Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Troj/Virtum-Gen! Please Help! [RESOLVED]


  • This topic is locked This topic is locked

#1
Killabyte

Killabyte

    New Member

  • Member
  • Pip
  • 6 posts
Hello,

This is my first time using your forum. I found it when I was trying to Google the trojan Sophos found on my computer. Sophos says that it has found Troj/Virtum-Gen in my system, and I have tried to remove it using Sophos and Spybot S&D. Both told me they had to reboot to fix the problem, but when I re-ran each they told me the same thing. My system was slowed to a virtual halt with literally 1,000 warnings from Sophos telling me that I had the trojan. I finally had to disable the program. The only recognizable problems are the incessant pop-ups while I'm trying to use the internet. I tried using VundoFix and VirtumundoBegone, but neither have detected any problems. Your help would be greatly appreciated. My HijackThis log is as follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:02:11 PM, on 12/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {6b44f4e9-310c-4b57-b6c7-836e4f27a9f7} - C:\WINDOWS\system32\topapope.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [bekabaguyu] Rundll32.exe "C:\WINDOWS\system32\fefiyiri.dll",s
O4 - HKLM\..\Run: [CPMab02efd6] Rundll32.exe "c:\windows\system32\kabehize.dll",a
O4 - HKLM\..\Run: [a831dc4a] rundll32.exe "C:\WINDOWS\system32\sebiniha.dll",b
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Comrade.exe] C:\Program Files\GameSpy\Comrade\Comrade.exe
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKUS\S-1-5-19\..\Run: [bekabaguyu] Rundll32.exe "C:\WINDOWS\system32\fefiyiri.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [bekabaguyu] Rundll32.exe "C:\WINDOWS\system32\fefiyiri.dll",s (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - http://coupons.smart...oad/cscmv5X.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL c:\windows\system32\hohazoye.dll c:\windows\system32\sawigewe.dll C:\WINDOWS\system32\nadusajo.dll c:\windows\system32\kabehize.dll c:\windows\system32\hozegupo.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kabehize.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kabehize.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O24 - Desktop Component 0: (no name) - http://www1.istockph...can_soldier.jpg

--
End of file - 11825 bytes
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Download OTScanIt2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.
  • Open the OTScanIt2 folder and double-click on OTScanIt.exe to start the program. Make sure you close all other programs and don't use the PC while the scan runs.
  • Under File Age at the top, change it from 30 days to 90 days
  • Under Additional Scans check the boxes beside Reg - ColumnHandlers, Reg - Desktop Components, Reg - Disabled MS Config Items, Reg - File Associations, Reg - NetSvcs, Reg - Protocol Filters, Reg - Protocol Handlers, Reg - SafeBoot Minimal, Reg - SafeBoot Network, Reg - Session Manager Settings, Reg - Winsock2 Catalogs, File - Lop Check, File - Purity Scan, Files - Signature Check, and Evnt - EventViewer Logs ( Last 10 Errors).
  • Under Rootkit Search change it to Yes
  • Under the Custom Scans box at the bottom left paste the following in

    %systemroot%\Prefetch\*.* /s
    %systemroot%\system32\drivers\*.dat
    %systemroot%\Temp\bca4e2da.$$$
    %systemroot%\Temp\ed47fa.$
    %systemroot%\Temp\fa56d7ec.$$$
    %systemroot%\System32\antiwpa.dll
    %PROGRAMFILES%\*crack*.
    %PROGRAMFILES%\*keygen*.
    %SYSTEMDRIVE%\*crack*.
    %SYSTEMDRIVE%\*keygen*.
    %SYSTEMDRIVE%\*.zip
    %SYSTEMDRIVE%\*.rar
    %SYSTEMDRIVE%\*.exe
    %PROGRAMFILES%\*.zip
    %PROGRAMFILES%\*.rar
    %PROGRAMFILES%\*.exe
    %ALLUSERSDESKTOP%\*.zip
    %ALLUSERSDESKTOP%\*.rar
    %ALLUSERSDESKTOP%\*.exe
    %PROGRAMFILES%\Common Files\*bak*.
    %systemroot%\SYSTEM32\*bak*.
    %PROGRAMFILES%\*bak*.




  • Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and post the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.


Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way
  • 0

#3
Killabyte

Killabyte

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I've attached the report.

Attached Files


  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Start OTScanIt2. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Processes - Safe List]
YN -> msmpeng.exe -> %ProgramFiles%\Windows Defender\MsMpEng.exe
[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {6b44f4e9-310c-4b57-b6c7-836e4f27a9f7} [HKLM] -> %SystemRoot%\system32\topapope.dll [Reg Error: Value does not exist or could not be read.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\"{07AA283A-43D7-4CBE-A064-32A21112D94D}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "a831dc4a" -> %SystemRoot%\system32\sebiniha.dll [rundll32.exe "C:\WINDOWS\system32\sebiniha.dll",b]
YN -> "bekabaguyu" -> %SystemRoot%\system32\fefiyiri.DLL [Rundll32.exe "C:\WINDOWS\system32\fefiyiri.dll",s]
YY -> "CPMab02efd6" -> %SystemRoot%\system32\kabehize.dll [Rundll32.exe "c:\windows\system32\kabehize.dll",a]
YN -> "MSKDetectorExe" -> [C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "DellSupport" -> ["C:\Program Files\DellSupport\DSAgnt.exe" /startup]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {549F957E-2F89-11D6-8CFE-00C04F52B225} [HKLM] -> http://coupons.smart...oad/cscmv5X.cab[CMV5 Class]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
YY -> c:\windows\system32\hohazoye.dll -> %SystemRoot%\system32\hohazoye.dll
YY -> c:\windows\system32\sawigewe.dll -> %SystemRoot%\system32\sawigewe.dll
YY -> C:\WINDOWS\system32\nadusajo.dll -> %SystemRoot%\system32\nadusajo.dll
YY -> c:\windows\system32\kabehize.dll -> %SystemRoot%\system32\kabehize.dll
YY -> c:\windows\system32\hozegupo.dll -> %SystemRoot%\system32\hozegupo.dll
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> NavLogon ->
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
YY -> "{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}" [HKLM] -> %SystemRoot%\system32\hozegupo.dll [SSODL]
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
YY -> "{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}" [HKLM] -> %SystemRoot%\system32\hozegupo.dll [STS]
[Files/Folders - Created Within 90 Days]
NY -> 10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> VirtumundoBeGone.exe -> %UserProfile%\Desktop\VirtumundoBeGone.exe
NY -> VundoFix Backups -> %SystemDrive%\VundoFix Backups
NY -> ahinibes.ini -> %SystemRoot%\System32\ahinibes.ini
NY -> ivehihaw.ini -> %SystemRoot%\System32\ivehihaw.ini
NY -> etekahob.ini -> %SystemRoot%\System32\etekahob.ini
NY -> owojusiv.ini -> %SystemRoot%\System32\owojusiv.ini
NY -> ehunolam.ini -> %SystemRoot%\System32\ehunolam.ini
NY -> itirafiw.ini -> %SystemRoot%\System32\itirafiw.ini
NY -> ijovuvup.ini -> %SystemRoot%\System32\ijovuvup.ini
NY -> ahagusut.ini -> %SystemRoot%\System32\ahagusut.ini
[Files/Folders - Modified Within 90 Days]
NY -> u_opmnpz.dll -> C:\Documents and Settings\David Nyczepir\Local Settings\Temp\u_opmnpz.dll
NY -> ahinibes.ini -> %SystemRoot%\System32\ahinibes.ini
NY -> hozegupo.dll -> %SystemRoot%\System32\hozegupo.dll
NY -> sebiniha.dll -> %SystemRoot%\System32\sebiniha.dll
NY -> ivehihaw.ini -> %SystemRoot%\System32\ivehihaw.ini
NY -> kabehize.dll -> %SystemRoot%\System32\kabehize.dll
NY -> etekahob.ini -> %SystemRoot%\System32\etekahob.ini
NY -> owojusiv.ini -> %SystemRoot%\System32\owojusiv.ini
NY -> ripagupa.dll -> %SystemRoot%\System32\ripagupa.dll
NY -> ehunolam.ini -> %SystemRoot%\System32\ehunolam.ini
NY -> malonuhe.dll -> %SystemRoot%\System32\malonuhe.dll
NY -> itirafiw.ini -> %SystemRoot%\System32\itirafiw.ini
NY -> wifariti.dll -> %SystemRoot%\System32\wifariti.dll
NY -> ijovuvup.ini -> %SystemRoot%\System32\ijovuvup.ini
NY -> ahagusut.ini -> %SystemRoot%\System32\ahagusut.ini
NY -> jabetuze.dll -> %SystemRoot%\System32\jabetuze.dll
NY -> tusugaha.dll -> %SystemRoot%\System32\tusugaha.dll
[File - Lop Check]
NY -> Viewpoint -> C:\Documents and Settings\All Users\Application Data\Viewpoint
NY -> Viewpoint -> C:\Documents and Settings\David Nyczepir\Application Data\Viewpoint
[Custom Scans]
YY -> KILLBOX[1].EXE-2A91B4D1.pf -> C:\WINDOWS\Prefetch\KILLBOX[1].EXE
YY -> VIEWPOINTSERVICE.EXE-1082C90D.pf -> C:\WINDOWS\Prefetch\VIEWPOINTSERVICE.EXE
YY -> VIRTUMUNDOBEGONE.EXE-03E44635.pf -> C:\WINDOWS\Prefetch\VIRTUMUNDOBEGONE.EXE
YY -> VUNDOFIX.EXE-3B1D0C06.pf -> C:\WINDOWS\Prefetch\VUNDOFIX.EXE
[Empty Temp Folders]
[Start Explorer]
[Reboot]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.
  • 0

