal
  • Posts: 5,297
  • Joined: 18-August 07

Posted 25 November 2008 - 12:54 PM

Hello lysistrata7

welcome to geekstogo :)

firstly, unless i indicate otherwise, could you copy and paste all logs into your reply, dont attach them.

secondly:

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools


  • Double click on ComboFix.exe & follow the prompts.


  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

and could you post a new hijackthis log.

andrewuk

#3 lysistrata7

  • Group: Member
  • Posts: 41
  • Joined: 25-November 08

Posted 25 November 2008 - 01:16 PM

I cannot get ComboFix to run correctly. It pulls up another program (GaussView) which keeps trying to open log files.

#4 andrewuk

  • Group: Malware Removal
  • Posts: 5,297
  • Joined: 18-August 07

Posted 25 November 2008 - 01:26 PM

try this:

reboot your machine.

delete the version of combofix you have and then:

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

andrewuk

#5 lysistrata7

  • Group: Member
  • Posts: 41
  • Joined: 25-November 08

Posted 25 November 2008 - 02:07 PM

I rebooted and re-downloaded and re-named ComboFix.exe to Combo-Fix.exe. I had the same problem I mentioned before. Here is my Hijackthis.log file:

ogram Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Novell\ZENworks\nalntsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Novell\ZENworks\Asset Management\bin\CClientSvc.exe
C:\Program Files\Novell\ZENworks\Asset Management\bin\CClient.exe
C:\Program Files\Novell\ZENworks\wm.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Novell\GroupWise\grpwise.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {c4bf8900-a18c-42a5-ad9a-fe8018bac0cd} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [dazomojeyi] Rundll32.exe "C:\WINDOWS\system32\wihuwere.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_10.dll
O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\TuneCab\YouTubeRipper.dll
O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\TuneCab\YouTubeRipper.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} -
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} -
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} -
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} -
O16 - DPF: {A9FDC7FD-FE81-4910-8CF2-FA59EEFE11EC} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {CAFECAFE-0013-0001-0009-ABCDEFABCDEF} -
O16 - DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF} -
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} -
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Program Files\Novell\ZENworks\nalntsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Novell ZENworks Remote Management Agent (Remote Management Agent) - Novell, Inc. - C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMovieServer - SoundMovieServer - C:\WINDOWS\system32\snmvtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
O23 - Service: ZENworks Asset Management - Collection Client (TSCensus Collection Client) - Novell, Inc. - C:\Program Files\Novell\ZENworks\Asset Management\bin\CClientSvc.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\WINDOWS\System32\Novell\XTAgent.exe
O23 - Service: Workstation Manager (ZFDWM) - Novell, Inc. - C:\Program Files\Novell\ZENworks\wm.exe

--
End of file - 10439 bytes

#6 andrewuk

  • Group: Malware Removal
  • Posts: 5,297
  • Joined: 18-August 07

Posted 25 November 2008 - 05:21 PM

ok, lets get a fuller scan and we will go in there in a more manual method:

  • Download random's system information tool (RSIT) by random/random from here.
  • It is important that is saved to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk

#7 lysistrata7

  • Group: Member
  • Posts: 41
  • Joined: 25-November 08

Posted 25 November 2008 - 05:43 PM

Here is log.txt:

Logfile of random's system information tool 1.04 (written by random/random)
Run by ALTomlinson at 2008-11-25 18:40:42
Microsoft Windows XP Professional Service Pack 2
System drive C: has 9 GB (18%) free of 49 GB
Total RAM: 2046 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:40:44 PM, on 11/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Novell\XTAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Novell\ZENworks\nalntsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Novell\ZENworks\Asset Management\bin\CClientSvc.exe
C:\Program Files\Novell\ZENworks\Asset Management\bin\CClient.exe
C:\Program Files\Novell\ZENworks\wm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NWTRAY.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Novell\GroupWise\grpwise.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Documents and Settings\ALTomlinson\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\ALTomlinson.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {c4bf8900-a18c-42a5-ad9a-fe8018bac0cd} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - HKUS\S-1-5-19\..\Run: [dazomojeyi] Rundll32.exe "C:\WINDOWS\system32\wihuwere.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_10.dll
O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\TuneCab\YouTubeRipper.dll
O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\TuneCab\YouTubeRipper.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} -
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} -
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} -
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} -
O16 - DPF: {A9FDC7FD-FE81-4910-8CF2-FA59EEFE11EC} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {CAFECAFE-0013-0001-0009-ABCDEFABCDEF} -
O16 - DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF} -
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} -
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Program Files\Novell\ZENworks\nalntsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Novell ZENworks Remote Management Agent (Remote Management Agent) - Novell, Inc. - C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMovieServer - SoundMovieServer - C:\WINDOWS\system32\snmvtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
O23 - Service: ZENworks Asset Management - Collection Client (TSCensus Collection Client) - Novell, Inc. - C:\Program Files\Novell\ZENworks\Asset Management\bin\CClientSvc.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\WINDOWS\System32\Novell\XTAgent.exe
O23 - Service: Workstation Manager (ZFDWM) - Novell, Inc. - C:\Program Files\Novell\ZENworks\wm.exe

--
End of file - 10085 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Antispyware Scheduled Scan.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\BF6021879953DCF3.job
C:\WINDOWS\tasks\ErrorSmart Scheduled Scan.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-25 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c4bf8900-a18c-42a5-ad9a-fe8018bac0cd}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
SITEguard
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NWTRAY"=C:\WINDOWS\system32\NWTRAY.EXE [2002-03-12 28672]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-04-28 8429568]
"ShStatEXE"=C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE /STANDALONE []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-10-22 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"AdwareAlert"=C:\Program Files\AdwareAlert\AdwareAlert.exe -boot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ATI Smart"=2
"Ati HotKey Poller"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NetIdentity Notification]
C:\WINDOWS\system32\Novell\XtNotify.dll [2006-05-02 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{763370C4-268E-4308-A60C-D8DA0342BE32}"=C:\Program Files\Novell\ZENworks\NalShell.dll [2006-06-28 446464]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwv1_0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"CompatibleRUPSecurity"=1
"DontDisplayLastUserName"=0
"LegalNoticeText"=

?
"ShutdownWithoutLogon"=1
"UndockWithoutLogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\dpmw32.exe"="C:\WINDOWS\system32\dpmw32.exe:*:Enabled:NDPS RPM & Notification Listener"
"C:\Program Files\Network Associates\Common Framework\FrameworkService.exe"="C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\Novell\GroupWise\grpwise.exe"="C:\Novell\GroupWise\grpwise.exe:*:Enabled:Novell GroupWise"
"C:\Novell\GroupWise\notify.exe"="C:\Novell\GroupWise\notify.exe:*:Enabled:Novell Notify"
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe"="C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"C:\Documents and Settings\All Users\Application Data\Spadester\spades.exe"="C:\Documents and Settings\All Users\Application Data\Spadester\spades.exe:*:Enabled:spades"
"C:\Program Files\Maple 10\jre\bin\maple.exe"="C:\Program Files\Maple 10\jre\bin\maple.exe:*:Enabled:maple"
"C:\WINDOWS\Temp\hp_webrelease\setup\HPZnet01.exe"="C:\WINDOWS\Temp\hp_webrelease\setup\HPZnet01.exe:*:Enabled:hpznet01.exe"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\WINDOWS\system32\ftp.exe"="C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program"
"C:\Program Files\Xming\Xming.exe"="C:\Program Files\Xming\Xming.exe:*:Enabled:Xming X Server"
"C:\McGraw-Hill\MH_EZTest\mysql\bin\mysqld.exe"="C:\McGraw-Hill\MH_EZTest\mysql\bin\mysqld.exe:*:Enabled:mysqld"
"C:\McGraw-Hill\MH_EZTest\jre\bin\java.exe"="C:\McGraw-Hill\MH_EZTest\jre\bin\java.exe:*:Enabled:java"
"C:\Program Files\WinSCP\WinSCP.exe"="C:\Program Files\WinSCP\WinSCP.exe:*:Enabled:Windows SFTP, FTP and SCP client"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:ĩTorrent"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe"="C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe:*:Enabled:SZServer"
"C:\Program Files\Windows Defender\MsMpEng.exe"="C:\Program Files\Windows Defender\MsMpEng.exe:*:Enabled:MsMpEng"
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe:*:Enabled:AppleMobileDeviceService"
"C:\Program Files\Network Associates\VirusScan\Mcshield.exe"="C:\Program Files\Network Associates\VirusScan\Mcshield.exe:*:Enabled:Mcshield"
"C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe"="C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe:*:Enabled:ZenRem32"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"="C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe:*:Enabled:sqlwriter"
"C:\WINDOWS\system32\wuauclt.exe"="C:\WINDOWS\system32\wuauclt.exe:*:Enabled:wuauclt"
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"
.com - open -

======List of files/folders created in the last 1 months======

2008-11-25 18:40:42 ----D---- C:\rsit
2008-11-25 11:11:50 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-11-25 09:43:51 ----D---- C:\Documents and Settings\ALTomlinson\Application Data\WinRAR
2008-11-25 09:31:43 ----D---- C:\WINDOWS\ERUNT
2008-11-25 09:24:05 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-25 09:18:45 ----D---- C:\SDFix
2008-11-25 07:49:25 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-25 07:49:25 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-25 07:49:25 ----A---- C:\WINDOWS\system32\java.exe
2008-11-25 07:49:25 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-25 07:45:08 ----D---- C:\VundoFix Backups
2008-11-25 07:45:08 ----A---- C:\VundoFix.txt
2008-11-25 07:33:01 ----D---- C:\Documents and Settings\ALTomlinson\Application Data\Malwarebytes
2008-11-25 07:32:55 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-25 07:32:55 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-25 06:43:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-25 06:10:51 ----SH---- C:\WINDOWS\system32\zagubura.exe
2008-11-24 18:54:18 ----D---- C:\Program Files\Trend Micro
2008-11-24 18:50:28 ----D---- C:\Program Files\Yahoo!
2008-11-24 18:50:22 ----D---- C:\Program Files\CCleaner
2008-11-24 18:21:26 ----D---- C:\32788R22FWJFW
2008-11-24 16:51:54 ----D---- C:\Documents and Settings\ALTomlinson\Application Data\Antispyware
2008-11-24 16:51:49 ----D---- C:\Program Files\Antispyware
2008-11-24 16:20:18 ----D---- C:\Documents and Settings\ALTomlinson\Application Data\ErrorSmart
2008-11-24 07:23:49 ----A---- C:\WINDOWS\wininit.ini
2008-11-24 06:47:34 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-24 06:47:34 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-24 02:25:59 ----A---- C:\WINDOWS\system32\erumdqyg.exe
2008-11-23 17:26:46 ----D---- C:\Lavasoft Ad-Aware 2008 Pro v7.1.0.10
2008-11-23 13:09:21 ----SHD---- C:\Config.Msi
2008-11-23 12:25:01 ----D---- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-11-23 12:24:20 ----D---- C:\Program Files\Common Files\iS3
2008-11-23 12:24:19 ----D---- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-11-22 23:57:10 ----D---- C:\Documents and Settings\All Users\Application Data\Meow Intra Bait Face
2008-11-22 23:56:35 ----D---- C:\Program Files\bleh way
2008-11-22 08:52:53 ----D---- C:\Documents and Settings\ALTomlinson\Application Data\dvdcss
2008-11-21 06:34:28 ----D---- C:\ConverterOutput
2008-11-21 06:34:23 ----A---- C:\avi_log.txt
2008-11-21 06:34:16 ----A---- C:\WINDOWS\system32\TomsMoComp_ff.dll
2008-11-21 06:34:16 ----A---- C:\WINDOWS\system32\libmplayer.dll
2008-11-21 06:34:16 ----A---- C:\WINDOWS\system32\libmpeg2_ff.dll
2008-11-21 06:34:16 ----A---- C:\WINDOWS\system32\libavcodec.dll
2008-11-21 06:34:15 ----D---- C:\Program Files\Cucusoft
2008-11-21 06:31:11 ----D---- C:\converter
2008-11-20 22:35:32 ----A---- C:\WINDOWS\Easy Avi Divx Xvid to DVD Burner.INI
2008-11-20 22:35:28 ----D---- C:\Program Files\Easy Avi Divx Xvid to DVD Burner
2008-11-16 13:39:55 ----A---- C:\Documents and Settings\All Users\Application Data\vlc-0.9.6-win32.exe
2008-11-10 21:31:41 ----D---- C:\Program Files\Microsoft Silverlight
2008-11-06 16:53:30 ----D---- C:\gwarchive
2008-10-28 17:36:00 ----A---- C:\WINDOWS\system32\divx_xx0c.dll
2008-10-28 17:36:00 ----A---- C:\WINDOWS\system32\divx_xx07.dll
2008-10-28 17:35:58 ----A---- C:\WINDOWS\system32\divx_xx11.dll
2008-10-28 17:35:58 ----A---- C:\WINDOWS\system32\divx_xx0a.dll
2008-10-28 17:35:56 ----A---- C:\WINDOWS\system32\DivX.dll
2008-10-27 20:13:12 ----D---- C:\Documents and Settings\ALTomlinson\Application Data\vlc
2008-10-27 20:12:43 ----D---- C:\Program Files\VideoLAN
2008-10-26 16:09:49 ----D---- C:\Program Files\Microsoft Reader
2008-10-26 16:09:49 ----A---- C:\WINDOWS\DASShp.dll