#5
Killabyte

Killabyte

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hey,

I ran the fix, it was quick, and it seems to have worked. Nevertheless, I'll let you be the judge of that. Here is the log information you requested:

[quote]Process Explorer.EXE killed successfully!
[Processes - Safe List]
No active process named msmpeng.exe was found!
[Registry - Safe List]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6b44f4e9-310c-4b57-b6c7-836e4f27a9f7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b44f4e9-310c-4b57-b6c7-836e4f27a9f7}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{07AA283A-43D7-4CBE-A064-32A21112D94D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07AA283A-43D7-4CBE-A064-32A21112D94D}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\a831dc4a deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\sebiniha.dll
C:\WINDOWS\system32\sebiniha.dll NOT unregistered.
C:\WINDOWS\system32\sebiniha.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\bekabaguyu deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\CPMab02efd6 deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\kabehize.dll
C:\WINDOWS\system32\kabehize.dll NOT unregistered.
C:\WINDOWS\system32\kabehize.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MSKDetectorExe deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DellSupport deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}\ not found.
Starting removal of ActiveX control {549F957E-2F89-11D6-8CFE-00C04F52B225}
C:\WINDOWS\Downloaded Program Files\CpnMgr.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{549F957E-2F89-11D6-8CFE-00C04F52B225}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\hohazoye.dll deleted successfully.
File C:\WINDOWS\system32\hohazoye.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\sawigewe.dll deleted successfully.
File C:\WINDOWS\system32\sawigewe.dll not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\system32\nadusajo.dll scheduled to be deleted on reboot.
File C:\WINDOWS\system32\nadusajo.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\kabehize.dll deleted successfully.
File C:\WINDOWS\system32\kabehize.dll not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\hozegupo.dll scheduled to be deleted on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\hozegupo.dll
C:\WINDOWS\system32\hozegupo.dll NOT unregistered.
C:\WINDOWS\system32\hozegupo.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\SSODL deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\ deleted successfully.
File C:\WINDOWS\system32\hozegupo.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\ not found.
File C:\WINDOWS\system32\hozegupo.dll not found.
[Files/Folders - Created Within 90 Days]
File delete failed. C:\WINDOWS\System32\besowuti.dll.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\nadusajo.dll.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\pibafofa.dll.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\retugama.dll.tmp scheduled to be deleted on reboot.
C:\Documents and Settings\David Nyczepir\Desktop\VirtumundoBeGone.exe moved successfully.
C:\VundoFix Backups folder moved successfully.
C:\WINDOWS\System32\ahinibes.ini moved successfully.
C:\WINDOWS\System32\ivehihaw.ini moved successfully.
C:\WINDOWS\System32\etekahob.ini moved successfully.
C:\WINDOWS\System32\owojusiv.ini moved successfully.
C:\WINDOWS\System32\ehunolam.ini moved successfully.
C:\WINDOWS\System32\itirafiw.ini moved successfully.
C:\WINDOWS\System32\ijovuvup.ini moved successfully.
C:\WINDOWS\System32\ahagusut.ini moved successfully.
[Files/Folders - Modified Within 90 Days]
DllUnregisterServer procedure not found in C:\Documents and Settings\David Nyczepir\Local Settings\Temp\u_opmnpz.dll
C:\Documents and Settings\David Nyczepir\Local Settings\Temp\u_opmnpz.dll NOT unregistered.
C:\Documents and Settings\David Nyczepir\Local Settings\Temp\u_opmnpz.dll moved successfully.
File C:\WINDOWS\System32\ahinibes.ini not found!
File C:\WINDOWS\System32\hozegupo.dll not found!
File C:\WINDOWS\System32\sebiniha.dll not found!
File C:\WINDOWS\System32\ivehihaw.ini not found!
File C:\WINDOWS\System32\kabehize.dll not found!
File C:\WINDOWS\System32\etekahob.ini not found!
File C:\WINDOWS\System32\owojusiv.ini not found!
DllUnregisterServer procedure not found in C:\WINDOWS\System32\ripagupa.dll
C:\WINDOWS\System32\ripagupa.dll NOT unregistered.
C:\WINDOWS\System32\ripagupa.dll moved successfully.
File C:\WINDOWS\System32\ehunolam.ini not found!
DllUnregisterServer procedure not found in C:\WINDOWS\System32\malonuhe.dll
C:\WINDOWS\System32\malonuhe.dll NOT unregistered.
C:\WINDOWS\System32\malonuhe.dll moved successfully.
File C:\WINDOWS\System32\itirafiw.ini not found!
DllUnregisterServer procedure not found in C:\WINDOWS\System32\wifariti.dll
C:\WINDOWS\System32\wifariti.dll NOT unregistered.
C:\WINDOWS\System32\wifariti.dll moved successfully.
File C:\WINDOWS\System32\ijovuvup.ini not found!
File C:\WINDOWS\System32\ahagusut.ini not found!
DllUnregisterServer procedure not found in C:\WINDOWS\System32\jabetuze.dll
C:\WINDOWS\System32\jabetuze.dll NOT unregistered.
C:\WINDOWS\System32\jabetuze.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\tusugaha.dll
C:\WINDOWS\System32\tusugaha.dll NOT unregistered.
C:\WINDOWS\System32\tusugaha.dll moved successfully.
[File - Lop Check]
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Toolbar folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Toolbar Runtime folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
C:\Documents and Settings\David Nyczepir\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\David Nyczepir\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\David Nyczepir\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\David Nyczepir\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\David Nyczepir\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
C:\Documents and Settings\David Nyczepir\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
C:\Documents and Settings\David Nyczepir\Application Data\Viewpoint folder moved successfully.
[Custom Scans]
File/Folder C:\WINDOWS\Prefetch\KILLBOX[1].EXE not found.
File/Folder C:\WINDOWS\Prefetch\VIEWPOINTSERVICE.EXE not found.
File/Folder C:\WINDOWS\Prefetch\VIRTUMUNDOBEGONE.EXE not found.
File/Folder C:\WINDOWS\Prefetch\VUNDOFIX.EXE not found.
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\gamecenter;arena=nfl;feat=gamecenter;type=bia;!category=richm;type=psa;team=NO;team=ATL;user=Anonymous;seg=nonaol;ctype=lan
;lang=en-us;lang=en-us;vpmp=yes;adv=b;cust=no;[3] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\homead_fantasy;arena=nfl;arena=home_fantasy;type=psa;page=index;user=Named;
ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes;adv=a;cus[3] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\nfl;arena=nfl;site=fantasy;feat=league_home;prod=single;svl=free;type=psa;u
ser=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes[12] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\nfl;arena=nfl;site=fantasy;feat=league_home;prod=single;svl=free;type=psa;u
ser=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes[13] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\nfl;arena=nfl;site=fantasy;feat=league_home;prod=single;svl=free;type=psa;u
ser=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes[14] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\nfl;arena=nfl;site=fantasy;feat=league_home;prod=single;svl=free;type=psa;u
ser=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes[15] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\nfl;arena=nfl;site=fantasy;feat=league_home;prod=single;svl=free;type=psa;u
ser=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\nfl;arena=nfl;site=fantasy;feat=league_home;prod=single;svl=free;type=psa;u
ser=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes[3] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\nfl;arena=nfl;site=fantasy;feat=players;feat=playerprofiles;prod=single;svl
=free;type=psa;playr=12753;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol
;ctype=lan;la[3] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\nfl;arena=nfl;site=fantasy;feat=players;feat=playerprofiles;prod=single;svl
=free;type=psa;playr=187386;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonao
l;ctype=lan;l[3] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\nfl;arena=nfl;site=fantasy;feat=players;feat=playerprofiles;prod=single;svl
=free;type=psa;playr=409879;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonao
l;ctype=lan;l[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\nfl;arena=nfl;site=fantasy;feat=players;feat=players_freeagents;prod=single
;svl=free;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=l
an;lang=en-us[10] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\nfl;arena=nfl;site=fantasy;feat=players;feat=players_freeagents;prod=single
;svl=free;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=l
an;lang=en-us[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\nfl;arena=nfl;site=fantasy;feat=players;feat=players_freeagents;prod=single
;svl=free;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=l
an;lang=en-us[8] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\nfl;arena=nfl;site=fantasy;feat=players;feat=players_freeagents;prod=single
;svl=free;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=l
an;lang=en-us[9] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\nfl;arena=nfl;site=fantasy;feat=players;feat=players_search;prod=single;svl
=free;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;l
ang=en-us;lan[6] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\nfl;arena=nfl;site=fantasy;feat=players;feat=players_search;prod=single;svl
=free;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;l
ang=en-us;lan[7] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\nfl;arena=nfl;site=fantasy;feat=stats;prod=single;svl=free;type=psa;user=Na
med;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes;adv=a[12] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\nfl;arena=nfl;site=fantasy;feat=stats;prod=single;svl=free;type=psa;user=Na
med;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes;adv=a[13] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\nfl;arena=nfl;site=fantasy;feat=stats;prod=single;svl=free;type=psa;user=Na
med;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes;adv=a[14] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\nfl;arena=nfl;site=fantasy;feat=teams;feat=teams_lineup;prod=single;svl=fre
e;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=
en-us;lang=en[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\nfl;arena=nfl;site=fantasy;feat=teams;feat=teams_lineup;prod=single;svl=fre
e;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=
en-us;lang=en[38] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\nfl;arena=nfl;site=fantasy;feat=teams;feat=teams_lineup;prod=single;svl=fre
e;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=
en-us;lang=en[39] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\nfl;arena=nfl;site=fantasy;feat=teams;feat=teams_lineup;prod=single;svl=fre
e;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=
en-us;lang=en[3] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\nfl;arena=nfl;site=fantasy;feat=teams;page=index;prod=single;svl=free;type=
psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpm[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\nfl;arena=nfl;site=fantasy;feat=transactions;feat=transactions_add_drop;pro
d=single;svl=free;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol
;ctype=lan;la[24] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\nfl;arena=nfl;site=fantasy;feat=transactions;feat=transactions_add_drop;pro
d=single;svl=free;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol
;ctype=lan;la[25] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\nfl;arena=nfl;site=fantasy;feat=transactions;feat=transactions_add_drop;pro
d=single;svl=free;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol
;ctype=lan;la[26] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\nfl;arena=nfl;site=fantasy;prod=single;svl=free;type=psa;user=Named;ct=USA;
st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes;adv=a;cust=no;vi[12] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\nfl;arena=nfl;site=fantasy;prod=single;svl=free;type=psa;user=Named;ct=USA;
st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes;adv=a;cust=no;vi[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\r=http%253A[1].com&pagetype=channel&pagetype=channel&site=ign&dechannel=ign&size=1x1&network_id=12&name=ATAtracker&PageId=1159293248841&random=1159293248841&ct=js&property=ign& scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\CTAFW5EB\228324670%2FL%3DF.eP4WKIRlz.bgxcRRgrrB7FgO_Y.Ek2ox4ABk9E%2FB%3DOGlQM0wNBmU-%2FJ%3D1228317470693164%2FA%3D5406811%2FR%3D0%2F%2A%24,http%3A%2F%2Fhockey.fantasysports.yahoo[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\CDQ5C7EH\homead_fantasy;arena=nfl;arena=home_fantasy;type=psa;page=index;user=Named;
ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes;adv=a;cus[3] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\CDQ5C7EH\nfl;arena=nfl;site=fantasy;feat=league_home;prod=single;svl=free;type=psa;u
ser=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes[14] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\CDQ5C7EH\nfl;arena=nfl;site=fantasy;feat=league_home;prod=single;svl=free;type=psa;u
ser=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes[15] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\CDQ5C7EH\nfl;arena=nfl;site=fantasy;feat=league_home;prod=single;svl=free;type=psa;u
ser=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes[16] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\CDQ5C7EH\nfl;arena=nfl;site=fantasy;feat=league_home;prod=single;svl=free;type=psa;u
ser=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\CDQ5C7EH\nfl;arena=nfl;site=fantasy;feat=league_home;prod=single;svl=free;type=psa;u
ser=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes[3] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\CDQ5C7EH\nfl;arena=nfl;site=fantasy;feat=league_home;prod=single;svl=free;type=psa;u
ser=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes[4] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\CDQ5C7EH\nfl;arena=nfl;site=fantasy;feat=players;feat=playerprofiles;prod=single;svl
=free;type=psa;playr=409879;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonao
l;ctype=lan;l[3] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\CDQ5C7EH\nfl;arena=nfl;site=fantasy;feat=players;feat=players_freeagents;prod=single
;svl=free;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=l
an;lang=en-us[10] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\CDQ5C7EH\nfl;arena=nfl;site=fantasy;feat=players;feat=players_freeagents;prod=single
;svl=free;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=l
an;lang=en-us[11] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\CDQ5C7EH\nfl;arena=nfl;site=fantasy;feat=players;feat=players_freeagents;prod=single
;svl=free;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=l
an;lang=en-us[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\CDQ5C7EH\nfl;arena=nfl;site=fantasy;feat=players;feat=players_freeagents;prod=single
;svl=free;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=l
an;lang=en-us[9] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\CDQ5C7EH\nfl;arena=nfl;site=fantasy;feat=players;feat=players_search;prod=single;svl
=free;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;l
ang=en-us;lan[7] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\CDQ5C7EH\nfl;arena=nfl;site=fantasy;feat=stats;prod=single;svl=free;type=psa;user=Na
med;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes;adv=a[12] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\CDQ5C7EH\nfl;arena=nfl;site=fantasy;feat=stats;prod=single;svl=free;type=psa;user=Na
med;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes;adv=a[13] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\CDQ5C7EH\nfl;arena=nfl;site=fantasy;feat=stats;prod=single;svl=free;type=psa;user=Na
med;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes;adv=a[14] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\CDQ5C7EH\nfl;arena=nfl;site=fantasy;feat=teams;feat=teams_lineup;prod=single;svl=fre
e;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=
en-us;lang=en[29] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\CDQ5C7EH\nfl;arena=nfl;site=fantasy;feat=teams;feat=teams_lineup;prod=single;svl=fre
e;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=
en-us;lang=en[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\CDQ5C7EH\nfl;arena=nfl;site=fantasy;feat=teams;feat=teams_lineup;prod=single;svl=fre
e;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=
en-us;lang=en[30] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\CDQ5C7EH\nfl;arena=nfl;site=fantasy;feat=transactions;feat=transactions_add_drop;pro
d=single;svl=free;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol
;ctype=lan;la[24] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\CDQ5C7EH\nfl;arena=nfl;site=fantasy;feat=transactions;feat=transactions_add_drop;pro
d=single;svl=free;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol
;ctype=lan;la[25] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\CDQ5C7EH\nfl;arena=nfl;site=fantasy;feat=transactions;feat=transactions_add_drop;pro
d=single;svl=free;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol
;ctype=lan;la[26] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\CDQ5C7EH\nfl;arena=nfl;site=fantasy;feat=transactions;feat=transactions_add_drop;pro
d=single;svl=free;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol
;ctype=lan;la[27] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\CDQ5C7EH\nfl;arena=nfl;site=fantasy;feat=transactions;feat=transactions_add_drop;pro
d=single;svl=free;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol
;ctype=lan;la[28] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\CDQ5C7EH\nfl;arena=nfl;site=fantasy;feat=transactions;feat=transactions_add_drop;pro
d=single;svl=free;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol
;ctype=lan;la[29] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\CDQ5C7EH\nfl;arena=nfl;site=fantasy;prod=single;svl=free;type=psa;user=Named;ct=USA;
st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes;adv=a;cust=no;vi[13] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\89IF8L6N\28324784%2FL%3DjfO65mKIRlz.bgxcRRgrrA9ggO_Y.Ek2o5AABMCp%2FB%3D9OMlM0wNBl0-%2FJ%3D1228317584488299%2FA%3D5404999%2FR%3D0%2F%2A%24,http%3A%2F%2Fhockey.fantasysports.yahoo[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\89IF8L6N\_default;sz=160x600;kch=1187796739;kbg=FFFFFF;kkw=2005+2006+amv+animation+a
nime+baby+band+boy+car+cat+comedy+commercial+concert+cool+crazy+cute+dance+episod
e+fantasy+fig[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\89IF8L6N\_default;sz=300x35;kch=3000513466;kbg=FFFFFF;kkw=2005+2006+amv+animation+an
ime+baby+band+boy+car+cat+comedy+commercial+concert+cool+crazy+cute+dance+episode
+fantasy+figh[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\89IF8L6N\_default;sz=728x90;kch=1600166264;kbg=FFFFFF;kkw=2005+2006+amv+animation+an
ime+baby+band+boy+car+cat+comedy+commercial+concert+cool+crazy+cute+dance+episode
+fantasy+figh[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\85AN0XEF\228324878%2FL%3DutRmvmKIRlz.bgxcRRgrrBFNgO_Y.Ek2o.4ABoVh%2FB%3Dgb_.MkwNBlY-%2FJ%3D1228317678603976%2FA%3D5404999%2FR%3D0%2F%2A%24,http%3A%2F%2Fhockey.fantasysports.yahoo[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\6ZEROXW5\homead_fantasy;arena=nfl;arena=home_fantasy;type=psa;page=index;user=Anonym
ous;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes;adv=a;cust=no;vip=no;u=;sz=150x30;tile[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\6ZEROXW5\homead_fantasy;arena=nfl;arena=home_fantasy;type=psa;page=index;user=Named;
ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes;adv=a;adi[3] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\6ZEROXW5\homead_fantasy;arena=nfl;arena=home_fantasy;type=psa;page=index;user=Named;
ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes;adv=a;cus[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\6ZEROXW5\homead_fantasy;arena=nfl;arena=home_fantasy;type=psa;page=index;user=Named;
ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes;adv=a;cus[3] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\6ZEROXW5\nfl;arena=nfl;site=fantasy;feat=league_home;prod=single;svl=free;type=psa;u
ser=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes[12] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\6ZEROXW5\nfl;arena=nfl;site=fantasy;feat=league_home;prod=single;svl=free;type=psa;u