======List of files/folders modified in the last 1 months======

2008-11-25 15:17:05 ----D---- C:\WINDOWS\Temp
2008-11-25 15:02:41 ----D---- C:\WINDOWS\system32
2008-11-25 15:02:41 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-25 15:01:35 ----SD---- C:\WINDOWS\Tasks
2008-11-25 15:01:34 ----D---- C:\WINDOWS\Prefetch
2008-11-25 15:00:21 ----A---- C:\WINDOWS\WPCMAPI.INI
2008-11-25 14:59:34 ----D---- C:\Program Files\Mozilla Firefox
2008-11-25 14:59:07 ----HD---- C:\NALCache
2008-11-25 14:58:48 ----D---- C:\WINDOWS
2008-11-25 14:58:41 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-25 14:58:40 ----D---- C:\WINDOWS\system32\GroupPolicy
2008-11-25 14:58:39 ----D---- C:\WINDOWS\security
2008-11-25 14:58:37 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-25 14:12:19 ----SHD---- C:\WINDOWS\Installer
2008-11-25 14:12:18 ----D---- C:\Program Files\Network Associates
2008-11-25 14:12:18 ----D---- C:\Program Files\Common Files
2008-11-25 14:12:16 ----D---- C:\WINDOWS\system32\drivers
2008-11-25 14:09:06 ----SHD---- C:\System Volume Information
2008-11-25 14:09:06 ----D---- C:\WINDOWS\system32\Restore
2008-11-25 12:57:16 ----HD---- C:\WINDOWS\inf
2008-11-25 12:57:12 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-25 11:11:50 ----D---- C:\WINDOWS\Debug
2008-11-25 10:34:31 ----D---- C:\WINDOWS\Help
2008-11-25 07:51:55 ----RD---- C:\Program Files
2008-11-25 07:48:48 ----D---- C:\Program Files\Java
2008-11-25 07:04:48 ----D---- C:\Documents and Settings\ALTomlinson\Application Data\Move Networks
2008-11-25 06:29:04 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-24 19:00:45 ----D---- C:\WINDOWS\Minidump
2008-11-24 12:09:11 ----ASH---- C:\WINDOWS\system32\pedisasa.dll
2008-11-24 06:50:59 ----D---- C:\Program Files\Lavasoft
2008-11-24 06:31:38 ----D---- C:\Documents and Settings\ALTomlinson\Application Data\uTorrent
2008-11-23 20:29:59 ----D---- C:\Documents and Settings\All Users\Application Data\Thomson.ResearchSoft.Installers
2008-11-23 17:33:52 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-11-22 15:16:16 ----D---- C:\Documents and Settings\ALTomlinson\Application Data\EndNote
2008-11-21 20:22:16 ----D---- C:\G03W
2008-11-21 06:58:01 ----D---- C:\Program Files\DivX
2008-11-21 06:57:26 ----RSD---- C:\WINDOWS\Fonts
2008-11-21 06:57:26 ----D---- C:\Program Files\Common Files\AVSMedia
2008-11-06 22:03:31 ----D---- C:\Documents and Settings\ALTomlinson\Application Data\FileZilla
2008-11-06 21:52:26 ----A---- C:\WINDOWS\win.ini
2008-11-06 19:19:35 ----D---- C:\Documents and Settings\ALTomlinson\Application Data\Adobe
2008-11-04 10:35:14 ----D---- C:\Documents and Settings\ALTomlinson\Application Data\Real
2008-10-27 15:21:30 ----D---- C:\Documents and Settings\ALTomlinson\Application Data\U3
2008-10-26 16:11:12 ----SD---- C:\Documents and Settings\ALTomlinson\Application Data\Microsoft
2008-10-26 16:09:49 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-26 16:09:49 ----D---- C:\Program Files\Common Files\Microsoft Shared

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Ext2fs;Ext2fs; C:\WINDOWS\system32\DRIVERS\ext2fs.sys [2006-10-23 132736]
R1 IfsDrives;IfsDrives; C:\WINDOWS\system32\DRIVERS\IfsDrives.sys [2004-09-24 4608]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2007-03-26 36096]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.6.0.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-11-15 21425]
R2 BlankScr;HBDevice; C:\WINDOWS\system32\drivers\BlankScr.sys [2005-05-23 6899]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 NetwareWorkstation;Novell Client for Windows; C:\WINDOWS\system32\NetWare\nwfs.sys [2006-11-09 506159]
R2 NWDHCP;Novell DHCP Inform Client; C:\WINDOWS\system32\NetWare\nwdhcp.sys [2005-11-22 18353]
R2 RESMGR;Novell NetWare Resource Manager; C:\WINDOWS\system32\NetWare\resmgr.sys [2004-06-01 27249]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-02-21 12416]
R2 SRVLOC;Novell Service Location; C:\WINDOWS\system32\NetWare\srvloc.sys [2006-09-25 160209]
R2 WNTHW;WNTHW; \??\C:\WINDOWS\system32\DRIVERS\WNTHW.SYS []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2007-03-26 60800]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-05-10 156160]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 Darpan;Darpan; C:\WINDOWS\system32\DRIVERS\Darpan.sys [2005-05-23 2773]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 guardian2;guardian2; C:\WINDOWS\System32\Drivers\oz776.sys [2007-02-23 56576]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2007-03-26 138752]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-23 9600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-11-02 989696]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-11-02 209152]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2007-03-26 12160]
R3 NETw4x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-02-25 2203520]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2007-03-26 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-04-28 6727136]
R3 NWDNS;Novell DNS Name Space Service Provider; C:\WINDOWS\system32\NetWare\nwdns.sys [2006-09-25 43280]
R3 NWHOST;Novell Host File Name Space Service Provider; C:\WINDOWS\system32\NetWare\NWHOST.sys [2005-10-12 9297]
R3 NWSLP;Novell SLP Name Space Service Provider; C:\WINDOWS\system32\NetWare\nwslp.sys [2005-01-03 20332]
R3 NWSNS;Novell Simple Naming Services; C:\WINDOWS\system32\NetWare\NWSNS.sys [2005-10-12 6128]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-02-19 1228296]
R3 TucbDriverV32;TucbDriverV32; C:\WINDOWS\system32\drivers\TucbDriverV32.sys [2008-06-04 508544]
R3 TucbVideo32;TucbVideo32; C:\WINDOWS\system32\DRIVERS\TucbVideo32.sys [2008-06-04 3768]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-10-23 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-10-23 59264]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-10-23 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-11-02 730112]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S2 NWSIPX32;Novell NetWare IPX/SPX Transport Interface; C:\WINDOWS\system32\NetWare\nwsipx32.sys [2005-10-27 39731]
S3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-07-05 241152]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; C:\WINDOWS\system32\drivers\Ad-Watch Connect Filter.sys []
S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner; C:\WINDOWS\system32\drivers\Ad-Watch Real-Time Scanner.sys []
S3 Ad-Watch Registry Filter;Ad-Watch Registry Kernel Filter; C:\WINDOWS\system32\drivers\Ad-Watch Registry Filter.sys []
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-06-07 1580544]
S3 catchme;catchme; \??\C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\catchme.sys []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2007-03-26 145920]
S3 NWSAP;Novell SAP Name Space Provider; C:\WINDOWS\system32\NetWare\NWSAP.sys [2003-02-26 23232]
S3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\drivers\UIUSys.sys []
S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2005-05-26 21344]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2005-05-26 38144]
S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2005-06-24 39036]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-02-21 643072]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-25 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2005-10-14 28768528]
R2 NALNTSERVICE;Novell Application Launcher; C:\Program Files\Novell\ZENworks\nalntsrv.exe [2006-06-13 113152]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-04-28 163908]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2005-03-14 69632]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-02-21 327680]
R2 Remote Management Agent;Novell ZENworks Remote Management Agent; C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe [2006-05-09 167936]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-02-21 983040]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 STacSV;SigmaTel Audio Service; C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe [2007-02-19 90112]
R2 TSCensus Collection Client;ZENworks Asset Management - Collection Client; C:\Program Files\Novell\ZENworks\Asset Management\bin\CClientSvc.exe [2005-04-19 49152]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WLANKEEPER;Intel® PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2007-02-21 294912]
R2 XTAgent;Novell XTier Agent Services; C:\WINDOWS\System32\Novell\XTAgent.exe [2006-05-02 61440]
R2 ZFDWM;Workstation Manager; C:\Program Files\Novell\ZENworks\wm.exe [2006-06-13 151104]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-08-16 654848]
S2 McAfeeFramework;McAfee Framework Service; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [2007-03-27 104000]
S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 cusrvc;Client Update Service for Novell; C:\WINDOWS\system32\cusrvc.exe [2006-08-11 28672]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SoundMovieServer;SoundMovieServer; C:\WINDOWS\system32\snmvtsvc.exe [2008-06-04 184320]
S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-06-07 409600]
S4 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-07-28 520192]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 msvsmon80;Visual Studio 2005 Remote Debugger; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2005-10-14 239320]

-----------------EOF-----------------

info.txt:

info.txt logfile of random's system information tool 1.04 2008-11-25 18:40:46

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\UninstIPP.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{329899E1-CBBA-49BC-9FFE-199E94316727}\setup.exe" -l0x9 -removeonly
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Add or Remove Adobe Creative Suite 3 Design Premium-->C:\Program Files\Common Files\Adobe\Installers\498b43b77cac072081a5692bfc52804\Setup.exe
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B7F560B3-6EFF-4026-A982-843895A41149}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Creative Suite 3 Design Premium-->MsiExec.exe /I{1BDC1AB0-2677-4593-8F94-329F7CA8F670}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3-->MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{77D2A9D3-5800-43E3-B274-87841BC87DB2}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Video Encoder-->MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe InDesign CS3-->MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}
Adobe Setup-->MsiExec.exe /I{C8BA6802-38DA-43F9-8ACB-73161C277C9A}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Version Cue CS3 Server {ko_KR} -->MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}
Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
Antispyware-->MsiExec.exe /X{02245E4B-7B31-4727-9814-DF760E0E76B1}
Apple Mobile Device Support-->MsiExec.exe /I{AA9768AA-FF0B-4C66-A085-31E934F77841}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{2CA41BA1-9842-4819-8ABB-76FDC14AB9EA}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Broadcom Gigabit Integrated Controller-->MsiExec.exe /X{7E369B27-13E2-41A5-9879-358EE1C8B5AD}
Canon CanoScan LiDE 600F User Registration-->C:\Program Files\Canon\IJEREG\CanoScan LiDE 600F\UNINST.EXE
Canon CanoScan Toolbox 5.0-->"C:\Program Files\Canon\CanoScan Toolbox Ver5.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\CanoScan Toolbox Ver5.0\uninst.ini
CanoScan LiDE 600F-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4802\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4802 /L0x0009
Conexant HDA D330 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000f5.inf
Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07-->"C:\Program Files\Cucusoft\avi-dvd-pro\unins000.exe"
Dell Resource CD-->MsiExec.exe /X{FCD9CD52-7222-4672-94A0-A722BA702FD0}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Eraser-->"C:\Program Files\Eraser\unins000.exe"
ffdshow (remove only)-->"C:\Program Files\ffdshow\uninstall.exe"
FileZilla Client 3.1.2-->C:\Program Files\FileZilla FTP Client\uninstall.exe
Gaussian 03W-->C:\WINDOWS\IsUninst.exe -fC:\G03W\Uninst.isu
GaussView 4.1-->c:\g03w\gvw_uninst.exe
GroupWise Internet Browser Mail Integration-->C:\Novell\GroupWise\gwmailto.exe /uninstall
GroupWise Tip of the Day C3PO-->C:\Novell\GroupWise\gwtip.exe /uninstall
GroupWise-->MsiExec.exe /I{97A2FF67-1EB6-483C-A6E6-716D91298763}
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
InstantStorm 1.5-->"C:\Program Files\InstantStorm\unins000.exe"
Intel® Debugger for applications running on IA-32, Version 10.1-->MsiExec.exe /X{EA0735FC-B4FD-4B82-88FD-6779E52B4F87}
Intel® Fortran Compiler for IA-32 applications, Version 10.1.011-->MsiExec.exe /I{E3A70B42-A1F5-4FFE-B37B-99F5327ADCAF}
Intel® Fortran Compiler for Intel® 64 applications, Version 10.1.011-->MsiExec.exe /I{2BF2AE74-3633-481E-8D37-A5F1BA3C0AEA}
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
Intel® Visual Fortran Compiler 10.1 Integrations in Microsoft Visual Studio*-->MsiExec.exe /I{023CA5A6-A550-4859-AF7E-723D63A7374D}
iTunes-->MsiExec.exe /I{41B9E2CF-0B3F-442A-B5B3-592A4A355634}
Java™ 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
LG USB Drivers-->C:\PROGRA~1\LGDRIV~1\LGUSBD~1\UNWISE.EXE C:\PROGRA~1\LGDRIV~1\LGUSBD~1\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Maple 10-->"C:\Program Files\Maple 10\Uninstall_Maple 10\Uninstall Maple 10.exe"
MathType 6-->"C:\Program Files\MathType\Setup.exe" -R
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
MDL ISIS Draw 2.5 Standalone-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MDL ISIS Draw 2.5\uninst.isu"
mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Device Emulator version 1.0 - ENU-->MsiExec.exe /X{78B75C6D-E53C-424C-BF83-4B63BD4A6682}
Microsoft Document Explorer 2005-->C:\Program Files\Common Files\Microsoft Shared\Help 8\Microsoft Document Explorer 2005\install.exe
Microsoft Document Explorer 2005-->MsiExec.exe /X{44D4AF75-6870-41F5-9181-662EA05507E1}
Microsoft Image Composer 1.5-->C:\Program Files\Microsoft Image Composer\setup\acmsetup.exe /t setup.stf
Microsoft Office FrontPage 2003-->MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools-->MsiExec.exe /X{1389C6A4-4965-4AEC-9175-08B54A10FA48}
Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server 2005-->"c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual J# 2.0 Redistributable Package-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
Microsoft Visual Studio 2005 Professional Edition - ENU-->C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Studio 2005 Professional Edition - ENU\setup.exe
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
MobileMe Control Panel-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
Morgan Stream Switcher-->"C:\Program Files\Morgan\mmswitch\uninst.exe"
Mozilla Firefox (2.0.0.16)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSCfg-->MsiExec.exe /I{829CD169-E692-48E8-9BDE-A3E8D8B65538}
mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
NICI (Shared) U.S./Worldwide (128 bit) (2.7.0-2)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}\Setup.exe" -uninst
NMAS Challenge Response Method-->MsiExec.exe /X{B9A5A789-D491-49FB-958C-BFEC2C11BB1D}
NMAS Client-->MsiExec.exe /I{9B427732-573E-4E78-B6FA-AC3E5A218BA2}
Novell Client for Windows-->%SystemRoot%\system32\rundll32 nwsetup.dll NWUninstallClient
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Oracle JInitiator 1.3.1.28-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAFECAFE-0013-0001-0128-ABCDEFABCDEF}\Setup.exe" -l0x9 -uninst
Oracle JInitiator 1.3.1.9-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Oracle\JInitiator 1.3.1.9\Uninst.isu"
OriginPro 8-->C:\Program Files\InstallShield Installation Information\{A912021A-FEDD-4DA3-8DB4-245EBDA84778}\setup.exe -runfromtemp -l0x0009 -removeonly
OZ776 SCR Driver V1.1.3.9-->C:\Program Files\InstallShield Installation Information\{343D8DE3-AE1F-431A-830C-B66352E8CA12}\setup.exe -runfromtemp -l0x0409
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Presto! PageManager 7.15.14-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}\PMSetup.exe" -l0x9 anything -removeonly
Pug Screen Cleaner-->"C:\WINDOWS\Pug Screen Cleaner Uninstaller\unins000.exe"
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RegCure 1.5.0.1-->C:\Program Files\RegCure\uninst.exe
ScanSoft OmniPage SE 4.0-->MsiExec.exe /I{C1E693A4-B1D5-4DCD-B68D-2087835B7184}
SecureZIP for Windows 12.00.0018-->MsiExec.exe /I{1BF17EE7-6E06-4601-961C-01A481344D06}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB925674)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {124D38C7-5BE5-4D4E-8D6D-9F10DC6B6D11} /package {437AB8E0-FB69-4222-B280-A64F3DE22591}
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB937060)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {78DD9A0A-4AE1-46D0-B9A6-578EFCA47A3C} /package {437AB8E0-FB69-4222-B280-A64F3DE22591}
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\

#8 andrewuk

  • Group: Malware Removal
  • Posts: 5,297
  • Joined: 18-August 07

Posted 25 November 2008 - 06:53 PM

====STEP 1====
Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes
explorer.exe

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c4bf8900-a18c-42a5-ad9a-fe8018bac0cd}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{05D44720-58E3-49E6-BDF6-D00330E511D3}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3BB54395-5982-4788-8AF4-B5388FFDD0D8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5736C456-EA94-4AAC-BB08-917ABDD035B3}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A4110378-789B-455F-AE86-3A1BFC402853}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A9FDC7FD-FE81-4910-8CF2-FA59EEFE11EC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B8BE5E93-A60C-4D26-A2DC-220313175592}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFECAFE-0013-0001-0009-ABCDEFABCDEF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFECAFE-0013-0001-0028-ABCDEFABCDEF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937}]
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dazomojeyi"=-

:Files
C:\WINDOWS\SchedLgU.Txt
C:\WINDOWS\system32\zagubura.exe
C:\WINDOWS\system32\wihuwere.dll
C:\WINDOWS\system32\erumdqyg.exe
C:\WINDOWS\system32\pedisasa.dll

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]


  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.

  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



====STEP 2====
Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)



In your next reply could i see:
1. the OTMoveIT log
2. the LopR.txt log

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk

#9 lysistrata7

  • Group: Member
  • Posts: 41
  • Joined: 25-November 08

Posted 25 November 2008 - 07:24 PM

Results from OTMoveIT:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c4bf8900-a18c-42a5-ad9a-fe8018bac0cd}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{05D44720-58E3-49E6-BDF6-D00330E511D3}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3BB54395-5982-4788-8AF4-B5388FFDD0D8}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5736C456-EA94-4AAC-BB08-917ABDD035B3}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A4110378-789B-455F-AE86-3A1BFC402853}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A9FDC7FD-FE81-4910-8CF2-FA59EEFE11EC}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B8BE5E93-A60C-4D26-A2DC-220313175592}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFECAFE-0013-0001-0009-ABCDEFABCDEF}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFECAFE-0013-0001-0028-ABCDEFABCDEF}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937}\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\dazomojeyi deleted successfully.
========== FILES ==========
File move failed. C:\WINDOWS\SchedLgU.Txt scheduled to be moved on reboot.
C:\WINDOWS\system32\zagubura.exe moved successfully.
File/Folder C:\WINDOWS\system32\wihuwere.dll not found.
C:\WINDOWS\system32\erumdqyg.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\pedisasa.dll
C:\WINDOWS\system32\pedisasa.dll NOT unregistered.
C:\WINDOWS\system32\pedisasa.dll moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\AcrAAF8.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\AcrAAF9.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo10 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo11 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo12 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo13 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo14 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo15 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo16 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo17 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo18 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo19 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo2 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo20 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo21 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo22 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo23 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo24 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo25 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo26 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo27 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo28 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo29 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo3 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo30 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo31 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo32 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo33 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo34 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo35 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo36 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo37 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo38 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo39 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo4 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo40 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo41 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo42 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo43 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo44 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo45 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo46 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo47 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo48 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo49 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo5 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo50 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo51 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo52 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo53 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo54 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo55 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo56 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo57 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo58 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo59 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo6 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo60 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo61 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo62 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo63 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo64 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo65 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo7 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo8 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo9 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\~DF905C.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\~DFD9DD.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_1a8.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_630.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_698.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\ALTomlinson\Local Settings\Application Data\Mozilla\Firefox\Profiles\isz53104.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\ALTomlinson\Local Settings\Application Data\Mozilla\Firefox\Profiles\isz53104.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\ALTomlinson\Local Settings\Application Data\Mozilla\Firefox\Profiles\isz53104.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\ALTomlinson\Local Settings\Application Data\Mozilla\Firefox\Profiles\isz53104.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\ALTomlinson\Local Settings\Application Data\Mozilla\Firefox\Profiles\isz53104.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11252008_200429

Files moved on Reboot...
File move failed. C:\WINDOWS\SchedLgU.Txt scheduled to be moved on reboot.
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\AcrAAF8.tmp not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\AcrAAF9.tmp not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo10 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo11 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo12 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo13 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo14 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo15 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo16 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo17 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo18 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo19 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo2 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo20 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo21 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo22 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo23 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo24 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo25 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo26 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo27 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo28 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo29 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo3 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo30 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo31 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo32 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo33 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo34 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo35 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo36 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo37 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo38 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo39 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo4 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo40 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo41 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo42 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo43 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo44 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo45 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo46 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo47 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo48 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo49 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo5 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo50 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo51 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo52 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo53 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo54 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo55 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo56 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo57 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo58 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo59 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo6 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo60 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo61 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo62 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo63 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo64 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo65 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo7 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo8 not found!
File C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\lilo9 not found!
C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\~DF905C.tmp moved successfully.
C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\~DFD9DD.tmp moved successfully.
File move failed. C:\WINDOWS\temp\Perflib_Perfdata_1a8.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_630.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_698.dat not found!
C:\Documents and Settings\ALTomlinson\Local Settings\Application Data\Mozilla\Firefox\Profiles\isz53104.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\ALTomlinson\Local Settings\Application Data\Mozilla\Firefox\Profiles\isz53104.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\ALTomlinson\Local Settings\Application Data\Mozilla\Firefox\Profiles\isz53104.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\ALTomlinson\Local Settings\Application Data\Mozilla\Firefox\Profiles\isz53104.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\ALTomlinson\Local Settings\Application Data\Mozilla\Firefox\Profiles\isz53104.default\XUL.mfl moved successfully.

results from LopS&D:


--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel® Core™2 Duo CPU T7700 @ 2.40GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A02
USER : ALTomlinson ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:47 Go (Free:9 Go)
D:\ (CD or DVD)
S:\ (Local Disk) - Ext2 - Total:22 Go (Free:3 Go)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( Tue 11/25/2008|20:21 )

--------------------\\ Listing folders in APPLIC~1

[03/28/2007|09:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Adobe
[03/28/2007|09:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Apple Computer
[03/28/2007|09:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[08/10/2007|03:05] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Intel
[03/28/2007|09:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Leadertech
[03/28/2007|09:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Macromedia
[03/28/2007|09:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[03/28/2007|09:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Mozilla
[03/28/2007|09:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Real
[03/28/2007|09:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Sonic
[03/28/2007|09:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Sun
[03/28/2007|09:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Talkback

[09/13/2008|08:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[03/08/2008|07:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[08/16/2007|09:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ALM
[08/10/2007|06:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[03/28/2007|07:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[05/24/2008|05:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AVS4YOU
[10/11/2008|04:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> FLEXnet
[08/21/2007|10:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[08/10/2007|03:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Intel
[11/23/2008|05:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[11/25/2008|07:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[03/27/2007|10:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee
[11/22/2008|11:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Meow Intra Bait Face
[05/14/2008|07:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[11/15/2007|03:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft Help
[12/04/2007|05:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> nView_Profiles
[04/20/2008|11:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PKWARE
[11/12/2007|01:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PreEmptive Solutions
[08/21/2007|10:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ScanSoft
[11/23/2008|12:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SITEguard
[01/05/2008|09:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spadester
[11/25/2008|09:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[11/23/2008|01:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> STOPzilla!
[01/29/2008|11:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[11/23/2008|08:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Thomson.ResearchSoft.Installers
[01/29/2008|11:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage

[11/06/2008|07:19] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> Adobe
[11/24/2008|07:21] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> Antispyware
[03/28/2007|09:44] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> Apple Computer
[08/27/2007|09:37] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> ArcSoft
[02/22/2008|09:44] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> ATI
[05/24/2008|05:07] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> AVS4YOU
[05/26/2008|07:48] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> AVSMedia
[08/27/2007|09:32] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> Canon
[10/24/2007|12:36] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> CuteReminderPro
[08/22/2007|01:06] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> Design Science
[05/24/2008|12:20] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> DivX
[11/22/2008|10:14] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> dvdcss
[11/22/2008|03:16] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> EndNote
[11/24/2008|04:21] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> ErrorSmart
[11/06/2008|10:03] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> FileZilla
[02/05/2008|06:56] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> gretl
[11/11/2007|08:14] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> Help
[03/28/2007|09:44] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> Identities
[11/12/2007|07:07] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> InstallShield
[08/10/2007|03:05] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> Intel
[01/29/2008|11:19] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> Lavasoft
[03/28/2007|09:44] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> Leadertech
[03/28/2007|09:44] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> Macromedia
[11/25/2008|07:33] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> Malwarebytes
[10/26/2008|04:11] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> Microsoft
[11/25/2008|07:04] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> Move Networks
[03/28/2007|09:44] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> Mozilla
[10/17/2007|09:42] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> NewSoft
[07/09/2008|11:34] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> Opera
[04/20/2008|11:37] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> PKWARE
[11/04/2008|10:35] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> Real
[08/21/2007|10:57] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> ScanSoft
[03/28/2007|09:44] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> Sonic
[03/28/2007|09:44] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> Sun
[03/28/2007|09:44] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> Talkback
[10/27/2008|03:21] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> U3
[11/24/2008|06:31] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> uTorrent
[10/28/2008|07:08] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> vlc
[11/25/2008|09:43] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> WinRAR
[02/07/2008|05:53] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> ZipZag

[03/28/2007|09:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Adobe
[03/28/2007|09:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Apple Computer
[03/28/2007|09:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[08/10/2007|03:05] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Intel
[03/28/2007|09:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Leadertech
[03/28/2007|09:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Macromedia
[11/15/2007|03:02] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[03/28/2007|09:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Mozilla
[03/28/2007|09:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Real
[03/28/2007|09:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Sonic
[03/28/2007|09:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Sun
[03/28/2007|09:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Talkback

[03/28/2007|09:44] C:\DOCUME~1\JDTOLB~1\APPLIC~1\<DIR> Adobe
[03/28/2007|09:44] C:\DOCUME~1\JDTOLB~1\APPLIC~1\<DIR> Apple Computer
[03/28/2007|09:44] C:\DOCUME~1\JDTOLB~1\APPLIC~1\<DIR> Identities
[08/10/2007|03:05] C:\DOCUME~1\JDTOLB~1\APPLIC~1\<DIR> Intel
[03/28/2007|09:44] C:\DOCUME~1\JDTOLB~1\APPLIC~1\<DIR> Leadertech
[03/28/2007|09:44] C:\DOCUME~1\JDTOLB~1\APPLIC~1\<DIR> Macromedia
[03/28/2007|09:44] C:\DOCUME~1\JDTOLB~1\APPLIC~1\<DIR> Microsoft
[03/28/2007|09:44] C:\DOCUME~1\JDTOLB~1\APPLIC~1\<DIR> Mozilla
[03/28/2007|09:44] C:\DOCUME~1\JDTOLB~1\APPLIC~1\<DIR> Real
[03/28/2007|09:44] C:\DOCUME~1\JDTOLB~1\APPLIC~1\<DIR> Sonic
[03/28/2007|09:44] C:\DOCUME~1\JDTOLB~1\APPLIC~1\<DIR> Sun
[03/28/2007|09:44] C:\DOCUME~1\JDTOLB~1\APPLIC~1\<DIR> Talkback

[08/10/2007|03:05] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Intel
[03/27/2007|10:22] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[03/28/2007|09:44] C:\DOCUME~1\MBMCGI~1\APPLIC~1\<DIR> Adobe
[03/28/2007|09:44] C:\DOCUME~1\MBMCGI~1\APPLIC~1\<DIR> Apple Computer
[03/28/2007|09:44] C:\DOCUME~1\MBMCGI~1\APPLIC~1\<DIR> Identities
[08/10/2007|03:05] C:\DOCUME~1\MBMCGI~1\APPLIC~1\<DIR> Intel
[03/28/2007|09:44] C:\DOCUME~1\MBMCGI~1\APPLIC~1\<DIR> Leadertech
[03/28/2007|09:44] C:\DOCUME~1\MBMCGI~1\APPLIC~1\<DIR> Macromedia
[03/28/2007|09:44] C:\DOCUME~1\MBMCGI~1\APPLIC~1\<DIR> Microsoft
[03/28/2007|09:44] C:\DOCUME~1\MBMCGI~1\APPLIC~1\<DIR> Mozilla
[03/28/2007|09:44] C:\DOCUME~1\MBMCGI~1\APPLIC~1\<DIR> Real
[03/28/2007|09:44] C:\DOCUME~1\MBMCGI~1\APPLIC~1\<DIR> Sonic
[03/28/2007|09:44] C:\DOCUME~1\MBMCGI~1\APPLIC~1\<DIR> Sun
[03/28/2007|09:44] C:\DOCUME~1\MBMCGI~1\APPLIC~1\<DIR> Talkback

[08/10/2007|03:05] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Intel
[05/01/2008|06:46] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[03/28/2007|09:44] C:\DOCUME~1\SFMcLeod\APPLIC~1\<DIR> Adobe
[03/28/2007|09:44] C:\DOCUME~1\SFMcLeod\APPLIC~1\<DIR> Apple Computer
[03/28/2007|09:44] C:\DOCUME~1\SFMcLeod\APPLIC~1\<DIR> Identities
[08/10/2007|03:05] C:\DOCUME~1\SFMcLeod\APPLIC~1\<DIR> Intel
[03/28/2007|09:44] C:\DOCUME~1\SFMcLeod\APPLIC~1\<DIR> Leadertech
[03/28/2007|09:44] C:\DOCUME~1\SFMcLeod\APPLIC~1\<DIR> Macromedia
[03/28/2007|10:37] C:\DOCUME~1\SFMcLeod\APPLIC~1\<DIR> Microsoft
[03/28/2007|09:44] C:\DOCUME~1\SFMcLeod\APPLIC~1\<DIR> Mozilla
[03/28/2007|09:44] C:\DOCUME~1\SFMcLeod\APPLIC~1\<DIR> Real
[03/28/2007|09:44] C:\DOCUME~1\SFMcLeod\APPLIC~1\<DIR> Sonic
[03/28/2007|09:44] C:\DOCUME~1\SFMcLeod\APPLIC~1\<DIR> Sun
[03/28/2007|09:44] C:\DOCUME~1\SFMcLeod\APPLIC~1\<DIR> Talkback

[03/28/2007|09:45] C:\DOCUME~1\Tech\APPLIC~1\<DIR> Adobe
[03/28/2007|09:45] C:\DOCUME~1\Tech\APPLIC~1\<DIR> Apple Computer
[03/28/2007|09:45] C:\DOCUME~1\Tech\APPLIC~1\<DIR> Identities
[08/10/2007|03:05] C:\DOCUME~1\Tech\APPLIC~1\<DIR> Intel
[03/28/2007|09:45] C:\DOCUME~1\Tech\APPLIC~1\<DIR> Leadertech
[03/28/2007|09:45] C:\DOCUME~1\Tech\APPLIC~1\<DIR> Macromedia
[03/28/2007|09:45] C:\DOCUME~1\Tech\APPLIC~1\<DIR> Microsoft
[03/28/2007|09:45] C:\DOCUME~1\Tech\APPLIC~1\<DIR> Mozilla
[03/28/2007|09:45] C:\DOCUME~1\Tech\APPLIC~1\<DIR> Real
[03/28/2007|09:45] C:\DOCUME~1\Tech\APPLIC~1\<DIR> Sonic
[03/28/2007|09:45] C:\DOCUME~1\Tech\APPLIC~1\<DIR> Sun
[03/28/2007|09:45] C:\DOCUME~1\Tech\APPLIC~1\<DIR> Talkback

[03/28/2007|07:35] C:\DOCUME~1\techroot\APPLIC~1\<DIR> Adobe
[03/28/2007|08:54] C:\DOCUME~1\techroot\APPLIC~1\<DIR> Apple Computer
[03/27/2007|10:27] C:\DOCUME~1\techroot\APPLIC~1\<DIR> Identities
[08/10/2007|03:05] C:\DOCUME~1\techroot\APPLIC~1\<DIR> Intel
[03/28/2007|08:55] C:\DOCUME~1\techroot\APPLIC~1\<DIR> Leadertech
[03/28/2007|08:25] C:\DOCUME~1\techroot\APPLIC~1\<DIR> Macromedia
[03/28/2007|08:53] C:\DOCUME~1\techroot\APPLIC~1\<DIR> Microsoft
[03/28/2007|07:04] C:\DOCUME~1\techroot\APPLIC~1\<DIR> Mozilla
[03/28/2007|08:37] C:\DOCUME~1\techroot\APPLIC~1\<DIR> Real
[03/28/2007|08:55] C:\DOCUME~1\techroot\APPLIC~1\<DIR> Sonic
[03/28/2007|08:25] C:\DOCUME~1\techroot\APPLIC~1\<DIR> Sun
[03/28/2007|07:04] C:\DOCUME~1\techroot\APPLIC~1\<DIR> Talkback

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[11/25/2008 06:43 AM][--a------] C:\WINDOWS\tasks\Antispyware Scheduled Scan.job
[11/24/2008 04:20 PM][--a------] C:\WINDOWS\tasks\ErrorSmart Scheduled Scan.job
[11/25/2008 08:00 PM][--ah-----] C:\WINDOWS\tasks\BF6021879953DCF3.job
[11/25/2008 08:07 PM][--a------] C:\WINDOWS\tasks\RegCure Program Check.job
[11/20/2008 06:20 AM][--a------] C:\WINDOWS\tasks\RegCure.job
[11/25/2008 08:10 PM][--ah-----] C:\WINDOWS\tasks\MP Scheduled Scan.job
[11/22/2008 08:29 AM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[11/25/2008 08:07 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/23/2001 07:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

( BF6021879953DCF3.job )=( c:\docume~1\altoml~1\applic~1\blehwa~1\antiwipeglue.exe )