ser=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes[13] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\6ZEROXW5\nfl;arena=nfl;site=fantasy;feat=league_home;prod=single;svl=free;type=psa;u
ser=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes[14] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\6ZEROXW5\nfl;arena=nfl;site=fantasy;feat=players;feat=playerprofiles;prod=single;svl
=free;type=psa;playr=187386;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonao
l;ctype=lan;l[4] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\6ZEROXW5\nfl;arena=nfl;site=fantasy;feat=players;feat=playerprofiles;prod=single;svl
=free;type=psa;playr=409879;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonao
l;ctype=lan;l[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\6ZEROXW5\nfl;arena=nfl;site=fantasy;feat=players;feat=players_freeagents;prod=single
;svl=free;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=l
an;lang=en-us[10] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\6ZEROXW5\nfl;arena=nfl;site=fantasy;feat=players;feat=players_freeagents;prod=single
;svl=free;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=l
an;lang=en-us[11] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\6ZEROXW5\nfl;arena=nfl;site=fantasy;feat=players;feat=players_freeagents;prod=single
;svl=free;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=l
an;lang=en-us[12] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\6ZEROXW5\nfl;arena=nfl;site=fantasy;feat=stats;prod=single;svl=free;type=psa;user=Na
med;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes;adv=a[13] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\6ZEROXW5\nfl;arena=nfl;site=fantasy;feat=teams;feat=teams_lineup;prod=single;svl=fre
e;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=
en-us;lang=en[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\6ZEROXW5\nfl;arena=nfl;site=fantasy;feat=teams;feat=teams_lineup;prod=single;svl=fre
e;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=
en-us;lang=en[35] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\6ZEROXW5\nfl;arena=nfl;site=fantasy;feat=teams;feat=teams_lineup;prod=single;svl=fre
e;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=
en-us;lang=en[36] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\6ZEROXW5\nfl;arena=nfl;site=fantasy;feat=teams;feat=teams_lineup;prod=single;svl=fre
e;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=
en-us;lang=en[3] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\6ZEROXW5\nfl;arena=nfl;site=fantasy;feat=teams;page=index;prod=single;svl=free;type=
psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpm[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\6ZEROXW5\nfl;arena=nfl;site=fantasy;feat=transactions;feat=transactions_add_drop;pro
d=single;svl=free;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol
;ctype=lan;la[25] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\6ZEROXW5\nfl;arena=nfl;site=fantasy;feat=transactions;feat=transactions_add_drop;pro
d=single;svl=free;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol
;ctype=lan;la[26] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\6ZEROXW5\nfl;arena=nfl;site=fantasy;feat=transactions;feat=transactions_add_drop;pro
d=single;svl=free;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol
;ctype=lan;la[27] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\6ZEROXW5\nfl;arena=nfl;site=fantasy;feat=transactions;feat=transactions_add_drop;pro
d=single;svl=free;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol
;ctype=lan;la[28] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\6ZEROXW5\nfl;arena=nfl;site=fantasy;feat=transactions;feat=transactions_add_drop;pro
d=single;svl=free;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol
;ctype=lan;la[29] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\6ZEROXW5\nfl;arena=nfl;site=fantasy;prod=single;svl=free;type=psa;user=Named;ct=USA;
st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes;adv=a;cust=no;vi[11] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\2HYJM5UT\homead_fantasy;arena=nfl;arena=home_fantasy;type=psa;page=index;user=Anonym
ous;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes;adv=a;adid=23864592;cust=no;vip=no;u=;[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\2HYJM5UT\homead_fantasy;arena=nfl;arena=home_fantasy;type=psa;page=index;user=Named;
ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes;adv=a;adi[4] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\2HYJM5UT\homead_fantasy;arena=nfl;arena=home_fantasy;type=psa;page=index;user=Named;
ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes;adv=a;adi[5] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\2HYJM5UT\nfl;arena=nfl;site=fantasy;feat=league_home;prod=single;svl=free;type=psa;u
ser=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes[10] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\2HYJM5UT\nfl;arena=nfl;site=fantasy;feat=league_home;prod=single;svl=free;type=psa;u
ser=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes[11] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\2HYJM5UT\nfl;arena=nfl;site=fantasy;feat=league_home;prod=single;svl=free;type=psa;u
ser=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes[12] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\2HYJM5UT\nfl;arena=nfl;site=fantasy;feat=league_home;prod=single;svl=free;type=psa;u
ser=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes[13] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\2HYJM5UT\nfl;arena=nfl;site=fantasy;feat=league_home;prod=single;svl=free;type=psa;u
ser=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\2HYJM5UT\nfl;arena=nfl;site=fantasy;feat=league_home;prod=single;svl=free;type=psa;u
ser=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes[9] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\2HYJM5UT\nfl;arena=nfl;site=fantasy;feat=players;feat=playerprofiles;prod=single;svl
=free;type=psa;playr=187386;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonao
l;ctype=lan;l[4] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\2HYJM5UT\nfl;arena=nfl;site=fantasy;feat=players;feat=playerprofiles;prod=single;svl
=free;type=psa;playr=409879;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonao
l;ctype=lan;l[4] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\2HYJM5UT\nfl;arena=nfl;site=fantasy;feat=players;feat=playerprofiles;prod=single;svl
=free;type=psa;playr=424340;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonao
l;ctype=lan;l[3] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\2HYJM5UT\nfl;arena=nfl;site=fantasy;feat=players;feat=players_freeagents;prod=single
;svl=free;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=l
an;lang=en-us[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\2HYJM5UT\nfl;arena=nfl;site=fantasy;feat=players;feat=players_search;prod=single;svl
=free;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;l
ang=en-us;lan[6] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\2HYJM5UT\nfl;arena=nfl;site=fantasy;feat=players;feat=players_search;prod=single;svl
=free;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;l
ang=en-us;lan[7] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\2HYJM5UT\nfl;arena=nfl;site=fantasy;feat=players;feat=players_search;prod=single;svl
=free;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;l
ang=en-us;lan[8] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\2HYJM5UT\nfl;arena=nfl;site=fantasy;feat=stats;prod=single;svl=free;type=psa;user=Na
med;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes;adv=a[10] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\2HYJM5UT\nfl;arena=nfl;site=fantasy;feat=stats;prod=single;svl=free;type=psa;user=Na
med;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes;adv=a[11] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\2HYJM5UT\nfl;arena=nfl;site=fantasy;feat=teams;feat=teams_lineup;prod=single;svl=fre
e;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=
en-us;lang=en[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\2HYJM5UT\nfl;arena=nfl;site=fantasy;feat=teams;feat=teams_lineup;prod=single;svl=fre
e;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=
en-us;lang=en[32] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\2HYJM5UT\nfl;arena=nfl;site=fantasy;feat=teams;feat=teams_lineup;prod=single;svl=fre
e;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=
en-us;lang=en[33] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\2HYJM5UT\nfl;arena=nfl;site=fantasy;feat=teams;feat=teams_lineup;prod=single;svl=fre
e;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=
en-us;lang=en[34] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\2HYJM5UT\nfl;arena=nfl;site=fantasy;feat=teams;page=index;prod=single;svl=free;type=
psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpm[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\2HYJM5UT\nfl;arena=nfl;site=fantasy;feat=transactions;feat=transactions_add_drop;pro
d=single;svl=free;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol
;ctype=lan;la[27] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\2HYJM5UT\nfl;arena=nfl;site=fantasy;feat=transactions;feat=transactions_add_drop;pro
d=single;svl=free;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol
;ctype=lan;la[28] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\2HYJM5UT\nfl;arena=nfl;site=fantasy;feat=transactions;feat=transactions_add_drop;pro
d=single;svl=free;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol
;ctype=lan;la[29] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\2HYJM5UT\nfl;arena=nfl;site=fantasy;feat=transactions;feat=transactions_add_drop;pro
d=single;svl=free;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol
;ctype=lan;la[30] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\2HYJM5UT\nfl;arena=nfl;site=fantasy;prod=single;svl=free;type=psa;user=Named;ct=USA;
st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes;adv=a;cust=no;vi[15] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\2HYJM5UT\nfl;arena=nfl;site=fantasy;prod=single;svl=free;type=psa;user=Named;ct=USA;
st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes;adv=a;cust=no;vi[2] scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt2 by OldTimer - Version 1.0.2.1 fix logfile created on 12042008_130130

Files moved on Reboot...
C:\WINDOWS\System32\besowuti.dll.tmp moved successfully.
File move failed. C:\WINDOWS\System32\nadusajo.dll.tmp scheduled to be moved on reboot.
C:\WINDOWS\System32\pibafofa.dll.tmp moved successfully.
C:\WINDOWS\System32\retugama.dll.tmp moved successfully.
File C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\gamecenter;arena=nfl;feat=gamecenter;type=bia;!category=richm;type=psa;team=NO;team=ATL;user=Anonymous;seg=nonaol;ctype=lan
;lang=en-us;lang=en-us;vpmp=yes;adv=b;cust=no;[3] not found!
File C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\homead_fantasy;arena=nfl;arena=home_fantasy;type=psa;page=index;user=Named;
ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes;adv=a;cus[3] not found!
File C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\nfl;arena=nfl;site=fantasy;feat=league_home;prod=single;svl=free;type=psa;u
ser=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes[12] not found!
File C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\nfl;arena=nfl;site=fantasy;feat=league_home;prod=single;svl=free;type=psa;u
ser=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes[13] not found!
File C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\nfl;arena=nfl;site=fantasy;feat=league_home;prod=single;svl=free;type=psa;u
ser=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes[14] not found!
File C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\nfl;arena=nfl;site=fantasy;feat=league_home;prod=single;svl=free;type=psa;u
ser=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes[15] not found!
File C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\nfl;arena=nfl;site=fantasy;feat=league_home;prod=single;svl=free;type=psa;u
ser=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes[2] not found!
File C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\nfl;arena=nfl;site=fantasy;feat=league_home;prod=single;svl=free;type=psa;u
ser=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes[3] not found!
File C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\nfl;arena=nfl;site=fantasy;feat=players;feat=playerprofiles;prod=single;svl
=free;type=psa;playr=12753;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol
;ctype=lan;la[3] not found!
File C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\nfl;arena=nfl;site=fantasy;feat=players;feat=playerprofiles;prod=single;svl
=free;type=psa;playr=187386;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonao
l;ctype=lan;l[3] not found!
File C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\nfl;arena=nfl;site=fantasy;feat=players;feat=playerprofiles;prod=single;svl
=free;type=psa;playr=409879;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonao
l;ctype=lan;l[2] not found!
File C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\nfl;arena=nfl;site=fantasy;feat=players;feat=players_freeagents;prod=single
;svl=free;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=l
an;lang=en-us[10] not found!
File C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\nfl;arena=nfl;site=fantasy;feat=players;feat=players_freeagents;prod=single
;svl=free;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=l
an;lang=en-us[2] not found!
File C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\nfl;arena=nfl;site=fantasy;feat=players;feat=players_freeagents;prod=single
;svl=free;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=l
an;lang=en-us[8] not found!
File C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\nfl;arena=nfl;site=fantasy;feat=players;feat=players_freeagents;prod=single
;svl=free;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=l
an;lang=en-us[9] not found!
File C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\nfl;arena=nfl;site=fantasy;feat=players;feat=players_search;prod=single;svl
=free;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;l
ang=en-us;lan[6] not found!
File C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\nfl;arena=nfl;site=fantasy;feat=players;feat=players_search;prod=single;svl
=free;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;l
ang=en-us;lan[7] not found!
File C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\nfl;arena=nfl;site=fantasy;feat=stats;prod=single;svl=free;type=psa;user=Na
med;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes;adv=a[12] not found!
File C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\nfl;arena=nfl;site=fantasy;feat=stats;prod=single;svl=free;type=psa;user=Na
med;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes;adv=a[13] not found!
File C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\nfl;arena=nfl;site=fantasy;feat=stats;prod=single;svl=free;type=psa;user=Na
med;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vpmp=yes;adv=a[14] not found!
File C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\nfl;arena=nfl;site=fantasy;feat=teams;feat=teams_lineup;prod=single;svl=fre
e;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=lan;lang=
en-us;lang=en[2] not found!
File C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\nfl;arena=nfl;site=fantasy;feat=teams;feat=teams_lineup;prod=single;svl=fre
e;type=psa;user=Named;ct=USA;st=VA;ac=804;gend=M;age=A;seg=nonaol;ctype=la
  • 0