--------------------\\ Listing Folders in C:\Program Files

[10/17/2008|07:03] C:\Program Files\<DIR> AC3Filter
[07/07/2008|09:09] C:\Program Files\<DIR> Adobe
[04/24/2007|09:36] C:\Program Files\<DIR> Analog Devices
[11/24/2008|04:51] C:\Program Files\<DIR> Antispyware
[08/06/2008|12:22] C:\Program Files\<DIR> Apple Software Update
[08/21/2007|10:51] C:\Program Files\<DIR> ArcSoft
[03/27/2007|09:39] C:\Program Files\<DIR> ATI Technologies
[05/24/2008|04:51] C:\Program Files\<DIR> Avi2Dvd
[05/24/2008|04:56] C:\Program Files\<DIR> AviSynth 2.5
[05/24/2008|05:10] C:\Program Files\<DIR> AVS4YOU
[11/22/2008|11:56] C:\Program Files\<DIR> bleh way
[09/13/2008|08:42] C:\Program Files\<DIR> Bonjour
[03/27/2007|09:41] C:\Program Files\<DIR> Broadcom
[08/21/2007|11:00] C:\Program Files\<DIR> Canon
[08/21/2007|10:49] C:\Program Files\<DIR> CanonBJ
[11/24/2008|06:50] C:\Program Files\<DIR> CCleaner
[11/12/2007|01:32] C:\Program Files\<DIR> CE Remote Tools
[11/25/2008|02:12] C:\Program Files\<DIR> Common Files
[03/27/2007|10:19] C:\Program Files\<DIR> ComPlus Applications
[08/10/2007|03:03] C:\Program Files\<DIR> CONEXANT
[03/27/2007|09:49] C:\Program Files\<DIR> CUAgent
[11/21/2008|06:34] C:\Program Files\<DIR> Cucusoft
[03/28/2007|08:47] C:\Program Files\<DIR> CyberLink
[03/27/2007|09:37] C:\Program Files\<DIR> Dell
[11/21/2008|06:58] C:\Program Files\<DIR> DivX
[11/21/2008|06:24] C:\Program Files\<DIR> Easy Avi Divx Xvid to DVD Burner
[04/13/2008|08:37] C:\Program Files\<DIR> eMusic Download Manager
[03/28/2007|09:00] C:\Program Files\<DIR> Eraser
[10/17/2008|07:05] C:\Program Files\<DIR> ffdshow
[09/10/2008|05:47] C:\Program Files\<DIR> FileZilla FTP Client
[03/10/2008|08:27] C:\Program Files\<DIR> HP
[11/12/2007|01:32] C:\Program Files\<DIR> HTML Help Workshop
[10/26/2008|04:09] C:\Program Files\<DIR> InstallShield Installation Information
[08/02/2008|08:44] C:\Program Files\<DIR> InstantStorm
[11/12/2007|07:09] C:\Program Files\<DIR> Intel
[08/18/2008|12:52] C:\Program Files\<DIR> Internet Explorer
[09/13/2008|08:42] C:\Program Files\<DIR> iPod
[09/13/2008|08:43] C:\Program Files\<DIR> iTunes
[11/25/2008|07:48] C:\Program Files\<DIR> Java
[11/24/2008|06:50] C:\Program Files\<DIR> Lavasoft
[07/26/2008|08:54] C:\Program Files\<DIR> LG Drivers
[11/25/2008|07:33] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[02/05/2008|06:32] C:\Program Files\<DIR> Maple 10
[08/13/2007|08:04] C:\Program Files\<DIR> MathType
[07/12/2008|12:41] C:\Program Files\<DIR> MDL ISIS Draw 2.5
[08/18/2008|12:53] C:\Program Files\<DIR> Messenger
[03/28/2007|08:25] C:\Program Files\<DIR> Microsoft ActiveSync
[10/11/2007|06:49] C:\Program Files\<DIR> Microsoft CAPICOM 2.1.0.2
[11/12/2007|01:44] C:\Program Files\<DIR> Microsoft Device Emulator
[03/27/2007|10:23] C:\Program Files\<DIR> microsoft frontpage
[03/28/2007|08:50] C:\Program Files\<DIR> Microsoft Image Composer
[03/28/2007|08:24] C:\Program Files\<DIR> Microsoft Office
[10/26/2008|04:09] C:\Program Files\<DIR> Microsoft Reader
[11/10/2008|09:31] C:\Program Files\<DIR> Microsoft Silverlight
[11/12/2007|01:47] C:\Program Files\<DIR> Microsoft SQL Server
[11/12/2007|01:44] C:\Program Files\<DIR> Microsoft SQL Server 2005 Mobile Edition
[03/28/2007|08:23] C:\Program Files\<DIR> Microsoft Visual Studio
[11/12/2007|07:08] C:\Program Files\<DIR> Microsoft Visual Studio 8
[03/28/2007|08:23] C:\Program Files\<DIR> Microsoft Works
[03/28/2007|08:25] C:\Program Files\<DIR> Microsoft.NET
[10/17/2008|07:05] C:\Program Files\<DIR> Morgan
[03/27/2007|10:20] C:\Program Files\<DIR> Movie Maker
[11/25/2008|08:08] C:\Program Files\<DIR> Mozilla Firefox
[11/12/2007|01:39] C:\Program Files\<DIR> MSBuild
[03/27/2007|10:18] C:\Program Files\<DIR> MSN
[03/27/2007|10:19] C:\Program Files\<DIR> MSN Gaming Zone
[08/15/2007|04:25] C:\Program Files\<DIR> MSXML 4.0
[08/15/2007|04:25] C:\Program Files\<DIR> MSXML 6.0
[03/27/2007|10:20] C:\Program Files\<DIR> NetMeeting
[11/25/2008|02:12] C:\Program Files\<DIR> Network Associates
[08/21/2007|10:58] C:\Program Files\<DIR> NewSoft
[03/28/2007|08:27] C:\Program Files\<DIR> Novell
[08/10/2007|03:13] C:\Program Files\<DIR> O2Micro OZ776 SCR Driver
[03/28/2007|09:57] C:\Program Files\<DIR> Online Services
[11/17/2007|10:26] C:\Program Files\<DIR> OpenBabel-2.1.1
[06/25/2008|07:37] C:\Program Files\<DIR> Oracle
[02/27/2008|01:26] C:\Program Files\<DIR> Origin 8 Setup Files
[02/27/2008|01:25] C:\Program Files\<DIR> OriginLab
[08/15/2007|04:25] C:\Program Files\<DIR> Outlook Express
[04/24/2007|09:52] C:\Program Files\<DIR> PDFCreator
[04/20/2008|11:36] C:\Program Files\<DIR> PKWARE
[05/05/2008|04:43] C:\Program Files\<DIR> Portable PuTTY
[09/13/2008|08:41] C:\Program Files\<DIR> QuickTime
[03/28/2007|08:34] C:\Program Files\<DIR> Real
[07/12/2008|06:20] C:\Program Files\<DIR> RegCure
[09/12/2008|11:00] C:\Program Files\<DIR> RMP2
[07/16/2008|12:12] C:\Program Files\<DIR> Safari
[08/21/2007|10:56] C:\Program Files\<DIR> ScanSoft
[11/14/2007|05:17] C:\Program Files\<DIR> Semichem, Inc
[08/10/2007|03:01] C:\Program Files\<DIR> SigmaTel
[03/28/2007|08:46] C:\Program Files\<DIR> Sonic
[11/24/2008|07:31] C:\Program Files\<DIR> Spybot - Search & Destroy
[11/24/2008|06:54] C:\Program Files\<DIR> Trend Micro
[07/12/2008|06:55] C:\Program Files\<DIR> TuneCab
[12/22/2007|03:22] C:\Program Files\<DIR> UBISOFT
[03/27/2007|10:27] C:\Program Files\<DIR> Uninstall Information
[10/16/2008|05:37] C:\Program Files\<DIR> uTorrent
[10/27/2008|08:12] C:\Program Files\<DIR> VideoLAN
[01/29/2008|11:28] C:\Program Files\<DIR> Windows Defender
[03/27/2007|10:22] C:\Program Files\<DIR> Windows Media Player
[03/28/2007|07:38] C:\Program Files\<DIR> Windows NT
[03/27/2007|10:21] C:\Program Files\<DIR> WindowsUpdate
[11/25/2007|06:17] C:\Program Files\<DIR> WinFIG22
[08/17/2007|06:05] C:\Program Files\<DIR> WinSCP
[03/27/2007|10:23] C:\Program Files\<DIR> xerox
[05/05/2008|04:46] C:\Program Files\<DIR> Xming
[10/17/2008|07:05] C:\Program Files\<DIR> XviD
[11/24/2008|06:50] C:\Program Files\<DIR> Yahoo!
[09/05/2007|03:46] C:\Program Files\<DIR> Zero G Registry
[04/28/2008|08:36] C:\Program Files\<DIR> ZipZag

--------------------\\ Listing Folders in C:\Program Files\Common Files

[08/16/2007|10:00] C:\Program Files\Common Files\<DIR> Adobe
[09/13/2008|08:41] C:\Program Files\Common Files\<DIR> Apple
[11/21/2008|06:57] C:\Program Files\Common Files\<DIR> AVSMedia
[11/12/2007|01:32] C:\Program Files\Common Files\<DIR> Business Objects
[08/21/2007|10:51] C:\Program Files\Common Files\<DIR> CANON
[03/27/2007|10:21] C:\Program Files\Common Files\<DIR> Cisco Systems
[08/16/2007|09:57] C:\Program Files\Common Files\<DIR> Control Panels
[03/28/2007|08:24] C:\Program Files\Common Files\<DIR> DESIGNER
[08/21/2007|10:57] C:\Program Files\Common Files\<DIR> InstallShield
[11/12/2007|07:07] C:\Program Files\Common Files\<DIR> Intel
[11/23/2008|12:24] C:\Program Files\Common Files\<DIR> iS3
[03/28/2007|08:26] C:\Program Files\Common Files\<DIR> L&H
[08/16/2007|09:33] C:\Program Files\Common Files\<DIR> Macrovision Shared
[04/18/2008|05:32] C:\Program Files\Common Files\<DIR> MDL Shared
[11/12/2007|01:32] C:\Program Files\Common Files\<DIR> Merge Modules
[10/26/2008|04:09] C:\Program Files\Common Files\<DIR> Microsoft Shared
[03/27/2007|10:20] C:\Program Files\Common Files\<DIR> MSSoap
[03/27/2007|05:07] C:\Program Files\Common Files\<DIR> ODBC
[08/21/2007|10:59] C:\Program Files\Common Files\<DIR> PDFView
[04/20/2008|11:36] C:\Program Files\Common Files\<DIR> PKWARE
[03/28/2007|08:35] C:\Program Files\Common Files\<DIR> Real
[07/05/2008|06:34] C:\Program Files\Common Files\<DIR> ResearchSoft
[07/05/2008|06:34] C:\Program Files\Common Files\<DIR> Risxtd
[08/21/2007|10:57] C:\Program Files\Common Files\<DIR> ScanSoft Shared
[03/27/2007|10:20] C:\Program Files\Common Files\<DIR> Services
[03/27/2007|05:07] C:\Program Files\Common Files\<DIR> SpeechEngines
[03/28/2007|08:46] C:\Program Files\Common Files\<DIR> SureThing Shared
[08/15/2007|04:25] C:\Program Files\Common Files\<DIR> System
[03/28/2007|08:35] C:\Program Files\Common Files\<DIR> xing shared

--------------------\\ Process

( 37 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Meow Intra Bait Face
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Meow Intra Bait Face\store 1.exe
C:\Program Files\blehwa~1
C:\WINDOWS\Tasks\BF6021879953DCF3.job

--------------------\\ Searching within the Registry

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-25 20:22:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections


No other infections found !

[F:1][D:0]-> C:\DOCUME~1\ALTOML~1\Cookies
[F:6][D:4]-> C:\DOCUME~1\ALTOML~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Tue 11/25/2008|20:23 - Option : [1]

--------------------\\ Scan completed at 20:23:13

#10 andrewuk

  • Group: Malware Removal
  • Posts: 5,297
  • Joined: 18-August 07

Posted 25 November 2008 - 07:42 PM

====STEP 1====

Restart Lop S&D

This time choose Option 3 (Fix - Hosts)
Don't close the window during suppression!
Post the log which is created: (%SystemDrive%\lopR.txt)



====STEP 2====
Please download DAFT and save it to your desktop:
  • Double-click the daft.exe icon.
  • Click on the Scan button.
  • Select everything it is displaying there
  • Click the Fix button.
  • Then rescan with DAFT again - it should say now that "All associations are OK"
  • Close DAFT if you receive that message. This means that it is fixed now.

====STEP 3====
Please download DirLook by jpshortstuff from one of the following mirrors:
Link 1
Link 2
Link 3
  • Double-click DirLook.exe to run it (Vista Users should right-click and select Run As Administrator...).
  • Ensure that Show Hidden Files/Folders and BBCode Ouput are both checked.
  • Copy the content of the following codebox into the main textfield:

    C:\32788R22FWJFW
C:\Documents and Settings\ALTomlinson\Application Data\Antispyware
C:\Program Files\Antispyware


  • Click the DirLook button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. (Note: The log can also be found at C:\DirLook.txt)
Note: Scanning may take longer for large folders.


In your next reply could i see:
1. the LopR.txt log
2. the DirLook logs

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk

#11 lysistrata7

  • Group: Member
  • Posts: 41
  • Joined: 25-November 08

Posted 25 November 2008 - 07:55 PM

LopS&D:


--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel® Core™2 Duo CPU T7700 @ 2.40GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A02
USER : ALTomlinson ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:47 Go (Free:9 Go)
D:\ (CD or DVD)
S:\ (Local Disk) - Ext2 - Total:22 Go (Free:3 Go)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [3] ( Tue 11/25/2008|20:49 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

Deleted! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Meow Intra Bait Face\store 1.exe
Deleted! - C:\WINDOWS\Tasks\BF6021879953DCF3.job
Deleted! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Meow Intra Bait Face
Deleted! - C:\Program Files\blehwa~1

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing folders in APPLIC~1

[03/28/2007|09:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Adobe
[03/28/2007|09:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Apple Computer
[03/28/2007|09:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[08/10/2007|03:05] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Intel
[03/28/2007|09:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Leadertech
[03/28/2007|09:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Macromedia
[03/28/2007|09:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[03/28/2007|09:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Mozilla
[03/28/2007|09:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Real
[03/28/2007|09:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Sonic
[03/28/2007|09:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Sun
[03/28/2007|09:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Talkback

[09/13/2008|08:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[03/08/2008|07:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[08/16/2007|09:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ALM
[08/10/2007|06:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[03/28/2007|07:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[05/24/2008|05:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AVS4YOU
[10/11/2008|04:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> FLEXnet
[08/21/2007|10:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[08/10/2007|03:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Intel
[11/23/2008|05:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[11/25/2008|07:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[03/27/2007|10:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee
[05/14/2008|07:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[11/15/2007|03:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft Help
[12/04/2007|05:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> nView_Profiles
[04/20/2008|11:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PKWARE
[11/12/2007|01:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PreEmptive Solutions
[08/21/2007|10:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ScanSoft
[11/23/2008|12:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SITEguard
[01/05/2008|09:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spadester
[11/25/2008|09:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[11/23/2008|01:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> STOPzilla!
[01/29/2008|11:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[11/23/2008|08:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Thomson.ResearchSoft.Installers
[01/29/2008|11:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage

[11/06/2008|07:19] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> Adobe
[11/24/2008|07:21] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> Antispyware
[03/28/2007|09:44] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> Apple Computer
[08/27/2007|09:37] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> ArcSoft
[02/22/2008|09:44] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> ATI
[05/24/2008|05:07] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> AVS4YOU
[05/26/2008|07:48] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> AVSMedia
[08/27/2007|09:32] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> Canon
[10/24/2007|12:36] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> CuteReminderPro
[08/22/2007|01:06] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> Design Science
[05/24/2008|12:20] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> DivX
[11/22/2008|10:14] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> dvdcss
[11/22/2008|03:16] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> EndNote
[11/24/2008|04:21] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> ErrorSmart
[11/06/2008|10:03] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> FileZilla
[02/05/2008|06:56] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> gretl
[11/11/2007|08:14] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> Help
[03/28/2007|09:44] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> Identities
[11/12/2007|07:07] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> InstallShield
[08/10/2007|03:05] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> Intel
[01/29/2008|11:19] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> Lavasoft
[03/28/2007|09:44] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> Leadertech
[03/28/2007|09:44] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> Macromedia
[11/25/2008|07:33] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> Malwarebytes
[10/26/2008|04:11] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> Microsoft
[11/25/2008|07:04] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> Move Networks
[03/28/2007|09:44] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> Mozilla
[10/17/2007|09:42] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> NewSoft
[07/09/2008|11:34] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> Opera
[04/20/2008|11:37] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> PKWARE
[11/04/2008|10:35] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> Real
[08/21/2007|10:57] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> ScanSoft
[03/28/2007|09:44] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> Sonic
[03/28/2007|09:44] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> Sun
[03/28/2007|09:44] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> Talkback
[10/27/2008|03:21] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> U3
[11/24/2008|06:31] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> uTorrent
[10/28/2008|07:08] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> vlc
[11/25/2008|09:43] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> WinRAR
[02/07/2008|05:53] C:\DOCUME~1\ALTOML~1\APPLIC~1\<DIR> ZipZag

[03/28/2007|09:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Adobe
[03/28/2007|09:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Apple Computer
[03/28/2007|09:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[08/10/2007|03:05] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Intel
[03/28/2007|09:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Leadertech
[03/28/2007|09:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Macromedia
[11/15/2007|03:02] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[03/28/2007|09:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Mozilla
[03/28/2007|09:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Real
[03/28/2007|09:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Sonic
[03/28/2007|09:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Sun
[03/28/2007|09:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Talkback

[03/28/2007|09:44] C:\DOCUME~1\JDTOLB~1\APPLIC~1\<DIR> Adobe
[03/28/2007|09:44] C:\DOCUME~1\JDTOLB~1\APPLIC~1\<DIR> Apple Computer
[03/28/2007|09:44] C:\DOCUME~1\JDTOLB~1\APPLIC~1\<DIR> Identities
[08/10/2007|03:05] C:\DOCUME~1\JDTOLB~1\APPLIC~1\<DIR> Intel
[03/28/2007|09:44] C:\DOCUME~1\JDTOLB~1\APPLIC~1\<DIR> Leadertech
[03/28/2007|09:44] C:\DOCUME~1\JDTOLB~1\APPLIC~1\<DIR> Macromedia
[03/28/2007|09:44] C:\DOCUME~1\JDTOLB~1\APPLIC~1\<DIR> Microsoft
[03/28/2007|09:44] C:\DOCUME~1\JDTOLB~1\APPLIC~1\<DIR> Mozilla
[03/28/2007|09:44] C:\DOCUME~1\JDTOLB~1\APPLIC~1\<DIR> Real
[03/28/2007|09:44] C:\DOCUME~1\JDTOLB~1\APPLIC~1\<DIR> Sonic
[03/28/2007|09:44] C:\DOCUME~1\JDTOLB~1\APPLIC~1\<DIR> Sun
[03/28/2007|09:44] C:\DOCUME~1\JDTOLB~1\APPLIC~1\<DIR> Talkback

[08/10/2007|03:05] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Intel
[03/27/2007|10:22] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[03/28/2007|09:44] C:\DOCUME~1\MBMCGI~1\APPLIC~1\<DIR> Adobe
[03/28/2007|09:44] C:\DOCUME~1\MBMCGI~1\APPLIC~1\<DIR> Apple Computer
[03/28/2007|09:44] C:\DOCUME~1\MBMCGI~1\APPLIC~1\<DIR> Identities
[08/10/2007|03:05] C:\DOCUME~1\MBMCGI~1\APPLIC~1\<DIR> Intel
[03/28/2007|09:44] C:\DOCUME~1\MBMCGI~1\APPLIC~1\<DIR> Leadertech
[03/28/2007|09:44] C:\DOCUME~1\MBMCGI~1\APPLIC~1\<DIR> Macromedia
[03/28/2007|09:44] C:\DOCUME~1\MBMCGI~1\APPLIC~1\<DIR> Microsoft
[03/28/2007|09:44] C:\DOCUME~1\MBMCGI~1\APPLIC~1\<DIR> Mozilla
[03/28/2007|09:44] C:\DOCUME~1\MBMCGI~1\APPLIC~1\<DIR> Real
[03/28/2007|09:44] C:\DOCUME~1\MBMCGI~1\APPLIC~1\<DIR> Sonic
[03/28/2007|09:44] C:\DOCUME~1\MBMCGI~1\APPLIC~1\<DIR> Sun
[03/28/2007|09:44] C:\DOCUME~1\MBMCGI~1\APPLIC~1\<DIR> Talkback

[08/10/2007|03:05] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Intel
[05/01/2008|06:46] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[03/28/2007|09:44] C:\DOCUME~1\SFMcLeod\APPLIC~1\<DIR> Adobe
[03/28/2007|09:44] C:\DOCUME~1\SFMcLeod\APPLIC~1\<DIR> Apple Computer
[03/28/2007|09:44] C:\DOCUME~1\SFMcLeod\APPLIC~1\<DIR> Identities
[08/10/2007|03:05] C:\DOCUME~1\SFMcLeod\APPLIC~1\<DIR> Intel
[03/28/2007|09:44] C:\DOCUME~1\SFMcLeod\APPLIC~1\<DIR> Leadertech
[03/28/2007|09:44] C:\DOCUME~1\SFMcLeod\APPLIC~1\<DIR> Macromedia
[03/28/2007|10:37] C:\DOCUME~1\SFMcLeod\APPLIC~1\<DIR> Microsoft
[03/28/2007|09:44] C:\DOCUME~1\SFMcLeod\APPLIC~1\<DIR> Mozilla
[03/28/2007|09:44] C:\DOCUME~1\SFMcLeod\APPLIC~1\<DIR> Real
[03/28/2007|09:44] C:\DOCUME~1\SFMcLeod\APPLIC~1\<DIR> Sonic
[03/28/2007|09:44] C:\DOCUME~1\SFMcLeod\APPLIC~1\<DIR> Sun
[03/28/2007|09:44] C:\DOCUME~1\SFMcLeod\APPLIC~1\<DIR> Talkback

[03/28/2007|09:45] C:\DOCUME~1\Tech\APPLIC~1\<DIR> Adobe
[03/28/2007|09:45] C:\DOCUME~1\Tech\APPLIC~1\<DIR> Apple Computer
[03/28/2007|09:45] C:\DOCUME~1\Tech\APPLIC~1\<DIR> Identities
[08/10/2007|03:05] C:\DOCUME~1\Tech\APPLIC~1\<DIR> Intel
[03/28/2007|09:45] C:\DOCUME~1\Tech\APPLIC~1\<DIR> Leadertech
[03/28/2007|09:45] C:\DOCUME~1\Tech\APPLIC~1\<DIR> Macromedia
[03/28/2007|09:45] C:\DOCUME~1\Tech\APPLIC~1\<DIR> Microsoft
[03/28/2007|09:45] C:\DOCUME~1\Tech\APPLIC~1\<DIR> Mozilla
[03/28/2007|09:45] C:\DOCUME~1\Tech\APPLIC~1\<DIR> Real
[03/28/2007|09:45] C:\DOCUME~1\Tech\APPLIC~1\<DIR> Sonic
[03/28/2007|09:45] C:\DOCUME~1\Tech\APPLIC~1\<DIR> Sun
[03/28/2007|09:45] C:\DOCUME~1\Tech\APPLIC~1\<DIR> Talkback

[03/28/2007|07:35] C:\DOCUME~1\techroot\APPLIC~1\<DIR> Adobe
[03/28/2007|08:54] C:\DOCUME~1\techroot\APPLIC~1\<DIR> Apple Computer
[03/27/2007|10:27] C:\DOCUME~1\techroot\APPLIC~1\<DIR> Identities
[08/10/2007|03:05] C:\DOCUME~1\techroot\APPLIC~1\<DIR> Intel
[03/28/2007|08:55] C:\DOCUME~1\techroot\APPLIC~1\<DIR> Leadertech
[03/28/2007|08:25] C:\DOCUME~1\techroot\APPLIC~1\<DIR> Macromedia
[03/28/2007|08:53] C:\DOCUME~1\techroot\APPLIC~1\<DIR> Microsoft
[03/28/2007|07:04] C:\DOCUME~1\techroot\APPLIC~1\<DIR> Mozilla
[03/28/2007|08:37] C:\DOCUME~1\techroot\APPLIC~1\<DIR> Real
[03/28/2007|08:55] C:\DOCUME~1\techroot\APPLIC~1\<DIR> Sonic
[03/28/2007|08:25] C:\DOCUME~1\techroot\APPLIC~1\<DIR> Sun
[03/28/2007|07:04] C:\DOCUME~1\techroot\APPLIC~1\<DIR> Talkback