#6
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.




Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

  • 0

#7
Killabyte

Killabyte

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Here are the results of the Anti-Malware scan:

Malwarebytes' Anti-Malware 1.31
Database version: 1461
Windows 5.1.2600 Service Pack 3

12/5/2008 1:47:21 AM
mbam-log-2008-12-05 (01-47-21).txt

Scan type: Quick Scan
Objects scanned: 52539
Time elapsed: 3 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 6
Registry Keys Infected: 14
Registry Values Infected: 5
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\losidaje.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\defumigu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fukeveho.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\vetimova.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\lizuzuke.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\puneromi.dll (Trojan.BHO) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6b44f4e9-310c-4b57-b6c7-836e4f27a9f7} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6b44f4e9-310c-4b57-b6c7-836e4f27a9f7} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6b44f4e9-310c-4b57-b6c7-836e4f27a9f7} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ieobject.ieobjectobj (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ieobject.ieobjectobj.1 (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0b0a76e7-ade1-41f4-b157-559605721b3a} (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{50da37bb-7083-4fa7-80cf-de4cdb634166} (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1f158a1e-a687-4a11-9679-b3ac64b86a1c} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a831dc4a (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bekabaguyu (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpmab02efd6 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\defumigu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\defumigu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\defumigu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\lizuzuke.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\lizuzuke.dll -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\dunajato.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\otajanud.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jihokika.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akikohij.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\losidaje.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ejadisol.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vetimova.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\lizuzuke.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fukeveho.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\defumigu.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\puneromi.dll (Trojan.BHO) -> Delete on reboot.
C:\WINDOWS\system32\jiwonuti.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kegilazo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kinanefu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuvulezi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wetelumo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lifozoyi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.


Here is the Kaspersky report:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, December 5, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, December 05, 2008 03:52:58
Records in database: 1437938
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 65387
Threat name: 2
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 01:19:06


File name / Threat name / Threats count
C:\_OTScanIt\MovedFiles\12042008_130130\C_WINDOWS\system32\jabetuze.dll Infected: Trojan-Spy.Win32.Agent.fdp 1
C:\_OTScanIt\MovedFiles\12042008_130130\C_WINDOWS\system32\tusugaha.dll Infected: Trojan.Win32.Monder.aamw 1
C:\_OTScanIt\MovedFiles\12042008_130130\C_WINDOWS\system32\wifariti.dll Infected: Trojan.Win32.Monder.aamw 1

The selected area was scanned.


  • 0

#8
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

  • 0

#9
Killabyte

Killabyte

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Here is the log.txt:

[quote]Logfile of random's system information tool 1.04 (written by random/random)
Run by David Nyczepir at 2008-12-05 14:39:57
Microsoft Windows XP Professional Service Pack 3
System drive C: has 43 GB (48%) free of 90 GB
Total RAM: 2046 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:40:03 PM, on 12/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\David Nyczepir\Local Settings\Temporary Internet Files\Content.IE5\3H5W8D87\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\David Nyczepir.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKUS\S-1-5-19\..\Run: [bekabaguyu] Rundll32.exe "C:\WINDOWS\system32\vetimova.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [bekabaguyu] Rundll32.exe "C:\WINDOWS\system32\vetimova.dll",s (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL , c:\windows\system32\puneromi.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O24 - Desktop Component 0: (no name) - http://www1.istockph...can_soldier.jpg

--
End of file - 8947 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-12-06 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nwiz"=nwiz.exe /installquiet []
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2005-12-28 667718]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2005-12-28 602182]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-03-24 282624]
"CTSysVol"=C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe [2005-10-31 57344]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-12-09 49152]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-06 127035]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-06-10 249856]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
"DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-01-27 86016]
"Logitech Hardware Abstraction Layer"=KHALMNPR.EXE []
"dlccmon.exe"=C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe [2005-10-20 430080]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe /P DellSupportCenter []
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"DLCCCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"=C:\Program Files\NetWaiting\netWaiting.exe []
"SetDefaultMIDI"=C:\WINDOWS\MIDIDef.exe [2004-12-22 24576]
"Creative Detector"=C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe [2004-12-02 102400]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-01-03 50528]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe /P DellSupportCenter []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL , c:\windows\system32\puneromi.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1153535136\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1153535136\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1153535136\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1153535136\ee\aim6.exe:*:Enabled:AIM"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire"
"C:\Program Files\QuickTime\QuickTimePlayer.exe"="C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\Program Files\SEGA\Medieval II Total War\medieval2.exe"="C:\Program Files\SEGA\Medieval II Total War\medieval2.exe:*:Enabled:Medieval 2: Total War"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\SPSSInc\SPSS16EV\SPSSWinWrapIDE.exe"="C:\Program Files\SPSSInc\SPSS16EV\SPSSWinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor (1033)"
"C:\Program Files\SPSSInc\SPSS16EV\spss.com"="C:\Program Files\SPSSInc\SPSS16EV\spss.com:*:Disabled:SPSS 16.0 Evaluation Version (1033:com)"
"C:\Program Files\SPSSInc\SPSS16EV\spss.exe"="C:\Program Files\SPSSInc\SPSS16EV\spss.exe:*:Disabled:SPSS 16.0 Evaluation Version (1033:exe)"
"C:\Program Files\GameSpy\Comrade\Comrade.exe"="C:\Program Files\GameSpy\Comrade\Comrade.exe:*:Enabled:Comrade"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\Intel\Wireless\Bin\EvtEng.exe"="C:\Program Files\Intel\Wireless\Bin\EvtEng.exe:*:Enabled:EvtEng"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32"
"C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"="C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe:*:Enabled:dlccmon"
"C:\Program Files\Sophos\AutoUpdate\ALMon.exe"="C:\Program Files\Sophos\AutoUpdate\ALMon.exe:*:Enabled:ALMon"
"C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe"="C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe:*:Enabled:S24EvMon"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2008-12-05 14:39:57 ----D---- C:\rsit
2008-12-05 01:38:21 ----D---- C:\Documents and Settings\David Nyczepir\Application Data\Malwarebytes
2008-12-05 01:38:12 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-05 01:38:12 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-04 13:01:30 ----D---- C:\_OTScanIt
2008-12-03 18:59:53 ----A---- C:\VundoFix.txt
2008-12-03 18:37:13 ----D---- C:\Program Files\Trend Micro
2008-12-02 23:10:00 ----A---- C:\SophosBootTasks.txt
2008-11-30 17:11:40 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-30 17:11:40 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-22 22:22:22 ----D---- C:\Program Files\iPod
2008-11-22 22:22:18 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-22 22:20:48 ----D---- C:\Program Files\Bonjour
2008-11-12 12:05:37 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 12:05:30 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 12:05:17 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-10-24 11:00:47 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-20 12:26:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-10-18 19:36:45 ----D---- C:\WINDOWS\Prefetch
2008-10-18 13:11:03 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-18 13:10:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-18 13:10:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-18 13:10:35 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-18 13:10:25 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-18 13:10:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-18 13:10:07 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-10-18 13:09:59 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-10-18 13:09:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-10-18 13:09:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-10-18 13:09:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-18 13:09:29 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-18 13:09:22 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-10-18 13:09:14 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-10-18 13:09:08 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-18 13:03:51 ----D---- C:\WINDOWS\system32\scripting
2008-10-18 13:03:50 ----D---- C:\WINDOWS\system32\en
2008-10-18 13:03:50 ----D---- C:\WINDOWS\system32\bits
2008-10-18 13:03:50 ----D---- C:\WINDOWS\l2schemas
2008-10-18 13:00:45 ----D---- C:\WINDOWS\ServicePackFiles
2008-10-18 12:54:10 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-10-16 12:22:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2008-10-16 12:21:49 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 12:21:30 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2008-10-16 12:19:57 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2008-10-16 12:19:38 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2008-10-14 14:59:13 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard
2008-10-08 20:09:17 ----D---- C:\Logs
2008-10-08 18:36:54 ----D---- C:\Program Files\World of Warcraft
2008-10-08 16:05:39 ----D---- C:\WoW-2.3.0.7561-enUS
2008-09-30 16:43:34 ----A---- C:\WINDOWS\system32\msxml4.dll
2008-09-26 19:36:41 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-09-26 19:36:39 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-09-26 19:36:38 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-09-26 19:36:38 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-09-26 19:36:29 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-09-26 19:36:29 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-09-26 19:36:19 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-09-26 19:36:18 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-09-26 19:36:16 ----N---- C:\WINDOWS\system32\slserv.exe
2008-09-26 19:36:16 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-09-26 19:36:16 ----N---- C:\WINDOWS\system32\slgen.dll
2008-09-26 19:36:16 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-09-26 19:36:16 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-09-26 19:36:16 ----N---- C:\WINDOWS\slrundll.exe
2008-09-26 19:36:12 ----N---- C:\WINDOWS\system32\setupn.exe
2008-09-26 19:36:10 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-09-26 19:36:08 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-09-26 19:36:06 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-09-26 19:36:06 ----N---- C:\WINDOWS\system32\qutil.dll
2008-09-26 19:36:04 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-09-26 19:36:04 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-09-26 19:36:04 ----N---- C:\WINDOWS\system32\qagent.dll
2008-09-26 19:36:03 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-09-26 19:36:00 ----N---- C:\WINDOWS\system32\onex.dll
2008-09-26 19:35:50 ----N---- C:\WINDOWS\system32\napstat.exe
2008-09-26 19:35:50 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-09-26 19:35:50 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-09-26 19:35:49 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-09-26 19:35:48 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-09-26 19:35:48 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-09-26 19:35:46 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-26 19:35:46 ----N---- C:\WINDOWS\system32\mssha.dll
2008-09-26 19:35:31 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-09-26 19:35:31 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-26 19:35:31 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-09-26 19:35:31 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-26 19:35:17 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-26 19:35:17 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-09-26 19:35:17 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-09-26 19:35:17 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-26 19:35:16 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-26 19:35:16 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-26 19:35:09 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-09-26 19:35:09 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-09-26 19:35:08 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-09-26 19:35:06 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-09-26 19:35:02 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-09-26 19:35:02 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-09-26 19:35:01 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-09-26 19:35:01 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-09-26 19:35:01 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-09-26 19:35:01 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-09-26 19:35:01 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-09-26 19:35:01 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-26 19:35:01 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-09-26 19:35:00 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-09-26 19:35:00 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-09-26 19:35:00 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-09-26 19:35:00 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-26 19:35:00 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-26 19:35:00 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-26 19:35:00 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-09-26 19:35:00 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-09-26 19:35:00 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-26 19:34:59 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-26 19:34:57 ----N---- C:\WINDOWS\system32\credssp.dll
2008-09-26 19:34:54 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-26 19:34:54 ----N---- C:\WINDOWS\system32\azroles.dll
2008-09-26 19:34:53 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-09-26 19:34:53 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-09-26 19:34:53 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-09-26 19:34:53 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-09-26 19:34:52 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-09-26 19:34:52 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-09-26 19:34:52 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-09-26 19:34:48 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-09-17 18:23:16 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2008-09-17 18:23:15 ----D---- C:\Program Files\World of Warcraft Trial
2008-09-10 20:06:59 ----RHD---- C:\Documents and Settings\David Nyczepir\Application Data\SecuROM
2008-09-10 11:00:45 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$