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[11/25/2008 06:43 AM][--a------] C:\WINDOWS\tasks\Antispyware Scheduled Scan.job
[11/24/2008 04:20 PM][--a------] C:\WINDOWS\tasks\ErrorSmart Scheduled Scan.job
[11/25/2008 08:07 PM][--a------] C:\WINDOWS\tasks\RegCure Program Check.job
[11/20/2008 06:20 AM][--a------] C:\WINDOWS\tasks\RegCure.job
[11/25/2008 08:10 PM][--ah-----] C:\WINDOWS\tasks\MP Scheduled Scan.job
[11/22/2008 08:29 AM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[11/25/2008 08:07 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/23/2001 07:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[10/17/2008|07:03] C:\Program Files\<DIR> AC3Filter
[07/07/2008|09:09] C:\Program Files\<DIR> Adobe
[04/24/2007|09:36] C:\Program Files\<DIR> Analog Devices
[11/24/2008|04:51] C:\Program Files\<DIR> Antispyware
[08/06/2008|12:22] C:\Program Files\<DIR> Apple Software Update
[08/21/2007|10:51] C:\Program Files\<DIR> ArcSoft
[03/27/2007|09:39] C:\Program Files\<DIR> ATI Technologies
[05/24/2008|04:51] C:\Program Files\<DIR> Avi2Dvd
[05/24/2008|04:56] C:\Program Files\<DIR> AviSynth 2.5
[05/24/2008|05:10] C:\Program Files\<DIR> AVS4YOU
[09/13/2008|08:42] C:\Program Files\<DIR> Bonjour
[03/27/2007|09:41] C:\Program Files\<DIR> Broadcom
[08/21/2007|11:00] C:\Program Files\<DIR> Canon
[08/21/2007|10:49] C:\Program Files\<DIR> CanonBJ
[11/24/2008|06:50] C:\Program Files\<DIR> CCleaner
[11/12/2007|01:32] C:\Program Files\<DIR> CE Remote Tools
[11/25/2008|02:12] C:\Program Files\<DIR> Common Files
[03/27/2007|10:19] C:\Program Files\<DIR> ComPlus Applications
[08/10/2007|03:03] C:\Program Files\<DIR> CONEXANT
[03/27/2007|09:49] C:\Program Files\<DIR> CUAgent
[11/21/2008|06:34] C:\Program Files\<DIR> Cucusoft
[03/28/2007|08:47] C:\Program Files\<DIR> CyberLink
[03/27/2007|09:37] C:\Program Files\<DIR> Dell
[11/21/2008|06:58] C:\Program Files\<DIR> DivX
[11/21/2008|06:24] C:\Program Files\<DIR> Easy Avi Divx Xvid to DVD Burner
[04/13/2008|08:37] C:\Program Files\<DIR> eMusic Download Manager
[03/28/2007|09:00] C:\Program Files\<DIR> Eraser
[10/17/2008|07:05] C:\Program Files\<DIR> ffdshow
[09/10/2008|05:47] C:\Program Files\<DIR> FileZilla FTP Client
[03/10/2008|08:27] C:\Program Files\<DIR> HP
[11/12/2007|01:32] C:\Program Files\<DIR> HTML Help Workshop
[10/26/2008|04:09] C:\Program Files\<DIR> InstallShield Installation Information
[08/02/2008|08:44] C:\Program Files\<DIR> InstantStorm
[11/12/2007|07:09] C:\Program Files\<DIR> Intel
[08/18/2008|12:52] C:\Program Files\<DIR> Internet Explorer
[09/13/2008|08:42] C:\Program Files\<DIR> iPod
[09/13/2008|08:43] C:\Program Files\<DIR> iTunes
[11/25/2008|07:48] C:\Program Files\<DIR> Java
[11/24/2008|06:50] C:\Program Files\<DIR> Lavasoft
[07/26/2008|08:54] C:\Program Files\<DIR> LG Drivers
[11/25/2008|07:33] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[02/05/2008|06:32] C:\Program Files\<DIR> Maple 10
[08/13/2007|08:04] C:\Program Files\<DIR> MathType
[07/12/2008|12:41] C:\Program Files\<DIR> MDL ISIS Draw 2.5
[08/18/2008|12:53] C:\Program Files\<DIR> Messenger
[03/28/2007|08:25] C:\Program Files\<DIR> Microsoft ActiveSync
[10/11/2007|06:49] C:\Program Files\<DIR> Microsoft CAPICOM 2.1.0.2
[11/12/2007|01:44] C:\Program Files\<DIR> Microsoft Device Emulator
[03/27/2007|10:23] C:\Program Files\<DIR> microsoft frontpage
[03/28/2007|08:50] C:\Program Files\<DIR> Microsoft Image Composer
[03/28/2007|08:24] C:\Program Files\<DIR> Microsoft Office
[10/26/2008|04:09] C:\Program Files\<DIR> Microsoft Reader
[11/10/2008|09:31] C:\Program Files\<DIR> Microsoft Silverlight
[11/12/2007|01:47] C:\Program Files\<DIR> Microsoft SQL Server
[11/12/2007|01:44] C:\Program Files\<DIR> Microsoft SQL Server 2005 Mobile Edition
[03/28/2007|08:23] C:\Program Files\<DIR> Microsoft Visual Studio
[11/12/2007|07:08] C:\Program Files\<DIR> Microsoft Visual Studio 8
[03/28/2007|08:23] C:\Program Files\<DIR> Microsoft Works
[03/28/2007|08:25] C:\Program Files\<DIR> Microsoft.NET
[10/17/2008|07:05] C:\Program Files\<DIR> Morgan
[03/27/2007|10:20] C:\Program Files\<DIR> Movie Maker
[11/25/2008|08:08] C:\Program Files\<DIR> Mozilla Firefox
[11/12/2007|01:39] C:\Program Files\<DIR> MSBuild
[03/27/2007|10:18] C:\Program Files\<DIR> MSN
[03/27/2007|10:19] C:\Program Files\<DIR> MSN Gaming Zone
[08/15/2007|04:25] C:\Program Files\<DIR> MSXML 4.0
[08/15/2007|04:25] C:\Program Files\<DIR> MSXML 6.0
[03/27/2007|10:20] C:\Program Files\<DIR> NetMeeting
[11/25/2008|02:12] C:\Program Files\<DIR> Network Associates
[08/21/2007|10:58] C:\Program Files\<DIR> NewSoft
[03/28/2007|08:27] C:\Program Files\<DIR> Novell
[08/10/2007|03:13] C:\Program Files\<DIR> O2Micro OZ776 SCR Driver
[03/28/2007|09:57] C:\Program Files\<DIR> Online Services
[11/17/2007|10:26] C:\Program Files\<DIR> OpenBabel-2.1.1
[06/25/2008|07:37] C:\Program Files\<DIR> Oracle
[02/27/2008|01:26] C:\Program Files\<DIR> Origin 8 Setup Files
[02/27/2008|01:25] C:\Program Files\<DIR> OriginLab
[08/15/2007|04:25] C:\Program Files\<DIR> Outlook Express
[04/24/2007|09:52] C:\Program Files\<DIR> PDFCreator
[04/20/2008|11:36] C:\Program Files\<DIR> PKWARE
[05/05/2008|04:43] C:\Program Files\<DIR> Portable PuTTY
[09/13/2008|08:41] C:\Program Files\<DIR> QuickTime
[03/28/2007|08:34] C:\Program Files\<DIR> Real
[07/12/2008|06:20] C:\Program Files\<DIR> RegCure
[09/12/2008|11:00] C:\Program Files\<DIR> RMP2
[07/16/2008|12:12] C:\Program Files\<DIR> Safari
[08/21/2007|10:56] C:\Program Files\<DIR> ScanSoft
[11/14/2007|05:17] C:\Program Files\<DIR> Semichem, Inc
[08/10/2007|03:01] C:\Program Files\<DIR> SigmaTel
[03/28/2007|08:46] C:\Program Files\<DIR> Sonic
[11/24/2008|07:31] C:\Program Files\<DIR> Spybot - Search & Destroy
[11/24/2008|06:54] C:\Program Files\<DIR> Trend Micro
[07/12/2008|06:55] C:\Program Files\<DIR> TuneCab
[12/22/2007|03:22] C:\Program Files\<DIR> UBISOFT
[03/27/2007|10:27] C:\Program Files\<DIR> Uninstall Information
[10/16/2008|05:37] C:\Program Files\<DIR> uTorrent
[10/27/2008|08:12] C:\Program Files\<DIR> VideoLAN
[01/29/2008|11:28] C:\Program Files\<DIR> Windows Defender
[03/27/2007|10:22] C:\Program Files\<DIR> Windows Media Player
[03/28/2007|07:38] C:\Program Files\<DIR> Windows NT
[03/27/2007|10:21] C:\Program Files\<DIR> WindowsUpdate
[11/25/2007|06:17] C:\Program Files\<DIR> WinFIG22
[08/17/2007|06:05] C:\Program Files\<DIR> WinSCP
[03/27/2007|10:23] C:\Program Files\<DIR> xerox
[05/05/2008|04:46] C:\Program Files\<DIR> Xming
[10/17/2008|07:05] C:\Program Files\<DIR> XviD
[11/24/2008|06:50] C:\Program Files\<DIR> Yahoo!
[09/05/2007|03:46] C:\Program Files\<DIR> Zero G Registry
[04/28/2008|08:36] C:\Program Files\<DIR> ZipZag

--------------------\\ Listing Folders in C:\Program Files\Common Files

[08/16/2007|10:00] C:\Program Files\Common Files\<DIR> Adobe
[09/13/2008|08:41] C:\Program Files\Common Files\<DIR> Apple
[11/21/2008|06:57] C:\Program Files\Common Files\<DIR> AVSMedia
[11/12/2007|01:32] C:\Program Files\Common Files\<DIR> Business Objects
[08/21/2007|10:51] C:\Program Files\Common Files\<DIR> CANON
[03/27/2007|10:21] C:\Program Files\Common Files\<DIR> Cisco Systems
[08/16/2007|09:57] C:\Program Files\Common Files\<DIR> Control Panels
[03/28/2007|08:24] C:\Program Files\Common Files\<DIR> DESIGNER
[08/21/2007|10:57] C:\Program Files\Common Files\<DIR> InstallShield
[11/12/2007|07:07] C:\Program Files\Common Files\<DIR> Intel
[11/23/2008|12:24] C:\Program Files\Common Files\<DIR> iS3
[03/28/2007|08:26] C:\Program Files\Common Files\<DIR> L&H
[08/16/2007|09:33] C:\Program Files\Common Files\<DIR> Macrovision Shared
[04/18/2008|05:32] C:\Program Files\Common Files\<DIR> MDL Shared
[11/12/2007|01:32] C:\Program Files\Common Files\<DIR> Merge Modules
[10/26/2008|04:09] C:\Program Files\Common Files\<DIR> Microsoft Shared
[03/27/2007|10:20] C:\Program Files\Common Files\<DIR> MSSoap
[03/27/2007|05:07] C:\Program Files\Common Files\<DIR> ODBC
[08/21/2007|10:59] C:\Program Files\Common Files\<DIR> PDFView
[04/20/2008|11:36] C:\Program Files\Common Files\<DIR> PKWARE
[03/28/2007|08:35] C:\Program Files\Common Files\<DIR> Real
[07/05/2008|06:34] C:\Program Files\Common Files\<DIR> ResearchSoft
[07/05/2008|06:34] C:\Program Files\Common Files\<DIR> Risxtd
[08/21/2007|10:57] C:\Program Files\Common Files\<DIR> ScanSoft Shared
[03/27/2007|10:20] C:\Program Files\Common Files\<DIR> Services
[03/27/2007|05:07] C:\Program Files\Common Files\<DIR> SpeechEngines
[03/28/2007|08:46] C:\Program Files\Common Files\<DIR> SureThing Shared
[08/15/2007|04:25] C:\Program Files\Common Files\<DIR> System
[03/28/2007|08:35] C:\Program Files\Common Files\<DIR> xing shared

--------------------\\ Process

( 38 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-25 20:50:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections


No other infections found !

[F:4][D:3]-> C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp
[F:1][D:0]-> C:\DOCUME~1\ALTOML~1\Cookies
[F:6][D:4]-> C:\DOCUME~1\ALTOML~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Tue 11/25/2008|20:23 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - Tue 11/25/2008|20:50 - Option : [3]

--------------------\\ Scan completed at 20:50:28

DirtLook:

DirLook.exe v2.0 by jpshortstuff
Log created at 20:54 on 25/11/2008
==================================
Contents of "C:\32788R22FWJFW"

---FOLDERS---

(none found)

---FILES---

023.dat (35532 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
023v.dat (2126 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
appinit.bad (7784 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
Assoc.cmd (3241 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
badclsid (1945604 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
Boot.bat (7819 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
BootSect (7680 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
C.bat (631860 bytes - created on 24/11/2008 at 23:21, modified on 25/11/2008 at 23:53) --a---
catchme.cfexe (145920 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
clsid.dat (470360 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
Combo-Fix.sys (1024 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
Combobatch.bat (6911 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
ComboFix-Download.exe (61440 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
Creg.dat (577272 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
CregC.cmd (3186 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
CregC.dat (553 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
dd.cfexe (101376 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
ddsDo.sed (7929 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
DelClsid.bat (1766 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
DPF.sed (298 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
DPF.str (746 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
dumphive.cfexe (51200 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
embedded.sed (303 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
ERDNT.e_e (163328 bytes - created on 24/11/2008 at 23:21, modified on 21/10/2005 at 01:02) --a---
ERDNTDOS.LOC (2815 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
ERDNTWIN.LOC (3275 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
ERUNT.cfexe (157696 bytes - created on 24/11/2008 at 23:21, modified on 21/10/2005 at 01:00) --a---
ERUNT.LOC (4090 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
Exe.reg (7213 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
executables.dat (117 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
extract.cfexe (52736 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
fdsv.cfexe (89504 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
fi.cfexe (110592 bytes - created on 24/11/2008 at 23:21, modified on 12/11/2002 at 10:38) --a---
Fin.dat (804 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
FIND3M.bat (103217 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
FIXLSP.bat (3855 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
FProps.vbs (15388 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
grep.cfexe (80412 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
gsar.cfexe (15360 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
handle.cfexe (181776 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
hidec.exe (1536 bytes - created on 24/11/2008 at 23:21, modified on 16/08/2005 at 06:54) --a---
history.bat (2117 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
image001.gif (1057 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
katch.cmd (684 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
Lang.bat (138153 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
List-C.bat (250439 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
lnkread.vbs (1528 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
LocalService.dat (225 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
LocalServiceNetworkRestricted.dat (91 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
LocalSystemNetworkRestricted.dat (198 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
md5deep.cfexe (40448 bytes - created on 24/11/2008 at 23:21, modified on 03/04/2006 at 02:18) --a---
moveex.cfexe (38400 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
MoveIt.bat (3204 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
mtee.cfexe (11264 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
mynul (0 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
ndis_combofix.dat (287 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
ND_.bat (3751 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
netsvc.bad.dat (423 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
netsvc.dat (159 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
netsvc.vista.dat (481 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
netsvc.xp.dat (525 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
NetworkService.dat (88 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
NirCmd.cfexe (28672 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
nircmd.com (28672 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
NirCmd.inf (2161 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
NirCmdC.cfexe (27648 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
OSid.vbs (924 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
Policies.dat (1946 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
Prep.cmd (7323 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
psexec.cfexe (131072 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
Purity.dat (404 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
pv.cfexe (73728 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
RCLink (6536 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
RegDo.sed (9203 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
region.dat (1277 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
RestoreO4.bat (1758 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
restore_pt.vbs (232 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
rogues.dat (820 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
run2.sed (287 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
safeboot.dat (329 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
safeboot.def.dat (1660 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
safeboot.def.vista.dat (463 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
SafeBootRepair.bat (15317 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
sed.cfexe (98816 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
setcsum.cfexe (19968 bytes - created on 24/11/2008 at 23:21, modified on 04/12/2006 at 08:17) --a---
SetEnvmt.bat (12743 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
setpath.cfexe (29984 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
SF.cfexe (49152 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
srizbi.md5 (5572 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
SvcDrv.vbs (2008 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
svchost.dat (555 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
svchost.vista.dat (668 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
svc_wht.dat (12059 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
swreg.exe (161792 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
swsc.cfexe (136704 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
swxcacls.cfexe (212480 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
system_ini.dat (276 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
toolbar.sed (413 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
unzip.cfexe (102400 bytes - created on 24/11/2008 at 23:21, modified on 13/04/2003 at 13:00) --a---
vfind.cfexe (49152 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
whitedirB.dat (401 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
WhiteLegacy.dat (2687 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
WRP.cfexe (26112 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
zDomain.dat (23773 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
zhsvc.dat (30998 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---
zip.cfexe (68096 bytes - created on 24/11/2008 at 23:21, modified on 31/08/2000 at 13:00) --a---

==================================
Contents of "C:\Documents and Settings\ALTomlinson\Application Data\Antispyware"

---FOLDERS---

Log (Created on 24/11/2008 at 21:51) d-----
Quarantine (Created on 24/11/2008 at 21:55) d-----
Settings (Created on 24/11/2008 at 21:52) d-----

---FILES---

(none found)

==================================
Contents of "C:\Program Files\Antispyware"

---FOLDERS---

(none found)

---FILES---

Antispyware.exe (20127744 bytes - created on 19/11/2008 at 17:21, modified on 19/11/2008 at 17:21) --a---
Antispyware.url (52 bytes - created on 24/09/2007 at 14:27, modified on 24/09/2007 at 14:27) --a---
DataBase.ref (3508516 bytes - created on 19/11/2008 at 16:47, modified on 19/11/2008 at 16:47) --a---
SpyCleaner.dll (790528 bytes - created on 19/11/2008 at 17:18, modified on 19/11/2008 at 17:18) --a---
TCL.dll (159744 bytes - created on 19/11/2008 at 17:17, modified on 19/11/2008 at 17:17) --a---
vistaCPtasks.xml (678 bytes - created on 19/11/2008 at 17:21, modified on 19/11/2008 at 17:21) --a---
zlib.dll (155648 bytes - created on 19/11/2008 at 16:59, modified on 19/11/2008 at 16:59) --a---

==================================
=EOF=

#12 andrewuk

  • Group: Malware Removal
  • Posts: 5,297
  • Joined: 18-August 07

Posted 25 November 2008 - 08:08 PM

in this post we will remove some infections in those folders, install an antivirus program (if you dont have one already) and do some scans to clear the remnants and ensure nothing else sneaked onto your machine.

it is more than likely that you will have to reply over 2 or more posts to fit all the information in.

the scans will likely take 3 hours, quite possibly much longer. so just let them run.

====STEP 1====
Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes
explorer.exe

:Files
C:\Documents and Settings\ALTomlinson\Application Data\Antispyware
C:\Program Files\Antispyware

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]


  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.

  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



====STEP 2====
Please download ATF Cleaner by Atribune.

Caution: This program is for Windows 2000, XP and Vista only
    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


====STEP 3====
i dont see any sign of an antivirus program on your machine? if you have one, let me know which on, skip this step and move onto step 4.

if you dont, we will install a free one now - we will merely be leaving ourselves open to reinfection and chasing our tails if we do not.

please go here and download, install and run the free program from avast. you will need to register and when you run it a window will pop-up asking you if you want to upgrade to the paid version. dont worry about that, it is normal and the free version will suffice.



====STEP 4====
we will update and re-rum malwarebytes

double click the malwarebytes icon on your desktop to open the program
  • on the tabs at the top, select Update and then press the Check for Updates button on that page. If an update is found, it will download and install the latest version.
  • once complete (a new version of malwarebytes may download) select the tab Scanner
  • select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



====STEP 5====
Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.

  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.

  • Click Close to exit the program.

====STEP 6====
Please do an online scan with Kaspersky WebScanner (this will identify any issues, we will clear them in the following post)

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases

  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

Upgrading Java:
Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 10.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u10-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u10-windows-i586-p.exe and select "Run as an Administrator.")

In your next reply could i see:
1. the OTMoveIT log
2. the malwarebytes log
3. the superantispyware log
4. the kaspersky log

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk

#13 lysistrata7

  • Group: Member
  • Posts: 41
  • Joined: 25-November 08

Posted 26 November 2008 - 06:22 AM

OTMoveIT:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\Documents and Settings\ALTomlinson\Application Data\Antispyware\Settings moved successfully.
C:\Documents and Settings\ALTomlinson\Application Data\Antispyware\Quarantine\25-11-2008-06-16-37 moved successfully.
C:\Documents and Settings\ALTomlinson\Application Data\Antispyware\Quarantine\24-11-2008-18-17-51 moved successfully.
C:\Documents and Settings\ALTomlinson\Application Data\Antispyware\Quarantine\24-11-2008-16-55-22 moved successfully.
C:\Documents and Settings\ALTomlinson\Application Data\Antispyware\Quarantine moved successfully.
C:\Documents and Settings\ALTomlinson\Application Data\Antispyware\Log moved successfully.
C:\Documents and Settings\ALTomlinson\Application Data\Antispyware moved successfully.
C:\Program Files\Antispyware moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\~DF7AD1.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\~DF7DEB.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_1a8.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_638.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_68c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\ALTomlinson\Local Settings\Application Data\Mozilla\Firefox\Profiles\isz53104.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\ALTomlinson\Local Settings\Application Data\Mozilla\Firefox\Profiles\isz53104.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\ALTomlinson\Local Settings\Application Data\Mozilla\Firefox\Profiles\isz53104.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\ALTomlinson\Local Settings\Application Data\Mozilla\Firefox\Profiles\isz53104.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11252008_212203

Files moved on Reboot...
C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\~DF7AD1.tmp moved successfully.
C:\DOCUME~1\ALTOML~1\LOCALS~1\Temp\~DF7DEB.tmp moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_1a8.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_638.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_68c.dat not found!
C:\Documents and Settings\ALTomlinson\Local Settings\Application Data\Mozilla\Firefox\Profiles\isz53104.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\ALTomlinson\Local Settings\Application Data\Mozilla\Firefox\Profiles\isz53104.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\ALTomlinson\Local Settings\Application Data\Mozilla\Firefox\Profiles\isz53104.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\ALTomlinson\Local Settings\Application Data\Mozilla\Firefox\Profiles\isz53104.default\Cache\_CACHE_MAP_ moved successfully.

mbam:

Malwarebytes' Anti-Malware 1.30
Database version: 1423
Windows 5.1.2600 Service Pack 2

11/26/2008 5:46:23 AM
mbam-log-2008-11-26 (05-46-23).txt

Scan type: Full Scan (C:\|S:\|)
Objects scanned: 251947
Time elapsed: 43 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\_OTMoveIt\MovedFiles\11252008_200429\WINDOWS\system32\pedisasa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

SuperAntiSpyware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/26/2008 at 06:34 AM

Application Version : 4.22.1014

Core Rules Database Version : 3653
Trace Rules Database Version: 1635

Scan type : Complete Scan
Total Scan Time : 00:38:09

Memory items scanned : 465
Memory threats detected : 0
Registry items scanned : 6539
Registry threats detected : 0
File items scanned : 30363
File threats detected : 129

Adware.Tracking Cookie
.2o7.net [ C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
www.googleadservices.com [ C:\Documents and Settings\administrator\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\ALTomlinson\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\ALTomlinson\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\ALTomlinson\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\ALTomlinson\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\ALTomlinson\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\ALTomlinson\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\ALTomlinson\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\ALTomlinson\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\ALTomlinson\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\ALTomlinson\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\ALTomlinson\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\ALTomlinson\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\ALTomlinson\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\ALTomlinson\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\ALTomlinson\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\ALTomlinson\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\ALTomlinson\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\ALTomlinson\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\ALTomlinson\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.specificmedia.com [ C:\Documents and Settings\ALTomlinson\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.specificmedia.com [ C:\Documents and Settings\ALTomlinson\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\ALTomlinson\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\ALTomlinson\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\ALTomlinson\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\ALTomlinson\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\ALTomlinson\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\ALTomlinson\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\ALTomlinson\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\ALTomlinson\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\ALTomlinson\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\ALTomlinson\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\ALTomlinson\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\ALTomlinson\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\ALTomlinson\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
data.coremetrics.com [ C:\Documents and Settings\ALTomlinson\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\ALTomlinson\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\ALTomlinson\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.chitika.net [ C:\Documents and Settings\ALTomlinson\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\ALTomlinson\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\ALTomlinson\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\ALTomlinson\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\ALTomlinson\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\ALTomlinson\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.bluestreak.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\JDTolbert\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\JDTolbert\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\JDTolbert\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\JDTolbert\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\JDTolbert\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\JDTolbert\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\JDTolbert\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\JDTolbert\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\MBMcGinnis\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\MBMcGinnis\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\MBMcGinnis\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\MBMcGinnis\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\MBMcGinnis\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\MBMcGinnis\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\MBMcGinnis\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\MBMcGinnis\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\SFMcLeod\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\SFMcLeod\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\SFMcLeod\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\SFMcLeod\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\SFMcLeod\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\SFMcLeod\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\SFMcLeod\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\SFMcLeod\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\SFMcLeod\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\SFMcLeod\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\SFMcLeod\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\SFMcLeod\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.bluestreak.com [ C:\Documents and Settings\SFMcLeod\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\SFMcLeod\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\SFMcLeod\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\SFMcLeod\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\SFMcLeod\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\SFMcLeod\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\SFMcLeod\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\SFMcLeod\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Tech\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\techroot\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\techroot\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\techroot\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\techroot\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\techroot\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\techroot\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\techroot\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\techroot\Application Data\Mozilla\Firefox\Profiles\isz53104.default\cookies.txt ]

Trojan.SystemDriver
C:\32788R22FWJFW\CREG.DAT

Unfortunately, I have to leave for DC now and I am leaving this computer at home. I will be back on Saturday and will send you the Kaspersky log at that time. Thank you so much for all your help!

#14 andrewuk

  • Group: Malware Removal
  • Posts: 5,297
  • Joined: 18-August 07

Posted 26 November 2008 - 12:41 PM

no problem, i will be here :)

#15 lysistrata7

  • Group: Member
  • Posts: 41
  • Joined: 25-November 08

Posted 30 November 2008 - 07:21 AM

And here is the kaspersky report:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, November 30, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, November 26, 2008 08:57:43
Records in database: 1418182
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
S:\

Scan statistics:
Files scanned: 188911
Threat name: 5
Infected objects: 5
Suspicious objects: 0
Duration of the scan: 01:30:21


File name / Threat name / Threats count
C:\Config.Msi\dcb8d8.rbf Infected: not-a-virus:FraudTool.Win32.Agent.ei 1
C:\Config.Msi\dcb8da.rbf Infected: not-a-virus:FraudTool.Win32.SpywareStop.jn 1
C:\Lavasoft Ad-Aware 2008 Pro v7.1.0.10\Installer.exe Infected: Trojan.Win32.Agent.abix 1
C:\Lop SD\Backup-Lop\DOCUME~1\ALLUSE~1\APPLIC~1\Meow Intra Bait Face\store 1.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\_OTMoveIt\MovedFiles\11252008_212203\Program Files\Antispyware\SpyCleaner.dll Infected: not-a-virus:FraudTool.Win32.SpywareStop.jl 1

The selected area was scanned.

Share this topic:


  • 2 Pages +
  • 1
  • 2