======List of files/folders modified in the last 3 months======

2008-12-05 11:55:14 ----D---- C:\WINDOWS\system32
2008-12-05 01:52:53 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-05 01:50:26 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-05 01:49:11 ----D---- C:\WINDOWS\Temp
2008-12-05 01:48:49 ----D---- C:\WINDOWS
2008-12-05 01:48:48 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2008-12-05 01:48:11 ----D---- C:\WINDOWS\system32\drivers
2008-12-05 01:47:51 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-05 01:38:12 ----D---- C:\Program Files
2008-12-04 14:03:33 ----SHD---- C:\WINDOWS\Installer
2008-12-04 14:03:33 ----SHD---- C:\Config.Msi
2008-12-04 14:03:05 ----D---- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-12-04 14:03:04 ----D---- C:\Program Files\Dell Support Center
2008-12-04 14:03:04 ----D---- C:\Program Files\Common Files
2008-12-04 14:00:39 ----HD---- C:\WINDOWS\inf
2008-12-04 14:00:34 ----D---- C:\Documents and Settings\All Users\Application Data\GTek
2008-12-04 13:59:43 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-04 13:54:06 ----D---- C:\Program Files\Logitech
2008-12-04 13:51:55 ----D---- C:\Program Files\Electronic Arts
2008-12-04 13:50:39 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-04 13:50:38 ----SD---- C:\WINDOWS\Tasks
2008-12-04 13:48:45 ----D---- C:\Program Files\Sophos
2008-12-03 20:30:42 ----D---- C:\Program Files\Dl_cats
2008-12-03 19:23:32 ----D---- C:\Program Files\Viewpoint
2008-12-03 18:28:02 ----SHD---- C:\WINDOWS\CSC
2008-12-02 23:40:15 ----D---- C:\WINDOWS\system32\Restore
2008-12-02 02:29:39 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-01 16:05:03 ----A---- C:\WINDOWS\wininit.ini
2008-11-30 17:32:10 ----D---- C:\WINDOWS\wt
2008-11-27 13:30:04 ----D---- C:\Documents and Settings\David Nyczepir\Application Data\Move Networks
2008-11-22 22:22:48 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-22 22:22:47 ----D---- C:\Program Files\iTunes
2008-11-22 22:22:21 ----D---- C:\Program Files\Common Files\Apple
2008-11-22 22:20:33 ----D---- C:\Program Files\QuickTime
2008-11-22 22:18:40 ----D---- C:\Program Files\Apple Software Update
2008-11-22 22:09:14 ----D---- C:\Program Files\Mozilla Firefox
2008-11-18 16:19:18 ----D---- C:\Program Files\AIM6
2008-11-12 12:05:40 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-11-12 12:05:36 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-12 12:05:34 ----A---- C:\WINDOWS\imsins.BAK
2008-11-12 12:04:53 ----D---- C:\WINDOWS\WinSxS
2008-10-18 19:37:25 ----A---- C:\WINDOWS\OEWABLog.txt
2008-10-18 19:36:07 ----A---- C:\WINDOWS\setuplog.txt
2008-10-18 19:35:36 ----D---- C:\WINDOWS\system32\Setup
2008-10-18 19:35:36 ----D---- C:\WINDOWS\ime
2008-10-18 19:35:36 ----D---- C:\WINDOWS\AppPatch
2008-10-18 19:35:36 ----D---- C:\Program Files\Messenger
2008-10-18 19:35:35 ----RSD---- C:\WINDOWS\Fonts
2008-10-18 19:35:35 ----D---- C:\WINDOWS\system32\wbem
2008-10-18 13:11:05 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-18 13:08:51 ----D---- C:\WINDOWS\security
2008-10-18 13:04:05 ----D---- C:\WINDOWS\system32\inetsrv
2008-10-18 13:04:05 ----D---- C:\WINDOWS\network diagnostic
2008-10-18 13:04:05 ----D---- C:\WINDOWS\Help
2008-10-18 13:03:51 ----D---- C:\WINDOWS\system32\usmt
2008-10-18 13:03:51 ----D---- C:\WINDOWS\system32\en-US
2008-10-18 13:03:49 ----D---- C:\WINDOWS\PeerNet
2008-10-18 13:03:49 ----D---- C:\Program Files\Movie Maker
2008-10-18 13:00:29 ----D---- C:\WINDOWS\system32\npp
2008-10-18 13:00:29 ----D---- C:\WINDOWS\mui
2008-10-18 13:00:28 ----D---- C:\WINDOWS\msagent
2008-10-18 13:00:26 ----D---- C:\WINDOWS\srchasst
2008-10-18 13:00:25 ----D---- C:\Program Files\NetMeeting
2008-10-18 13:00:24 ----D---- C:\WINDOWS\system32\Com
2008-10-18 13:00:21 ----D---- C:\Program Files\Windows Media Player
2008-10-18 13:00:20 ----D---- C:\Program Files\Windows NT
2008-10-18 13:00:20 ----D---- C:\Program Files\Outlook Express
2008-10-18 13:00:16 ----D---- C:\Program Files\Common Files\System
2008-10-18 12:59:58 ----D---- C:\WINDOWS\system32\oobe
2008-10-18 12:59:55 ----D---- C:\WINDOWS\system
2008-10-18 12:54:09 ----D---- C:\WINDOWS\ehome
2008-10-16 12:20:42 ----D---- C:\Program Files\Internet Explorer
2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-03 12:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-09-26 19:17:09 ----D---- C:\WINDOWS\Debug
2008-09-10 20:06:57 ----A---- C:\WINDOWS\system32\CmdLineExt.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-07-17 21275]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-07-17 8552]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-04 12544]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-12-28 13568]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-06 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-06 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-06 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-06 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-06 86586]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-06 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-06 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-06 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-06 100603]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-08-05 45312]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
R3 CTUSFSYN;Creative SoundFont Synthesizer; C:\WINDOWS\system32\drivers\ctusfsyn.sys [2005-05-25 158464]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
R3 monfilt;monfilt; C:\WINDOWS\system32\drivers\monfilt.sys [2006-01-04 1389056]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-03-21 3652128]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-07-14 28544]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-07-12 51328]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-07-14 307968]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-24 1156648]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-08 191872]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 KMW_KBD;Kensington Input Devices Class filter driver; C:\WINDOWS\System32\DRIVERS\KMW_KBD.sys []
S3 KMW_USB;Kensington MouseWorks USB filter driver; C:\WINDOWS\system32\DRIVERS\KMW_USB.sys []
S3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys []
S3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2007-10-31 30464]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-04 1428096]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 Creative Labs Licensing Service;Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [2006-07-17 69632]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-12 44032]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-12-28 114753]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2006-04-06 380928]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-03-21 143428]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-12-28 217164]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-12-28 540745]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 WLANKEEPER;Intel® PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2005-12-28 262217]
R3 dlcc_device;dlcc_device; C:\WINDOWS\system32\dlcccoms.exe [2005-10-27 491520]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------[/quote]

Here is the info.txt:

[quote]info.txt logfile of random's system information tool 1.04 2008-12-05 14:40:05

======Uninstall list======

-->"C:\Program Files\Creative\SBAudigy\Program\CTZapxx.EXE" ctsbmb.ini /U /N /S /W
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B17E626-7885-4FC3-A66A-73548A4F01FD}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B17E626-7885-4FC3-A66A-73548A4F01FD}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AFFF09F-386B-4F7A-B3E0-EC24C13893AA}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AFFF09F-386B-4F7A-B3E0-EC24C13893AA}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{943884D4-B604-496F-B132-DFA9C63FAF6A}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EEEF992E-270C-4B4C-8389-4B3DEEE33190}\Setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
924PLC32-->MsiExec.exe /I{94721EA3-7EA6-43EA-B99C-A5D0E3C66240}
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
AIM 6-->C:\Program Files\AIM6\uninst.exe
Andrea VoiceCenter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D2AE3F6-79DF-423C-91CB-389F6FB5837B}\Setup.exe" -Remove
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
Corel Photo Album 6-->MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354}
Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\Setup.exe" -l0x9 /remove
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Game Console-->"C:\Program Files\WildTangent\Apps\Dell Game Console\Uninstall.exe"
Dell Media Experience-->MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
Dell Photo AIO Printer 924-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dlccUNST.EXE -NOLICENSE
Digital Content Portal-->MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Documentation & Support Launcher-->MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
ELIcon-
  • 0

#10
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
No need to put them in quotes

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O4 - HKUS\S-1-5-19\..\Run: [bekabaguyu] Rundll32.exe "C:\WINDOWS\system32\vetimova.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [bekabaguyu] Rundll32.exe "C:\WINDOWS\system32\vetimova.dll",s (User 'NETWORK SERVICE')
O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL , c:\windows\system32\puneromi.dll


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.


Reboot and post a new HJT log
  • 0

#11
Killabyte

Killabyte

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Here's the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:43:59 AM, on 12/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O24 - Desktop Component 0: (no name) - http://www1.istockph...can_soldier.jpg

--
End of file - 8469 bytes


  • 0

#12
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean

Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com.../readstep2.html



Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.



  • Make sure you have an Internet Connection.
  • Download OTCleanIt to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTCleanUp to reach the Internet, please allow the application to do so.
  • Click Yes to beging the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.



Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.




Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:

SpywareBlaster protects against bad ActiveX

* SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.


*ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

*NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

*Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

*ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

* Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

Thank you for your patience, and performing all of the procedures requested.
  • 0

#13
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP