Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Netbook can't boot windows.


  • This topic is locked This topic is locked

#16
Clareykins

Clareykins

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
I have a copy of xp yes, but not one for this netbook specifically. It's one that came with another laptop with drivers for that older pc included.
  • 0

Advertisements


#17
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi Clareykins,

You need an XP Installation CD to do this fix . (An alternative is to find a working XP machine and copy the required files) . :D

Step One

  • Insert your Windows XP disk in your CD drive
  • Click Start > Run and type CMD {enter}
  • Click in the command box and type the following and pressing enter after each line (if your CD is not drive D:, please substitute the actual drive letter)

expand d:\i386\winlogon.ex_ c:\replace\winlogon.exe
expand d:\i386\svchost.ex_ c:\replace\svchost.exe
expand d:\i386\explorer.ex_ c:\replace\explorer.exe


  • Open the folder C:\replace and verify that all three files is visible.
  • Transfer the folder to the root drive of the ailing computer (C:\)

If you dont have access to an installation CD, create a folder C:\replace in the ailing laptop then copy and all three files from a working XP machine.

Step Two

Start OTLPE as you did previously from CD
Copy the attached Fix.txt to a USB
Attached File  fix.txt   65.75KB   387 downloads

  • Insert your USB drive with fix.txt on it
  • Start OTLPE
  • Drag and drop fix.txt into the Custom scans and fixes box
  • If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done to normal mode if possible
  • Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

Also, please note any errors that you may encounter.
  • 0

#18
Clareykins

Clareykins

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
I started CMD on the clean vista machine and followed your instructions, which resulted in 'No destinaton specified for d:\i386\winlogon.ex_c:\replace\winlogon.exe' so I created the replace folder on the flash drive and copied the xp files into it directly from an xp machine as you said. Booted the culprit netbook from USB as before and copied the 'replace' folder on my flash drive directly to the netbooks C: drive. All seemed to go fine other than one of those windows info bubbles popping out of the system tray warning me that... "OTLPE: OTLPE.exe - Corrupt File The file or directory C:\replace is corrupt and unreadable. Please run the Chkdsk utility." I don't know if thats relevant to anything or just there because OTL moved it but all looks ok so far.
On re-boot the windows logo shows which is further than I've got before, Chkdsk ran without interruptions from me but watching it run I can see hundreds of 'index entries' being deleted. Windows loaded just fine and although I can't log onto my friends ID (she's left it password protected) I can log onto her daughters administrator account. Just looking at the desktop I've a pretty good idea how the damage has been done and I'm not completely sure where to start cleaning it up. What a mess!! :'(

The text file I was presented with:-

Error: Unable to interpret <O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (MyWebSearch.com)> in the current context!
Error: Unable to interpret <O3 - HKU\dion_ON_C\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (MyWebSearch.com)> in the current context!
Error: Unable to interpret <O3 - HKU\Tamara_x_x_ON_C\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (MyWebSearch.com)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRmSc] C:\Documents and Settings\Tamara x x\Local Settings\Temp\avp32.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRnE0] C:\Documents and Settings\Tamara x x\Local Settings\Temp\cmd .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRnEc] C:\Documents and Settings\Tamara x x\Local Settings\Temp\cmd .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRnEg0] C:\Documents and Settings\Tamara x x\Local Settings\Temp\cmd .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRnEgc] C:\Documents and Settings\Tamara x x\Local Settings\Temp\cmd .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRnEgg0] C:\Documents and Settings\Tamara x x\Local Settings\Temp\cmd .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRnEggc] C:\Documents and Settings\Tamara x x\Local Settings\Temp\cmd .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRnEggj] C:\Documents and Settings\Tamara x x\Local Settings\Temp\cmd .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRnEggK] C:\Documents and Settings\Tamara x x\Local Settings\Temp\cmd .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRnEgj] C:\Documents and Settings\Tamara x x\Local Settings\Temp\cmd .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRnEgK] C:\Documents and Settings\Tamara x x\Local Settings\Temp\cmd .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRnEj] C:\Documents and Settings\Tamara x x\Local Settings\Temp\cmd .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRnEK] C:\Documents and Settings\Tamara x x\Local Settings\Temp\cmd .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRnH] C:\Documents and Settings\Tamara x x\Local Settings\Temp\cmd .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRnsc] C:\Documents and Settings\Tamara x x\Local Settings\Temp\drweb.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRny0] C:\Documents and Settings\Tamara x x\Local Settings\Temp\csrss .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRnyc] C:\Documents and Settings\Tamara x x\Local Settings\Temp\csrss.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRnyg0] C:\Documents and Settings\Tamara x x\Local Settings\Temp\csrss .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRnygc] C:\Documents and Settings\Tamara x x\Local Settings\Temp\csrss .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRnygg0] C:\Documents and Settings\Tamara x x\Local Settings\Temp\csrss .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRnyggc] C:\Documents and Settings\Tamara x x\Local Settings\Temp\csrss .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRnyggK] C:\Documents and Settings\Tamara x x\Local Settings\Temp\csrss .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRnygj] C:\Documents and Settings\Tamara x x\Local Settings\Temp\csrss .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRnygK] C:\Documents and Settings\Tamara x x\Local Settings\Temp\csrss .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRnyj] C:\Documents and Settings\Tamara x x\Local Settings\Temp\csrss .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRnyK] C:\Documents and Settings\Tamara x x\Local Settings\Temp\csrss .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRnZ] C:\Documents and Settings\Tamara x x\Local Settings\Temp\cmd.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRota] C:\Documents and Settings\Tamara x x\Local Settings\Temp\install.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRotc] C:\Documents and Settings\Tamara x x\Local Settings\Temp\hexdump.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRotGc] C:\Documents and Settings\Tamara x x\Local Settings\Temp\install .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRotGK] C:\Documents and Settings\Tamara x x\Local Settings\Temp\install .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRotH0] C:\Documents and Settings\Tamara x x\Local Settings\Temp\hexdump .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRotHc] C:\Documents and Settings\Tamara x x\Local Settings\Temp\hexdump .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRotHg0] C:\Documents and Settings\Tamara x x\Local Settings\Temp\hexdump .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRotHgc] C:\Documents and Settings\Tamara x x\Local Settings\Temp\hexdump .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRotHggc] C:\Documents and Settings\Tamara x x\Local Settings\Temp\hexdump .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRotHgj] C:\Documents and Settings\Tamara x x\Local Settings\Temp\hexdump .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRotHgK] C:\Documents and Settings\Tamara x x\Local Settings\Temp\hexdump .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRotHj] C:\Documents and Settings\Tamara x x\Local Settings\Temp\hexdump .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRotHK] C:\Documents and Settings\Tamara x x\Local Settings\Temp\hexdump .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRotJ] C:\Documents and Settings\Tamara x x\Local Settings\Temp\install .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRotK] C:\Documents and Settings\Tamara x x\Local Settings\Temp\hexdump .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRouqc] C:\Documents and Settings\Tamara x x\Local Settings\Temp\iexplarer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRouqK] C:\Documents and Settings\Tamara x x\Local Settings\Temp\iexplarer .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRpc+] C:\Documents and Settings\Tamara x x\Local Settings\Temp\n2mih8u .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRpc70] C:\Documents and Settings\Tamara x x\Local Settings\Temp\n2mih8u .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRpc7c] C:\Documents and Settings\Tamara x x\Local Settings\Temp\n2mih8u .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRpc7g0] C:\Documents and Settings\Tamara x x\Local Settings\Temp\n2mih8u .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRpc7gc] C:\Documents and Settings\Tamara x x\Local Settings\Temp\n2mih8u .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRpc7gj] C:\Documents and Settings\Tamara x x\Local Settings\Temp\n2mih8u .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRpc7gK] C:\Documents and Settings\Tamara x x\Local Settings\Temp\n2mih8u .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRpc7j] C:\Documents and Settings\Tamara x x\Local Settings\Temp\n2mih8u .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRpc7K] C:\Documents and Settings\Tamara x x\Local Settings\Temp\n2mih8u .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRpcQ] C:\Documents and Settings\Tamara x x\Local Settings\Temp\n2mih8u.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRpr0] C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRprc] C:\Documents and Settings\Tamara x x\Local Settings\Temp\login.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRprg0] C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRprgc] C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRprgg0] C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRprggc] C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRprggg0] C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRprgggc] C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRprgggj] C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRprgggK] C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRprggj] C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRprggK] C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRprgj] C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRprgK] C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRprj] C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRprK] C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRpSg2c] C:\Documents and Settings\Tamara x x\Local Settings\Temp\l42muyf1sx .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRpSg2K] C:\Documents and Settings\Tamara x x\Local Settings\Temp\l42muyf1sx .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRpSg5] C:\Documents and Settings\Tamara x x\Local Settings\Temp\l42muyf1sx .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRpSgg] C:\Documents and Settings\Tamara x x\Local Settings\Temp\l42muyf1sx.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRpSgK] C:\Documents and Settings\Tamara x x\Local Settings\Temp\l42muyf1sx .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRpZ] C:\Documents and Settings\Tamara x x\Local Settings\Temp\mdm.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRrc0] C:\Documents and Settings\Tamara x x\Local Settings\Temp\smss .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRrcc] C:\Documents and Settings\Tamara x x\Local Settings\Temp\smss .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRrcj] C:\Documents and Settings\Tamara x x\Local Settings\Temp\smss .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRrcK] C:\Documents and Settings\Tamara x x\Local Settings\Temp\smss .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRrg] C:\Documents and Settings\Tamara x x\Local Settings\Temp\smss.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRrta] C:\Documents and Settings\Tamara x x\Local Settings\Temp\services.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRrtWc] C:\Documents and Settings\Tamara x x\Local Settings\Temp\services .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRrv0] C:\Documents and Settings\Tamara x x\Local Settings\Temp\setup .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRrvc] C:\Documents and Settings\Tamara x x\Local Settings\Temp\setup.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRrvg0] C:\Documents and Settings\Tamara x x\Local Settings\Temp\setup .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRrvgc] C:\Documents and Settings\Tamara x x\Local Settings\Temp\setup .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRrvgg0] C:\Documents and Settings\Tamara x x\Local Settings\Temp\setup .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRrvggc] C:\Documents and Settings\Tamara x x\Local Settings\Temp\setup .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRrvggj] C:\Documents and Settings\Tamara x x\Local Settings\Temp\setup .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRrvggK] C:\Documents and Settings\Tamara x x\Local Settings\Temp\setup .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRrvgj] C:\Documents and Settings\Tamara x x\Local Settings\Temp\setup .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRrvgK] C:\Documents and Settings\Tamara x x\Local Settings\Temp\setup .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRrvj] C:\Documents and Settings\Tamara x x\Local Settings\Temp\setup .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRrvK] C:\Documents and Settings\Tamara x x\Local Settings\Temp\setup .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRsa] C:\Documents and Settings\Tamara x x\Local Settings\Temp\win.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRsPc] C:\Documents and Settings\Tamara x x\Local Settings\Temp\win16.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRsPK] C:\Documents and Settings\Tamara x x\Local Settings\Temp\win32 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRsre] C:\Documents and Settings\Tamara x x\Local Settings\Temp\wininst.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRsrJ0] C:\Documents and Settings\Tamara x x\Local Settings\Temp\wininst .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRsrJc] C:\Documents and Settings\Tamara x x\Local Settings\Temp\wininst .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRsrJg0] C:\Documents and Settings\Tamara x x\Local Settings\Temp\wininst .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRsrJgc] C:\Documents and Settings\Tamara x x\Local Settings\Temp\wininst .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRsrJgj] C:\Documents and Settings\Tamara x x\Local Settings\Temp\wininst .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRsrJgK] C:\Documents and Settings\Tamara x x\Local Settings\Temp\wininst .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRsrJj] C:\Documents and Settings\Tamara x x\Local Settings\Temp\wininst .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRsrJK] C:\Documents and Settings\Tamara x x\Local Settings\Temp\wininst .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HNUIQOXRsrN] C:\Documents and Settings\Tamara x x\Local Settings\Temp\wininst .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKbMc] C:\WINDOWS\gdi32.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKbtc] C:\WINDOWS\hexdump.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKbtH0] C:\WINDOWS\hexdump .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKbtHc] C:\WINDOWS\hexdump .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKbtHg0] C:\WINDOWS\hexdump .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKbtHgc] C:\WINDOWS\hexdump .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKbtHgK] C:\WINDOWS\hexdump .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKbtHj] C:\WINDOWS\hexdump .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKbtHK] C:\WINDOWS\hexdump .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKbtK] C:\WINDOWS\hexdump .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKbuqc] C:\WINDOWS\iexplarer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKcr0] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKcrc] C:\WINDOWS\login.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKcrg0] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKcrgc] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKcrgg0] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKcrggc] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKcrggg0] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKcrgggc] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKcrgggg0] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKcrggggc] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKcrggggg0] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKcrgggggc] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKcrgggggg0] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKcrggggggc] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKcrggggggg0] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKcrgggggggc] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKcrgggggggg0] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKcrggggggggc] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKcrgggggggggc] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKcrgggggggggK] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKcrggggggggj] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKcrggggggggK] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKcrgggggggj] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKcrgggggggK] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKcrggggggj] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKcrggggggK] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKcrgggggj] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKcrgggggK] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKcrggggj] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKcrggggK] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKcrgggj] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKcrgggK] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKcrggj] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKcrggK] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKcrgj] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKcrgK] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKcrj] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKcrK] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKcuc] C:\WINDOWS\lsass.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKcZ] C:\WINDOWS\mdm.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKdw+] C:\WINDOWS\nvsvc32.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKdws] C:\WINDOWS\nvsvc32 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKerb] C:\WINDOWS\taskmgr.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKeta] C:\WINDOWS\services.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKetW0] C:\WINDOWS\services .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKetWc] C:\WINDOWS\services .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKetWg0] C:\WINDOWS\services .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKetWgc] C:\WINDOWS\services .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKetWgg0] C:\WINDOWS\services .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKetWggc] C:\WINDOWS\services .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKetWggg0] C:\WINDOWS\services .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKetWgggc] C:\WINDOWS\services .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKetWgggK] C:\WINDOWS\services .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKetWggj] C:\WINDOWS\services .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKetWggK] C:\WINDOWS\services .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKetWggKWS\services .exe] C:\WINDOWS\services .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKetWgj] C:\WINDOWS\services .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKetWgK] C:\WINDOWS\services .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKetWj] C:\WINDOWS\services .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKetWK] C:\WINDOWS\services .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKeuf] C:\WINDOWS\spoolsv.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKeuK0] C:\WINDOWS\spoolsv .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKeuKc] C:\WINDOWS\spoolsv .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKeuKK] C:\WINDOWS\spoolsv .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKeuN] C:\WINDOWS\spoolsv .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKev0] C:\WINDOWS\setup .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKevc] C:\WINDOWS\setup.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKevj] C:\WINDOWS\setup .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKevK] C:\WINDOWS\setup .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKexe] C:\WINDOWS\system.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKfa] C:\WINDOWS\win.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKfP0] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKfPc] C:\WINDOWS\win16.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKfPg0] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKfPgc] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKfPgg0] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKfPggc] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKfPggg0] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKfPgggc] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKfPgggg0] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKfPggggc] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKfPggggg0] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKfPgggggc] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKfPgggggg0] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKfPggggggc] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKfPggggggg0] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKfPgggggggc] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKfPggggggggc] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKfPgggggggj] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKfPgggggggK] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKfPggggggj] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKfPggggggK] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKfPgggggj] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKfPgggggK] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKfPggggj] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKfPggggK] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKfPgggj] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKfPgggK] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKfPggj] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKfPggK] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKfPgj] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKfPgK] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKfPj] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKfPK] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKfre] C:\WINDOWS\wininst.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKfsc] C:\WINDOWS\winlogon.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKWPeP] C:\WINDOWS\temp\avp32.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKWPf6] C:\WINDOWS\temp\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKWPfQ] C:\WINDOWS\temp\win16.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKWPrc] C:\WINDOWS\temp\winamp.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKWPsf] C:\WINDOWS\temp\lsass.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKWPsJ] C:\WINDOWS\temp\lsass .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKWPtd0] C:\WINDOWS\temp\wininst .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKWPtdc] C:\WINDOWS\temp\wininst .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKWPtdgc] C:\WINDOWS\temp\wininst .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKWPtdj] C:\WINDOWS\temp\wininst .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKWPtdK] C:\WINDOWS\temp\wininst .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKWPtg] C:\WINDOWS\temp\wininst.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKWPtp0c] C:\WINDOWS\temp\iexplarer .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKWPtp0K] C:\WINDOWS\temp\iexplarer .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKWPtp4] C:\WINDOWS\temp\iexplarer .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKWPtpf] C:\WINDOWS\temp\iexplarer.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKWPtpJ] C:\WINDOWS\temp\iexplarer .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKWPvZ] C:\WINDOWS\temp\install.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKWPwe] C:\WINDOWS\temp\setup.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKWPwI] C:\WINDOWS\temp\setup .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKZe] C:\WINDOWS\avp.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKZSc] C:\WINDOWS\avp32.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MKZSK] C:\WINDOWS\avp32 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files\MyWebSearch\bar\2.bin\m3SrchMn.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\2.bin\mwsoemon.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [nonep] C:\Documents and Settings\Tamara x x\Local Settings\Temp\tmp0cec1dad\ee .exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [uPc+MV0NdhaGuo] C:\WINDOWS\System32\n3xy5nh.DLL ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [uPc+MV0NmQaXms] C:\WINDOWS\System32\foj6mp.DLL ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [Yrowamumoke] C:\WINDOWS\idohokofa.DLL ()> in the current context!
Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [dfrgsnapnt.exe] C:\WINDOWS\temp\dfrgsnapnt.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [HNUIQOXRmSc] C:\Documents and Settings\Tamara x x\Local Settings\Temp\avp32.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [HNUIQOXRotK] C:\Documents and Settings\Tamara x x\Local Settings\Temp\hexdump .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [HNUIQOXRouqK] C:\Documents and Settings\Tamara x x\Local Settings\Temp\iexplarer .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [HNUIQOXRpc+] C:\Documents and Settings\Tamara x x\Local Settings\Temp\n2mih8u .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [HNUIQOXRpSgK] C:\Documents and Settings\Tamara x x\Local Settings\Temp\l42muyf1sx .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [HNUIQOXRrcc] C:\Documents and Settings\Tamara x x\Local Settings\Temp\smss .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [HNUIQOXRrtWc] C:\Documents and Settings\Tamara x x\Local Settings\Temp\services .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [HNUIQOXRrvK] C:\Documents and Settings\Tamara x x\Local Settings\Temp\setup .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [HNUIQOXRsrN] C:\Documents and Settings\Tamara x x\Local Settings\Temp\wininst .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [MKbMc] C:\WINDOWS\gdi32.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [MKbtK] C:\WINDOWS\hexdump .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [MKcr0] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [MKcrg0] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [MKcrgc] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [MKcrggc] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [MKcrggK] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [MKcrgj] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [MKcrgK] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [MKcrj] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [MKcrK] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [MKcuc] C:\WINDOWS\lsass.exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [MKcZ] C:\WINDOWS\mdm.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [MKerb] C:\WINDOWS\taskmgr.exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [MKetW0] C:\WINDOWS\services .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [MKetWc] C:\WINDOWS\services .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [MKetWg0] C:\WINDOWS\services .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [MKetWgc] C:\WINDOWS\services .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [MKetWgj] C:\WINDOWS\services .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [MKetWgK] C:\WINDOWS\services .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [MKetWj] C:\WINDOWS\services .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [MKetWK] C:\WINDOWS\services .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [MKeuf] C:\WINDOWS\spoolsv.exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [MKexe] C:\WINDOWS\system.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [MKfa] C:\WINDOWS\win.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [MKfP0] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [MKfre] C:\WINDOWS\wininst.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [MKWPeP] C:\WINDOWS\temp\avp32.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [MKWPfQ] C:\WINDOWS\temp\win16.exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [MKWPrc] C:\WINDOWS\temp\winamp.exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [MKWPsf] C:\WINDOWS\temp\lsass.exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [MKWPtg] C:\WINDOWS\temp\wininst.exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [MKWPtp4] C:\WINDOWS\temp\iexplarer .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [MKWPtpf] C:\WINDOWS\temp\iexplarer.exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [MKWPtpJ] C:\WINDOWS\temp\iexplarer .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [MKWPvZ] C:\WINDOWS\temp\install.exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [MKWPwe] C:\WINDOWS\temp\setup.exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [MKZe] C:\WINDOWS\avp.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [uPc+MV0NmQaXms] C:\WINDOWS\System32\foj6mp.DLL ()> in the current context!
Error: Unable to interpret <O4 - HKU\dion_ON_C..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe File not found> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [{134DDCDE-3647-82F6-EE94-F56836D4842B}] C:\Documents and Settings\Tamara x x\Application Data\Izkoo\asema.exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [{24984FB9-75B1-7984-F4FB-36E75E4A8403}] C:\Documents and Settings\Tamara x x\Application Data\Cuas\uvydu.exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [{467FD43A-2F18-771E-930B-BAEF778D6D00}] C:\Documents and Settings\Tamara x x\Application Data\Acapqe\xaada.exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRmSc] C:\Documents and Settings\Tamara x x\Local Settings\Temp\avp32.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRnE0] C:\Documents and Settings\Tamara x x\Local Settings\Temp\cmd .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRnEc] C:\Documents and Settings\Tamara x x\Local Settings\Temp\cmd .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRnEg0] C:\Documents and Settings\Tamara x x\Local Settings\Temp\cmd .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRnEgc] C:\Documents and Settings\Tamara x x\Local Settings\Temp\cmd .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRnEgg0] C:\Documents and Settings\Tamara x x\Local Settings\Temp\cmd .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRnEggc] C:\Documents and Settings\Tamara x x\Local Settings\Temp\cmd .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRnEggj] C:\Documents and Settings\Tamara x x\Local Settings\Temp\cmd .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRnEggK] C:\Documents and Settings\Tamara x x\Local Settings\Temp\cmd .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRnEgj] C:\Documents and Settings\Tamara x x\Local Settings\Temp\cmd .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRnEgK] C:\Documents and Settings\Tamara x x\Local Settings\Temp\cmd .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRnEj] C:\Documents and Settings\Tamara x x\Local Settings\Temp\cmd .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRnEK] C:\Documents and Settings\Tamara x x\Local Settings\Temp\cmd .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRnH] C:\Documents and Settings\Tamara x x\Local Settings\Temp\cmd .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRnsc] C:\Documents and Settings\Tamara x x\Local Settings\Temp\drweb.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRny0] C:\Documents and Settings\Tamara x x\Local Settings\Temp\csrss .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRnyc] C:\Documents and Settings\Tamara x x\Local Settings\Temp\csrss.exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRnyg0] C:\Documents and Settings\Tamara x x\Local Settings\Temp\csrss .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRnygc] C:\Documents and Settings\Tamara x x\Local Settings\Temp\csrss .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRnygg0] C:\Documents and Settings\Tamara x x\Local Settings\Temp\csrss .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRnyggc] C:\Documents and Settings\Tamara x x\Local Settings\Temp\csrss .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRnyggK] C:\Documents and Settings\Tamara x x\Local Settings\Temp\csrss .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRnygj] C:\Documents and Settings\Tamara x x\Local Settings\Temp\csrss .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRnygK] C:\Documents and Settings\Tamara x x\Local Settings\Temp\csrss .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRnyj] C:\Documents and Settings\Tamara x x\Local Settings\Temp\csrss .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRnyK] C:\Documents and Settings\Tamara x x\Local Settings\Temp\csrss .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRnZ] C:\Documents and Settings\Tamara x x\Local Settings\Temp\cmd.exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRota] C:\Documents and Settings\Tamara x x\Local Settings\Temp\install.exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRotc] C:\Documents and Settings\Tamara x x\Local Settings\Temp\hexdump.exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRotGc] C:\Documents and Settings\Tamara x x\Local Settings\Temp\install .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRotGK] C:\Documents and Settings\Tamara x x\Local Settings\Temp\install .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRotH0] C:\Documents and Settings\Tamara x x\Local Settings\Temp\hexdump .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRotHc] C:\Documents and Settings\Tamara x x\Local Settings\Temp\hexdump .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRotHg0] C:\Documents and Settings\Tamara x x\Local Settings\Temp\hexdump .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRotHgc] C:\Documents and Settings\Tamara x x\Local Settings\Temp\hexdump .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRotHggc] C:\Documents and Settings\Tamara x x\Local Settings\Temp\hexdump .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRotHgj] C:\Documents and Settings\Tamara x x\Local Settings\Temp\hexdump .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRotHgK] C:\Documents and Settings\Tamara x x\Local Settings\Temp\hexdump .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRotHj] C:\Documents and Settings\Tamara x x\Local Settings\Temp\hexdump .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRotHK] C:\Documents and Settings\Tamara x x\Local Settings\Temp\hexdump .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRotJ] C:\Documents and Settings\Tamara x x\Local Settings\Temp\install .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRouqc] C:\Documents and Settings\Tamara x x\Local Settings\Temp\iexplarer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRpc70] C:\Documents and Settings\Tamara x x\Local Settings\Temp\n2mih8u .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRpc7c] C:\Documents and Settings\Tamara x x\Local Settings\Temp\n2mih8u .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRpc7g0] C:\Documents and Settings\Tamara x x\Local Settings\Temp\n2mih8u .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRpc7gc] C:\Documents and Settings\Tamara x x\Local Settings\Temp\n2mih8u .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRpc7gj] C:\Documents and Settings\Tamara x x\Local Settings\Temp\n2mih8u .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRpc7gK] C:\Documents and Settings\Tamara x x\Local Settings\Temp\n2mih8u .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRpc7j] C:\Documents and Settings\Tamara x x\Local Settings\Temp\n2mih8u .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRpc7K] C:\Documents and Settings\Tamara x x\Local Settings\Temp\n2mih8u .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRpcQ] C:\Documents and Settings\Tamara x x\Local Settings\Temp\n2mih8u.exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRpr0] C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRprc] C:\Documents and Settings\Tamara x x\Local Settings\Temp\login.exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRprg0] C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRprgc] C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRprgg0] C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRprggc] C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRprggg0] C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRprgggc] C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRprgggj] C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRprgggK] C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRprggj] C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRprggK] C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRprgj] C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRprgK] C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRprj] C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRprK] C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRpSg2c] C:\Documents and Settings\Tamara x x\Local Settings\Temp\l42muyf1sx .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRpSg2K] C:\Documents and Settings\Tamara x x\Local Settings\Temp\l42muyf1sx .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRpSg5] C:\Documents and Settings\Tamara x x\Local Settings\Temp\l42muyf1sx .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRpSgg] C:\Documents and Settings\Tamara x x\Local Settings\Temp\l42muyf1sx.exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRpZ] C:\Documents and Settings\Tamara x x\Local Settings\Temp\mdm.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRrc0] C:\Documents and Settings\Tamara x x\Local Settings\Temp\smss .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRrcj] C:\Documents and Settings\Tamara x x\Local Settings\Temp\smss .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRrcK] C:\Documents and Settings\Tamara x x\Local Settings\Temp\smss .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRrg] C:\Documents and Settings\Tamara x x\Local Settings\Temp\smss.exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRrta] C:\Documents and Settings\Tamara x x\Local Settings\Temp\services.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRrv0] C:\Documents and Settings\Tamara x x\Local Settings\Temp\setup .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRrvc] C:\Documents and Settings\Tamara x x\Local Settings\Temp\setup.exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRrvg0] C:\Documents and Settings\Tamara x x\Local Settings\Temp\setup .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRrvgc] C:\Documents and Settings\Tamara x x\Local Settings\Temp\setup .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRrvgg0] C:\Documents and Settings\Tamara x x\Local Settings\Temp\setup .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRrvggc] C:\Documents and Settings\Tamara x x\Local Settings\Temp\setup .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRrvggj] C:\Documents and Settings\Tamara x x\Local Settings\Temp\setup .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRrvggK] C:\Documents and Settings\Tamara x x\Local Settings\Temp\setup .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRrvgj] C:\Documents and Settings\Tamara x x\Local Settings\Temp\setup .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRrvgK] C:\Documents and Settings\Tamara x x\Local Settings\Temp\setup .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRrvj] C:\Documents and Settings\Tamara x x\Local Settings\Temp\setup .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRsa] C:\Documents and Settings\Tamara x x\Local Settings\Temp\win.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRsPc] C:\Documents and Settings\Tamara x x\Local Settings\Temp\win16.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRsPK] C:\Documents and Settings\Tamara x x\Local Settings\Temp\win32 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRsre] C:\Documents and Settings\Tamara x x\Local Settings\Temp\wininst.exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRsrJ0] C:\Documents and Settings\Tamara x x\Local Settings\Temp\wininst .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRsrJc] C:\Documents and Settings\Tamara x x\Local Settings\Temp\wininst .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRsrJg0] C:\Documents and Settings\Tamara x x\Local Settings\Temp\wininst .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRsrJgc] C:\Documents and Settings\Tamara x x\Local Settings\Temp\wininst .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRsrJgj] C:\Documents and Settings\Tamara x x\Local Settings\Temp\wininst .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRsrJgK] C:\Documents and Settings\Tamara x x\Local Settings\Temp\wininst .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRsrJj] C:\Documents and Settings\Tamara x x\Local Settings\Temp\wininst .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [HNUIQOXRsrJK] C:\Documents and Settings\Tamara x x\Local Settings\Temp\wininst .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKbMc] C:\WINDOWS\gdi32.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKbtc] C:\WINDOWS\hexdump.exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKbtH0] C:\WINDOWS\hexdump .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKbtHc] C:\WINDOWS\hexdump .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKbtHg0] C:\WINDOWS\hexdump .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKbtHgc] C:\WINDOWS\hexdump .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKbtHgK] C:\WINDOWS\hexdump .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKbtHj] C:\WINDOWS\hexdump .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKbtHK] C:\WINDOWS\hexdump .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKbuqc] C:\WINDOWS\iexplarer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKcrc] C:\WINDOWS\login.exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKcrgg0] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKcrggg0] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKcrgggc] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKcrgggg0] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKcrggggc] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKcrggggg0] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKcrgggggc] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKcrgggggg0] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKcrggggggc] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKcrggggggg0] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKcrgggggggc] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKcrgggggggg0] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKcrggggggggc] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKcrgggggggggc] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKcrgggggggggK] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKcrggggggggj] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKcrggggggggK] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKcrgggggggj] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKcrgggggggK] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKcrggggggj] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKcrggggggK] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKcrgggggj] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKcrgggggK] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKcrggggj] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKcrggggK] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKcrgggj] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKcrgggK] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKcrggj] C:\WINDOWS\login .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKcuc] C:\WINDOWS\lsass.exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKcZ] C:\WINDOWS\mdm.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKdw+] C:\WINDOWS\nvsvc32.exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKdws] C:\WINDOWS\nvsvc32 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKeta] C:\WINDOWS\services.exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKetWgg0] C:\WINDOWS\services .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKetWggc] C:\WINDOWS\services .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKetWggg0] C:\WINDOWS\services .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKetWgggc] C:\WINDOWS\services .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKetWgggK] C:\WINDOWS\services .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKetWggj] C:\WINDOWS\services .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKetWggK] C:\WINDOWS\services .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKetWggKWS\services .exe] C:\WINDOWS\services .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKeuK0] C:\WINDOWS\spoolsv .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKeuKc] C:\WINDOWS\spoolsv .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKeuKK] C:\WINDOWS\spoolsv .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKeuN] C:\WINDOWS\spoolsv .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKev0] C:\WINDOWS\setup .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKevc] C:\WINDOWS\setup.exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKevj] C:\WINDOWS\setup .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKevK] C:\WINDOWS\setup .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKexe] C:\WINDOWS\system.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKfa] C:\WINDOWS\win.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKfPc] C:\WINDOWS\win16.exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKfPg0] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKfPgc] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKfPgg0] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKfPggc] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKfPggg0] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKfPgggc] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKfPgggg0] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKfPggggc] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKfPggggg0] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKfPgggggc] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKfPgggggg0] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKfPggggggc] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKfPggggggg0] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKfPgggggggc] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKfPggggggggc] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKfPgggggggj] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKfPgggggggK] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKfPggggggj] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKfPggggggK] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKfPgggggj] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKfPgggggK] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKfPggggj] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKfPggggK] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKfPgggj] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKfPgggK] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKfPggj] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKfPggK] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKfPgj] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKfPgK] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKfPj] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKfPK] C:\WINDOWS\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKfre] C:\WINDOWS\wininst.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKfsc] C:\WINDOWS\winlogon.exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKWPeP] C:\WINDOWS\temp\avp32.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKWPf6] C:\WINDOWS\temp\win16 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKWPsJ] C:\WINDOWS\temp\lsass .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKWPtd0] C:\WINDOWS\temp\wininst .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKWPtdc] C:\WINDOWS\temp\wininst .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKWPtdgc] C:\WINDOWS\temp\wininst .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKWPtdj] C:\WINDOWS\temp\wininst .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKWPtdK] C:\WINDOWS\temp\wininst .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKWPtp0c] C:\WINDOWS\temp\iexplarer .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKWPtp0K] C:\WINDOWS\temp\iexplarer .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKWPvZ] C:\WINDOWS\temp\install.exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKWPwI] C:\WINDOWS\temp\setup .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKZe] C:\WINDOWS\avp.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKZSc] C:\WINDOWS\avp32.exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MKZSK] C:\WINDOWS\avp32 .exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\2.bin\mwsoemon.exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [Osemadavakule] C:\WINDOWS\wmumelog.DLL ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [uPc+MV0NdhaGuo] C:\WINDOWS\System32\n3xy5nh.DLL ()> in the current context!
Error: Unable to interpret <O4 - HKU\Tamara_x_x_ON_C..\Run: [uPc+MV0NmQaXms] C:\WINDOWS\System32\foj6mp.DLL ()> in the current context!
Error: Unable to interpret <O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)> in the current context!
Error: Unable to interpret <O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\depabi.exe ()> in the current context!
Error: Unable to interpret <O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\eqysop.exe ()> in the current context!
Error: Unable to interpret <O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\faxuo.exe ()> in the current context!
Error: Unable to interpret <O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\hosa.exe (Hex-Rays SA)> in the current context!
Error: Unable to interpret <O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\ikcesy.exe ()> in the current context!
Error: Unable to interpret <O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\ipcuad.exe ()> in the current context!
Error: Unable to interpret <O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\kaxi.exe ()> in the current context!
Error: Unable to interpret <O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\nioh.exe ()> in the current context!
Error: Unable to interpret <O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\uhen.exe ()> in the current context!
Error: Unable to interpret <O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\wogee.exe ()> in the current context!
Error: Unable to interpret <O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\xoymho.exe ()> in the current context!
Error: Unable to interpret <O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\yrezyq.exe ()> in the current context!
Error: Unable to interpret <O4 - Startup: C:\Documents and Settings\dion\Start Menu\Programs\Startup\ceaf.exe ()> in the current context!
Error: Unable to interpret <O4 - Startup: C:\Documents and Settings\dion\Start Menu\Programs\Startup\daikn.exe ()> in the current context!
Error: Unable to interpret <O4 - Startup: C:\Documents and Settings\dion\Start Menu\Programs\Startup\ecyri.exe (Hex-Rays SA)> in the current context!
Error: Unable to interpret <O4 - Startup: C:\Documents and Settings\dion\Start Menu\Programs\Startup\fumi.exe ()> in the current context!
Error: Unable to interpret <O4 - Startup: C:\Documents and Settings\dion\Start Menu\Programs\Startup\imte.exe ()> in the current context!
Error: Unable to interpret <O4 - Startup: C:\Documents and Settings\dion\Start Menu\Programs\Startup\liug.exe ()> in the current context!
Error: Unable to interpret <O4 - Startup: C:\Documents and Settings\dion\Start Menu\Programs\Startup\nyur.exe ()> in the current context!
Error: Unable to interpret <O4 - Startup: C:\Documents and Settings\dion\Start Menu\Programs\Startup\ocami.exe ()> in the current context!
Error: Unable to interpret <O4 - Startup: C:\Documents and Settings\dion\Start Menu\Programs\Startup\oryte.exe ()> in the current context!
Error: Unable to interpret <O4 - Startup: C:\Documents and Settings\dion\Start Menu\Programs\Startup\ovqe.exe ()> in the current context!
Error: Unable to interpret <O4 - Startup: C:\Documents and Settings\dion\Start Menu\Programs\Startup\xeitab.exe ()> in the current context!
Error: Unable to interpret <O4 - Startup: C:\Documents and Settings\dion\Start Menu\Programs\Startup\ysdy.exe ()> in the current context!
Error: Unable to interpret <O4 - Startup: C:\Documents and Settings\Tamara x x\Start Menu\Programs\Startup\logtec32.exe ()> in the current context!
Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1> in the current context!
Error: Unable to interpret <O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1> in the current context!
Error: Unable to interpret <O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1> in the current context!
Error: Unable to interpret <O7 - HKU\Tamara_x_x_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1> in the current context!
Error: Unable to interpret <O7 - HKU\Tamara_x_x_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1> in the current context!
Error: Unable to interpret <O7 - HKU\Tamara_x_x_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1> in the current context!
Error: Unable to interpret <O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfar...etup1.0.1.3.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O20 - HKLM Winlogon: UserInit - (c:\program files\microsoft\desktoplayer.exe) - C:\Program Files\Microsoft\DesktopLayer.exe ()> in the current context!
Error: Unable to interpret <O20 - HKU\.DEFAULT Winlogon: Shell - (C:\Documents and Settings\NetworkService\Application Data\hotfix.exe) - C:\Documents and Settings\NetworkService\Application Data\hotfix.exe File not found> in the current context!
Error: Unable to interpret <O20 - HKU\dion_ON_C Winlogon: Shell - (C:\Documents and Settings\dion\Application Data\antispy.exe) - C:\Documents and Settings\dion\Application Data\antispy.exe (Inclusen shild AG)> in the current context!
Error: Unable to interpret <O20 - HKU\Tamara_x_x_ON_C Winlogon: Shell - (C:\Documents and Settings\Tamara x x\Application Data\hotfix.exe) - C:\Documents and Settings\Tamara x x\Application Data\hotfix.exe ()> in the current context!
Error: Unable to interpret <O22 - SharedTaskScheduler: {D6BA40A1-A502-59BD-F413-04B03A2C8953} - iskjsfuwajiduhf87sfydudhnf - C:\WINDOWS\system32\mzmddj1nar.dll ()> in the current context!
Error: Unable to interpret <[2010/10/28 15:29:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tamara x x\Local Settings\Application Data\Temp> in the current context!
Error: Unable to interpret <[2010/10/28 15:28:17 | 000,021,636 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\winlogon .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:27:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tamara x x\Application Data\Voukom> in the current context!
Error: Unable to interpret <[2010/10/28 15:27:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tamara x x\Application Data\Izkoo> in the current context!
Error: Unable to interpret <[2010/09/18 04:28:55 | 000,745,472 | ---- | C] (Inclusen shild AG) -- C:\Documents and Settings\dion\Application Data\antispy.exe> in the current context!
Error: Unable to interpret <[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]> in the current context!
Error: Unable to interpret <[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]> in the current context!
Error: Unable to interpret <[2010/10/28 15:47:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\ccxucg.sys> in the current context!
Error: Unable to interpret <[2010/10/28 15:47:40 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\dmlconf.dat> in the current context!
Error: Unable to interpret <[2010/10/28 15:46:35 | 000,035,596 | ---- | M] () -- C:\WINDOWS\login .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:46:24 | 000,035,592 | ---- | M] () -- C:\WINDOWS\win16 .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:46:13 | 000,035,588 | ---- | M] () -- C:\WINDOWS\login .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:46:02 | 000,035,584 | ---- | M] () -- C:\WINDOWS\win16 .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:45:51 | 000,035,580 | ---- | M] () -- C:\WINDOWS\login .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:45:41 | 000,035,576 | ---- | M] () -- C:\WINDOWS\win16 .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:45:30 | 000,035,572 | ---- | M] () -- C:\WINDOWS\login .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:45:19 | 000,035,568 | ---- | M] () -- C:\WINDOWS\win16 .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:45:08 | 000,035,564 | ---- | M] () -- C:\WINDOWS\login .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:44:58 | 000,035,560 | ---- | M] () -- C:\WINDOWS\win16 .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:44:47 | 000,035,556 | ---- | M] () -- C:\WINDOWS\login .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:44:36 | 000,035,552 | ---- | M] () -- C:\WINDOWS\win16 .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:44:25 | 000,035,548 | ---- | M] () -- C:\WINDOWS\login .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:44:14 | 000,035,544 | ---- | M] () -- C:\WINDOWS\win16 .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:44:03 | 000,035,540 | ---- | M] () -- C:\WINDOWS\login .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:43:52 | 000,035,536 | ---- | M] () -- C:\WINDOWS\win16 .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:43:40 | 000,035,532 | ---- | M] () -- C:\WINDOWS\login .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:43:28 | 000,035,528 | ---- | M] () -- C:\WINDOWS\win16 .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:43:17 | 000,035,524 | ---- | M] () -- C:\WINDOWS\login .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:43:05 | 000,035,520 | ---- | M] () -- C:\WINDOWS\win16 .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:42:54 | 000,035,516 | ---- | M] () -- C:\WINDOWS\login .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:42:44 | 000,035,512 | ---- | M] () -- C:\WINDOWS\win16 .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:42:33 | 000,035,508 | ---- | M] () -- C:\WINDOWS\login .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:42:22 | 000,035,504 | ---- | M] () -- C:\WINDOWS\win16 .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:42:11 | 000,035,500 | ---- | M] () -- C:\WINDOWS\login .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:42:00 | 000,035,496 | ---- | M] () -- C:\WINDOWS\win16 .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:41:50 | 000,035,492 | ---- | M] () -- C:\WINDOWS\login .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:41:39 | 000,035,488 | ---- | M] () -- C:\WINDOWS\win16 .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:41:34 | 000,158,208 | ---- | M] () -- C:\Documents and Settings\Tamara x x\Application Data\hotfixSrv.exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:41:28 | 000,035,484 | ---- | M] () -- C:\WINDOWS\login .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:41:17 | 000,035,480 | ---- | M] () -- C:\WINDOWS\win16 .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:41:06 | 000,035,476 | ---- | M] () -- C:\WINDOWS\login .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:40:55 | 000,035,472 | ---- | M] () -- C:\WINDOWS\win16 .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:40:45 | 000,035,468 | ---- | M] () -- C:\WINDOWS\login .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:40:34 | 000,035,464 | ---- | M] () -- C:\WINDOWS\win16 .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:40:23 | 000,275,968 | ---- | M] (Hex-Rays SA) -- C:\Documents and Settings\Default User\Start Menu\Programs\StartUp\hosa.exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:40:23 | 000,035,460 | ---- | M] () -- C:\WINDOWS\login .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:40:12 | 000,035,456 | ---- | M] () -- C:\WINDOWS\win16 .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:40:01 | 000,035,452 | ---- | M] () -- C:\WINDOWS\login .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:39:50 | 000,035,448 | ---- | M] () -- C:\WINDOWS\win16 .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:39:39 | 000,035,444 | ---- | M] () -- C:\WINDOWS\login .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:39:28 | 000,035,440 | ---- | M] () -- C:\WINDOWS\win16 .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:39:18 | 000,035,436 | ---- | M] () -- C:\WINDOWS\login .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:39:07 | 000,035,432 | ---- | M] () -- C:\WINDOWS\win16 .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:38:55 | 000,035,428 | ---- | M] () -- C:\WINDOWS\login .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:38:41 | 000,035,424 | ---- | M] () -- C:\WINDOWS\win16 .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:38:30 | 000,035,420 | ---- | M] () -- C:\WINDOWS\login .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:38:19 | 000,035,416 | ---- | M] () -- C:\WINDOWS\win16 .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:38:08 | 000,035,412 | ---- | M] () -- C:\WINDOWS\login .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:37:57 | 000,035,408 | ---- | M] () -- C:\WINDOWS\win16 .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:37:45 | 000,035,404 | ---- | M] () -- C:\WINDOWS\login .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:37:33 | 000,035,400 | ---- | M] () -- C:\WINDOWS\win16 .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:37:22 | 000,035,396 | ---- | M] () -- C:\WINDOWS\login .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:37:04 | 000,035,392 | ---- | M] () -- C:\WINDOWS\win16 .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:36:42 | 000,035,384 | ---- | M] () -- C:\WINDOWS\win16 .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:36:42 | 000,035,384 | ---- | M] () -- C:\WINDOWS\login .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:36:10 | 000,035,384 | ---- | M] () -- C:\WINDOWS\login .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:36:09 | 000,035,376 | ---- | M] () -- C:\WINDOWS\win16 .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:35:47 | 000,035,372 | ---- | M] () -- C:\WINDOWS\win16 .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:35:47 | 000,035,372 | ---- | M] () -- C:\WINDOWS\login .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:35:27 | 000,035,380 | ---- | M] () -- C:\WINDOWS\login .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:35:26 | 000,035,380 | ---- | M] () -- C:\WINDOWS\win16 .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:35:07 | 000,035,376 | ---- | M] () -- C:\WINDOWS\win16 .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:35:07 | 000,035,376 | ---- | M] () -- C:\WINDOWS\services .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:35:07 | 000,035,376 | ---- | M] () -- C:\WINDOWS\login .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:34:36 | 000,035,372 | ---- | M] () -- C:\WINDOWS\login .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:34:22 | 000,035,380 | ---- | M] () -- C:\WINDOWS\services .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:34:18 | 000,035,364 | ---- | M] () -- C:\WINDOWS\win16 .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:34:04 | 000,035,368 | ---- | M] () -- C:\WINDOWS\login .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:33:56 | 000,035,372 | ---- | M] () -- C:\WINDOWS\services .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:33:52 | 000,035,380 | ---- | M] () -- C:\WINDOWS\win16 .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:33:25 | 000,035,364 | -H-- | M] () -- C:\WINDOWS\debug.exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:33:23 | 000,035,364 | -H-- | M] () -- C:\WINDOWS\taskmgr.exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:33:16 | 000,035,360 | ---- | M] () -- C:\WINDOWS\services .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:33:16 | 000,035,360 | ---- | M] () -- C:\WINDOWS\hexdump .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:33:06 | 000,035,392 | ---- | M] () -- C:\WINDOWS\win16 .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:32:35 | 000,035,348 | ---- | M] () -- C:\WINDOWS\nvsvc32 .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:32:32 | 000,035,348 | ---- | M] () -- C:\WINDOWS\services .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:32:31 | 000,035,368 | ---- | M] () -- C:\WINDOWS\hexdump .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:32:22 | 000,035,372 | ---- | M] () -- C:\WINDOWS\win16 .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:32:07 | 000,035,348 | -H-- | M] () -- C:\WINDOWS\winamp.exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:32:06 | 000,035,348 | -H-- | M] () -- C:\Documents and Settings\Tamara x x\Local Settings\Application Data\HIdgf2CLF.exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:32:05 | 000,035,348 | -H-- | M] () -- C:\WINDOWS\svchost.exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:32:05 | 000,035,348 | -H-- | M] () -- C:\WINDOWS\System32\HIdgf2CLF.com> in the current context!
Error: Unable to interpret <[2010/10/28 15:32:04 | 000,035,348 | -H-- | M] () -- C:\WINDOWS\nvsvc32.exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:32:02 | 000,035,348 | -H-- | M] () -- C:\WINDOWS\drweb.exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:31:57 | 000,035,344 | ---- | M] () -- C:\WINDOWS\services .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:31:55 | 000,035,368 | ---- | M] () -- C:\WINDOWS\login .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:31:40 | 000,035,380 | ---- | M] () -- C:\WINDOWS\hexdump .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:31:34 | 000,035,380 | ---- | M] () -- C:\WINDOWS\win16 .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:31:14 | 000,035,376 | ---- | M] () -- C:\WINDOWS\services .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:30:56 | 000,035,376 | ---- | M] () -- C:\WINDOWS\login .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:30:49 | 000,035,348 | ---- | M] () -- C:\WINDOWS\hexdump .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:30:48 | 000,035,356 | -H-- | M] () -- C:\WINDOWS\cmd.exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:30:46 | 000,035,356 | -H-- | M] () -- C:\WINDOWS\user.exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:30:41 | 000,035,352 | ---- | M] () -- C:\WINDOWS\win16 .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:30:24 | 000,035,388 | ---- | M] () -- C:\WINDOWS\login .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:30:21 | 000,035,344 | ---- | M] () -- C:\WINDOWS\spoolsv .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:30:15 | 000,035,344 | ---- | M] () -- C:\WINDOWS\hexdump .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:30:11 | 000,035,348 | ---- | M] () -- C:\WINDOWS\setup .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:29:35 | 000,035,368 | -H-- | M] () -- C:\WINDOWS\setup .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:29:35 | 000,035,340 | ---- | M] () -- C:\WINDOWS\spoolsv .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:29:21 | 000,035,380 | -H-- | M] () -- C:\WINDOWS\sysedit.exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:29:17 | 000,035,364 | -H-- | M] () -- C:\WINDOWS\install.exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:29:16 | 000,035,376 | ---- | M] () -- C:\WINDOWS\win16 .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:29:15 | 000,035,364 | ---- | M] () -- C:\WINDOWS\login .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:29:14 | 000,035,364 | -H-- | M] () -- C:\WINDOWS\smss.exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:28:58 | 000,035,340 | ---- | M] () -- C:\WINDOWS\spoolsv .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:28:45 | 000,035,364 | ---- | M] () -- C:\WINDOWS\setup .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:28:45 | 000,035,364 | ---- | M] () -- C:\WINDOWS\hexdump .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:28:45 | 000,035,364 | ---- | M] () -- C:\WINDOWS\avp32 .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:28:31 | 000,035,356 | ---- | M] () -- C:\WINDOWS\win16 .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:28:29 | 000,035,356 | ---- | M] () -- C:\WINDOWS\winlogon.exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:28:29 | 000,035,356 | ---- | M] () -- C:\WINDOWS\login .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:28:20 | 000,021,636 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\nvsvc32 .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:28:17 | 000,021,636 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\winlogon .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:28:02 | 000,035,360 | ---- | M] () -- C:\WINDOWS\spoolsv .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:28:02 | 000,035,360 | ---- | M] () -- C:\WINDOWS\hexdump .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:27:37 | 000,000,108 | ---- | M] () -- C:\WINDOWS\System32\complete.dat> in the current context!
Error: Unable to interpret <[2010/10/28 15:27:30 | 000,035,364 | ---- | M] () -- C:\WINDOWS\login .exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:27:28 | 000,035,352 | ---- | M] () -- C:\WINDOWS\setup.exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:27:28 | 000,035,352 | ---- | M] () -- C:\WINDOWS\lsass.exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:27:28 | 000,035,352 | ---- | M] () -- C:\WINDOWS\avp32.exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:27:26 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\LocalService\Application Data\cxnojk.dat> in the current context!
Error: Unable to interpret <[2010/10/28 15:27:24 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Tamara x x\Application Data\avdrn.dat> in the current context!
Error: Unable to interpret <[2010/10/28 15:27:05 | 000,021,636 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\wininst.exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:27:04 | 000,021,636 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\win.exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:27:02 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Ihudaguzeyawebe.dat> in the current context!
Error: Unable to interpret <[2010/10/28 15:27:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Xlaqozofu.bin> in the current context!
Error: Unable to interpret <[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]> in the current context!
Error: Unable to interpret <[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]> in the current context!
Error: Unable to interpret <[2010/10/28 15:33:25 | 000,035,364 | -H-- | C] () -- C:\WINDOWS\debug.exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:32:02 | 000,035,348 | -H-- | C] () -- C:\WINDOWS\drweb.exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:31:36 | 000,035,348 | -H-- | C] () -- C:\WINDOWS\winamp.exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:30:48 | 000,035,356 | -H-- | C] () -- C:\WINDOWS\cmd.exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:29:37 | 000,035,348 | -H-- | C] () -- C:\Documents and Settings\Tamara x x\Local Settings\Application Data\HIdgf2CLF.exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:29:35 | 000,035,348 | -H-- | C] () -- C:\WINDOWS\System32\HIdgf2CLF.com> in the current context!
Error: Unable to interpret <[2010/10/28 15:29:35 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At769.job> in the current context!
Error: Unable to interpret <[2010/10/28 15:29:21 | 000,035,380 | -H-- | C] () -- C:\WINDOWS\sysedit.exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:29:17 | 000,035,364 | -H-- | C] () -- C:\WINDOWS\install.exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:29:14 | 000,035,364 | -H-- | C] () -- C:\WINDOWS\smss.exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:28:36 | 000,035,364 | -H-- | C] () -- C:\WINDOWS\Fonts\HIdgf2CLF.com> in the current context!
Error: Unable to interpret <[2010/10/28 15:28:17 | 000,035,356 | ---- | C] () -- C:\WINDOWS\winlogon.exe> in the current context!
Error: Unable to interpret <[2010/10/28 15:27:26 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\cxnojk.dat> in the current context!
Error: Unable to interpret <[2010/10/28 15:27:24 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Tamara x x\Application Data\avdrn.dat> in the current context!
Error: Unable to interpret <[2010/10/28 15:26:43 | 000,158,208 | ---- | C] () -- C:\Documents and Settings\Tamara x x\Application Data\hotfixSrv.exe> in the current context!
Error: Unable to interpret <[2010/10/10 16:24:23 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\n3xy5nh.dll> in the current context!
Error: Unable to interpret <[2010/10/10 16:24:22 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\mzmddj1nar.dll> in the current context!
Error: Unable to interpret <[2010/10/10 16:21:40 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\m69lbmmxi.dll> in the current context!
Error: Unable to interpret <[2010/10/10 16:21:40 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\foj6mp.dll> in the current context!
Error: Unable to interpret <[2010/10/10 16:19:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\ccxucg.sys> in the current context!
Error: Unable to interpret <[2010/10/10 16:19:35 | 000,734,208 | ---- | C] () -- C:\Documents and Settings\Tamara x x\Application Data\hotfix.exe> in the current context!
Error: Unable to interpret <[2010/10/10 16:19:35 | 000,002,256 | ---- | C] () -- C:\Documents and Settings\Tamara x x\Application Data\444.bat> in the current context!
Error: Unable to interpret <[2010/10/10 16:19:35 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Tamara x x\Application Data\asdsada.bat> in the current context!
Error: Unable to interpret <[2008/04/15 07:00:00 | 000,208,384 | ---- | C] () -- C:\WINDOWS\idohokofa.dll> in the current context!
Error: Unable to interpret <[2010/10/03 13:54:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tamara x x\Application Data\Acapqe> in the current context!
Error: Unable to interpret <[2010/09/25 15:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tamara x x\Application Data\Cuas> in the current context!
Error: Unable to interpret <[2010/09/22 05:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tamara x x\Application Data\Ecutq> in the current context!
Error: Unable to interpret <[2010/10/28 15:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tamara x x\Application Data\Edwy> in the current context!
Error: Unable to interpret <[2010/09/17 03:45:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tamara x x\Application Data\Fuuro> in the current context!
Error: Unable to interpret <[2010/10/01 03:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tamara x x\Application Data\Hecioh> in the current context!
Error: Unable to interpret <[2010/09/15 01:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tamara x x\Application Data\Igiw> in the current context!
Error: Unable to interpret <[2010/09/22 21:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tamara x x\Application Data\Ihopfo> in the current context!
Error: Unable to interpret <[2010/10/06 19:46:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tamara x x\Application Data\Irce> in the current context!
Error: Unable to interpret <[2010/10/28 15:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tamara x x\Application Data\Izkoo> in the current context!
Error: Unable to interpret <[2010/10/03 12:33:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tamara x x\Application Data\Kygaw> in the current context!
Error: Unable to interpret <[2010/09/02 06:55:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tamara x x\Application Data\Lauz> in the current context!
Error: Unable to interpret <[2010/10/12 21:32:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tamara x x\Application Data\Luibu> in the current context!
Error: Unable to interpret <[2010/10/03 12:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tamara x x\Application Data\Redoyb> in the current context!
Error: Unable to interpret <[2010/09/07 22:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tamara x x\Application Data\Royxic> in the current context!
Error: Unable to interpret <[2010/10/11 02:53:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tamara x x\Application Data\Unanp> in the current context!
Error: Unable to interpret <[2010/10/13 01:26:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tamara x x\Application Data\Usraap> in the current context!
Error: Unable to interpret <[2010/09/16 14:05:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tamara x x\Application Data\Uwqoel> in the current context!
Error: Unable to interpret <[2010/08/29 14:34:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tamara x x\Application Data\Uzlik> in the current context!
Error: Unable to interpret <[2010/10/28 15:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tamara x x\Application Data\Voukom> in the current context!
Error: Unable to interpret <[2010/10/10 13:40:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tamara x x\Application Data\Wuwa> in the current context!
Error: Unable to interpret <[2010/09/20 07:44:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tamara x x\Application Data\Xiwoci> in the current context!
Error: Unable to interpret <[2010/09/11 22:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tamara x x\Application Data\Xuiz> in the current context!
Error: Unable to interpret <[2010/10/03 12:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tamara x x\Application Data\Ysryob> in the current context!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\WINDOWS\Tasks\At1.job moved successfully.
C:\WINDOWS\Tasks\At10.job moved successfully.
C:\WINDOWS\Tasks\At100.job moved successfully.
C:\WINDOWS\Tasks\At101.job moved successfully.
C:\WINDOWS\Tasks\At102.job moved successfully.
C:\WINDOWS\Tasks\At103.job moved successfully.
C:\WINDOWS\Tasks\At104.job moved successfully.
C:\WINDOWS\Tasks\At105.job moved successfully.
C:\WINDOWS\Tasks\At106.job moved successfully.
C:\WINDOWS\Tasks\At107.job moved successfully.
C:\WINDOWS\Tasks\At108.job moved successfully.
C:\WINDOWS\Tasks\At109.job moved successfully.
C:\WINDOWS\Tasks\At11.job moved successfully.
C:\WINDOWS\Tasks\At110.job moved successfully.
C:\WINDOWS\Tasks\At111.job moved successfully.
C:\WINDOWS\Tasks\At112.job moved successfully.
C:\WINDOWS\Tasks\At113.job moved successfully.
C:\WINDOWS\Tasks\At114.job moved successfully.
C:\WINDOWS\Tasks\At115.job moved successfully.
C:\WINDOWS\Tasks\At116.job moved successfully.
C:\WINDOWS\Tasks\At117.job moved successfully.
C:\WINDOWS\Tasks\At118.job moved successfully.
C:\WINDOWS\Tasks\At119.job moved successfully.
C:\WINDOWS\Tasks\At12.job moved successfully.
C:\WINDOWS\Tasks\At120.job moved successfully.
C:\WINDOWS\Tasks\At121.job moved successfully.
C:\WINDOWS\Tasks\At122.job moved successfully.
C:\WINDOWS\Tasks\At123.job moved successfully.
C:\WINDOWS\Tasks\At124.job moved successfully.
C:\WINDOWS\Tasks\At125.job moved successfully.
C:\WINDOWS\Tasks\At126.job moved successfully.
C:\WINDOWS\Tasks\At127.job moved successfully.
C:\WINDOWS\Tasks\At128.job moved successfully.
C:\WINDOWS\Tasks\At129.job moved successfully.
C:\WINDOWS\Tasks\At13.job moved successfully.
C:\WINDOWS\Tasks\At130.job moved successfully.
C:\WINDOWS\Tasks\At131.job moved successfully.
C:\WINDOWS\Tasks\At132.job moved successfully.
C:\WINDOWS\Tasks\At133.job moved successfully.
C:\WINDOWS\Tasks\At134.job moved successfully.
C:\WINDOWS\Tasks\At135.job moved successfully.
C:\WINDOWS\Tasks\At136.job moved successfully.
C:\WINDOWS\Tasks\At137.job moved successfully.
C:\WINDOWS\Tasks\At138.job moved successfully.
C:\WINDOWS\Tasks\At139.job moved successfully.
C:\WINDOWS\Tasks\At14.job moved successfully.
C:\WINDOWS\Tasks\At140.job moved successfully.
C:\WINDOWS\Tasks\At141.job moved successfully.
C:\WINDOWS\Tasks\At142.job moved successfully.
C:\WINDOWS\Tasks\At143.job moved successfully.
C:\WINDOWS\Tasks\At144.job moved successfully.
C:\WINDOWS\Tasks\At145.job moved successfully.
C:\WINDOWS\Tasks\At146.job moved successfully.
C:\WINDOWS\Tasks\At147.job moved successfully.
C:\WINDOWS\Tasks\At148.job moved successfully.
C:\WINDOWS\Tasks\At149.job moved successfully.
C:\WINDOWS\Tasks\At15.job moved successfully.
C:\WINDOWS\Tasks\At150.job moved successfully.
C:\WINDOWS\Tasks\At151.job moved successfully.
C:\WINDOWS\Tasks\At152.job moved successfully.
C:\WINDOWS\Tasks\At153.job moved successfully.
C:\WINDOWS\Tasks\At154.job moved successfully.
C:\WINDOWS\Tasks\At155.job moved successfully.
C:\WINDOWS\Tasks\At156.job moved successfully.
C:\WINDOWS\Tasks\At157.job moved successfully.
C:\WINDOWS\Tasks\At158.job moved successfully.
C:\WINDOWS\Tasks\At159.job moved successfully.
C:\WINDOWS\Tasks\At16.job moved successfully.
C:\WINDOWS\Tasks\At160.job moved successfully.
C:\WINDOWS\Tasks\At161.job moved successfully.
C:\WINDOWS\Tasks\At162.job moved successfully.
C:\WINDOWS\Tasks\At163.job moved successfully.
C:\WINDOWS\Tasks\At164.job moved successfully.
C:\WINDOWS\Tasks\At165.job moved successfully.
C:\WINDOWS\Tasks\At166.job moved successfully.
C:\WINDOWS\Tasks\At167.job moved successfully.
C:\WINDOWS\Tasks\At168.job moved successfully.
C:\WINDOWS\Tasks\At169.job moved successfully.
C:\WINDOWS\Tasks\At17.job moved successfully.
C:\WINDOWS\Tasks\At170.job moved successfully.
C:\WINDOWS\Tasks\At171.job moved successfully.
C:\WINDOWS\Tasks\At172.job moved successfully.
C:\WINDOWS\Tasks\At173.job moved successfully.
C:\WINDOWS\Tasks\At174.job moved successfully.
C:\WINDOWS\Tasks\At175.job moved successfully.
C:\WINDOWS\Tasks\At176.job moved successfully.
C:\WINDOWS\Tasks\At177.job moved successfully.
C:\WINDOWS\Tasks\At178.job moved successfully.
C:\WINDOWS\Tasks\At179.job moved successfully.
C:\WINDOWS\Tasks\At18.job moved successfully.
C:\WINDOWS\Tasks\At180.job moved successfully.
C:\WINDOWS\Tasks\At181.job moved successfully.
C:\WINDOWS\Tasks\At182.job moved successfully.
C:\WINDOWS\Tasks\At183.job moved successfully.
C:\WINDOWS\Tasks\At184.job moved successfully.
C:\WINDOWS\Tasks\At185.job moved successfully.
C:\WINDOWS\Tasks\At186.job moved successfully.
C:\WINDOWS\Tasks\At187.job moved successfully.
C:\WINDOWS\Tasks\At188.job moved successfully.
C:\WINDOWS\Tasks\At189.job moved successfully.
C:\WINDOWS\Tasks\At19.job moved successfully.
C:\WINDOWS\Tasks\At190.job moved successfully.
C:\WINDOWS\Tasks\At191.job moved successfully.
C:\WINDOWS\Tasks\At192.job moved successfully.
C:\WINDOWS\Tasks\At193.job moved successfully.
C:\WINDOWS\Tasks\At194.job moved successfully.
C:\WINDOWS\Tasks\At195.job moved successfully.
C:\WINDOWS\Tasks\At196.job moved successfully.
C:\WINDOWS\Tasks\At197.job moved successfully.
C:\WINDOWS\Tasks\At198.job moved successfully.
C:\WINDOWS\Tasks\At199.job moved successfully.
C:\WINDOWS\Tasks\At2.job moved successfully.
C:\WINDOWS\Tasks\At20.job moved successfully.
C:\WINDOWS\Tasks\At200.job moved successfully.
C:\WINDOWS\Tasks\At201.job moved successfully.
C:\WINDOWS\Tasks\At202.job moved successfully.
C:\WINDOWS\Tasks\At203.job moved successfully.
C:\WINDOWS\Tasks\At204.job moved successfully.
C:\WINDOWS\Tasks\At205.job moved successfully.
C:\WINDOWS\Tasks\At206.job moved successfully.
C:\WINDOWS\Tasks\At207.job moved successfully.
C:\WINDOWS\Tasks\At208.job moved successfully.
C:\WINDOWS\Tasks\At209.job moved successfully.
C:\WINDOWS\Tasks\At21.job moved successfully.
C:\WINDOWS\Tasks\At210.job moved successfully.
C:\WINDOWS\Tasks\At211.job moved successfully.
C:\WINDOWS\Tasks\At212.job moved successfully.
C:\WINDOWS\Tasks\At213.job moved successfully.
C:\WINDOWS\Tasks\At214.job moved successfully.
C:\WINDOWS\Tasks\At215.job moved successfully.
C:\WINDOWS\Tasks\At216.job moved successfully.
C:\WINDOWS\Tasks\At217.job moved successfully.
C:\WINDOWS\Tasks\At218.job moved successfully.
C:\WINDOWS\Tasks\At219.job moved successfully.
C:\WINDOWS\Tasks\At22.job moved successfully.
C:\WINDOWS\Tasks\At220.job moved successfully.
C:\WINDOWS\Tasks\At221.job moved successfully.
C:\WINDOWS\Tasks\At222.job moved successfully.
C:\WINDOWS\Tasks\At223.job moved successfully.
C:\WINDOWS\Tasks\At224.job moved successfully.
C:\WINDOWS\Tasks\At225.job moved successfully.
C:\WINDOWS\Tasks\At226.job moved successfully.
C:\WINDOWS\Tasks\At227.job moved successfully.
C:\WINDOWS\Tasks\At228.job moved successfully.
C:\WINDOWS\Tasks\At229.job moved successfully.
C:\WINDOWS\Tasks\At23.job moved successfully.
C:\WINDOWS\Tasks\At230.job moved successfully.
C:\WINDOWS\Tasks\At231.job moved successfully.
C:\WINDOWS\Tasks\At232.job moved successfully.
C:\WINDOWS\Tasks\At233.job moved successfully.
C:\WINDOWS\Tasks\At234.job moved successfully.
C:\WINDOWS\Tasks\At235.job moved successfully.
C:\WINDOWS\Tasks\At236.job moved successfully.
C:\WINDOWS\Tasks\At237.job moved successfully.
C:\WINDOWS\Tasks\At238.job moved successfully.
C:\WINDOWS\Tasks\At239.job moved successfully.
C:\WINDOWS\Tasks\At24.job moved successfully.
C:\WINDOWS\Tasks\At240.job moved successfully.
C:\WINDOWS\Tasks\At241.job moved successfully.
C:\WINDOWS\Tasks\At242.job moved successfully.
C:\WINDOWS\Tasks\At243.job moved successfully.
C:\WINDOWS\Tasks\At244.job moved successfully.
C:\WINDOWS\Tasks\At245.job moved successfully.
C:\WINDOWS\Tasks\At246.job moved successfully.
C:\WINDOWS\Tasks\At247.job moved successfully.
C:\WINDOWS\Tasks\At248.job moved successfully.
C:\WINDOWS\Tasks\At249.job moved successfully.
C:\WINDOWS\Tasks\At25.job moved successfully.
C:\WINDOWS\Tasks\At250.job moved successfully.
C:\WINDOWS\Tasks\At251.job moved successfully.
C:\WINDOWS\Tasks\At252.job moved successfully.
C:\WINDOWS\Tasks\At253.job moved successfully.
C:\WINDOWS\Tasks\At254.job moved successfully.
C:\WINDOWS\Tasks\At255.job moved successfully.
C:\WINDOWS\Tasks\At256.job moved successfully.
C:\WINDOWS\Tasks\At257.job moved successfully.
C:\WINDOWS\Tasks\At258.job moved successfully.
C:\WINDOWS\Tasks\At259.job moved successfully.
C:\WINDOWS\Tasks\At26.job moved successfully.
C:\WINDOWS\Tasks\At260.job moved successfully.
C:\WINDOWS\Tasks\At261.job moved successfully.
C:\WINDOWS\Tasks\At262.job moved successfully.
C:\WINDOWS\Tasks\At263.job moved successfully.
C:\WINDOWS\Tasks\At264.job moved successfully.
C:\WINDOWS\Tasks\At265.job moved successfully.
C:\WINDOWS\Tasks\At266.job moved successfully.
C:\WINDOWS\Tasks\At267.job moved successfully.
C:\WINDOWS\Tasks\At268.job moved successfully.
C:\WINDOWS\Tasks\At269.job moved successfully.
C:\WINDOWS\Tasks\At27.job moved successfully.
C:\WINDOWS\Tasks\At270.job moved successfully.
C:\WINDOWS\Tasks\At271.job moved successfully.
C:\WINDOWS\Tasks\At272.job moved successfully.
C:\WINDOWS\Tasks\At273.job moved successfully.
C:\WINDOWS\Tasks\At274.job moved successfully.
C:\WINDOWS\Tasks\At275.job moved successfully.
C:\WINDOWS\Tasks\At276.job moved successfully.
C:\WINDOWS\Tasks\At277.job moved successfully.
C:\WINDOWS\Tasks\At278.job moved successfully.
C:\WINDOWS\Tasks\At279.job moved successfully.
C:\WINDOWS\Tasks\At28.job moved successfully.
C:\WINDOWS\Tasks\At280.job moved successfully.
C:\WINDOWS\Tasks\At281.job moved successfully.
C:\WINDOWS\Tasks\At282.job moved successfully.
C:\WINDOWS\Tasks\At283.job moved successfully.
C:\WINDOWS\Tasks\At284.job moved successfully.
C:\WINDOWS\Tasks\At285.job moved successfully.
C:\WINDOWS\Tasks\At286.job moved successfully.
C:\WINDOWS\Tasks\At287.job moved successfully.
C:\WINDOWS\Tasks\At288.job moved successfully.
C:\WINDOWS\Tasks\At289.job moved successfully.
C:\WINDOWS\Tasks\At29.job moved successfully.
C:\WINDOWS\Tasks\At290.job moved successfully.
C:\WINDOWS\Tasks\At291.job moved successfully.
C:\WINDOWS\Tasks\At292.job moved successfully.
C:\WINDOWS\Tasks\At293.job moved successfully.
C:\WINDOWS\Tasks\At294.job moved successfully.
C:\WINDOWS\Tasks\At295.job moved successfully.
C:\WINDOWS\Tasks\At296.job moved successfully.
C:\WINDOWS\Tasks\At297.job moved successfully.
C:\WINDOWS\Tasks\At298.job moved successfully.
C:\WINDOWS\Tasks\At299.job moved successfully.
C:\WINDOWS\Tasks\At3.job moved successfully.
C:\WINDOWS\Tasks\At30.job moved successfully.
C:\WINDOWS\Tasks\At300.job moved successfully.
C:\WINDOWS\Tasks\At301.job moved successfully.
C:\WINDOWS\Tasks\At302.job moved successfully.
C:\WINDOWS\Tasks\At303.job moved successfully.
C:\WINDOWS\Tasks\At304.job moved successfully.
C:\WINDOWS\Tasks\At305.job moved successfully.
C:\WINDOWS\Tasks\At306.job moved successfully.
C:\WINDOWS\Tasks\At307.job moved successfully.
C:\WINDOWS\Tasks\At308.job moved successfully.
C:\WINDOWS\Tasks\At309.job moved successfully.
C:\WINDOWS\Tasks\At31.job moved successfully.
C:\WINDOWS\Tasks\At310.job moved successfully.
C:\WINDOWS\Tasks\At311.job moved successfully.
C:\WINDOWS\Tasks\At312.job moved successfully.
C:\WINDOWS\Tasks\At313.job moved successfully.
C:\WINDOWS\Tasks\At314.job moved successfully.
C:\WINDOWS\Tasks\At315.job moved successfully.
C:\WINDOWS\Tasks\At316.job moved successfully.
C:\WINDOWS\Tasks\At317.job moved successfully.
C:\WINDOWS\Tasks\At318.job moved successfully.
C:\WINDOWS\Tasks\At319.job moved successfully.
C:\WINDOWS\Tasks\At32.job moved successfully.
C:\WINDOWS\Tasks\At320.job moved successfully.
C:\WINDOWS\Tasks\At321.job moved successfully.
C:\WINDOWS\Tasks\At322.job moved successfully.
C:\WINDOWS\Tasks\At323.job moved successfully.
C:\WINDOWS\Tasks\At324.job moved successfully.
C:\WINDOWS\Tasks\At325.job moved successfully.
C:\WINDOWS\Tasks\At326.job moved successfully.
C:\WINDOWS\Tasks\At327.job moved successfully.
C:\WINDOWS\Tasks\At328.job moved successfully.
C:\WINDOWS\Tasks\At329.job moved successfully.
C:\WINDOWS\Tasks\At33.job moved successfully.
C:\WINDOWS\Tasks\At330.job moved successfully.
C:\WINDOWS\Tasks\At331.job moved successfully.
C:\WINDOWS\Tasks\At332.job moved successfully.
C:\WINDOWS\Tasks\At333.job moved successfully.
C:\WINDOWS\Tasks\At334.job moved successfully.
C:\WINDOWS\Tasks\At335.job moved successfully.
C:\WINDOWS\Tasks\At336.job moved successfully.
C:\WINDOWS\Tasks\At337.job moved successfully.
C:\WINDOWS\Tasks\At338.job moved successfully.
C:\WINDOWS\Tasks\At339.job moved successfully.
C:\WINDOWS\Tasks\At34.job moved successfully.
C:\WINDOWS\Tasks\At340.job moved successfully.
C:\WINDOWS\Tasks\At341.job moved successfully.
C:\WINDOWS\Tasks\At342.job moved successfully.
C:\WINDOWS\Tasks\At343.job moved successfully.
C:\WINDOWS\Tasks\At344.job moved successfully.
C:\WINDOWS\Tasks\At345.job moved successfully.
C:\WINDOWS\Tasks\At346.job moved successfully.
C:\WINDOWS\Tasks\At347.job moved successfully.
C:\WINDOWS\Tasks\At348.job moved successfully.
C:\WINDOWS\Tasks\At349.job moved successfully.
C:\WINDOWS\Tasks\At35.job moved successfully.
C:\WINDOWS\Tasks\At350.job moved successfully.
C:\WINDOWS\Tasks\At351.job moved successfully.
C:\WINDOWS\Tasks\At352.job moved successfully.
C:\WINDOWS\Tasks\At353.job moved successfully.
C:\WINDOWS\Tasks\At354.job moved successfully.
C:\WINDOWS\Tasks\At355.job moved successfully.
C:\WINDOWS\Tasks\At356.job moved successfully.
C:\WINDOWS\Tasks\At357.job moved successfully.
C:\WINDOWS\Tasks\At358.job moved successfully.
C:\WINDOWS\Tasks\At359.job moved successfully.
C:\WINDOWS\Tasks\At36.job moved successfully.
C:\WINDOWS\Tasks\At360.job moved successfully.
C:\WINDOWS\Tasks\At361.job moved successfully.
C:\WINDOWS\Tasks\At362.job moved successfully.
C:\WINDOWS\Tasks\At363.job moved successfully.
C:\WINDOWS\Tasks\At364.job moved successfully.
C:\WINDOWS\Tasks\At365.job moved successfully.
C:\WINDOWS\Tasks\At366.job moved successfully.
C:\WINDOWS\Tasks\At367.job moved successfully.
C:\WINDOWS\Tasks\At368.job moved successfully.
C:\WINDOWS\Tasks\At369.job moved successfully.
C:\WINDOWS\Tasks\At37.job moved successfully.
C:\WINDOWS\Tasks\At370.job moved successfully.
C:\WINDOWS\Tasks\At371.job moved successfully.
C:\WINDOWS\Tasks\At372.job moved successfully.
C:\WINDOWS\Tasks\At373.job moved successfully.
C:\WINDOWS\Tasks\At374.job moved successfully.
C:\WINDOWS\Tasks\At375.job moved successfully.
C:\WINDOWS\Tasks\At376.job moved successfully.
C:\WINDOWS\Tasks\At377.job moved successfully.
C:\WINDOWS\Tasks\At378.job moved successfully.
C:\WINDOWS\Tasks\At379.job moved successfully.
C:\WINDOWS\Tasks\At38.job moved successfully.
C:\WINDOWS\Tasks\At380.job moved successfully.
C:\WINDOWS\Tasks\At381.job moved successfully.
C:\WINDOWS\Tasks\At382.job moved successfully.
C:\WINDOWS\Tasks\At383.job moved successfully.
C:\WINDOWS\Tasks\At384.job moved successfully.
C:\WINDOWS\Tasks\At385.job moved successfully.
C:\WINDOWS\Tasks\At386.job moved successfully.
C:\WINDOWS\Tasks\At387.job moved successfully.
C:\WINDOWS\Tasks\At388.job moved successfully.
C:\WINDOWS\Tasks\At389.job moved successfully.
C:\WINDOWS\Tasks\At39.job moved successfully.
C:\WINDOWS\Tasks\At390.job moved successfully.
C:\WINDOWS\Tasks\At391.job moved successfully.
C:\WINDOWS\Tasks\At392.job moved successfully.
C:\WINDOWS\Tasks\At393.job moved successfully.
C:\WINDOWS\Tasks\At394.job moved successfully.
C:\WINDOWS\Tasks\At395.job moved successfully.
C:\WINDOWS\Tasks\At396.job moved successfully.
C:\WINDOWS\Tasks\At397.job moved successfully.
C:\WINDOWS\Tasks\At398.job moved successfully.
C:\WINDOWS\Tasks\At399.job moved successfully.
C:\WINDOWS\Tasks\At4.job moved successfully.
C:\WINDOWS\Tasks\At40.job moved successfully.
C:\WINDOWS\Tasks\At400.job moved successfully.
C:\WINDOWS\Tasks\At401.job moved successfully.
C:\WINDOWS\Tasks\At402.job moved successfully.
C:\WINDOWS\Tasks\At403.job moved successfully.
C:\WINDOWS\Tasks\At404.job moved successfully.
C:\WINDOWS\Tasks\At405.job moved successfully.
C:\WINDOWS\Tasks\At406.job moved successfully.
C:\WINDOWS\Tasks\At407.job moved successfully.
C:\WINDOWS\Tasks\At408.job moved successfully.
C:\WINDOWS\Tasks\At409.job moved successfully.
C:\WINDOWS\Tasks\At41.job moved successfully.
C:\WINDOWS\Tasks\At410.job moved successfully.
C:\WINDOWS\Tasks\At411.job moved successfully.
C:\WINDOWS\Tasks\At412.job moved successfully.
C:\WINDOWS\Tasks\At413.job moved successfully.
C:\WINDOWS\Tasks\At414.job moved successfully.
C:\WINDOWS\Tasks\At415.job moved successfully.
C:\WINDOWS\Tasks\At416.job moved successfully.
C:\WINDOWS\Tasks\At417.job moved successfully.
C:\WINDOWS\Tasks\At418.job moved successfully.
C:\WINDOWS\Tasks\At419.job moved successfully.
C:\WINDOWS\Tasks\At42.job moved successfully.
C:\WINDOWS\Tasks\At420.job moved successfully.
C:\WINDOWS\Tasks\At421.job moved successfully.
C:\WINDOWS\Tasks\At422.job moved successfully.
C:\WINDOWS\Tasks\At423.job moved successfully.
C:\WINDOWS\Tasks\At424.job moved successfully.
C:\WINDOWS\Tasks\At425.job moved successfully.
C:\WINDOWS\Tasks\At426.job moved successfully.
C:\WINDOWS\Tasks\At427.job moved successfully.
C:\WINDOWS\Tasks\At428.job moved successfully.
C:\WINDOWS\Tasks\At429.job moved successfully.
C:\WINDOWS\Tasks\At43.job moved successfully.
C:\WINDOWS\Tasks\At430.job moved successfully.
C:\WINDOWS\Tasks\At431.job moved successfully.
C:\WINDOWS\Tasks\At432.job moved successfully.
C:\WINDOWS\Tasks\At433.job moved successfully.
C:\WINDOWS\Tasks\At434.job moved successfully.
C:\WINDOWS\Tasks\At435.job moved successfully.
C:\WINDOWS\Tasks\At436.job moved successfully.
C:\WINDOWS\Tasks\At437.job moved successfully.
C:\WINDOWS\Tasks\At438.job moved successfully.
C:\WINDOWS\Tasks\At439.job moved successfully.
C:\WINDOWS\Tasks\At44.job moved successfully.
C:\WINDOWS\Tasks\At440.job moved successfully.
C:\WINDOWS\Tasks\At441.job moved successfully.
C:\WINDOWS\Tasks\At442.job moved successfully.
C:\WINDOWS\Tasks\At443.job moved successfully.
C:\WINDOWS\Tasks\At444.job moved successfully.
C:\WINDOWS\Tasks\At445.job moved successfully.
C:\WINDOWS\Tasks\At446.job moved successfully.
C:\WINDOWS\Tasks\At447.job moved successfully.
C:\WINDOWS\Tasks\At448.job moved successfully.
C:\WINDOWS\Tasks\At449.job moved successfully.
C:\WINDOWS\Tasks\At45.job moved successfully.
C:\WINDOWS\Tasks\At450.job moved successfully.
C:\WINDOWS\Tasks\At451.job moved successfully.
C:\WINDOWS\Tasks\At452.job moved successfully.
C:\WINDOWS\Tasks\At453.job moved successfully.
C:\WINDOWS\Tasks\At454.job moved successfully.
C:\WINDOWS\Tasks\At455.job moved successfully.
C:\WINDOWS\Tasks\At456.job moved successfully.
C:\WINDOWS\Tasks\At457.job moved successfully.
C:\WINDOWS\Tasks\At458.job moved successfully.
C:\WINDOWS\Tasks\At459.job moved successfully.
C:\WINDOWS\Tasks\At46.job moved successfully.
C:\WINDOWS\Tasks\At460.job moved successfully.
C:\WINDOWS\Tasks\At461.job moved successfully.
C:\WINDOWS\Tasks\At462.job moved successfully.
C:\WINDOWS\Tasks\At463.job moved successfully.
C:\WINDOWS\Tasks\At464.job moved successfully.
C:\WINDOWS\Tasks\At465.job moved successfully.
C:\WINDOWS\Tasks\At466.job moved successfully.
C:\WINDOWS\Tasks\At467.job moved successfully.
C:\WINDOWS\Tasks\At468.job moved successfully.
C:\WINDOWS\Tasks\At469.job moved successfully.
C:\WINDOWS\Tasks\At47.job moved successfully.
C:\WINDOWS\Tasks\At470.job moved successfully.
C:\WINDOWS\Tasks\At471.job moved successfully.
C:\WINDOWS\Tasks\At472.job moved successfully.
C:\WINDOWS\Tasks\At473.job moved successfully.
C:\WINDOWS\Tasks\At474.job moved successfully.
C:\WINDOWS\Tasks\At475.job moved successfully.
C:\WINDOWS\Tasks\At476.job moved successfully.
C:\WINDOWS\Tasks\At477.job moved successfully.
C:\WINDOWS\Tasks\At478.job moved successfully.
C:\WINDOWS\Tasks\At479.job moved successfully.
C:\WINDOWS\Tasks\At48.job moved successfully.
C:\WINDOWS\Tasks\At480.job moved successfully.
C:\WINDOWS\Tasks\At481.job moved successfully.
C:\WINDOWS\Tasks\At482.job moved successfully.
C:\WINDOWS\Tasks\At483.job moved successfully.
C:\WINDOWS\Tasks\At484.job moved successfully.
C:\WINDOWS\Tasks\At485.job moved successfully.
C:\WINDOWS\Tasks\At486.job moved successfully.
C:\WINDOWS\Tasks\At487.job moved successfully.
C:\WINDOWS\Tasks\At488.job moved successfully.
C:\WINDOWS\Tasks\At489.job moved successfully.
C:\WINDOWS\Tasks\At49.job moved successfully.
C:\WINDOWS\Tasks\At490.job moved successfully.
C:\WINDOWS\Tasks\At491.job moved successfully.
C:\WINDOWS\Tasks\At492.job moved successfully.
C:\WINDOWS\Tasks\At493.job moved successfully.
C:\WINDOWS\Tasks\At494.job moved successfully.
C:\WINDOWS\Tasks\At495.job moved successfully.
C:\WINDOWS\Tasks\At496.job moved successfully.
C:\WINDOWS\Tasks\At497.job moved successfully.
C:\WINDOWS\Tasks\At498.job moved successfully.
C:\WINDOWS\Tasks\At499.job moved successfully.
C:\WINDOWS\Tasks\At5.job moved successfully.
C:\WINDOWS\Tasks\At50.job moved successfully.
C:\WINDOWS\Tasks\At500.job moved successfully.
C:\WINDOWS\Tasks\At501.job moved successfully.
C:\WINDOWS\Tasks\At502.job moved successfully.
C:\WINDOWS\Tasks\At503.job moved successfully.
C:\WINDOWS\Tasks\At504.job moved successfully.
C:\WINDOWS\Tasks\At505.job moved successfully.
C:\WINDOWS\Tasks\At506.job moved successfully.
C:\WINDOWS\Tasks\At507.job moved successfully.
C:\WINDOWS\Tasks\At508.job moved successfully.
C:\WINDOWS\Tasks\At509.job moved successfully.
C:\WINDOWS\Tasks\At51.job moved successfully.
C:\WINDOWS\Tasks\At510.job moved successfully.
C:\WINDOWS\Tasks\At511.job moved successfully.
C:\WINDOWS\Tasks\At512.job moved successfully.
C:\WINDOWS\Tasks\At513.job moved successfully.
C:\WINDOWS\Tasks\At514.job moved successfully.
C:\WINDOWS\Tasks\At515.job moved successfully.
C:\WINDOWS\Tasks\At516.job moved successfully.
C:\WINDOWS\Tasks\At517.job moved successfully.
C:\WINDOWS\Tasks\At518.job moved successfully.
C:\WINDOWS\Tasks\At519.job moved successfully.
C:\WINDOWS\Tasks\At52.job moved successfully.
C:\WINDOWS\Tasks\At520.job moved successfully.
C:\WINDOWS\Tasks\At521.job moved successfully.
C:\WINDOWS\Tasks\At522.job moved successfully.
C:\WINDOWS\Tasks\At523.job moved successfully.
C:\WINDOWS\Tasks\At524.job moved successfully.
C:\WINDOWS\Tasks\At525.job moved successfully.
C:\WINDOWS\Tasks\At526.job moved successfully.
C:\WINDOWS\Tasks\At527.job moved successfully.
C:\WINDOWS\Tasks\At528.job moved successfully.
C:\WINDOWS\Tasks\At529.job moved successfully.
C:\WINDOWS\Tasks\At53.job moved successfully.
C:\WINDOWS\Tasks\At530.job moved successfully.
C:\WINDOWS\Tasks\At531.job moved successfully.
C:\WINDOWS\Tasks\At532.job moved successfully.
C:\WINDOWS\Tasks\At533.job moved successfully.
C:\WINDOWS\Tasks\At534.job moved successfully.
C:\WINDOWS\Tasks\At535.job moved successfully.
C:\WINDOWS\Tasks\At536.job moved successfully.
C:\WINDOWS\Tasks\At537.job moved successfully.
C:\WINDOWS\Tasks\At538.job moved successfully.
C:\WINDOWS\Tasks\At539.job moved successfully.
C:\WINDOWS\Tasks\At54.job moved successfully.
C:\WINDOWS\Tasks\At540.job moved successfully.
C:\WINDOWS\Tasks\At541.job moved successfully.
C:\WINDOWS\Tasks\At542.job moved successfully.
C:\WINDOWS\Tasks\At543.job moved successfully.
C:\WINDOWS\Tasks\At544.job moved successfully.
C:\WINDOWS\Tasks\At545.job moved successfully.
C:\WINDOWS\Tasks\At546.job moved successfully.
C:\WINDOWS\Tasks\At547.job moved successfully.
C:\WINDOWS\Tasks\At548.job moved successfully.
C:\WINDOWS\Tasks\At549.job moved successfully.
C:\WINDOWS\Tasks\At55.job moved successfully.
C:\WINDOWS\Tasks\At550.job moved successfully.
C:\WINDOWS\Tasks\At551.job moved successfully.
C:\WINDOWS\Tasks\At552.job moved successfully.
C:\WINDOWS\Tasks\At553.job moved successfully.
C:\WINDOWS\Tasks\At554.job moved successfully.
C:\WINDOWS\Tasks\At555.job moved successfully.
C:\WINDOWS\Tasks\At556.job moved successfully.
C:\WINDOWS\Tasks\At557.job moved successfully.
C:\WINDOWS\Tasks\At558.job moved successfully.
C:\WINDOWS\Tasks\At559.job moved successfully.
C:\WINDOWS\Tasks\At56.job moved successfully.
C:\WINDOWS\Tasks\At560.job moved successfully.
C:\WINDOWS\Tasks\At561.job moved successfully.
C:\WINDOWS\Tasks\At562.job moved successfully.
C:\WINDOWS\Tasks\At563.job moved successfully.
C:\WINDOWS\Tasks\At564.job moved successfully.
C:\WINDOWS\Tasks\At565.job moved successfully.
C:\WINDOWS\Tasks\At566.job moved successfully.
C:\WINDOWS\Tasks\At567.job moved successfully.
C:\WINDOWS\Tasks\At568.job moved successfully.
C:\WINDOWS\Tasks\At569.job moved successfully.
C:\WINDOWS\Tasks\At57.job moved successfully.
C:\WINDOWS\Tasks\At570.job moved successfully.
C:\WINDOWS\Tasks\At571.job moved successfully.
C:\WINDOWS\Tasks\At572.job moved successfully.
C:\WINDOWS\Tasks\At573.job moved successfully.
C:\WINDOWS\Tasks\At574.job moved successfully.
C:\WINDOWS\Tasks\At575.job moved successfully.
C:\WINDOWS\Tasks\At576.job moved successfully.
C:\WINDOWS\Tasks\At577.job moved successfully.
C:\WINDOWS\Tasks\At578.job moved successfully.
C:\WINDOWS\Tasks\At579.job moved successfully.
C:\WINDOWS\Tasks\At58.job moved successfully.
C:\WINDOWS\Tasks\At580.job moved successfully.
C:\WINDOWS\Tasks\At581.job moved successfully.
C:\WINDOWS\Tasks\At582.job moved successfully.
C:\WINDOWS\Tasks\At583.job moved successfully.
C:\WINDOWS\Tasks\At584.job moved successfully.
C:\WINDOWS\Tasks\At585.job moved successfully.
C:\WINDOWS\Tasks\At586.job moved successfully.
C:\WINDOWS\Tasks\At587.job moved successfully.
C:\WINDOWS\Tasks\At588.job moved successfully.
C:\WINDOWS\Tasks\At589.job moved successfully.
C:\WINDOWS\Tasks\At59.job moved successfully.
C:\WINDOWS\Tasks\At590.job moved successfully.
C:\WINDOWS\Tasks\At591.job moved successfully.
C:\WINDOWS\Tasks\At592.job moved successfully.
C:\WINDOWS\Tasks\At593.job moved successfully.
C:\WINDOWS\Tasks\At594.job moved successfully.
C:\WINDOWS\Tasks\At595.job moved successfully.
C:\WINDOWS\Tasks\At596.job moved successfully.
C:\WINDOWS\Tasks\At597.job moved successfully.
C:\WINDOWS\Tasks\At598.job moved successfully.
C:\WINDOWS\Tasks\At599.job moved successfully.
C:\WINDOWS\Tasks\At6.job moved successfully.
C:\WINDOWS\Tasks\At60.job moved successfully.
C:\WINDOWS\Tasks\At600.job moved successfully.
C:\WINDOWS\Tasks\At601.job moved successfully.
C:\WINDOWS\Tasks\At602.job moved successfully.
C:\WINDOWS\Tasks\At603.job moved successfully.
C:\WINDOWS\Tasks\At604.job moved successfully.
C:\WINDOWS\Tasks\At605.job moved successfully.
C:\WINDOWS\Tasks\At606.job moved successfully.
C:\WINDOWS\Tasks\At607.job moved successfully.
C:\WINDOWS\Tasks\At608.job moved successfully.
C:\WINDOWS\Tasks\At609.job moved successfully.
C:\WINDOWS\Tasks\At61.job moved successfully.
C:\WINDOWS\Tasks\At610.job moved successfully.
C:\WINDOWS\Tasks\At611.job moved successfully.
C:\WINDOWS\Tasks\At612.job moved successfully.
C:\WINDOWS\Tasks\At613.job moved successfully.
C:\WINDOWS\Tasks\At614.job moved successfully.
C:\WINDOWS\Tasks\At615.job moved successfully.
C:\WINDOWS\Tasks\At616.job moved successfully.
C:\WINDOWS\Tasks\At617.job moved successfully.
C:\WINDOWS\Tasks\At618.job moved successfully.
C:\WINDOWS\Tasks\At619.job moved successfully.
C:\WINDOWS\Tasks\At62.job moved successfully.
C:\WINDOWS\Tasks\At620.job moved successfully.
C:\WINDOWS\Tasks\At621.job moved successfully.
C:\WINDOWS\Tasks\At622.job moved successfully.
C:\WINDOWS\Tasks\At623.job moved successfully.
C:\WINDOWS\Tasks\At624.job moved successfully.
C:\WINDOWS\Tasks\At625.job moved successfully.
C:\WINDOWS\Tasks\At626.job moved successfully.
C:\WINDOWS\Tasks\At627.job moved successfully.
C:\WINDOWS\Tasks\At628.job moved successfully.
C:\WINDOWS\Tasks\At629.job moved successfully.
C:\WINDOWS\Tasks\At63.job moved successfully.
C:\WINDOWS\Tasks\At630.job moved successfully.
C:\WINDOWS\Tasks\At631.job moved successfully.
C:\WINDOWS\Tasks\At632.job moved successfully.
C:\WINDOWS\Tasks\At633.job moved successfully.
C:\WINDOWS\Tasks\At634.job moved successfully.
C:\WINDOWS\Tasks\At635.job moved successfully.
C:\WINDOWS\Tasks\At636.job moved successfully.
C:\WINDOWS\Tasks\At637.job moved successfully.
C:\WINDOWS\Tasks\At638.job moved successfully.
C:\WINDOWS\Tasks\At639.job moved successfully.
C:\WINDOWS\Tasks\At64.job moved successfully.
C:\WINDOWS\Tasks\At640.job moved successfully.
C:\WINDOWS\Tasks\At641.job moved successfully.
C:\WINDOWS\Tasks\At642.job moved successfully.
C:\WINDOWS\Tasks\At643.job moved successfully.
C:\WINDOWS\Tasks\At644.job moved successfully.
C:\WINDOWS\Tasks\At645.job moved successfully.
C:\WINDOWS\Tasks\At646.job moved successfully.
C:\WINDOWS\Tasks\At647.job moved successfully.
C:\WINDOWS\Tasks\At648.job moved successfully.
C:\WINDOWS\Tasks\At649.job moved successfully.
C:\WINDOWS\Tasks\At65.job moved successfully.
C:\WINDOWS\Tasks\At650.job moved successfully.
C:\WINDOWS\Tasks\At651.job moved successfully.
C:\WINDOWS\Tasks\At652.job moved successfully.
C:\WINDOWS\Tasks\At653.job moved successfully.
C:\WINDOWS\Tasks\At654.job moved successfully.
C:\WINDOWS\Tasks\At655.job moved successfully.
C:\WINDOWS\Tasks\At656.job moved successfully.
C:\WINDOWS\Tasks\At657.job moved successfully.
C:\WINDOWS\Tasks\At658.job moved successfully.
C:\WINDOWS\Tasks\At659.job moved successfully.
C:\WINDOWS\Tasks\At66.job moved successfully.
C:\WINDOWS\Tasks\At660.job moved successfully.
C:\WINDOWS\Tasks\At661.job moved successfully.
C:\WINDOWS\Tasks\At662.job moved successfully.
C:\WINDOWS\Tasks\At663.job moved successfully.
C:\WINDOWS\Tasks\At664.job moved successfully.
C:\WINDOWS\Tasks\At665.job moved successfully.
C:\WINDOWS\Tasks\At666.job moved successfully.
C:\WINDOWS\Tasks\At667.job moved successfully.
C:\WINDOWS\Tasks\At668.job moved successfully.
C:\WINDOWS\Tasks\At669.job moved successfully.
C:\WINDOWS\Tasks\At67.job moved successfully.
C:\WINDOWS\Tasks\At670.job moved successfully.
C:\WINDOWS\Tasks\At671.job moved successfully.
C:\WINDOWS\Tasks\At672.job moved successfully.
C:\WINDOWS\Tasks\At673.job moved successfully.
C:\WINDOWS\Tasks\At674.job moved successfully.
C:\WINDOWS\Tasks\At675.job moved successfully.
C:\WINDOWS\Tasks\At676.job moved successfully.
C:\WINDOWS\Tasks\At677.job moved successfully.
C:\WINDOWS\Tasks\At678.job moved successfully.
C:\WINDOWS\Tasks\At679.job moved successfully.
C:\WINDOWS\Tasks\At68.job moved successfully.
C:\WINDOWS\Tasks\At680.job moved successfully.
C:\WINDOWS\Tasks\At681.job moved successfully.
C:\WINDOWS\Tasks\At682.job moved successfully.
C:\WINDOWS\Tasks\At683.job moved successfully.
C:\WINDOWS\Tasks\At684.job moved successfully.
C:\WINDOWS\Tasks\At685.job moved successfully.
C:\WINDOWS\Tasks\At686.job moved successfully.
C:\WINDOWS\Tasks\At687.job moved successfully.
C:\WINDOWS\Tasks\At688.job moved successfully.
C:\WINDOWS\Tasks\At689.job moved successfully.
C:\WINDOWS\Tasks\At69.job moved successfully.
C:\WINDOWS\Tasks\At690.job moved successfully.
C:\WINDOWS\Tasks\At691.job moved successfully.
C:\WINDOWS\Tasks\At692.job moved successfully.
C:\WINDOWS\Tasks\At693.job moved successfully.
C:\WINDOWS\Tasks\At694.job moved successfully.
C:\WINDOWS\Tasks\At695.job moved successfully.
C:\WINDOWS\Tasks\At696.job moved successfully.
C:\WINDOWS\Tasks\At697.job moved successfully.
C:\WINDOWS\Tasks\At698.job moved successfully.
C:\WINDOWS\Tasks\At699.job moved successfully.
C:\WINDOWS\Tasks\At7.job moved successfully.
C:\WINDOWS\Tasks\At70.job moved successfully.
C:\WINDOWS\Tasks\At700.job moved successfully.
C:\WINDOWS\Tasks\At701.job moved successfully.
C:\WINDOWS\Tasks\At702.job moved successfully.
C:\WINDOWS\Tasks\At703.job moved successfully.
C:\WINDOWS\Tasks\At704.job moved successfully.
C:\WINDOWS\Tasks\At705.job moved successfully.
C:\WINDOWS\Tasks\At706.job moved successfully.
C:\WINDOWS\Tasks\At707.job moved successfully.
C:\WINDOWS\Tasks\At708.job moved successfully.
C:\WINDOWS\Tasks\At709.job moved successfully.
C:\WINDOWS\Tasks\At71.job moved successfully.
C:\WINDOWS\Tasks\At710.job moved successfully.
C:\WINDOWS\Tasks\At711.job moved successfully.
C:\WINDOWS\Tasks\At712.job moved successfully.
C:\WINDOWS\Tasks\At713.job moved successfully.
C:\WINDOWS\Tasks\At714.job moved successfully.
C:\WINDOWS\Tasks\At715.job moved successfully.
C:\WINDOWS\Tasks\At716.job moved successfully.
C:\WINDOWS\Tasks\At717.job moved successfully.
C:\WINDOWS\Tasks\At718.job moved successfully.
C:\WINDOWS\Tasks\At719.job moved successfully.
C:\WINDOWS\Tasks\At72.job moved successfully.
C:\WINDOWS\Tasks\At720.job moved successfully.
C:\WINDOWS\Tasks\At721.job moved successfully.
C:\WINDOWS\Tasks\At722.job moved successfully.
C:\WINDOWS\Tasks\At723.job moved successfully.
C:\WINDOWS\Tasks\At724.job moved successfully.
C:\WINDOWS\Tasks\At725.job moved successfully.
C:\WINDOWS\Tasks\At726.job moved successfully.
C:\WINDOWS\Tasks\At727.job moved successfully.
C:\WINDOWS\Tasks\At728.job moved successfully.
C:\WINDOWS\Tasks\At729.job moved successfully.
C:\WINDOWS\Tasks\At73.job moved successfully.
C:\WINDOWS\Tasks\At730.job moved successfully.
C:\WINDOWS\Tasks\At731.job moved successfully.
C:\WINDOWS\Tasks\At732.job moved successfully.
C:\WINDOWS\Tasks\At733.job moved successfully.
C:\WINDOWS\Tasks\At734.job moved successfully.
C:\WINDOWS\Tasks\At735.job moved successfully.
C:\WINDOWS\Tasks\At736.job moved successfully.
C:\WINDOWS\Tasks\At737.job moved successfully.
C:\WINDOWS\Tasks\At738.job moved successfully.
C:\WINDOWS\Tasks\At739.job moved successfully.
C:\WINDOWS\Tasks\At74.job moved successfully.
C:\WINDOWS\Tasks\At740.job moved successfully.
C:\WINDOWS\Tasks\At741.job moved successfully.
C:\WINDOWS\Tasks\At742.job moved successfully.
C:\WINDOWS\Tasks\At743.job moved successfully.
C:\WINDOWS\Tasks\At744.job moved successfully.
C:\WINDOWS\Tasks\At745.job moved successfully.
C:\WINDOWS\Tasks\At746.job moved successfully.
C:\WINDOWS\Tasks\At747.job moved successfully.
C:\WINDOWS\Tasks\At748.job moved successfully.
C:\WINDOWS\Tasks\At749.job moved successfully.
C:\WINDOWS\Tasks\At75.job moved successfully.
C:\WINDOWS\Tasks\At750.job moved successfully.
C:\WINDOWS\Tasks\At751.job moved successfully.
C:\WINDOWS\Tasks\At752.job moved successfully.
C:\WINDOWS\Tasks\At753.job moved successfully.
C:\WINDOWS\Tasks\At754.job moved successfully.
C:\WINDOWS\Tasks\At755.job moved successfully.
C:\WINDOWS\Tasks\At756.job moved successfully.
C:\WINDOWS\Tasks\At757.job moved successfully.
C:\WINDOWS\Tasks\At758.job moved successfully.
C:\WINDOWS\Tasks\At759.job moved successfully.
C:\WINDOWS\Tasks\At76.job moved successfully.
C:\WINDOWS\Tasks\At760.job moved successfully.
C:\WINDOWS\Tasks\At761.job moved successfully.
C:\WINDOWS\Tasks\At762.job moved successfully.
C:\WINDOWS\Tasks\At763.job moved successfully.
C:\WINDOWS\Tasks\At764.job moved successfully.
C:\WINDOWS\Tasks\At765.job moved successfully.
C:\WINDOWS\Tasks\At766.job moved successfully.
C:\WINDOWS\Tasks\At767.job moved successfully.
C:\WINDOWS\Tasks\At768.job moved successfully.
C:\WINDOWS\Tasks\At769.job moved successfully.
C:\WINDOWS\Tasks\At77.job moved successfully.
C:\WINDOWS\Tasks\At770.job moved successfully.
C:\WINDOWS\Tasks\At771.job moved successfully.
C:\WINDOWS\Tasks\At772.job moved successfully.
C:\WINDOWS\Tasks\At773.job moved successfully.
C:\WINDOWS\Tasks\At774.job moved successfully.
C:\WINDOWS\Tasks\At775.job moved successfully.
C:\WINDOWS\Tasks\At776.job moved successfully.
C:\WINDOWS\Tasks\At777.job moved successfully.
C:\WINDOWS\Tasks\At778.job moved successfully.
C:\WINDOWS\Tasks\At779.job moved successfully.
C:\WINDOWS\Tasks\At78.job moved successfully.
C:\WINDOWS\Tasks\At780.job moved successfully.
C:\WINDOWS\Tasks\At781.job moved successfully.
C:\WINDOWS\Tasks\At782.job moved successfully.
C:\WINDOWS\Tasks\At783.job moved successfully.
C:\WINDOWS\Tasks\At784.job moved successfully.
C:\WINDOWS\Tasks\At785.job moved successfully.
C:\WINDOWS\Tasks\At786.job moved successfully.
C:\WINDOWS\Tasks\At787.job moved successfully.
C:\WINDOWS\Tasks\At788.job moved successfully.
C:\WINDOWS\Tasks\At789.job moved successfully.
C:\WINDOWS\Tasks\At79.job moved successfully.
C:\WINDOWS\Tasks\At790.job moved successfully.
C:\WINDOWS\Tasks\At791.job moved successfully.
C:\WINDOWS\Tasks\At792.job moved successfully.
C:\WINDOWS\Tasks\At793.job moved successfully.
C:\WINDOWS\Tasks\At794.job moved successfully.
C:\WINDOWS\Tasks\At795.job moved successfully.
C:\WINDOWS\Tasks\At796.job moved successfully.
C:\WINDOWS\Tasks\At797.job moved successfully.
C:\WINDOWS\Tasks\At798.job moved successfully.
C:\WINDOWS\Tasks\At799.job moved successfully.
C:\WINDOWS\Tasks\At8.job moved successfully.
C:\WINDOWS\Tasks\At80.job moved successfully.
C:\WINDOWS\Tasks\At800.job moved successfully.
C:\WINDOWS\Tasks\At801.job moved successfully.
C:\WINDOWS\Tasks\At802.job moved successfully.
C:\WINDOWS\Tasks\At803.job moved successfully.
C:\WINDOWS\Tasks\At804.job moved successfully.
C:\WINDOWS\Tasks\At805.job moved successfully.
C:\WINDOWS\Tasks\At806.job moved successfully.
C:\WINDOWS\Tasks\At807.job moved successfully.
C:\WINDOWS\Tasks\At808.job moved successfully.
C:\WINDOWS\Tasks\At809.job moved successfully.
C:\WINDOWS\Tasks\At81.job moved successfully.
C:\WINDOWS\Tasks\At810.job moved successfully.
C:\WINDOWS\Tasks\At811.job moved successfully.
C:\WINDOWS\Tasks\At812.job moved successfully.
C:\WINDOWS\Tasks\At813.job moved successfully.
C:\WINDOWS\Tasks\At814.job moved successfully.
C:\WINDOWS\Tasks\At815.job moved successfully.
C:\WINDOWS\Tasks\At816.job moved successfully.
C:\WINDOWS\Tasks\At817.job moved successfully.
C:\WINDOWS\Tasks\At818.job moved successfully.
C:\WINDOWS\Tasks\At819.job moved successfully.
C:\WINDOWS\Tasks\At82.job moved successfully.
C:\WINDOWS\Tasks\At820.job moved successfully.
C:\WINDOWS\Tasks\At821.job moved successfully.
C:\WINDOWS\Tasks\At822.job moved successfully.
C:\WINDOWS\Tasks\At823.job moved successfully.
C:\WINDOWS\Tasks\At824.job moved successfully.
C:\WINDOWS\Tasks\At825.job moved successfully.
C:\WINDOWS\Tasks\At826.job moved successfully.
C:\WINDOWS\Tasks\At827.job moved successfully.
C:\WINDOWS\Tasks\At828.job moved successfully.
C:\WINDOWS\Tasks\At829.job moved successfully.
C:\WINDOWS\Tasks\At83.job moved successfully.
C:\WINDOWS\Tasks\At830.job moved successfully.
C:\WINDOWS\Tasks\At831.job moved successfully.
C:\WINDOWS\Tasks\At832.job moved successfully.
C:\WINDOWS\Tasks\At833.job moved successfully.
C:\WINDOWS\Tasks\At834.job moved successfully.
C:\WINDOWS\Tasks\At835.job moved successfully.
C:\WINDOWS\Tasks\At836.job moved successfully.
C:\WINDOWS\Tasks\At837.job moved successfully.
C:\WINDOWS\Tasks\At838.job moved successfully.
C:\WINDOWS\Tasks\At839.job moved successfully.
C:\WINDOWS\Tasks\At84.job moved successfully.
C:\WINDOWS\Tasks\At840.job moved successfully.
C:\WINDOWS\Tasks\At85.job moved successfully.
C:\WINDOWS\Tasks\At86.job moved successfully.
C:\WINDOWS\Tasks\At87.job moved successfully.
C:\WINDOWS\Tasks\At88.job moved successfully.
C:\WINDOWS\Tasks\At89.job moved successfully.
C:\WINDOWS\Tasks\At9.job moved successfully.
C:\WINDOWS\Tasks\At90.job moved successfully.
C:\WINDOWS\Tasks\At91.job moved successfully.
C:\WINDOWS\Tasks\At92.job moved successfully.
C:\WINDOWS\Tasks\At93.job moved successfully.
C:\WINDOWS\Tasks\At94.job moved successfully.
C:\WINDOWS\Tasks\At95.job moved successfully.
C:\WINDOWS\Tasks\At96.job moved successfully.
C:\WINDOWS\Tasks\At97.job moved successfully.
C:\WINDOWS\Tasks\At98.job moved successfully.
C:\WINDOWS\Tasks\At99.job moved successfully.
File C:\WINDOWS\system32\winlogon.exe successfully replaced with C:\replace\winlogon.exe
File C:\WINDOWS\system32\svchost.exe successfully replaced with C:\replace\svchost.exe
File C:\windows\explorer.exe successfully replaced with C:\replace\explorer.exe
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 321 bytes

User: dion
->Temp folder emptied: 24779446 bytes
->Temporary Internet Files folder emptied: 439651490 bytes
->Java cache emptied: 37136395 bytes
->Google Chrome cache emptied: 424960935 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 46876 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 40740562 bytes
->Java cache emptied: 8397 bytes
->Flash cache emptied: 4979 bytes

User: Tamara x x
->Temp folder emptied: 92388242 bytes
->Temporary Internet Files folder emptied: 24840831 bytes
->Java cache emptied: 16430 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 76817 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 59520 bytes
Windows Temp folder emptied: 33901170 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 77551924 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 156336 bytes

Total Files Cleaned = 1,141.00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: dion
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Tamara x x
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Error: Unable to interpret <[CREATERESTOREPOINT]> in the current context!

OTLPE by OldTimer - Version 3.1.43.0 log created on 11262010_233455
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\ not found.
File C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL not found.

OTLPE by OldTimer - Version 3.1.43.0 log created on 11262010_233442

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Tamara x x\Local Settings\Temp\hsperfdata_Tamara x x\11424 not found!
File\Folder C:\Documents and Settings\Tamara x x\Local Settings\Temporary Internet Files\Content.IE5\YO9QUIR3\dnserrordiagoff_webOC[1] not found!
File\Folder C:\Documents and Settings\Tamara x x\Local Settings\Temporary Internet Files\Content.IE5\YO9QUIR3\down[1] not found!
File\Folder C:\Documents and Settings\Tamara x x\Local Settings\Temporary Internet Files\Content.IE5\YO9QUIR3\httpErrorPagesScripts[1] not found!
File\Folder C:\Documents and Settings\Tamara x x\Local Settings\Temporary Internet Files\Content.IE5\YO9QUIR3\info_48[1] not found!
File\Folder C:\Documents and Settings\Tamara x x\Local Settings\Temporary Internet Files\Content.IE5\YO9QUIR3\LOGO[1] not found!
File\Folder C:\Documents and Settings\Tamara x x\Local Settings\Temporary Internet Files\Content.IE5\YO9QUIR3\StyleSheet[1] not found!
File\Folder C:\Documents and Settings\Tamara x x\Local Settings\Temporary Internet Files\Content.IE5\J4SX4UA5\104[1] not found!
File\Folder C:\Documents and Settings\Tamara x x\Local Settings\Temporary Internet Files\Content.IE5\J4SX4UA5\BACKGROUND[1] not found!
File\Folder C:\Documents and Settings\Tamara x x\Local Settings\Temporary Internet Files\Content.IE5\J4SX4UA5\background_gradient[1] not found!
File\Folder C:\Documents and Settings\Tamara x x\Local Settings\Temporary Internet Files\Content.IE5\J4SX4UA5\errorPageStrings[1] not found!
File\Folder C:\Documents and Settings\Tamara x x\Local Settings\Temporary Internet Files\Content.IE5\J4SX4UA5\sysok_ui[1] not found!

Registry entries deleted on Reboot...
  • 0

#19
Clareykins

Clareykins

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
After posting the last reply, with the flash drive plugged into the clean machine. Avira popped up with..

A Virus or unwanted program was found!
jOIXUXYM.exe WORM/Ramnit.A.14

I've clicked to 'move to quarantine' and am hoping for the best :'(
  • 0

#20
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi Clareykins,

Step One

Format the USB stick (using FAT32) on the clean machine.
Then vaccinate the drive using Panda USB Vaccine.

Step Two

Download fix.txt into your desktop.
Attached File  fix.txt   65.54KB   354 downloads
  • Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Drag and drop fix.txt into the Custom scans and fixes box
  • If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done and post the resulting log on your next reply.

Step Three

Download Dr Web from here http://www.freedrweb.com/?lng=en link on the top right of the page, tick the EULA and then download

It will download as an 8 digit file save it to your desktop

Restart in safe mode and run
Accept the enhanced version
Then run the quick scan
About halfway through you will be prompted to buy - just X the box closed
Once finished it will generate a log please attach that.

Step Four

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Step Five

Run OTL again and choose "Quickscan". Post the log on your next reply.

Edited by Salagubang, 27 November 2010 - 07:09 AM.

  • 0

#21
Clareykins

Clareykins

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Am I doing all of this on the clean machine or step 2 onwards on the culprit netbook?
  • 0

#22
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts

Am I doing all of this on the clean machine or step 2 onwards on the culprit netbook?


Except for step one which you need to do on the clean computer, do all of the steps above on the infected machine.

If you encounter problem downloading the tools, you may download the tools using the clean computer and transfer them to the ailing machine.
  • 0

#23
Clareykins

Clareykins

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
During the 'Run Fix' part of step two an error popped up stating 'Access violation OTL.exe' and vanished before I could finish reading, left the computer frozen with 'creating restore point, do not interrupt' on screen. I "ctrl alt deleted" and started explorer.exe, trying to restart OTL I was presented with a text file containing in short 'Files\Folders moved on reboot' I restarted manually.
Re-Attempting step two all ran fine, OTL log:-


All processes killed
========== OTL ==========
Error: No service named MyWebSearchService was found to stop!
Service\Driver key MyWebSearchService not found.
File C:\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE not found.
Error: No service named ccxucg was found to stop!
Service\Driver key ccxucg not found.
File C:\WINDOWS\System32\drivers\ccxucg.sys not found.
Error: No service named PRAGMAsivpdrbces was found to stop!
Service\Driver key PRAGMAsivpdrbces not found.
File C:\WINDOWS\PRAGMAsivpdrbces\PRAGMAd.sys not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00A6FAF6-072E-44cf-8957-5838F569A31D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\ not found.
File C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL not found.
Unable to set value : HKU\dion_ON_C\Software\Microsoft\Internet Explorer\Main\\Start Page| /E!
Registry key HKEY_USERS\dion_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\ not found.
File C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\ not found.
File C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] not found.
File C:\Program Files\MyWebSearch\bar\2.bin not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DFAD8032-344F-4105-82EA-26C5B0A84DBF} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFAD8032-344F-4105-82EA-26C5B0A84DBF}\ not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Application Data\{DFAD8032-344F-4105-82EA-26C5B0A84DBF} not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D6BA40A1-A502-59BD-F413-04B03A2C8953}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D6BA40A1-A502-59BD-F413-04B03A2C8953}\ not found.
File C:\WINDOWS\system32\mzmddj1nar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\ not found.
File C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\ not found.
File C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL not found.
Registry key HKEY_USERS\dion_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\ not found.
File C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\ not found.
File C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRmSc not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\avp32.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRnE0 not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\cmd .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRnEc not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\cmd .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRnEg0 not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\cmd .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRnEgc not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\cmd .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRnEgg0 not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\cmd .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRnEggc not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\cmd .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRnEggj not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\cmd .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRnEggK not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\cmd .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRnEgj not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\cmd .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRnEgK not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\cmd .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRnEj not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\cmd .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRnEK not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\cmd .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRnH not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\cmd .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRnsc not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\drweb.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRny0 not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\csrss .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRnyc not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\csrss.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRnyg0 not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\csrss .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRnygc not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\csrss .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRnygg0 not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\csrss .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRnyggc not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\csrss .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRnyggK not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\csrss .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRnygj not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\csrss .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRnygK not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\csrss .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRnyj not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\csrss .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRnyK not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\csrss .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRnZ not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\cmd.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRota not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\install.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRotc not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\hexdump.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRotGc not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\install .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRotGK not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\install .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRotH0 not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\hexdump .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRotHc not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\hexdump .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRotHg0 not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\hexdump .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRotHgc not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\hexdump .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRotHggc not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\hexdump .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRotHgj not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\hexdump .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRotHgK not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\hexdump .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRotHj not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\hexdump .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRotHK not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\hexdump .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRotJ not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\install .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRotK not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\hexdump .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRouqc not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\iexplarer.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRouqK not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\iexplarer .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRpc+ not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\n2mih8u .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRpc70 not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\n2mih8u .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRpc7c not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\n2mih8u .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRpc7g0 not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\n2mih8u .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRpc7gc not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\n2mih8u .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRpc7gj not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\n2mih8u .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRpc7gK not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\n2mih8u .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRpc7j not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\n2mih8u .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRpc7K not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\n2mih8u .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRpcQ not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\n2mih8u.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRpr0 not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRprc not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\login.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRprg0 not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRprgc not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRprgg0 not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRprggc not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRprggg0 not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRprgggc not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRprgggj not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRprgggK not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRprggj not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRprggK not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRprgj not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRprgK not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRprj not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRprK not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRpSg2c not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\l42muyf1sx .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRpSg2K not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\l42muyf1sx .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRpSg5 not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\l42muyf1sx .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRpSgg not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\l42muyf1sx.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRpSgK not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\l42muyf1sx .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRpZ not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\mdm.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRrc0 not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\smss .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRrcc not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\smss .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRrcj not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\smss .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRrcK not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\smss .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRrg not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\smss.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRrta not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\services.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRrtWc not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\services .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRrv0 not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\setup .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRrvc not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\setup.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRrvg0 not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\setup .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRrvgc not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\setup .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRrvgg0 not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\setup .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRrvggc not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\setup .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRrvggj not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\setup .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRrvggK not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\setup .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRrvgj not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\setup .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRrvgK not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\setup .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRrvj not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\setup .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRrvK not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\setup .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRsa not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\win.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRsPc not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\win16.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRsPK not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\win32 .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRsre not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\wininst.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRsrJ0 not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\wininst .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRsrJc not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\wininst .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRsrJg0 not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\wininst .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRsrJgc not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\wininst .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRsrJgj not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\wininst .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRsrJgK not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\wininst .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRsrJj not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\wininst .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRsrJK not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\wininst .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRsrN not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\wininst .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKbMc not found.
File C:\WINDOWS\gdi32.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKbtc not found.
File C:\WINDOWS\hexdump.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKbtH0 not found.
File C:\WINDOWS\hexdump .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKbtHc not found.
File C:\WINDOWS\hexdump .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKbtHg0 not found.
File C:\WINDOWS\hexdump .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKbtHgc not found.
File C:\WINDOWS\hexdump .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKbtHgK not found.
File C:\WINDOWS\hexdump .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKbtHj not found.
File C:\WINDOWS\hexdump .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKbtHK not found.
File C:\WINDOWS\hexdump .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKbtK not found.
File C:\WINDOWS\hexdump .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKbuqc not found.
File C:\WINDOWS\iexplarer.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKcr0 not found.
File C:\WINDOWS\login .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKcrc not found.
File C:\WINDOWS\login.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKcrg0 not found.
File C:\WINDOWS\login .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKcrgc not found.
File C:\WINDOWS\login .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKcrgg0 not found.
File C:\WINDOWS\login .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKcrggc not found.
File C:\WINDOWS\login .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKcrggg0 not found.
File C:\WINDOWS\login .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKcrgggc not found.
File C:\WINDOWS\login .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKcrgggg0 not found.
File C:\WINDOWS\login .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKcrggggc not found.
File C:\WINDOWS\login .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKcrggggg0 not found.
File C:\WINDOWS\login .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKcrgggggc not found.
File C:\WINDOWS\login .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKcrgggggg0 not found.
File C:\WINDOWS\login .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKcrggggggc not found.
File C:\WINDOWS\login .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKcrggggggg0 not found.
File C:\WINDOWS\login .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKcrgggggggc not found.
File C:\WINDOWS\login .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKcrgggggggg0 not found.
File C:\WINDOWS\login .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKcrggggggggc not found.
File C:\WINDOWS\login .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKcrgggggggggc not found.
File C:\WINDOWS\login .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKcrgggggggggK not found.
File C:\WINDOWS\login .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKcrggggggggj not found.
File C:\WINDOWS\login .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKcrggggggggK not found.
File C:\WINDOWS\login .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKcrgggggggj not found.
File C:\WINDOWS\login .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKcrgggggggK not found.
File C:\WINDOWS\login .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKcrggggggj not found.
File C:\WINDOWS\login .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKcrggggggK not found.
File C:\WINDOWS\login .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKcrgggggj not found.
File C:\WINDOWS\login .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKcrgggggK not found.
File C:\WINDOWS\login .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKcrggggj not found.
File C:\WINDOWS\login .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKcrggggK not found.
File C:\WINDOWS\login .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKcrgggj not found.
File C:\WINDOWS\login .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKcrgggK not found.
File C:\WINDOWS\login .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKcrggj not found.
File C:\WINDOWS\login .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKcrggK not found.
File C:\WINDOWS\login .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKcrgj not found.
File C:\WINDOWS\login .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKcrgK not found.
File C:\WINDOWS\login .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKcrj not found.
File C:\WINDOWS\login .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKcrK not found.
File C:\WINDOWS\login .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKcuc not found.
File C:\WINDOWS\lsass.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKcZ not found.
File C:\WINDOWS\mdm.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKdw+ not found.
File C:\WINDOWS\nvsvc32.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKdws not found.
File C:\WINDOWS\nvsvc32 .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKerb not found.
File C:\WINDOWS\taskmgr.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKeta not found.
File C:\WINDOWS\services.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKetW0 not found.
File C:\WINDOWS\services .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKetWc not found.
File C:\WINDOWS\services .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKetWg0 not found.
File C:\WINDOWS\services .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKetWgc not found.
File C:\WINDOWS\services .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKetWgg0 not found.
File C:\WINDOWS\services .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKetWggc not found.
File C:\WINDOWS\services .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKetWggg0 not found.
File C:\WINDOWS\services .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKetWgggc not found.
File C:\WINDOWS\services .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKetWgggK not found.
File C:\WINDOWS\services .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKetWggj not found.
File C:\WINDOWS\services .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKetWggK not found.
File C:\WINDOWS\services .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKetWggKWS\services .exe not found.
File C:\WINDOWS\services .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKetWgj not found.
File C:\WINDOWS\services .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKetWgK not found.
File C:\WINDOWS\services .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKetWj not found.
File C:\WINDOWS\services .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKetWK not found.
File C:\WINDOWS\services .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKeuf not found.
File C:\WINDOWS\spoolsv.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKeuK0 not found.
File C:\WINDOWS\spoolsv .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKeuKc not found.
File C:\WINDOWS\spoolsv .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKeuKK not found.
File C:\WINDOWS\spoolsv .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKeuN not found.
File C:\WINDOWS\spoolsv .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKev0 not found.
File C:\WINDOWS\setup .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKevc not found.
File C:\WINDOWS\setup.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKevj not found.
File C:\WINDOWS\setup .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKevK not found.
File C:\WINDOWS\setup .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKexe not found.
File C:\WINDOWS\system.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKfa not found.
File C:\WINDOWS\win.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKfP0 not found.
File C:\WINDOWS\win16 .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKfPc not found.
File C:\WINDOWS\win16.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKfPg0 not found.
File C:\WINDOWS\win16 .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKfPgc not found.
File C:\WINDOWS\win16 .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKfPgg0 not found.
File C:\WINDOWS\win16 .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKfPggc not found.
File C:\WINDOWS\win16 .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKfPggg0 not found.
File C:\WINDOWS\win16 .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKfPgggc not found.
File C:\WINDOWS\win16 .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKfPgggg0 not found.
File C:\WINDOWS\win16 .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKfPggggc not found.
File C:\WINDOWS\win16 .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKfPggggg0 not found.
File C:\WINDOWS\win16 .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKfPgggggc not found.
File C:\WINDOWS\win16 .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKfPgggggg0 not found.
File C:\WINDOWS\win16 .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKfPggggggc not found.
File C:\WINDOWS\win16 .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKfPggggggg0 not found.
File C:\WINDOWS\win16 .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKfPgggggggc not found.
File C:\WINDOWS\win16 .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKfPggggggggc not found.
File C:\WINDOWS\win16 .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKfPgggggggj not found.
File C:\WINDOWS\win16 .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKfPgggggggK not found.
File C:\WINDOWS\win16 .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKfPggggggj not found.
File C:\WINDOWS\win16 .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKfPggggggK not found.
File C:\WINDOWS\win16 .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKfPgggggj not found.
File C:\WINDOWS\win16 .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKfPgggggK not found.
File C:\WINDOWS\win16 .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKfPggggj not found.
File C:\WINDOWS\win16 .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKfPggggK not found.
File C:\WINDOWS\win16 .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKfPgggj not found.
File C:\WINDOWS\win16 .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKfPgggK not found.
File C:\WINDOWS\win16 .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKfPggj not found.
File C:\WINDOWS\win16 .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKfPggK not found.
File C:\WINDOWS\win16 .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKfPgj not found.
File C:\WINDOWS\win16 .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKfPgK not found.
File C:\WINDOWS\win16 .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKfPj not found.
File C:\WINDOWS\win16 .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKfPK not found.
File C:\WINDOWS\win16 .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKfre not found.
File C:\WINDOWS\wininst.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKfsc not found.
File C:\WINDOWS\winlogon.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKWPeP not found.
File C:\WINDOWS\temp\avp32.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKWPf6 not found.
File C:\WINDOWS\temp\win16 .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKWPfQ not found.
File C:\WINDOWS\temp\win16.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKWPrc not found.
File C:\WINDOWS\temp\winamp.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKWPsf not found.
File C:\WINDOWS\temp\lsass.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKWPsJ not found.
File C:\WINDOWS\temp\lsass .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKWPtd0 not found.
File C:\WINDOWS\temp\wininst .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKWPtdc not found.
File C:\WINDOWS\temp\wininst .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKWPtdgc not found.
File C:\WINDOWS\temp\wininst .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKWPtdj not found.
File C:\WINDOWS\temp\wininst .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKWPtdK not found.
File C:\WINDOWS\temp\wininst .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKWPtg not found.
File C:\WINDOWS\temp\wininst.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKWPtp0c not found.
File C:\WINDOWS\temp\iexplarer .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKWPtp0K not found.
File C:\WINDOWS\temp\iexplarer .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKWPtp4 not found.
File C:\WINDOWS\temp\iexplarer .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKWPtpf not found.
File C:\WINDOWS\temp\iexplarer.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKWPtpJ not found.
File C:\WINDOWS\temp\iexplarer .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKWPvZ not found.
File C:\WINDOWS\temp\install.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKWPwe not found.
File C:\WINDOWS\temp\setup.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKWPwI not found.
File C:\WINDOWS\temp\setup .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKZe not found.
File C:\WINDOWS\avp.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKZSc not found.
File C:\WINDOWS\avp32.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MKZSK not found.
File C:\WINDOWS\avp32 .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\My Web Search Bar Search Scope Monitor not found.
File C:\Program Files\MyWebSearch\bar\2.bin\m3SrchMn.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Email Plugin not found.
File C:\Program Files\MyWebSearch\bar\2.bin\mwsoemon.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\nonep not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\tmp0cec1dad\ee .exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\snp2uvc not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\uPc+MV0NdhaGuo not found.
File C:\WINDOWS\System32\n3xy5nh.DLL not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\uPc+MV0NmQaXms not found.
File C:\WINDOWS\System32\foj6mp.DLL not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Yrowamumoke not found.
File C:\WINDOWS\idohokofa.DLL not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\dfrgsnapnt.exe not found.
File C:\WINDOWS\temp\dfrgsnapnt.exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRmSc not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\avp32.exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRotK not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\hexdump .exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRouqK not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\iexplarer .exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRpc+ not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\n2mih8u .exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRpSgK not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\l42muyf1sx .exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRrcc not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\smss .exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRrtWc not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\services .exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRrvK not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\setup .exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\HNUIQOXRsrN not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\wininst .exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\MKbMc not found.
File C:\WINDOWS\gdi32.exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\MKbtK not found.
File C:\WINDOWS\hexdump .exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\MKcr0 not found.
File C:\WINDOWS\login .exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\MKcrg0 not found.
File C:\WINDOWS\login .exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\MKcrgc not found.
File C:\WINDOWS\login .exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\MKcrggc not found.
File C:\WINDOWS\login .exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\MKcrggK not found.
File C:\WINDOWS\login .exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\MKcrgj not found.
File C:\WINDOWS\login .exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\MKcrgK not found.
File C:\WINDOWS\login .exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\MKcrj not found.
File C:\WINDOWS\login .exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\MKcrK not found.
File C:\WINDOWS\login .exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\MKcuc not found.
File C:\WINDOWS\lsass.exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\MKcZ not found.
File C:\WINDOWS\mdm.exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\MKerb not found.
File C:\WINDOWS\taskmgr.exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\MKetW0 not found.
File C:\WINDOWS\services .exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\MKetWc not found.
File C:\WINDOWS\services .exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\MKetWg0 not found.
File C:\WINDOWS\services .exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\MKetWgc not found.
File C:\WINDOWS\services .exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\MKetWgj not found.
File C:\WINDOWS\services .exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\MKetWgK not found.
File C:\WINDOWS\services .exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\MKetWj not found.
File C:\WINDOWS\services .exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\MKetWK not found.
File C:\WINDOWS\services .exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\MKeuf not found.
File C:\WINDOWS\spoolsv.exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\MKexe not found.
File C:\WINDOWS\system.exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\MKfa not found.
File C:\WINDOWS\win.exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\MKfP0 not found.
File C:\WINDOWS\win16 .exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\MKfre not found.
File C:\WINDOWS\wininst.exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\MKWPeP not found.
File C:\WINDOWS\temp\avp32.exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\MKWPfQ not found.
File C:\WINDOWS\temp\win16.exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\MKWPrc not found.
File C:\WINDOWS\temp\winamp.exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\MKWPsf not found.
File C:\WINDOWS\temp\lsass.exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\MKWPtg not found.
File C:\WINDOWS\temp\wininst.exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\MKWPtp4 not found.
File C:\WINDOWS\temp\iexplarer .exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\MKWPtpf not found.
File C:\WINDOWS\temp\iexplarer.exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\MKWPtpJ not found.
File C:\WINDOWS\temp\iexplarer .exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\MKWPvZ not found.
File C:\WINDOWS\temp\install.exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\MKWPwe not found.
File C:\WINDOWS\temp\setup.exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\MKZe not found.
File C:\WINDOWS\avp.exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\uPc+MV0NmQaXms not found.
File C:\WINDOWS\System32\foj6mp.DLL not found.
Registry key HKEY_USERS\dion_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{134DDCDE-3647-82F6-EE94-F56836D4842B}\ not found.
File C:\Documents and Settings\Tamara x x\Application Data\Izkoo\asema.exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24984FB9-75B1-7984-F4FB-36E75E4A8403}\ not found.
File C:\Documents and Settings\Tamara x x\Application Data\Cuas\uvydu.exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{467FD43A-2F18-771E-930B-BAEF778D6D00}\ not found.
File C:\Documents and Settings\Tamara x x\Application Data\Acapqe\xaada.exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\avp32.exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\cmd .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\cmd .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\cmd .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\cmd .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\cmd .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\cmd .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\cmd .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\cmd .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\cmd .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\cmd .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\cmd .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\cmd .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\cmd .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\drweb.exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\csrss .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\csrss.exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\csrss .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\csrss .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\csrss .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\csrss .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\csrss .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\csrss .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\csrss .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\csrss .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\csrss .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\cmd.exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\install.exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\hexdump.exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\install .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\install .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\hexdump .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\hexdump .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\hexdump .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\hexdump .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\hexdump .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\hexdump .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\hexdump .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\hexdump .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\hexdump .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\install .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\iexplarer.exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\n2mih8u .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\n2mih8u .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\n2mih8u .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\n2mih8u .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\n2mih8u .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\n2mih8u .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\n2mih8u .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\n2mih8u .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\n2mih8u.exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\login.exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\login .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\l42muyf1sx .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\l42muyf1sx .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\l42muyf1sx .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\l42muyf1sx.exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\mdm.exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\smss .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\smss .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\smss .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\smss.exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\services.exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\setup .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\setup.exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\setup .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\setup .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\setup .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\setup .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\setup .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\setup .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\setup .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\setup .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\setup .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\win.exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\win16.exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\win32 .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\wininst.exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\wininst .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\wininst .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\wininst .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\wininst .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\wininst .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\wininst .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\wininst .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Temp\wininst .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\gdi32.exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\hexdump.exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\hexdump .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\hexdump .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\hexdump .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\hexdump .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\hexdump .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\hexdump .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\hexdump .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\iexplarer.exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\login.exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\login .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\login .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\login .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\login .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\login .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\login .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\login .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\login .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\login .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\login .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\login .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\login .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\login .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\login .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\login .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\login .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\login .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\login .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\login .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\login .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\login .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\login .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\login .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\login .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\login .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\login .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\login .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\login .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\lsass.exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\mdm.exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\nvsvc32.exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\nvsvc32 .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\services.exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\services .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\services .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\services .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\services .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\services .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\services .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\services .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\services .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\spoolsv .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\spoolsv .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\spoolsv .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\spoolsv .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\setup .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\setup.exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\setup .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\setup .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\system.exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\win.exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\win16.exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\win16 .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\win16 .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\win16 .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\win16 .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\win16 .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\win16 .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\win16 .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\win16 .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\win16 .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\win16 .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\win16 .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\win16 .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\win16 .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\win16 .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\win16 .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\win16 .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\win16 .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\win16 .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\win16 .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\win16 .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\win16 .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\win16 .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\win16 .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\win16 .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\win16 .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\win16 .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\win16 .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\win16 .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\win16 .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\win16 .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\win16 .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\wininst.exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\winlogon.exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\temp\avp32.exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\temp\win16 .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\temp\lsass .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\temp\wininst .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\temp\wininst .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\temp\wininst .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\temp\wininst .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\temp\wininst .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\temp\iexplarer .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\temp\iexplarer .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\temp\install.exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\temp\setup .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\avp.exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\avp32.exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\avp32 .exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Program Files\MyWebSearch\bar\2.bin\mwsoemon.exe not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\wmumelog.DLL not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\System32\n3xy5nh.DLL not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\System32\foj6mp.DLL not found.
File move failed. C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk scheduled to be moved on reboot.
File C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe not found.
File C:\Documents and Settings\Default User\Start Menu\Programs\Startup\depabi.exe not found.
File C:\Documents and Settings\Default User\Start Menu\Programs\Startup\eqysop.exe not found.
File C:\Documents and Settings\Default User\Start Menu\Programs\Startup\faxuo.exe not found.
File C:\Documents and Settings\Default User\Start Menu\Programs\Startup\hosa.exe not found.
File C:\Documents and Settings\Default User\Start Menu\Programs\Startup\ikcesy.exe not found.
File C:\Documents and Settings\Default User\Start Menu\Programs\Startup\ipcuad.exe not found.
File C:\Documents and Settings\Default User\Start Menu\Programs\Startup\kaxi.exe not found.
File C:\Documents and Settings\Default User\Start Menu\Programs\Startup\nioh.exe not found.
File C:\Documents and Settings\Default User\Start Menu\Programs\Startup\uhen.exe not found.
File C:\Documents and Settings\Default User\Start Menu\Programs\Startup\wogee.exe not found.
File C:\Documents and Settings\Default User\Start Menu\Programs\Startup\xoymho.exe not found.
File C:\Documents and Settings\Default User\Start Menu\Programs\Startup\yrezyq.exe not found.
File C:\Documents and Settings\dion\Start Menu\Programs\Startup\ceaf.exe not found.
File C:\Documents and Settings\dion\Start Menu\Programs\Startup\daikn.exe not found.
File C:\Documents and Settings\dion\Start Menu\Programs\Startup\ecyri.exe not found.
File C:\Documents and Settings\dion\Start Menu\Programs\Startup\fumi.exe not found.
File C:\Documents and Settings\dion\Start Menu\Programs\Startup\imte.exe not found.
File C:\Documents and Settings\dion\Start Menu\Programs\Startup\liug.exe not found.
File C:\Documents and Settings\dion\Start Menu\Programs\Startup\nyur.exe not found.
File C:\Documents and Settings\dion\Start Menu\Programs\Startup\ocami.exe not found.
File C:\Documents and Settings\dion\Start Menu\Programs\Startup\oryte.exe not found.
File C:\Documents and Settings\dion\Start Menu\Programs\Startup\ovqe.exe not found.
File C:\Documents and Settings\dion\Start Menu\Programs\Startup\xeitab.exe not found.
File C:\Documents and Settings\dion\Start Menu\Programs\Startup\ysdy.exe not found.
File C:\Documents and Settings\Tamara x x\Start Menu\Programs\Startup\logtec32.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFolderOptions not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System not found.
Registry key HKEY_USERS\Tamara_x_x_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System not found.
Starting removal of ActiveX control {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:c:\program files\microsoft\desktoplayer.exe deleted successfully.
File move failed. C:\Program Files\Microsoft\DesktopLayer.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Documents and Settings\NetworkService\Application Data\hotfix.exe deleted successfully.
Registry value HKEY_USERS\dion_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Documents and Settings\dion\Application Data\antispy.exe deleted successfully.
File C:\Documents and Settings\dion\Application Data\antispy.exe not found.
Registry value HKEY_USERS\Tamara_x_x_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Documents and Settings\Tamara x x\Application Data\hotfix.exe deleted successfully.
File C:\Documents and Settings\Tamara x x\Application Data\hotfix.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{D6BA40A1-A502-59BD-F413-04B03A2C8953} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D6BA40A1-A502-59BD-F413-04B03A2C8953}\ not found.
File C:\WINDOWS\system32\mzmddj1nar.dll not found.
Folder C:\Documents and Settings\Tamara x x\Local Settings\Application Data\Temp\ not found.
File C:\WINDOWS\winlogon .exe not found.
Folder C:\Documents and Settings\Tamara x x\Application Data\Voukom\ not found.
Folder C:\Documents and Settings\Tamara x x\Application Data\Izkoo\ not found.
File C:\Documents and Settings\dion\Application Data\antispy.exe not found.
File/Folder C:\WINDOWS\System32\*.tmp not found.
File/Folder C:\WINDOWS\System32\drivers\*.tmp not found.
File C:\WINDOWS\System32\drivers\ccxucg.sys not found.
C:\WINDOWS\system32\dmlconf.dat moved successfully.
File C:\WINDOWS\login .exe not found.
File C:\WINDOWS\win16 .exe not found.
File C:\WINDOWS\login .exe not found.
File C:\WINDOWS\win16 .exe not found.
File C:\WINDOWS\login .exe not found.
File C:\WINDOWS\win16 .exe not found.
File C:\WINDOWS\login .exe not found.
File C:\WINDOWS\win16 .exe not found.
File C:\WINDOWS\login .exe not found.
File C:\WINDOWS\win16 .exe not found.
File C:\WINDOWS\login .exe not found.
File C:\WINDOWS\win16 .exe not found.
File C:\WINDOWS\login .exe not found.
File C:\WINDOWS\win16 .exe not found.
File C:\WINDOWS\login .exe not found.
File C:\WINDOWS\win16 .exe not found.
File C:\WINDOWS\login .exe not found.
File C:\WINDOWS\win16 .exe not found.
File C:\WINDOWS\login .exe not found.
File C:\WINDOWS\win16 .exe not found.
File C:\WINDOWS\login .exe not found.
File C:\WINDOWS\win16 .exe not found.
File C:\WINDOWS\login .exe not found.
File C:\WINDOWS\win16 .exe not found.
File C:\WINDOWS\login .exe not found.
File C:\WINDOWS\win16 .exe not found.
File C:\WINDOWS\login .exe not found.
File C:\WINDOWS\win16 .exe not found.
File C:\Documents and Settings\Tamara x x\Application Data\hotfixSrv.exe not found.
File C:\WINDOWS\login .exe not found.
File C:\WINDOWS\win16 .exe not found.
File C:\WINDOWS\login .exe not found.
File C:\WINDOWS\win16 .exe not found.
File C:\WINDOWS\login .exe not found.
File C:\WINDOWS\win16 .exe not found.
File C:\Documents and Settings\Default User\Start Menu\Programs\StartUp\hosa.exe not found.
File C:\WINDOWS\login .exe not found.
File C:\WINDOWS\win16 .exe not found.
File C:\WINDOWS\login .exe not found.
File C:\WINDOWS\win16 .exe not found.
File C:\WINDOWS\login .exe not found.
File C:\WINDOWS\win16 .exe not found.
File C:\WINDOWS\login .exe not found.
File C:\WINDOWS\win16 .exe not found.
File C:\WINDOWS\login .exe not found.
File C:\WINDOWS\win16 .exe not found.
File C:\WINDOWS\login .exe not found.
File C:\WINDOWS\win16 .exe not found.
File C:\WINDOWS\login .exe not found.
File C:\WINDOWS\win16 .exe not found.
File C:\WINDOWS\login .exe not found.
File C:\WINDOWS\win16 .exe not found.
File C:\WINDOWS\login .exe not found.
File C:\WINDOWS\win16 .exe not found.
File C:\WINDOWS\win16 .exe not found.
File C:\WINDOWS\login .exe not found.
File C:\WINDOWS\login .exe not found.
File C:\WINDOWS\win16 .exe not found.
File C:\WINDOWS\win16 .exe not found.
File C:\WINDOWS\login .exe not found.
File C:\WINDOWS\login .exe not found.
File C:\WINDOWS\win16 .exe not found.
File C:\WINDOWS\win16 .exe not found.
File C:\WINDOWS\services .exe not found.
File C:\WINDOWS\login .exe not found.
File C:\WINDOWS\login .exe not found.
File C:\WINDOWS\services .exe not found.
File C:\WINDOWS\win16 .exe not found.
File C:\WINDOWS\login .exe not found.
File C:\WINDOWS\services .exe not found.
File C:\WINDOWS\win16 .exe not found.
File C:\WINDOWS\debug.exe not found.
File C:\WINDOWS\taskmgr.exe not found.
File C:\WINDOWS\services .exe not found.
File C:\WINDOWS\hexdump .exe not found.
File C:\WINDOWS\win16 .exe not found.
File C:\WINDOWS\nvsvc32 .exe not found.
File C:\WINDOWS\services .exe not found.
File C:\WINDOWS\hexdump .exe not found.
File C:\WINDOWS\win16 .exe not found.
File C:\WINDOWS\winamp.exe not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Application Data\HIdgf2CLF.exe not found.
File C:\WINDOWS\svchost.exe not found.
File C:\WINDOWS\System32\HIdgf2CLF.com not found.
File C:\WINDOWS\nvsvc32.exe not found.
File C:\WINDOWS\drweb.exe not found.
File C:\WINDOWS\services .exe not found.
File C:\WINDOWS\login .exe not found.
File C:\WINDOWS\hexdump .exe not found.
File C:\WINDOWS\win16 .exe not found.
File C:\WINDOWS\services .exe not found.
File C:\WINDOWS\login .exe not found.
File C:\WINDOWS\hexdump .exe not found.
File C:\WINDOWS\cmd.exe not found.
File C:\WINDOWS\user.exe not found.
File C:\WINDOWS\win16 .exe not found.
File C:\WINDOWS\login .exe not found.
File C:\WINDOWS\spoolsv .exe not found.
File C:\WINDOWS\hexdump .exe not found.
File C:\WINDOWS\setup .exe not found.
File C:\WINDOWS\setup .exe not found.
File C:\WINDOWS\spoolsv .exe not found.
File C:\WINDOWS\sysedit.exe not found.
File C:\WINDOWS\install.exe not found.
File C:\WINDOWS\win16 .exe not found.
File C:\WINDOWS\login .exe not found.
File C:\WINDOWS\smss.exe not found.
File C:\WINDOWS\spoolsv .exe not found.
File C:\WINDOWS\setup .exe not found.
File C:\WINDOWS\hexdump .exe not found.
File C:\WINDOWS\avp32 .exe not found.
File C:\WINDOWS\win16 .exe not found.
File C:\WINDOWS\winlogon.exe not found.
File C:\WINDOWS\login .exe not found.
File C:\WINDOWS\nvsvc32 .exe not found.
File C:\WINDOWS\winlogon .exe not found.
File C:\WINDOWS\spoolsv .exe not found.
File C:\WINDOWS\hexdump .exe not found.
File C:\WINDOWS\System32\complete.dat not found.
File C:\WINDOWS\login .exe not found.
File C:\WINDOWS\setup.exe not found.
File C:\WINDOWS\lsass.exe not found.
File C:\WINDOWS\avp32.exe not found.
File C:\Documents and Settings\LocalService\Application Data\cxnojk.dat not found.
File C:\Documents and Settings\Tamara x x\Application Data\avdrn.dat not found.
File C:\WINDOWS\wininst.exe not found.
File C:\WINDOWS\win.exe not found.
File C:\WINDOWS\Ihudaguzeyawebe.dat not found.
File C:\WINDOWS\Xlaqozofu.bin not found.
File/Folder C:\WINDOWS\System32\*.tmp not found.
File/Folder C:\WINDOWS\System32\drivers\*.tmp not found.
File C:\WINDOWS\debug.exe not found.
File C:\WINDOWS\drweb.exe not found.
File C:\WINDOWS\winamp.exe not found.
File C:\WINDOWS\cmd.exe not found.
File C:\Documents and Settings\Tamara x x\Local Settings\Application Data\HIdgf2CLF.exe not found.
File C:\WINDOWS\System32\HIdgf2CLF.com not found.
File C:\WINDOWS\tasks\At769.job not found.
File C:\WINDOWS\sysedit.exe not found.
File C:\WINDOWS\install.exe not found.
File C:\WINDOWS\smss.exe not found.
File C:\WINDOWS\Fonts\HIdgf2CLF.com not found.
File C:\WINDOWS\winlogon.exe not found.
File C:\Documents and Settings\LocalService\Application Data\cxnojk.dat not found.
File C:\Documents and Settings\Tamara x x\Application Data\avdrn.dat not found.
File C:\Documents and Settings\Tamara x x\Application Data\hotfixSrv.exe not found.
File C:\WINDOWS\System32\n3xy5nh.dll not found.
File C:\WINDOWS\System32\mzmddj1nar.dll not found.
File C:\WINDOWS\System32\m69lbmmxi.dll not found.
File C:\WINDOWS\System32\foj6mp.dll not found.
File C:\WINDOWS\System32\drivers\ccxucg.sys not found.
File C:\Documents and Settings\Tamara x x\Application Data\hotfix.exe not found.
File C:\Documents and Settings\Tamara x x\Application Data\444.bat not found.
File C:\Documents and Settings\Tamara x x\Application Data\asdsada.bat not found.
File C:\WINDOWS\idohokofa.dll not found.
Folder C:\Documents and Settings\Tamara x x\Application Data\Acapqe\ not found.
Folder C:\Documents and Settings\Tamara x x\Application Data\Cuas\ not found.
Folder C:\Documents and Settings\Tamara x x\Application Data\Ecutq\ not found.
Folder C:\Documents and Settings\Tamara x x\Application Data\Edwy\ not found.
Folder C:\Documents and Settings\Tamara x x\Application Data\Fuuro\ not found.
Folder C:\Documents and Settings\Tamara x x\Application Data\Hecioh\ not found.
Folder C:\Documents and Settings\Tamara x x\Application Data\Igiw\ not found.
Folder C:\Documents and Settings\Tamara x x\Application Data\Ihopfo\ not found.
Folder C:\Documents and Settings\Tamara x x\Application Data\Irce\ not found.
Folder C:\Documents and Settings\Tamara x x\Application Data\Izkoo\ not found.
Folder C:\Documents and Settings\Tamara x x\Application Data\Kygaw\ not found.
Folder C:\Documents and Settings\Tamara x x\Application Data\Lauz\ not found.
Folder C:\Documents and Settings\Tamara x x\Application Data\Luibu\ not found.
Folder C:\Documents and Settings\Tamara x x\Application Data\Redoyb\ not found.
Folder C:\Documents and Settings\Tamara x x\Application Data\Royxic\ not found.
Folder C:\Documents and Settings\Tamara x x\Application Data\Unanp\ not found.
Folder C:\Documents and Settings\Tamara x x\Application Data\Usraap\ not found.
Folder C:\Documents and Settings\Tamara x x\Application Data\Uwqoel\ not found.
Folder C:\Documents and Settings\Tamara x x\Application Data\Uzlik\ not found.
Folder C:\Documents and Settings\Tamara x x\Application Data\Voukom\ not found.
Folder C:\Documents and Settings\Tamara x x\Application Data\Wuwa\ not found.
Folder C:\Documents and Settings\Tamara x x\Application Data\Xiwoci\ not found.
Folder C:\Documents and Settings\Tamara x x\Application Data\Xuiz\ not found.
Folder C:\Documents and Settings\Tamara x x\Application Data\Ysryob\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: MS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 16644053 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1167 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 16.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: MS
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Unable to start service SrService!

OTL by OldTimer - Version 3.2.17.3 log created on 11272010_171911

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk not found!
File move failed. C:\Program Files\Microsoft\DesktopLayer.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Heading to Step Three...
  • 0

#24
Clareykins

Clareykins

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Step three I noticed an 'UPDATE?' button on the DrWeb start up screen, I didn't update but should I have done? DrWeb ran uninterrupted, showed it was curing/moving/deleteing a list of infections then restarted the PC, there was no log shown after restart that I can find though.
Step Four: Downloaded ComboFix and it did, as you said, download the windows recovery console. ComboFix Log:-

ComboFix 10-11-26.07 - MS 27/11/2010 18:26:47.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1015.629 [GMT 0:00]
Running from: c:\documents and settings\MS\My Documents\Downloads\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\HIdgf2CLF.exe
c:\documents and settings\All Users\Application Data\NUIxK4Kp.exe
c:\documents and settings\All Users\Application Data\NUIxK4Kp.exe_
c:\documents and settings\MS\Application Data\Biufo\ofuqy.exe
c:\documents and settings\MS\Application Data\Bouqi
c:\documents and settings\MS\Application Data\Bouqi\bohu.lyt
c:\documents and settings\MS\Application Data\Bouqi\bohu.tmp
c:\documents and settings\MS\Application Data\Enatru
c:\documents and settings\MS\Application Data\Enatru\soreb.tmp
c:\documents and settings\MS\Application Data\Enatru\soreb.uht
c:\documents and settings\MS\Application Data\Ozfyom
c:\documents and settings\MS\Application Data\Ozfyom\uryln.lav
c:\documents and settings\MS\Application Data\Ozfyom\uryln.tmp
c:\documents and settings\MS\Application Data\Wysy
c:\documents and settings\MS\Application Data\Wysy\imwit.asl
c:\documents and settings\MS\Application Data\Wysy\imwit.tmp
c:\documents and settings\MS\Application Data\Wyytiz
c:\documents and settings\MS\Application Data\Wyytiz\apcup.tmp
c:\documents and settings\MS\Application Data\Xyefe
c:\documents and settings\MS\Application Data\Xyefe\ygxy.ceh
c:\documents and settings\MS\Application Data\Xyefe\ygxy.tmp
c:\documents and settings\MS\Local Settings\Application Data\{64B1D1C4-40E3-4632-ADEA-52FC4363255A}
c:\documents and settings\MS\Local Settings\Application Data\{64B1D1C4-40E3-4632-ADEA-52FC4363255A}\chrome.manifest
c:\documents and settings\MS\Local Settings\Application Data\{64B1D1C4-40E3-4632-ADEA-52FC4363255A}\chrome\content\_cfg.js
c:\documents and settings\MS\Local Settings\Application Data\{64B1D1C4-40E3-4632-ADEA-52FC4363255A}\chrome\content\overlay.xul
c:\documents and settings\MS\Local Settings\Application Data\{64B1D1C4-40E3-4632-ADEA-52FC4363255A}\install.rdf
c:\program files\Internet Explorer\iexploreSrv.exe
c:\program files\Microsoft\DesktopLayer.exe
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.3.inf
c:\windows\system32\dmlconf.dat

.
((((((((((((((((((((((((( Files Created from 2010-10-27 to 2010-11-27 )))))))))))))))))))))))))))))))
.

2010-11-27 15:31 . 2010-11-27 15:31 -------- d-----w- c:\program files\CCleaner
2010-11-27 14:53 . 2008-04-14 00:06 8832 ----a-w- c:\windows\system32\drivers\wmiacpi.sys
2010-11-27 14:50 . 2010-11-27 14:50 -------- d-----w- c:\windows\system32\NtmsData
2010-11-27 14:37 . 2010-11-27 14:47 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-27 14:37 . 2010-08-02 16:10 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-27 14:37 . 2010-06-17 15:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-11-27 14:37 . 2010-06-17 15:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-11-27 14:37 . 2010-11-27 14:37 -------- d-----w- c:\program files\Avira
2010-11-27 14:37 . 2010-11-27 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-11-27 12:37 . 2010-11-27 12:37 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-11-27 12:35 . 2010-11-27 12:35 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-11-27 09:56 . 2010-11-27 18:00 -------- d-----w- c:\documents and settings\MS
2010-11-27 04:37 . 2010-11-27 16:23 553984 ----a-w- C:\OTLPE.exe
2010-11-27 04:34 . 2010-11-27 04:34 -------- d-----w- C:\_OTL
2010-11-27 04:30 . 2010-11-27 04:30 -------- d-----w- C:\replace
2010-11-27 01:24 . 2010-11-27 01:24 -------- d-----w- c:\documents and settings\Administrator
2010-11-26 23:36 . 2010-04-29 15:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-26 23:36 . 2010-11-26 23:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-26 23:35 . 2010-04-29 15:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-26 23:35 . 2010-11-27 12:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-28 20:28 . 2010-11-27 10:21 35336 ----a-w- c:\windows\winlogon .exe
2010-10-28 20:28 . 2010-11-27 10:21 35336 ----a-w- c:\windows\winlogon .exe
2010-10-28 20:28 . 2010-11-27 10:21 35336 ----a-w- c:\windows\winlogon .exe
2010-10-28 20:28 . 2010-11-27 01:17 35380 ----a-w- c:\windows\winlogon .exe
2010-10-28 20:28 . 2010-11-27 01:00 35356 ----a-w- c:\windows\winlogon .exe
2010-10-28 20:28 . 2010-11-27 00:46 35376 ----a-w- c:\windows\winlogon .exe
2010-10-28 20:28 . 2010-11-26 23:38 35380 ----a-w- c:\windows\winlogon .exe
2010-10-28 20:28 . 2010-11-26 22:06 35352 ----a-w- c:\windows\winlogon .exe
2010-10-28 20:28 . 2010-11-26 21:57 35376 ----a-w- c:\windows\winlogon .exe
2010-10-28 20:28 . 2010-11-26 21:46 35356 ----a-w- c:\windows\winlogon .exe
2010-10-28 20:28 . 2010-10-28 20:33 35360 ----a-w- c:\windows\winlogon .exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-27 10:21 . 2010-10-10 23:28 35336 ----a-w- c:\windows\lsass .exe
2010-11-27 10:21 . 2010-10-10 23:15 35336 ----a-w- c:\windows\setup .exe
2010-11-27 10:21 . 2010-10-10 23:15 35336 ----a-w- c:\windows\avp32 .exe
2010-11-27 10:21 . 2010-10-10 23:15 35336 ----a-w- c:\windows\avp32 .exe
2010-11-27 10:21 . 2010-10-10 21:24 35336 ----a-w- c:\windows\win16 .exe
2010-11-27 01:21 . 2010-10-10 23:28 35364 ----a-w- c:\windows\lsass .exe
2010-11-27 01:21 . 2010-10-10 21:21 35372 ----a-w- c:\windows\services .exe
2010-11-27 01:21 . 2010-10-10 23:19 35380 ----a-w- c:\windows\nvsvc32 .exe
2010-11-27 01:19 . 2010-10-10 23:15 35376 ----a-w- c:\windows\avp32 .exe
2010-11-27 01:17 . 2010-10-10 23:15 35428 ----a-w- c:\windows\setup .exe
2010-11-27 01:15 . 2010-10-10 23:15 35388 ----a-w- c:\windows\setup .exe
2010-11-27 01:15 . 2010-10-10 23:19 35412 ----a-w- c:\windows\nvsvc32 .exe
2010-11-27 01:15 . 2010-10-10 23:15 35412 ----a-w- c:\windows\avp32 .exe
2010-11-27 01:15 . 2010-10-10 23:19 35356 ----a-w- c:\windows\nvsvc32 .exe
2010-11-27 01:11 . 2010-10-10 21:21 35388 ---ha-w- c:\windows\services .exe
2010-11-27 01:08 . 2010-10-10 21:21 35356 ----a-w- c:\windows\login .exe
2010-11-27 01:08 . 2010-10-10 23:19 35348 ----a-w- c:\windows\nvsvc32 .exe
2010-11-27 01:03 . 2010-10-10 21:21 35388 ----a-w- c:\windows\login .exe
2010-11-27 01:02 . 2010-10-10 21:21 35368 ----a-w- c:\windows\services .exe
2010-11-27 01:02 . 2010-10-10 23:15 35384 ----a-w- c:\windows\setup .exe
2010-11-27 01:02 . 2010-10-10 23:15 35348 ----a-w- c:\windows\avp32 .exe
2010-11-27 01:02 . 2010-10-10 21:21 35380 ----a-w- c:\windows\login .exe
2010-11-27 01:02 . 2010-10-10 21:24 35380 ----a-w- c:\windows\hexdump .exe
2010-11-27 01:02 . 2010-10-10 23:19 35364 ----a-w- c:\windows\nvsvc32 .exe
2010-11-27 01:02 . 2010-10-10 21:31 35380 ----a-w- c:\windows\spoolsv .exe
2010-11-27 01:01 . 2010-10-10 21:31 35376 ----a-w- c:\windows\spoolsv .exe
2010-11-27 01:01 . 2010-10-10 23:28 35392 ----a-w- c:\windows\lsass .exe
2010-11-27 01:00 . 2010-10-10 21:24 35392 ----a-w- c:\windows\win16 .exe
2010-11-27 00:57 . 2010-10-10 21:31 35376 ----a-w- c:\windows\spoolsv .exe
2010-11-27 00:57 . 2010-10-10 23:19 35392 ----a-w- c:\windows\nvsvc32 .exe
2010-11-27 00:56 . 2010-10-10 23:28 35368 ----a-w- c:\windows\lsass .exe
2010-11-27 00:54 . 2010-10-10 21:24 35344 ----a-w- c:\windows\hexdump .exe
2010-11-27 00:53 . 2010-10-10 21:24 35360 ----a-w- c:\windows\hexdump .exe
2010-11-27 00:53 . 2010-10-10 21:24 35368 ----a-w- c:\windows\hexdump .exe
2010-11-27 00:53 . 2010-10-10 21:31 35380 ----a-w- c:\windows\spoolsv .exe
2010-11-27 00:53 . 2010-10-10 21:24 35348 ----a-w- c:\windows\win16 .exe
2010-11-27 00:53 . 2010-10-10 23:28 35368 ----a-w- c:\windows\lsass .exe
2010-11-27 00:50 . 2010-10-10 21:24 35396 ----a-w- c:\windows\hexdump .exe
2010-11-27 00:48 . 2010-10-10 23:19 35368 ----a-w- c:\windows\nvsvc32 .exe
2010-11-27 00:48 . 2010-10-10 21:24 35368 ----a-w- c:\windows\hexdump .exe
2010-11-27 00:47 . 2010-10-10 21:31 35360 ----a-w- c:\windows\spoolsv .exe
2010-11-27 00:46 . 2010-10-10 21:24 35384 ----a-w- c:\windows\hexdump .exe
2010-11-27 00:44 . 2010-10-10 23:15 35376 ----a-w- c:\windows\setup .exe
2010-11-27 00:43 . 2010-10-10 23:15 35376 ----a-w- c:\windows\avp32 .exe
2010-11-26 23:39 . 2010-10-10 21:24 35384 ----a-w- c:\windows\hexdump .exe
2010-11-26 23:38 . 2010-10-10 23:19 35376 ----a-w- c:\windows\nvsvc32 .exe
2010-11-26 22:36 . 2010-10-10 23:15 35388 ----a-w- c:\windows\avp32 .exe
2010-11-26 22:36 . 2010-10-10 23:19 35388 ----a-w- c:\windows\nvsvc32 .exe
2010-11-26 22:05 . 2010-10-10 23:28 35364 ----a-w- c:\windows\lsass .exe
2010-11-26 22:04 . 2010-10-10 21:24 35360 ----a-w- c:\windows\hexdump .exe
2010-11-26 22:04 . 2010-10-10 21:31 35372 ----a-w- c:\windows\spoolsv .exe
2010-11-26 22:02 . 2010-10-10 23:15 35364 ----a-w- c:\windows\setup .exe
2010-11-26 22:01 . 2010-10-10 23:28 35356 ----a-w- c:\windows\lsass .exe
2010-11-26 22:00 . 2010-10-10 21:31 35376 ----a-w- c:\windows\spoolsv .exe
2010-11-26 21:59 . 2010-10-10 23:19 35368 ----a-w- c:\windows\nvsvc32 .exe
2010-11-26 21:56 . 2010-10-10 21:31 35364 ----a-w- c:\windows\spoolsv .exe
2010-11-26 21:55 . 2010-10-10 23:28 35372 ----a-w- c:\windows\lsass .exe
2010-11-26 21:55 . 2010-10-10 23:15 35364 ----a-w- c:\windows\setup .exe
2010-11-26 21:55 . 2010-10-10 23:19 35364 ----a-w- c:\windows\nvsvc32 .exe
2010-11-26 21:52 . 2010-10-10 21:31 35388 ----a-w- c:\windows\spoolsv .exe
2010-11-26 21:51 . 2010-10-10 23:28 35368 ----a-w- c:\windows\lsass .exe
2010-11-26 21:51 . 2010-10-10 23:15 35340 ----a-w- c:\windows\setup .exe
2010-11-26 21:50 . 2010-10-10 23:19 35356 ----a-w- c:\windows\nvsvc32 .exe
2010-11-26 21:49 . 2010-10-10 23:15 35364 ----a-w- c:\windows\avp32 .exe
2010-11-26 21:48 . 2010-10-10 23:28 35352 ----a-w- c:\windows\lsass .exe
2010-11-26 21:47 . 2010-10-10 23:15 35344 ----a-w- c:\windows\avp32 .exe
2010-11-26 21:45 . 2010-10-10 23:28 35352 ----a-w- c:\windows\lsass .exe
2010-10-28 20:46 . 2010-10-10 21:21 35596 ----a-w- c:\windows\login .exe
2010-10-28 20:46 . 2010-10-10 21:24 35592 ----a-w- c:\windows\win16 .exe
2010-10-28 20:46 . 2010-10-10 21:21 35588 ----a-w- c:\windows\login .exe
2010-10-28 20:46 . 2010-10-10 21:24 35584 ----a-w- c:\windows\win16 .exe
2010-10-28 20:45 . 2010-10-10 21:21 35580 ----a-w- c:\windows\login .exe
2010-10-28 20:45 . 2010-10-10 21:24 35576 ----a-w- c:\windows\win16 .exe
2010-10-28 20:45 . 2010-10-10 21:21 35572 ----a-w- c:\windows\login .exe
2010-10-28 20:45 . 2010-10-10 21:24 35568 ----a-w- c:\windows\win16 .exe
2010-10-28 20:45 . 2010-10-10 21:21 35564 ----a-w- c:\windows\login .exe
2010-10-28 20:44 . 2010-10-10 21:24 35560 ----a-w- c:\windows\win16 .exe
2010-10-28 20:44 . 2010-10-10 21:21 35556 ----a-w- c:\windows\login .exe
2010-10-28 20:44 . 2010-10-10 21:24 35552 ----a-w- c:\windows\win16 .exe
2010-10-28 20:44 . 2010-10-10 21:21 35548 ----a-w- c:\windows\login .exe
2010-10-28 20:44 . 2010-10-10 21:24 35544 ----a-w- c:\windows\win16 .exe
2010-10-28 20:44 . 2010-10-10 21:21 35540 ----a-w- c:\windows\login .exe
2010-10-28 20:43 . 2010-10-10 21:24 35536 ----a-w- c:\windows\win16 .exe
2010-10-28 20:43 . 2010-10-10 21:21 35532 ----a-w- c:\windows\login .exe
2010-10-28 20:43 . 2010-10-10 21:24 35528 ----a-w- c:\windows\win16 .exe
2010-10-28 20:43 . 2010-10-10 21:21 35524 ----a-w- c:\windows\login .exe
2010-10-28 20:43 . 2010-10-10 21:24 35520 ----a-w- c:\windows\win16 .exe
2010-10-28 20:42 . 2010-10-10 21:21 35516 ----a-w- c:\windows\login .exe
2010-10-28 20:42 . 2010-10-10 21:24 35512 ----a-w- c:\windows\win16 .exe
2010-10-28 20:42 . 2010-10-10 21:21 35508 ----a-w- c:\windows\login .exe
2010-10-28 20:42 . 2010-10-10 21:24 35504 ----a-w- c:\windows\win16 .exe
2010-10-28 20:42 . 2010-10-10 21:21 35500 ----a-w- c:\windows\login .exe
2010-10-28 20:42 . 2010-10-10 21:24 35496 ----a-w- c:\windows\win16 .exe
2010-10-28 20:41 . 2010-10-10 21:21 35492 ----a-w- c:\windows\login .exe
2010-10-28 20:41 . 2010-10-10 21:24 35488 ----a-w- c:\windows\win16 .exe
2010-10-28 20:41 . 2010-10-10 21:21 35484 ----a-w- c:\windows\login .exe
2010-10-28 20:41 . 2010-10-10 21:24 35480 ----a-w- c:\windows\win16 .exe
2010-10-28 20:41 . 2010-10-10 21:21 35476 ----a-w- c:\windows\login .exe
2010-10-28 20:40 . 2010-10-10 21:24 35472 ----a-w- c:\windows\win16 .exe
2010-10-28 20:40 . 2010-10-10 21:21 35468 ----a-w- c:\windows\login .exe
.
<pre>
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
c:\program files\Hewlett-Packard\HP QuickSync\QuickSync .exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain .exe
c:\program files\HP\HPBTWD .exe
c:\program files\IDT\WDM\sttray .exe
c:\program files\Java\jre6\bin\jusched .exe
c:\program files\Malwarebytes' Anti-Malware\mbam  .exe
c:\program files\Malwarebytes' Anti-Malware\mbam .exe
c:\program files\Synaptics\SynTP\SynTPEnh .exe
c:\program files\Windows Live\Messenger\msnmsgr    .exe
c:\program files\Windows Live\Messenger\msnmsgr   .exe
c:\program files\Windows Live\Messenger\msnmsgr  .exe
c:\program files\Windows Live\Messenger\msnmsgr .exe
c:\windows\avp32            .exe
c:\windows\avp32           .exe
c:\windows\avp32          .exe
c:\windows\avp32         .exe
c:\windows\avp32        .exe
c:\windows\avp32       .exe
c:\windows\avp32      .exe
c:\windows\avp32     .exe
c:\windows\avp32    .exe
c:\windows\avp32   .exe
c:\windows\avp32  .exe
c:\windows\hexdump              .exe
c:\windows\hexdump             .exe
c:\windows\hexdump            .exe
c:\windows\hexdump           .exe
c:\windows\hexdump          .exe
c:\windows\hexdump         .exe
c:\windows\hexdump        .exe
c:\windows\hexdump       .exe
c:\windows\hexdump      .exe
c:\windows\hexdump     .exe
c:\windows\hexdump    .exe
c:\windows\hexdump   .exe
c:\windows\hexdump  .exe
c:\windows\jusched .exe
c:\windows\login                                               .exe
c:\windows\login                                              .exe
c:\windows\login                                             .exe
c:\windows\login                                            .exe
c:\windows\login                                           .exe
c:\windows\login                                          .exe
c:\windows\login                                         .exe
c:\windows\login                                        .exe
c:\windows\login                                       .exe
c:\windows\login                                      .exe
c:\windows\login                                     .exe
c:\windows\login                                    .exe
c:\windows\login                                   .exe
c:\windows\login                                  .exe
c:\windows\login                                 .exe
c:\windows\login                                .exe
c:\windows\login                               .exe
c:\windows\login                              .exe
c:\windows\login                             .exe
c:\windows\login                            .exe
c:\windows\login                           .exe
c:\windows\login                          .exe
c:\windows\login                         .exe
c:\windows\login                        .exe
c:\windows\login                       .exe
c:\windows\login                      .exe
c:\windows\login                     .exe
c:\windows\login                    .exe
c:\windows\login                   .exe
c:\windows\login                  .exe
c:\windows\login                 .exe
c:\windows\login                .exe
c:\windows\login               .exe
c:\windows\login              .exe
c:\windows\login             .exe
c:\windows\login            .exe
c:\windows\login           .exe
c:\windows\login          .exe
c:\windows\login         .exe
c:\windows\login        .exe
c:\windows\login       .exe
c:\windows\login      .exe
c:\windows\login     .exe
c:\windows\login    .exe
c:\windows\login   .exe
c:\windows\login  .exe
c:\windows\lsass           .exe
c:\windows\lsass          .exe
c:\windows\lsass         .exe
c:\windows\lsass        .exe
c:\windows\lsass       .exe
c:\windows\lsass      .exe
c:\windows\lsass     .exe
c:\windows\lsass    .exe
c:\windows\lsass   .exe
c:\windows\lsass  .exe
c:\windows\lsass .exe
c:\windows\nvsvc32               .exe
c:\windows\nvsvc32              .exe
c:\windows\nvsvc32             .exe
c:\windows\nvsvc32            .exe
c:\windows\nvsvc32           .exe
c:\windows\nvsvc32          .exe
c:\windows\nvsvc32         .exe
c:\windows\nvsvc32        .exe
c:\windows\nvsvc32       .exe
c:\windows\nvsvc32      .exe
c:\windows\nvsvc32     .exe
c:\windows\nvsvc32    .exe
c:\windows\nvsvc32   .exe
c:\windows\nvsvc32  .exe
c:\windows\services                 .exe
c:\windows\services                .exe
c:\windows\services               .exe
c:\windows\services              .exe
c:\windows\services             .exe
c:\windows\services            .exe
c:\windows\services           .exe
c:\windows\services          .exe
c:\windows\services         .exe
c:\windows\services        .exe
c:\windows\services       .exe
c:\windows\services      .exe
c:\windows\services     .exe
c:\windows\services    .exe
c:\windows\services   .exe
c:\windows\services  .exe
c:\windows\setup            .exe
c:\windows\setup           .exe
c:\windows\setup          .exe
c:\windows\setup         .exe
c:\windows\setup        .exe
c:\windows\setup       .exe
c:\windows\setup      .exe
c:\windows\setup     .exe
c:\windows\setup    .exe
c:\windows\setup   .exe
c:\windows\setup  .exe
c:\windows\spoolsv             .exe
c:\windows\spoolsv            .exe
c:\windows\spoolsv           .exe
c:\windows\spoolsv          .exe
c:\windows\spoolsv         .exe
c:\windows\spoolsv        .exe
c:\windows\spoolsv       .exe
c:\windows\spoolsv      .exe
c:\windows\spoolsv     .exe
c:\windows\spoolsv    .exe
c:\windows\spoolsv   .exe
c:\windows\spoolsv  .exe
c:\windows\win16                                         .exe
c:\windows\win16                                        .exe
c:\windows\win16                                       .exe
c:\windows\win16                                      .exe
c:\windows\win16                                     .exe
c:\windows\win16                                    .exe
c:\windows\win16                                   .exe
c:\windows\win16                                  .exe
c:\windows\win16                                 .exe
c:\windows\win16                                .exe
c:\windows\win16                               .exe
c:\windows\win16                              .exe
c:\windows\win16                             .exe
c:\windows\win16                            .exe
c:\windows\win16                           .exe
c:\windows\win16                          .exe
c:\windows\win16                         .exe
c:\windows\win16                        .exe
c:\windows\win16                       .exe
c:\windows\win16                      .exe
c:\windows\win16                     .exe
c:\windows\win16                    .exe
c:\windows\win16                   .exe
c:\windows\win16                  .exe
c:\windows\win16                 .exe
c:\windows\win16                .exe
c:\windows\win16               .exe
c:\windows\win16              .exe
c:\windows\win16             .exe
c:\windows\win16            .exe
c:\windows\win16           .exe
c:\windows\win16          .exe
c:\windows\win16         .exe
c:\windows\win16        .exe
c:\windows\win16       .exe
c:\windows\win16      .exe
c:\windows\win16     .exe
c:\windows\win16    .exe
c:\windows\win16   .exe
c:\windows\win16  .exe
c:\windows\winlogon            .exe
c:\windows\winlogon           .exe
c:\windows\winlogon          .exe
c:\windows\winlogon         .exe
c:\windows\winlogon        .exe
c:\windows\winlogon       .exe
c:\windows\winlogon      .exe
c:\windows\winlogon     .exe
c:\windows\winlogon    .exe
c:\windows\winlogon   .exe
c:\windows\winlogon  .exe
c:\windows\system32\rundll32 .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{134DDCDE-3647-82F6-27D3-8F60FF93FE23}"="c:\documents and settings\MS\Application Data\Biufo\ofuqy.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"HP BTW Detect Program"="c:\program files\HP\HPBTWD.exe" [N/A]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [N/A]
"SysTrayApp"="%ProgramFiles%\IDT\WDM\sttray.exe" [N/A]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-07-06 737280]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [N/A]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
ceex.exe [2010-11-27 231936]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Hewlett-Packard\\HP QuickSync\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr .exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr .exe"=

R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [23/08/2009 14:06 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [23/08/2009 14:06 15856]
R0 SysCow;SysCow;c:\windows\system32\drivers\syscow32x.sys [01/07/2009 22:10 103792]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [23/08/2009 14:06 25584]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [02/06/2009 18:05 457200]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [27/11/2010 14:38 135336]
R2 BOTService;BOTService;c:\program files\Roxio\BackOnTrack\Instant Restore\BOTService.exe [09/07/2009 03:08 199152]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [23/08/2009 13:53 113664]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [31/03/2009 20:11 39424]
S2 AMService;AMService;c:\windows\TEMP\dtrq\setup.exe run --> c:\windows\TEMP\dtrq\setup.exe run [?]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-11-27 c:\windows\Tasks\BackOnTrack Instant Restore Idle.job
- c:\program files\Roxio\BackOnTrack\Instant Restore\RstIdle.exe [2009-07-09 03:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cnnb
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
FF - ProfilePath - c:\documents and settings\MS\Application Data\Mozilla\Firefox\Profiles\x17vvs0d.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\MS\Application Data\Mozilla\Firefox\Profiles\x17vvs0d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-27 18:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,eb,46,8b,bc,6f,8f,68,44,96,19,85,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,eb,46,8b,bc,6f,8f,68,44,96,19,85,\
.
Completion time: 2010-11-27 18:36:41
ComboFix-quarantined-files.txt 2010-11-27 18:36

Pre-Run: 127,010,017,280 bytes free
Post-Run: 127,029,231,616 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 0CC42B808CD460792FECFC3F90FAAB16
  • 0

#25
Clareykins

Clareykins

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Step Five: OTL just would not scan so I restarted and turned Avira back off, the scan was still slow to start but does. One Extras.txt and 4 OTL.txt logs have appeared so far and the OTL logs all look to be the same. Extras and one of the OTL logs pasted below, the others are saved if you need to see those.

OTL logfile created on: 27/11/2010 18:47:56 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\MS\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,015.00 Mb Total Physical Memory | 625.00 Mb Available Physical Memory | 62.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 118.32 Gb Free Space | 79.39% Space Free | Partition Type: NTFS

Computer Name: DIONS | User Name: MS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/27 17:30:06 | 000,655,360 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MS\Desktop\OTL.exe
PRC - [2010/08/02 16:10:00 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/08/02 16:09:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/08/02 16:09:55 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/07/06 21:06:46 | 000,737,280 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
PRC - [2009/06/29 20:44:38 | 000,221,266 | ---- | M] (IDT, Inc.) -- c:\Program Files\IDT\WDM\stacsv.exe
PRC - [2009/06/02 18:05:58 | 000,457,200 | ---- | M] () -- C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/04/14 03:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/11/27 17:30:06 | 000,655,360 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MS\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\TEMP\dtrq\setup.exe -- (AMService)
SRV - [2010/08/02 16:10:00 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/08/02 16:09:55 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/06/29 20:44:38 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2009/06/02 18:05:58 | 000,457,200 | ---- | M] () [Auto | Running] -- C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269)
SRV - [2009/05/22 18:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\Rts5161ccid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\Rts516xIR.sys -- (Rts516xIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\RTS5121.sys -- (RSUSBSTOR)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\MS\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/11/27 14:47:41 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/08/02 16:10:08 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/12/27 14:39:33 | 001,746,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2009/07/01 22:10:54 | 000,103,792 | ---- | M] (Sonic Solutions) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\syscow32x.sys -- (SysCow)
DRV - [2009/06/29 20:44:38 | 001,642,931 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2009/06/05 02:43:16 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2009/06/02 00:00:00 | 000,025,584 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SaibVd32.sys -- (SaibVd32)
DRV - [2009/06/02 00:00:00 | 000,021,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SahdIa32.sys -- (SahdIa32)
DRV - [2009/06/02 00:00:00 | 000,015,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SaibIa32.sys -- (SaibIa32)
DRV - [2009/05/07 00:01:38 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2009/05/07 00:01:36 | 000,992,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2009/04/21 17:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2009/03/31 20:11:44 | 000,039,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/03/13 16:32:18 | 001,759,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/01/16 02:41:00 | 000,206,512 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/04/15 12:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 23:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 23:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/14 14:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2008/02/15 22:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2001/08/18 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/18 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/18 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/18 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/18 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/18 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/18 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/18 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/18 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/18 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/18 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/18 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/18 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/18 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/18 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {64B1D1C4-40E3-4632-ADEA-52FC4363255A}:1.9.1
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\{F8F7074F-93F7-425B-B037-221E9E2058FB}: C:\Documents and Settings\Tamara x x\Local Settings\Application Data\{F8F7074F-93F7-425B-B037-221E9E2058FB}
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/27 15:32:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/27 15:32:32 | 000,000,000 | ---D | M]

[2010/11/27 15:33:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MS\Application Data\Mozilla\Extensions
[2010/11/27 16:59:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MS\Application Data\Mozilla\Firefox\Profiles\x17vvs0d.default\extensions
[2010/11/27 16:59:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\MS\Application Data\Mozilla\Firefox\Profiles\x17vvs0d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/27 15:32:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/27 05:24:34 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/10/27 05:24:34 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/10/27 05:24:34 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/10/27 05:24:34 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/11/27 18:33:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HP BTW Detect Program] C:\Program Files\HP\HPBTWD.exe File not found
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe File not found
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe File not found
O4 - HKLM..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe File not found
O4 - HKCU..\Run: [{134DDCDE-3647-82F6-27D3-8F60FF93FE23}] C:\Documents and Settings\MS\Application Data\Biufo\ofuqy.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\program files\microsoft\desktoplayer.exe) - c:\Program Files\Microsoft\DesktopLayer.exe ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Firestorm High.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Firestorm High.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/27 18:23:10 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/11/27 18:22:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/11/27 18:22:02 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/11/27 18:22:02 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/11/27 18:22:02 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/11/27 18:21:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/27 18:21:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/27 17:40:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MS\DoctorWeb
[2010/11/27 17:28:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MS\Application Data\Ohodip
[2010/11/27 17:28:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MS\Application Data\Biufo
[2010/11/27 17:03:44 | 000,655,360 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\MS\Desktop\OTL.exe
[2010/11/27 17:01:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MS\My Documents\Downloads
[2010/11/27 15:58:28 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/11/27 15:37:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\MS\Recent
[2010/11/27 15:32:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MS\Local Settings\Application Data\Mozilla
[2010/11/27 15:32:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MS\Application Data\Mozilla
[2010/11/27 15:32:27 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/11/27 15:31:32 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/11/27 14:50:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/11/27 14:46:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MS\Application Data\Avira
[2010/11/27 14:38:04 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/11/27 14:37:59 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/11/27 14:37:59 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/11/27 14:37:59 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/11/27 14:37:59 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/11/27 14:37:56 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/11/27 14:37:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/11/27 14:33:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MS\Application Data\MSNInstaller
[2010/11/27 13:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MS\Application Data\Luezi
[2010/11/27 12:33:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MS\Application Data\Ifur
[2010/11/27 10:49:00 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\MS\IECompatCache
[2010/11/27 10:48:45 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\MS\PrivacIE
[2010/11/27 10:48:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MS\Local Settings\Application Data\Google
[2010/11/27 10:38:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MS\Application Data\Fyxo
[2010/11/27 10:38:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MS\Application Data\Agsan
[2010/11/27 10:23:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MS\Application Data\Kiopme
[2010/11/27 10:23:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MS\Application Data\Agqiq
[2010/11/27 09:58:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MS\Application Data\Malwarebytes
[2010/11/27 09:56:52 | 000,000,000 | --SD | C] -- C:\Documents and Settings\MS\Application Data\Microsoft
[2010/11/27 09:56:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\MS\Application Data
[2010/11/27 09:56:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MS\Favorites
[2010/11/27 09:56:52 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\MS\IETldCache
[2010/11/27 09:56:52 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\MS\Cookies
[2010/11/27 09:56:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MS\Application Data\Sun
[2010/11/27 09:56:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MS\Application Data\Roxio Log Files
[2010/11/27 09:56:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MS\Local Settings\Application Data\Microsoft Help
[2010/11/27 09:56:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MS\Local Settings\Application Data\Microsoft
[2010/11/27 09:56:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MS\Application Data\Macromedia
[2010/11/27 09:56:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MS\Application Data\InstallShield
[2010/11/27 09:56:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MS\Application Data\Identities
[2010/11/27 09:56:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MS\Application Data\hpqLog
[2010/11/27 09:56:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MS\Desktop
[2010/11/27 09:56:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MS\Local Settings\Application Data\Adobe
[2010/11/27 09:56:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MS\Application Data\Adobe
[2010/11/27 09:56:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MS\.migoDesktop
[2010/11/27 09:56:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\MS\SendTo
[2010/11/27 09:56:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MS\Start Menu
[2010/11/27 09:56:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MS\My Documents\My Pictures
[2010/11/27 09:56:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MS\My Documents\My Music
[2010/11/27 09:56:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MS\My Documents
[2010/11/27 09:56:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\MS\Templates
[2010/11/27 09:56:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\MS\PrintHood
[2010/11/27 09:56:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\MS\NetHood
[2010/11/27 09:56:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\MS\Local Settings
[2010/11/27 09:56:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MS\My Documents\HPQuickSync videos
[2010/11/27 04:37:17 | 000,553,984 | ---- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2010/11/27 04:34:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/27 04:30:54 | 000,000,000 | ---D | C] -- C:\replace
[2010/11/26 23:36:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/26 23:36:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/26 23:35:45 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/26 23:35:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/28 20:27:27 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server
[2009/12/27 14:38:29 | 000,196,608 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2009/12/27 14:38:25 | 000,225,280 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll

========== Files - Modified Within 30 Days ==========

[2010/11/27 18:51:03 | 000,158,208 | ---- | M] () -- C:\Documents and Settings\MS\Desktop\OTLSrv.exe
[2010/11/27 18:50:19 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\dmlconf.dat
[2010/11/27 18:50:17 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\BackOnTrack Instant Restore Idle.job
[2010/11/27 18:45:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/27 18:45:00 | 1064,620,032 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/27 18:33:41 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/27 18:23:17 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/11/27 17:35:12 | 052,556,176 | ---- | M] () -- C:\Documents and Settings\MS\Desktop\x4fjd75d.exe
[2010/11/27 17:30:06 | 000,655,360 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MS\Desktop\OTL.exe
[2010/11/27 17:28:28 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\complete.dat
[2010/11/27 17:02:06 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\2mIfUQ.dat
[2010/11/27 16:44:41 | 000,076,599 | ---- | M] () -- C:\Documents and Settings\MS\Desktop\Scan1.JPG
[2010/11/27 16:23:02 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\OTLPE.exe
[2010/11/27 15:33:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/11/27 15:32:39 | 000,001,624 | ---- | M] () -- C:\Documents and Settings\MS\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/27 15:32:39 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/11/27 14:47:41 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/11/27 14:38:29 | 000,001,711 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/11/27 10:26:47 | 000,434,212 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/27 10:26:46 | 000,068,826 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/27 10:21:57 | 000,035,336 | ---- | M] () -- C:\WINDOWS\winlogon .exe
[2010/11/27 10:21:57 | 000,035,336 | ---- | M] () -- C:\WINDOWS\setup .exe
[2010/11/27 10:21:57 | 000,035,336 | ---- | M] () -- C:\WINDOWS\lsass .exe
[2010/11/27 10:21:57 | 000,035,336 | ---- | M] () -- C:\WINDOWS\avp32 .exe
[2010/11/27 10:21:56 | 000,035,336 | ---- | M] () -- C:\WINDOWS\winlogon .exe
[2010/11/27 10:21:56 | 000,035,336 | ---- | M] () -- C:\WINDOWS\winlogon .exe
[2010/11/27 10:21:56 | 000,035,336 | ---- | M] () -- C:\WINDOWS\avp32 .exe
[2010/11/27 10:21:55 | 000,035,336 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/11/27 01:21:43 | 000,035,372 | ---- | M] () -- C:\WINDOWS\services .exe
[2010/11/27 01:21:43 | 000,035,364 | ---- | M] () -- C:\WINDOWS\lsass .exe
[2010/11/27 01:21:42 | 000,035,380 | ---- | M] () -- C:\WINDOWS\nvsvc32 .exe
[2010/11/27 01:19:37 | 000,035,376 | ---- | M] () -- C:\WINDOWS\avp32 .exe
[2010/11/27 01:17:31 | 000,035,428 | ---- | M] () -- C:\WINDOWS\setup .exe
[2010/11/27 01:17:31 | 000,035,380 | ---- | M] () -- C:\WINDOWS\winlogon .exe
[2010/11/27 01:15:56 | 000,035,388 | ---- | M] () -- C:\WINDOWS\setup .exe
[2010/11/27 01:15:55 | 000,035,412 | ---- | M] () -- C:\WINDOWS\nvsvc32 .exe
[2010/11/27 01:15:55 | 000,035,412 | ---- | M] () -- C:\WINDOWS\avp32 .exe
[2010/11/27 01:15:54 | 000,035,356 | ---- | M] () -- C:\WINDOWS\nvsvc32 .exe
[2010/11/27 01:11:53 | 000,035,388 | -H-- | M] () -- C:\WINDOWS\services .exe
[2010/11/27 01:08:51 | 000,035,356 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/11/27 01:08:50 | 000,035,348 | ---- | M] () -- C:\WINDOWS\nvsvc32 .exe
[2010/11/27 01:03:16 | 000,035,388 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/11/27 01:02:12 | 000,035,368 | ---- | M] () -- C:\WINDOWS\services .exe
[2010/11/27 01:02:07 | 000,035,384 | ---- | M] () -- C:\WINDOWS\setup .exe
[2010/11/27 01:02:07 | 000,035,380 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/11/27 01:02:07 | 000,035,348 | ---- | M] () -- C:\WINDOWS\avp32 .exe
[2010/11/27 01:02:05 | 000,035,380 | ---- | M] () -- C:\WINDOWS\hexdump .exe
[2010/11/27 01:02:03 | 000,035,380 | ---- | M] () -- C:\WINDOWS\spoolsv .exe
[2010/11/27 01:02:03 | 000,035,364 | ---- | M] () -- C:\WINDOWS\nvsvc32 .exe
[2010/11/27 01:01:56 | 000,035,376 | ---- | M] () -- C:\WINDOWS\spoolsv .exe
[2010/11/27 01:01:33 | 000,035,392 | ---- | M] () -- C:\WINDOWS\lsass .exe
[2010/11/27 01:00:44 | 000,035,392 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/11/27 01:00:13 | 000,035,356 | ---- | M] () -- C:\WINDOWS\winlogon .exe
[2010/11/27 00:57:50 | 000,035,376 | ---- | M] () -- C:\WINDOWS\spoolsv .exe
[2010/11/27 00:57:49 | 000,035,392 | ---- | M] () -- C:\WINDOWS\nvsvc32 .exe
[2010/11/27 00:56:12 | 000,035,368 | ---- | M] () -- C:\WINDOWS\lsass .exe
[2010/11/27 00:54:13 | 000,035,344 | ---- | M] () -- C:\WINDOWS\hexdump .exe
[2010/11/27 00:53:52 | 000,035,360 | ---- | M] () -- C:\WINDOWS\hexdump .exe
[2010/11/27 00:53:30 | 000,035,368 | ---- | M] () -- C:\WINDOWS\hexdump .exe
[2010/11/27 00:53:25 | 000,035,380 | ---- | M] () -- C:\WINDOWS\spoolsv .exe
[2010/11/27 00:53:25 | 000,035,348 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/11/27 00:53:20 | 000,035,368 | ---- | M] () -- C:\WINDOWS\lsass .exe
[2010/11/27 00:50:27 | 000,035,396 | ---- | M] () -- C:\WINDOWS\hexdump .exe
[2010/11/27 00:48:35 | 000,035,368 | ---- | M] () -- C:\WINDOWS\nvsvc32 .exe
[2010/11/27 00:48:30 | 000,035,368 | ---- | M] () -- C:\WINDOWS\hexdump .exe
[2010/11/27 00:47:12 | 000,035,360 | ---- | M] () -- C:\WINDOWS\spoolsv .exe
[2010/11/27 00:46:43 | 000,035,376 | ---- | M] () -- C:\WINDOWS\winlogon .exe
[2010/11/27 00:46:01 | 000,035,384 | ---- | M] () -- C:\WINDOWS\hexdump .exe
[2010/11/27 00:44:08 | 000,035,376 | ---- | M] () -- C:\WINDOWS\setup .exe
[2010/11/27 00:43:58 | 000,035,376 | ---- | M] () -- C:\WINDOWS\avp32 .exe
[2010/11/26 23:39:20 | 000,035,384 | ---- | M] () -- C:\WINDOWS\hexdump .exe
[2010/11/26 23:38:49 | 000,035,380 | ---- | M] () -- C:\WINDOWS\winlogon .exe
[2010/11/26 23:38:42 | 000,035,376 | ---- | M] () -- C:\WINDOWS\nvsvc32 .exe
[2010/11/26 23:38:00 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/26 22:36:58 | 000,035,388 | ---- | M] () -- C:\WINDOWS\avp32 .exe
[2010/11/26 22:36:40 | 000,035,388 | ---- | M] () -- C:\WINDOWS\nvsvc32 .exe
[2010/11/26 22:06:08 | 000,035,352 | ---- | M] () -- C:\WINDOWS\winlogon .exe
[2010/11/26 22:05:27 | 000,035,364 | ---- | M] () -- C:\WINDOWS\lsass .exe
[2010/11/26 22:04:44 | 000,035,360 | ---- | M] () -- C:\WINDOWS\hexdump .exe
[2010/11/26 22:04:04 | 000,035,372 | ---- | M] () -- C:\WINDOWS\spoolsv .exe
[2010/11/26 22:02:48 | 000,035,364 | ---- | M] () -- C:\WINDOWS\setup .exe
[2010/11/26 22:01:33 | 000,035,356 | ---- | M] () -- C:\WINDOWS\lsass .exe
[2010/11/26 22:00:32 | 000,035,376 | ---- | M] () -- C:\WINDOWS\spoolsv .exe
[2010/11/26 21:59:49 | 000,035,368 | ---- | M] () -- C:\WINDOWS\nvsvc32 .exe
[2010/11/26 21:57:46 | 000,035,376 | ---- | M] () -- C:\WINDOWS\winlogon .exe
[2010/11/26 21:56:50 | 000,035,364 | ---- | M] () -- C:\WINDOWS\spoolsv .exe
[2010/11/26 21:55:30 | 000,035,372 | ---- | M] () -- C:\WINDOWS\lsass .exe
[2010/11/26 21:55:29 | 000,035,364 | ---- | M] () -- C:\WINDOWS\setup .exe
[2010/11/26 21:55:28 | 000,035,364 | ---- | M] () -- C:\WINDOWS\nvsvc32 .exe
[2010/11/26 21:52:29 | 000,035,388 | ---- | M] () -- C:\WINDOWS\spoolsv .exe
[2010/11/26 21:51:46 | 000,035,368 | ---- | M] () -- C:\WINDOWS\lsass .exe
[2010/11/26 21:51:45 | 000,035,340 | ---- | M] () -- C:\WINDOWS\setup .exe
[2010/11/26 21:50:26 | 000,035,356 | ---- | M] () -- C:\WINDOWS\nvsvc32 .exe
[2010/11/26 21:49:11 | 000,035,364 | ---- | M] () -- C:\WINDOWS\avp32 .exe
[2010/11/26 21:48:00 | 000,035,352 | ---- | M] () -- C:\WINDOWS\lsass .exe
[2010/11/26 21:47:13 | 000,035,344 | ---- | M] () -- C:\WINDOWS\avp32 .exe
[2010/11/26 21:46:52 | 000,035,356 | ---- | M] () -- C:\WINDOWS\winlogon .exe
[2010/11/26 21:45:59 | 000,035,352 | ---- | M] () -- C:\WINDOWS\lsass .exe
[2010/11/26 21:44:11 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/10/28 20:46:35 | 000,035,596 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:46:24 | 000,035,592 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:46:13 | 000,035,588 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:46:02 | 000,035,584 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:45:51 | 000,035,580 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:45:41 | 000,035,576 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:45:30 | 000,035,572 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:45:19 | 000,035,568 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:45:08 | 000,035,564 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:44:58 | 000,035,560 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:44:47 | 000,035,556 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:44:36 | 000,035,552 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:44:25 | 000,035,548 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:44:14 | 000,035,544 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:44:03 | 000,035,540 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:43:52 | 000,035,536 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:43:40 | 000,035,532 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:43:28 | 000,035,528 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:43:17 | 000,035,524 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:43:05 | 000,035,520 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:42:54 | 000,035,516 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:42:44 | 000,035,512 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:42:33 | 000,035,508 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:42:22 | 000,035,504 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:42:11 | 000,035,500 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:42:00 | 000,035,496 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:41:50 | 000,035,492 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:41:39 | 000,035,488 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:41:28 | 000,035,484 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:41:17 | 000,035,480 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:41:06 | 000,035,476 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:40:55 | 000,035,472 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:40:45 | 000,035,468 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:40:34 | 000,035,464 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:40:23 | 000,035,460 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:40:12 | 000,035,456 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:40:01 | 000,035,452 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:39:50 | 000,035,448 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:39:39 | 000,035,444 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:39:28 | 000,035,440 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:39:18 | 000,035,436 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:39:07 | 000,035,432 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:38:55 | 000,035,428 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:38:41 | 000,035,424 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:38:30 | 000,035,420 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:38:19 | 000,035,416 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:38:08 | 000,035,412 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:37:57 | 000,035,408 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:37:45 | 000,035,404 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:37:33 | 000,035,400 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:37:22 | 000,035,396 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:37:04 | 000,035,392 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:36:42 | 000,035,384 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:36:42 | 000,035,384 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:36:10 | 000,035,384 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:36:09 | 000,035,376 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:35:47 | 000,035,372 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:35:47 | 000,035,372 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:35:27 | 000,035,380 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:35:26 | 000,035,380 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:35:26 | 000,035,380 | ---- | M] () -- C:\WINDOWS\nvsvc32 .exe
[2010/10/28 20:35:07 | 000,035,376 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:35:07 | 000,035,376 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:34:36 | 000,035,372 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:34:36 | 000,035,372 | ---- | M] () -- C:\WINDOWS\avp32 .exe
[2010/10/28 20:34:22 | 000,035,380 | ---- | M] () -- C:\WINDOWS\services .exe
[2010/10/28 20:34:18 | 000,035,364 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:34:04 | 000,035,368 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:33:56 | 000,035,372 | ---- | M] () -- C:\WINDOWS\services .exe
[2010/10/28 20:33:16 | 000,035,360 | ---- | M] () -- C:\WINDOWS\winlogon .exe
[2010/10/28 20:33:16 | 000,035,360 | ---- | M] () -- C:\WINDOWS\services .exe
[2010/10/28 20:32:35 | 000,035,348 | ---- | M] () -- C:\WINDOWS\nvsvc32 .exe
[2010/10/28 20:32:32 | 000,035,348 | ---- | M] () -- C:\WINDOWS\services .exe
[2010/10/28 20:32:22 | 000,035,372 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:31:57 | 000,035,344 | ---- | M] () -- C:\WINDOWS\services .exe
[2010/10/28 20:31:55 | 000,035,368 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:31:14 | 000,035,376 | ---- | M] () -- C:\WINDOWS\services .exe
[2010/10/28 20:30:56 | 000,035,376 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:30:49 | 000,035,348 | ---- | M] () -- C:\WINDOWS\hexdump .exe
[2010/10/28 20:30:41 | 000,035,352 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:30:24 | 000,035,388 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:30:21 | 000,035,344 | ---- | M] () -- C:\WINDOWS\spoolsv .exe
[2010/10/28 20:30:15 | 000,035,344 | ---- | M] () -- C:\WINDOWS\hexdump .exe
[2010/10/28 20:30:11 | 000,035,348 | ---- | M] () -- C:\WINDOWS\setup .exe
[2010/10/28 20:29:35 | 000,035,368 | -H-- | M] () -- C:\WINDOWS\setup .exe
[2010/10/28 20:29:35 | 000,035,340 | ---- | M] () -- C:\WINDOWS\spoolsv .exe
[2010/10/28 20:29:16 | 000,035,376 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:29:15 | 000,035,364 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:28:58 | 000,035,340 | ---- | M] () -- C:\WINDOWS\spoolsv .exe
[2010/10/28 20:28:45 | 000,035,364 | ---- | M] () -- C:\WINDOWS\hexdump .exe
[2010/10/28 20:28:31 | 000,035,356 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:28:29 | 000,035,356 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:28:02 | 000,035,360 | ---- | M] () -- C:\WINDOWS\hexdump .exe
[2010/10/28 20:27:30 | 000,035,364 | ---- | M] () -- C:\WINDOWS\login .exe

========== Files Created - No Company Name ==========

[2010/11/27 18:40:46 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\dmlconf.dat
[2010/11/27 18:40:44 | 000,078,336 | ---- | C] () -- C:\Documents and Settings\MS\Desktop\OTLSrv.exe
[2010/11/27 18:23:17 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/11/27 18:23:13 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/11/27 18:22:02 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/11/27 18:22:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/11/27 18:22:02 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/27 18:22:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/11/27 18:22:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/27 18:15:36 | 1064,620,032 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/27 17:30:00 | 052,556,176 | ---- | C] () -- C:\Documents and Settings\MS\Desktop\x4fjd75d.exe
[2010/11/27 17:28:28 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\complete.dat
[2010/11/27 16:44:40 | 000,076,599 | ---- | C] () -- C:\Documents and Settings\MS\Desktop\Scan1.JPG
[2010/11/27 15:33:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/11/27 15:32:39 | 000,001,624 | ---- | C] () -- C:\Documents and Settings\MS\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/27 15:32:39 | 000,001,606 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/11/27 14:38:28 | 000,001,711 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/11/27 09:56:53 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\MS\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/11/26 23:37:59 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/28 20:28:17 | 000,035,380 | ---- | C] () -- C:\WINDOWS\winlogon .exe
[2010/10/28 20:28:17 | 000,035,380 | ---- | C] () -- C:\WINDOWS\winlogon .exe
[2010/10/28 20:28:17 | 000,035,376 | ---- | C] () -- C:\WINDOWS\winlogon .exe
[2010/10/28 20:28:17 | 000,035,376 | ---- | C] () -- C:\WINDOWS\winlogon .exe
[2010/10/28 20:28:17 | 000,035,360 | ---- | C] () -- C:\WINDOWS\winlogon .exe
[2010/10/28 20:28:17 | 000,035,356 | ---- | C] () -- C:\WINDOWS\winlogon .exe
[2010/10/28 20:28:17 | 000,035,356 | ---- | C] () -- C:\WINDOWS\winlogon .exe
[2010/10/28 20:28:17 | 000,035,352 | ---- | C] () -- C:\WINDOWS\winlogon .exe
[2010/10/28 20:28:17 | 000,035,336 | ---- | C] () -- C:\WINDOWS\winlogon .exe
[2010/10/28 20:28:17 | 000,035,336 | ---- | C] () -- C:\WINDOWS\winlogon .exe
[2010/10/28 20:28:17 | 000,035,336 | ---- | C] () -- C:\WINDOWS\winlogon .exe
[2010/09/17 17:38:34 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\2mIfUQ.dat
[2009/12/27 14:42:27 | 000,000,499 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\HPWALog.txt
[2009/12/27 14:38:29 | 001,759,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2009/12/27 14:38:29 | 000,028,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2009/12/27 14:38:29 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2009/08/23 14:30:54 | 000,028,510 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/08/23 13:50:25 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/05/05 13:00:32 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2009/04/11 02:25:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/04/11 01:58:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2009/08/23 14:07:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2009/08/23 14:29:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/11/27 12:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MS\Application Data\Agqiq
[2010/11/27 12:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MS\Application Data\Agsan
[2010/11/27 18:32:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MS\Application Data\Biufo
[2010/11/27 12:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MS\Application Data\Fyxo
[2010/11/27 12:33:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MS\Application Data\Ifur
[2010/11/27 12:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MS\Application Data\Kiopme
[2010/11/27 13:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MS\Application Data\Luezi
[2010/11/27 14:37:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MS\Application Data\MSNInstaller
[2010/11/27 17:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MS\Application Data\Ohodip
[2010/11/27 18:50:17 | 000,000,282 | ---- | M] () -- C:\WINDOWS\Tasks\BackOnTrack Instant Restore Idle.job

========== Purity Check ==========



< End of report >
[2010/11/27 18:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MS\Desktop
[2010/11/27 18:51:03 | 000,158,208 | ---- | M] () -- C:\Documents and Settings\MS\Desktop\OTLSrv.exe
[2010/11/27 18:50:22 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\MS\ntuser.dat.LOG
[2010/11/27 18:50:17 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\BackOnTrack Instant Restore Idle.job
[2010/11/27 18:45:16 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/11/27 18:45:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/27 18:43:42 | 001,310,720 | -H-- | M] () -- C:\Documents and Settings\MS\NTUSER.DAT
[2010/11/27 18:43:42 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\MS\ntuser.ini
[2010/11/27 18:40:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2010/11/27 18:37:45 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\MS\Recent
[2010/11/27 18:36:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\MS\Local Settings
[2010/11/27 18:33:52 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/11/27 18:33:07 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\MS\Application Data
[2010/11/27 18:33:04 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/11/27 18:32:59 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2010/11/27 18:32:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MS\Application Data\Biufo
[2010/11/27 18:30:09 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/11/27 18:00:49 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2010/11/27 17:40:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MS\DoctorWeb
[2010/11/27 17:36:43 | 004,299,312 | -H-- | M] () -- C:\Documents and Settings\MS\Local Settings\Application Data\IconCache.db
[2010/11/27 17:35:12 | 052,556,176 | ---- | M] () -- C:\Documents and Settings\MS\Desktop\x4fjd75d.exe
[2010/11/27 17:30:06 | 000,655,360 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MS\Desktop\OTL.exe
[2010/11/27 17:28:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\MS\Cookies
[2010/11/27 17:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MS\Application Data\Ohodip
[2010/11/27 17:28:30 | 000,000,000 | ---D | M] -- C:\Program Files\windows
[2010/11/27 17:28:30 | 000,000,000 | ---D | M] -- C:\Program Files\win
[2010/11/27 17:27:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MS\.migoDesktop
[2010/11/27 17:27:41 | 000,000,499 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\HPWALog.txt
[2010/11/27 17:02:06 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\2mIfUQ.dat
[2010/11/27 17:01:47 | 000,000,000 | R--D | M] -- C:\Documents and Settings\MS\My Documents
[2010/11/27 16:44:41 | 000,076,599 | ---- | M] () -- C:\Documents and Settings\MS\Desktop\Scan1.JPG
[2010/11/27 15:59:05 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2010/11/27 15:33:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MS\Application Data\Mozilla
[2010/11/27 15:33:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/11/27 15:32:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MS\Local Settings\Application Data\Mozilla
[2010/11/27 15:32:39 | 000,001,624 | ---- | M] () -- C:\Documents and Settings\MS\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/27 15:32:39 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/11/27 15:32:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Desktop
[2010/11/27 15:32:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/11/27 15:31:37 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010/11/27 14:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MS\Application Data\Avira
[2010/11/27 14:45:34 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/11/27 14:45:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/11/27 14:39:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/11/27 14:38:29 | 000,001,711 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/11/27 14:37:56 | 000,000,000 | ---D | M] -- C:\Program Files\Avira
[2010/11/27 14:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/11/27 14:37:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MS\Application Data\MSNInstaller
[2010/11/27 14:37:35 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2010/11/27 14:04:43 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\Microsoft Shared
[2010/11/27 13:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MS\Application Data\Luezi
[2010/11/27 12:33:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MS\Application Data\Ifur
[2010/11/27 12:32:52 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/27 12:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MS\Application Data\Kiopme
[2010/11/27 12:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MS\Application Data\Agqiq
[2010/11/27 12:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MS\Application Data\Fyxo
[2010/11/27 12:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MS\Application Data\Agsan
[2010/11/27 10:55:18 | 000,000,000 | --SD | M] -- C:\Documents and Settings\MS\Application Data\Microsoft
[2010/11/27 10:49:00 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\MS\IECompatCache
[2010/11/27 10:48:45 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\MS\PrivacIE
[2010/11/27 10:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MS\Local Settings\Application Data\Google
[2010/11/27 10:26:47 | 000,434,212 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/27 10:26:46 | 000,068,826 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/27 10:26:45 | 000,508,780 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/11/27 10:23:59 | 000,055,512 | ---- | M] () -- C:\Documents and Settings\MS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/11/27 10:21:57 | 000,035,336 | ---- | M] () -- C:\WINDOWS\winlogon .exe
[2010/11/27 10:21:57 | 000,035,336 | ---- | M] () -- C:\WINDOWS\setup .exe
[2010/11/27 10:21:57 | 000,035,336 | ---- | M] () -- C:\WINDOWS\lsass .exe
[2010/11/27 10:21:57 | 000,035,336 | ---- | M] () -- C:\WINDOWS\avp32 .exe
[2010/11/27 10:21:56 | 000,035,336 | ---- | M] () -- C:\WINDOWS\winlogon .exe
[2010/11/27 10:21:56 | 000,035,336 | ---- | M] () -- C:\WINDOWS\winlogon .exe
[2010/11/27 10:21:56 | 000,035,336 | ---- | M] () -- C:\WINDOWS\avp32 .exe
[2010/11/27 10:21:55 | 000,035,336 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/11/27 10:21:34 | 000,000,000 | R--D | M] -- C:\Documents and Settings\MS\Favorites
[2010/11/27 09:58:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MS\Application Data\Malwarebytes
[2010/11/27 01:21:43 | 000,035,372 | ---- | M] () -- C:\WINDOWS\services .exe
[2010/11/27 01:21:43 | 000,035,364 | ---- | M] () -- C:\WINDOWS\lsass .exe
[2010/11/27 01:21:42 | 000,035,380 | ---- | M] () -- C:\WINDOWS\nvsvc32 .exe
[2010/11/27 01:19:37 | 000,035,376 | ---- | M] () -- C:\WINDOWS\avp32 .exe
[2010/11/27 01:17:31 | 000,035,428 | ---- | M] () -- C:\WINDOWS\setup .exe
[2010/11/27 01:17:31 | 000,035,380 | ---- | M] () -- C:\WINDOWS\winlogon .exe
[2010/11/27 01:15:56 | 000,035,388 | ---- | M] () -- C:\WINDOWS\setup .exe
[2010/11/27 01:15:55 | 000,035,412 | ---- | M] () -- C:\WINDOWS\nvsvc32 .exe
[2010/11/27 01:15:55 | 000,035,412 | ---- | M] () -- C:\WINDOWS\avp32 .exe
[2010/11/27 01:15:54 | 000,035,356 | ---- | M] () -- C:\WINDOWS\nvsvc32 .exe
[2010/11/27 01:11:53 | 000,035,388 | -H-- | M] () -- C:\WINDOWS\services .exe
[2010/11/27 01:08:51 | 000,035,356 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/11/27 01:08:50 | 000,035,348 | ---- | M] () -- C:\WINDOWS\nvsvc32 .exe
[2010/11/27 01:03:16 | 000,035,388 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/11/27 01:02:12 | 000,035,368 | ---- | M] () -- C:\WINDOWS\services .exe
[2010/11/27 01:02:07 | 000,035,384 | ---- | M] () -- C:\WINDOWS\setup .exe
[2010/11/27 01:02:07 | 000,035,380 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/11/27 01:02:07 | 000,035,348 | ---- | M] () -- C:\WINDOWS\avp32 .exe
[2010/11/27 01:02:05 | 000,035,380 | ---- | M] () -- C:\WINDOWS\hexdump .exe
[2010/11/27 01:02:03 | 000,035,380 | ---- | M] () -- C:\WINDOWS\spoolsv .exe
[2010/11/27 01:02:03 | 000,035,364 | ---- | M] () -- C:\WINDOWS\nvsvc32 .exe
[2010/11/27 01:01:56 | 000,035,376 | ---- | M] () -- C:\WINDOWS\spoolsv .exe
[2010/11/27 01:01:33 | 000,035,392 | ---- | M] () -- C:\WINDOWS\lsass .exe
[2010/11/27 01:00:44 | 000,035,392 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/11/27 01:00:13 | 000,035,356 | ---- | M] () -- C:\WINDOWS\winlogon .exe
[2010/11/27 00:57:50 | 000,035,376 | ---- | M] () -- C:\WINDOWS\spoolsv .exe
[2010/11/27 00:57:49 | 000,035,392 | ---- | M] () -- C:\WINDOWS\nvsvc32 .exe
[2010/11/27 00:56:12 | 000,035,368 | ---- | M] () -- C:\WINDOWS\lsass .exe
[2010/11/27 00:54:13 | 000,035,344 | ---- | M] () -- C:\WINDOWS\hexdump .exe
[2010/11/27 00:53:52 | 000,035,360 | ---- | M] () -- C:\WINDOWS\hexdump .exe
[2010/11/27 00:53:30 | 000,035,368 | ---- | M] () -- C:\WINDOWS\hexdump .exe
[2010/11/27 00:53:25 | 000,035,380 | ---- | M] () -- C:\WINDOWS\spoolsv .exe
[2010/11/27 00:53:25 | 000,035,348 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/11/27 00:53:20 | 000,035,368 | ---- | M] () -- C:\WINDOWS\lsass .exe
[2010/11/27 00:50:27 | 000,035,396 | ---- | M] () -- C:\WINDOWS\hexdump .exe
[2010/11/27 00:48:35 | 000,035,368 | ---- | M] () -- C:\WINDOWS\nvsvc32 .exe
[2010/11/27 00:48:30 | 000,035,368 | ---- | M] () -- C:\WINDOWS\hexdump .exe
[2010/11/27 00:47:12 | 000,035,360 | ---- | M] () -- C:\WINDOWS\spoolsv .exe
[2010/11/27 00:46:43 | 000,035,376 | ---- | M] () -- C:\WINDOWS\winlogon .exe
[2010/11/27 00:46:01 | 000,035,384 | ---- | M] () -- C:\WINDOWS\hexdump .exe
[2010/11/27 00:44:08 | 000,035,376 | ---- | M] () -- C:\WINDOWS\setup .exe
[2010/11/27 00:43:58 | 000,035,376 | ---- | M] () -- C:\WINDOWS\avp32 .exe
[2010/11/26 23:39:20 | 000,035,384 | ---- | M] () -- C:\WINDOWS\hexdump .exe
[2010/11/26 23:38:49 | 000,035,380 | ---- | M] () -- C:\WINDOWS\winlogon .exe
[2010/11/26 23:38:42 | 000,035,376 | ---- | M] () -- C:\WINDOWS\nvsvc32 .exe
[2010/11/26 23:38:00 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/26 23:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/26 22:36:58 | 000,035,388 | ---- | M] () -- C:\WINDOWS\avp32 .exe
[2010/11/26 22:36:40 | 000,035,388 | ---- | M] () -- C:\WINDOWS\nvsvc32 .exe
[2010/11/26 22:06:08 | 000,035,352 | ---- | M] () -- C:\WINDOWS\winlogon .exe
[2010/11/26 22:05:27 | 000,035,364 | ---- | M] () -- C:\WINDOWS\lsass .exe
[2010/11/26 22:04:44 | 000,035,360 | ---- | M] () -- C:\WINDOWS\hexdump .exe
[2010/11/26 22:04:04 | 000,035,372 | ---- | M] () -- C:\WINDOWS\spoolsv .exe
[2010/11/26 22:02:48 | 000,035,364 | ---- | M] () -- C:\WINDOWS\setup .exe
[2010/11/26 22:01:33 | 000,035,356 | ---- | M] () -- C:\WINDOWS\lsass .exe
[2010/11/26 22:00:32 | 000,035,376 | ---- | M] () -- C:\WINDOWS\spoolsv .exe
[2010/11/26 21:59:49 | 000,035,368 | ---- | M] () -- C:\WINDOWS\nvsvc32 .exe
[2010/11/26 21:57:46 | 000,035,376 | ---- | M] () -- C:\WINDOWS\winlogon .exe
[2010/11/26 21:56:50 | 000,035,364 | ---- | M] () -- C:\WINDOWS\spoolsv .exe
[2010/11/26 21:55:30 | 000,035,372 | ---- | M] () -- C:\WINDOWS\lsass .exe
[2010/11/26 21:55:29 | 000,035,364 | ---- | M] () -- C:\WINDOWS\setup .exe
[2010/11/26 21:55:28 | 000,035,364 | ---- | M] () -- C:\WINDOWS\nvsvc32 .exe
[2010/11/26 21:52:29 | 000,035,388 | ---- | M] () -- C:\WINDOWS\spoolsv .exe
[2010/11/26 21:51:46 | 000,035,368 | ---- | M] () -- C:\WINDOWS\lsass .exe
[2010/11/26 21:51:45 | 000,035,340 | ---- | M] () -- C:\WINDOWS\setup .exe
[2010/11/26 21:50:26 | 000,035,356 | ---- | M] () -- C:\WINDOWS\nvsvc32 .exe
[2010/11/26 21:49:11 | 000,035,364 | ---- | M] () -- C:\WINDOWS\avp32 .exe
[2010/11/26 21:48:00 | 000,035,352 | ---- | M] () -- C:\WINDOWS\lsass .exe
[2010/11/26 21:47:13 | 000,035,344 | ---- | M] () -- C:\WINDOWS\avp32 .exe
[2010/11/26 21:46:52 | 000,035,356 | ---- | M] () -- C:\WINDOWS\winlogon .exe
[2010/11/26 21:45:59 | 000,035,352 | ---- | M] () -- C:\WINDOWS\lsass .exe
[2010/11/26 21:44:11 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/10/28 20:46:35 | 000,035,596 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:46:24 | 000,035,592 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:46:13 | 000,035,588 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:46:02 | 000,035,584 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:45:51 | 000,035,580 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:45:41 | 000,035,576 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:45:30 | 000,035,572 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:45:19 | 000,035,568 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:45:08 | 000,035,564 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:44:58 | 000,035,560 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:44:47 | 000,035,556 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:44:36 | 000,035,552 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:44:25 | 000,035,548 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:44:14 | 000,035,544 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:44:03 | 000,035,540 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:43:52 | 000,035,536 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:43:40 | 000,035,532 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:43:28 | 000,035,528 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:43:17 | 000,035,524 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:43:05 | 000,035,520 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:42:54 | 000,035,516 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:42:44 | 000,035,512 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:42:33 | 000,035,508 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:42:22 | 000,035,504 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:42:11 | 000,035,500 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:42:00 | 000,035,496 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:41:50 | 000,035,492 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:41:39 | 000,035,488 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:41:28 | 000,035,484 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:41:17 | 000,035,480 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:41:06 | 000,035,476 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:40:55 | 000,035,472 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:40:45 | 000,035,468 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:40:34 | 000,035,464 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:40:23 | 000,035,460 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:40:12 | 000,035,456 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:40:01 | 000,035,452 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:39:50 | 000,035,448 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:39:39 | 000,035,444 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:39:28 | 000,035,440 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:39:18 | 000,035,436 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:39:07 | 000,035,432 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:38:55 | 000,035,428 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:38:41 | 000,035,424 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:38:30 | 000,035,420 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:38:19 | 000,035,416 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:38:08 | 000,035,412 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:37:57 | 000,035,408 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:37:45 | 000,035,404 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:37:33 | 000,035,400 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:37:22 | 000,035,396 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:37:12 | 000,000,000 | ---D | M] -- C:\Program Files\tmp
[2010/10/28 20:37:04 | 000,035,392 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:36:42 | 000,035,384 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:36:42 | 000,035,384 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:36:10 | 000,035,384 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:36:09 | 000,035,376 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:35:47 | 000,035,372 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:35:47 | 000,035,372 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:35:27 | 000,035,380 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:35:26 | 000,035,380 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:35:26 | 000,035,380 | ---- | M] () -- C:\WINDOWS\nvsvc32 .exe
[2010/10/28 20:35:07 | 000,035,376 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:35:07 | 000,035,376 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:34:36 | 000,035,372 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:34:36 | 000,035,372 | ---- | M] () -- C:\WINDOWS\avp32 .exe
[2010/10/28 20:34:22 | 000,035,380 | ---- | M] () -- C:\WINDOWS\services .exe
[2010/10/28 20:34:18 | 000,035,364 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:34:04 | 000,035,368 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:33:56 | 000,035,372 | ---- | M] () -- C:\WINDOWS\services .exe
[2010/10/28 20:33:16 | 000,035,360 | ---- | M] () -- C:\WINDOWS\winlogon .exe
[2010/10/28 20:33:16 | 000,035,360 | ---- | M] () -- C:\WINDOWS\services .exe
[2010/10/28 20:32:35 | 000,035,348 | ---- | M] () -- C:\WINDOWS\nvsvc32 .exe
[2010/10/28 20:32:32 | 000,035,348 | ---- | M] () -- C:\WINDOWS\services .exe
[2010/10/28 20:32:22 | 000,035,372 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:31:57 | 000,035,344 | ---- | M] () -- C:\WINDOWS\services .exe
[2010/10/28 20:31:55 | 000,035,368 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:31:14 | 000,035,376 | ---- | M] () -- C:\WINDOWS\services .exe
[2010/10/28 20:30:56 | 000,035,376 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:30:49 | 000,035,348 | ---- | M] () -- C:\WINDOWS\hexdump .exe
[2010/10/28 20:30:41 | 000,035,352 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:30:24 | 000,035,388 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:30:21 | 000,035,344 | ---- | M] () -- C:\WINDOWS\spoolsv .exe
[2010/10/28 20:30:15 | 000,035,344 | ---- | M] () -- C:\WINDOWS\hexdump .exe
[2010/10/28 20:30:11 | 000,035,348 | ---- | M] () -- C:\WINDOWS\setup .exe
[2010/10/28 20:29:35 | 000,035,368 | -H-- | M] () -- C:\WINDOWS\setup .exe
[2010/10/28 20:29:35 | 000,035,340 | ---- | M] () -- C:\WINDOWS\spoolsv .exe
[2010/10/28 20:29:16 | 000,035,376 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:29:15 | 000,035,364 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:28:58 | 000,035,340 | ---- | M] () -- C:\WINDOWS\spoolsv .exe
[2010/10/28 20:28:45 | 000,035,364 | ---- | M] () -- C:\WINDOWS\hexdump .exe
[2010/10/28 20:28:31 | 000,035,356 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:28:29 | 000,035,356 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:28:02 | 000,035,360 | ---- | M] () -- C:\WINDOWS\hexdump .exe
[2010/10/28 20:27:30 | 000,035,364 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:27:27 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Documents
[2009/04/10 18:52:40 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\MS\Application Data\desktop.ini
[2009/04/10 18:52:40 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini

========== Files - Modified Within 30 Days ==========

[2010/11/27 18:52:19 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\dmlconf.dat
[2010/11/27 18:51:03 | 000,158,208 | ---- | M] () -- C:\Documents and Settings\MS\Desktop\OTLSrv.exe
[2010/11/27 18:50:17 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\BackOnTrack Instant Restore Idle.job
[2010/11/27 18:45:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/27 18:45:00 | 1064,620,032 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/27 18:33:41 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/27 18:23:17 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/11/27 17:35:12 | 052,556,176 | ---- | M] () -- C:\Documents and Settings\MS\Desktop\x4fjd75d.exe
[2010/11/27 17:30:06 | 000,655,360 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MS\Desktop\OTL.exe
[2010/11/27 17:28:28 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\complete.dat
[2010/11/27 17:02:06 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\2mIfUQ.dat
[2010/11/27 16:44:41 | 000,076,599 | ---- | M] () -- C:\Documents and Settings\MS\Desktop\Scan1.JPG
[2010/11/27 16:23:02 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\OTLPE.exe
[2010/11/27 15:33:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/11/27 15:32:39 | 000,001,624 | ---- | M] () -- C:\Documents and Settings\MS\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/27 15:32:39 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/11/27 14:47:41 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/11/27 14:38:29 | 000,001,711 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/11/27 10:26:47 | 000,434,212 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/27 10:26:46 | 000,068,826 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/27 10:21:57 | 000,035,336 | ---- | M] () -- C:\WINDOWS\winlogon .exe
[2010/11/27 10:21:57 | 000,035,336 | ---- | M] () -- C:\WINDOWS\setup .exe
[2010/11/27 10:21:57 | 000,035,336 | ---- | M] () -- C:\WINDOWS\lsass .exe
[2010/11/27 10:21:57 | 000,035,336 | ---- | M] () -- C:\WINDOWS\avp32 .exe
[2010/11/27 10:21:56 | 000,035,336 | ---- | M] () -- C:\WINDOWS\winlogon .exe
[2010/11/27 10:21:56 | 000,035,336 | ---- | M] () -- C:\WINDOWS\winlogon .exe
[2010/11/27 10:21:56 | 000,035,336 | ---- | M] () -- C:\WINDOWS\avp32 .exe
[2010/11/27 10:21:55 | 000,035,336 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/11/27 01:21:43 | 000,035,372 | ---- | M] () -- C:\WINDOWS\services .exe
[2010/11/27 01:21:43 | 000,035,364 | ---- | M] () -- C:\WINDOWS\lsass .exe
[2010/11/27 01:21:42 | 000,035,380 | ---- | M] () -- C:\WINDOWS\nvsvc32 .exe
[2010/11/27 01:19:37 | 000,035,376 | ---- | M] () -- C:\WINDOWS\avp32 .exe
[2010/11/27 01:17:31 | 000,035,428 | ---- | M] () -- C:\WINDOWS\setup .exe
[2010/11/27 01:17:31 | 000,035,380 | ---- | M] () -- C:\WINDOWS\winlogon .exe
[2010/11/27 01:15:56 | 000,035,388 | ---- | M] () -- C:\WINDOWS\setup .exe
[2010/11/27 01:15:55 | 000,035,412 | ---- | M] () -- C:\WINDOWS\nvsvc32 .exe
[2010/11/27 01:15:55 | 000,035,412 | ---- | M] () -- C:\WINDOWS\avp32 .exe
[2010/11/27 01:15:54 | 000,035,356 | ---- | M] () -- C:\WINDOWS\nvsvc32 .exe
[2010/11/27 01:11:53 | 000,035,388 | -H-- | M] () -- C:\WINDOWS\services .exe
[2010/11/27 01:08:51 | 000,035,356 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/11/27 01:08:50 | 000,035,348 | ---- | M] () -- C:\WINDOWS\nvsvc32 .exe
[2010/11/27 01:03:16 | 000,035,388 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/11/27 01:02:12 | 000,035,368 | ---- | M] () -- C:\WINDOWS\services .exe
[2010/11/27 01:02:07 | 000,035,384 | ---- | M] () -- C:\WINDOWS\setup .exe
[2010/11/27 01:02:07 | 000,035,380 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/11/27 01:02:07 | 000,035,348 | ---- | M] () -- C:\WINDOWS\avp32 .exe
[2010/11/27 01:02:05 | 000,035,380 | ---- | M] () -- C:\WINDOWS\hexdump .exe
[2010/11/27 01:02:03 | 000,035,380 | ---- | M] () -- C:\WINDOWS\spoolsv .exe
[2010/11/27 01:02:03 | 000,035,364 | ---- | M] () -- C:\WINDOWS\nvsvc32 .exe
[2010/11/27 01:01:56 | 000,035,376 | ---- | M] () -- C:\WINDOWS\spoolsv .exe
[2010/11/27 01:01:33 | 000,035,392 | ---- | M] () -- C:\WINDOWS\lsass .exe
[2010/11/27 01:00:44 | 000,035,392 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/11/27 01:00:13 | 000,035,356 | ---- | M] () -- C:\WINDOWS\winlogon .exe
[2010/11/27 00:57:50 | 000,035,376 | ---- | M] () -- C:\WINDOWS\spoolsv .exe
[2010/11/27 00:57:49 | 000,035,392 | ---- | M] () -- C:\WINDOWS\nvsvc32 .exe
[2010/11/27 00:56:12 | 000,035,368 | ---- | M] () -- C:\WINDOWS\lsass .exe
[2010/11/27 00:54:13 | 000,035,344 | ---- | M] () -- C:\WINDOWS\hexdump .exe
[2010/11/27 00:53:52 | 000,035,360 | ---- | M] () -- C:\WINDOWS\hexdump .exe
[2010/11/27 00:53:30 | 000,035,368 | ---- | M] () -- C:\WINDOWS\hexdump .exe
[2010/11/27 00:53:25 | 000,035,380 | ---- | M] () -- C:\WINDOWS\spoolsv .exe
[2010/11/27 00:53:25 | 000,035,348 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/11/27 00:53:20 | 000,035,368 | ---- | M] () -- C:\WINDOWS\lsass .exe
[2010/11/27 00:50:27 | 000,035,396 | ---- | M] () -- C:\WINDOWS\hexdump .exe
[2010/11/27 00:48:35 | 000,035,368 | ---- | M] () -- C:\WINDOWS\nvsvc32 .exe
[2010/11/27 00:48:30 | 000,035,368 | ---- | M] () -- C:\WINDOWS\hexdump .exe
[2010/11/27 00:47:12 | 000,035,360 | ---- | M] () -- C:\WINDOWS\spoolsv .exe
[2010/11/27 00:46:43 | 000,035,376 | ---- | M] () -- C:\WINDOWS\winlogon .exe
[2010/11/27 00:46:01 | 000,035,384 | ---- | M] () -- C:\WINDOWS\hexdump .exe
[2010/11/27 00:44:08 | 000,035,376 | ---- | M] () -- C:\WINDOWS\setup .exe
[2010/11/27 00:43:58 | 000,035,376 | ---- | M] () -- C:\WINDOWS\avp32 .exe
[2010/11/26 23:39:20 | 000,035,384 | ---- | M] () -- C:\WINDOWS\hexdump .exe
[2010/11/26 23:38:49 | 000,035,380 | ---- | M] () -- C:\WINDOWS\winlogon .exe
[2010/11/26 23:38:42 | 000,035,376 | ---- | M] () -- C:\WINDOWS\nvsvc32 .exe
[2010/11/26 23:38:00 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/26 22:36:58 | 000,035,388 | ---- | M] () -- C:\WINDOWS\avp32 .exe
[2010/11/26 22:36:40 | 000,035,388 | ---- | M] () -- C:\WINDOWS\nvsvc32 .exe
[2010/11/26 22:06:08 | 000,035,352 | ---- | M] () -- C:\WINDOWS\winlogon .exe
[2010/11/26 22:05:27 | 000,035,364 | ---- | M] () -- C:\WINDOWS\lsass .exe
[2010/11/26 22:04:44 | 000,035,360 | ---- | M] () -- C:\WINDOWS\hexdump .exe
[2010/11/26 22:04:04 | 000,035,372 | ---- | M] () -- C:\WINDOWS\spoolsv .exe
[2010/11/26 22:02:48 | 000,035,364 | ---- | M] () -- C:\WINDOWS\setup .exe
[2010/11/26 22:01:33 | 000,035,356 | ---- | M] () -- C:\WINDOWS\lsass .exe
[2010/11/26 22:00:32 | 000,035,376 | ---- | M] () -- C:\WINDOWS\spoolsv .exe
[2010/11/26 21:59:49 | 000,035,368 | ---- | M] () -- C:\WINDOWS\nvsvc32 .exe
[2010/11/26 21:57:46 | 000,035,376 | ---- | M] () -- C:\WINDOWS\winlogon .exe
[2010/11/26 21:56:50 | 000,035,364 | ---- | M] () -- C:\WINDOWS\spoolsv .exe
[2010/11/26 21:55:30 | 000,035,372 | ---- | M] () -- C:\WINDOWS\lsass .exe
[2010/11/26 21:55:29 | 000,035,364 | ---- | M] () -- C:\WINDOWS\setup .exe
[2010/11/26 21:55:28 | 000,035,364 | ---- | M] () -- C:\WINDOWS\nvsvc32 .exe
[2010/11/26 21:52:29 | 000,035,388 | ---- | M] () -- C:\WINDOWS\spoolsv .exe
[2010/11/26 21:51:46 | 000,035,368 | ---- | M] () -- C:\WINDOWS\lsass .exe
[2010/11/26 21:51:45 | 000,035,340 | ---- | M] () -- C:\WINDOWS\setup .exe
[2010/11/26 21:50:26 | 000,035,356 | ---- | M] () -- C:\WINDOWS\nvsvc32 .exe
[2010/11/26 21:49:11 | 000,035,364 | ---- | M] () -- C:\WINDOWS\avp32 .exe
[2010/11/26 21:48:00 | 000,035,352 | ---- | M] () -- C:\WINDOWS\lsass .exe
[2010/11/26 21:47:13 | 000,035,344 | ---- | M] () -- C:\WINDOWS\avp32 .exe
[2010/11/26 21:46:52 | 000,035,356 | ---- | M] () -- C:\WINDOWS\winlogon .exe
[2010/11/26 21:45:59 | 000,035,352 | ---- | M] () -- C:\WINDOWS\lsass .exe
[2010/11/26 21:44:11 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/10/28 20:46:35 | 000,035,596 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:46:24 | 000,035,592 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:46:13 | 000,035,588 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:46:02 | 000,035,584 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:45:51 | 000,035,580 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:45:41 | 000,035,576 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:45:30 | 000,035,572 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:45:19 | 000,035,568 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:45:08 | 000,035,564 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:44:58 | 000,035,560 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:44:47 | 000,035,556 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:44:36 | 000,035,552 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:44:25 | 000,035,548 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:44:14 | 000,035,544 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:44:03 | 000,035,540 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:43:52 | 000,035,536 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:43:40 | 000,035,532 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:43:28 | 000,035,528 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:43:17 | 000,035,524 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:43:05 | 000,035,520 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:42:54 | 000,035,516 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:42:44 | 000,035,512 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:42:33 | 000,035,508 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:42:22 | 000,035,504 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:42:11 | 000,035,500 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:42:00 | 000,035,496 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:41:50 | 000,035,492 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:41:39 | 000,035,488 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:41:28 | 000,035,484 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:41:17 | 000,035,480 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:41:06 | 000,035,476 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:40:55 | 000,035,472 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:40:45 | 000,035,468 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:40:34 | 000,035,464 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:40:23 | 000,035,460 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:40:12 | 000,035,456 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:40:01 | 000,035,452 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:39:50 | 000,035,448 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:39:39 | 000,035,444 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:39:28 | 000,035,440 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:39:18 | 000,035,436 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:39:07 | 000,035,432 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:38:55 | 000,035,428 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:38:41 | 000,035,424 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:38:30 | 000,035,420 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:38:19 | 000,035,416 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:38:08 | 000,035,412 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:37:57 | 000,035,408 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:37:45 | 000,035,404 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:37:33 | 000,035,400 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:37:22 | 000,035,396 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:37:04 | 000,035,392 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:36:42 | 000,035,384 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:36:42 | 000,035,384 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:36:10 | 000,035,384 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:36:09 | 000,035,376 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:35:47 | 000,035,372 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:35:47 | 000,035,372 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:35:27 | 000,035,380 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:35:26 | 000,035,380 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:35:26 | 000,035,380 | ---- | M] () -- C:\WINDOWS\nvsvc32 .exe
[2010/10/28 20:35:07 | 000,035,376 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:35:07 | 000,035,376 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:34:36 | 000,035,372 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:34:36 | 000,035,372 | ---- | M] () -- C:\WINDOWS\avp32 .exe
[2010/10/28 20:34:22 | 000,035,380 | ---- | M] () -- C:\WINDOWS\services .exe
[2010/10/28 20:34:18 | 000,035,364 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:34:04 | 000,035,368 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:33:56 | 000,035,372 | ---- | M] () -- C:\WINDOWS\services .exe
[2010/10/28 20:33:16 | 000,035,360 | ---- | M] () -- C:\WINDOWS\winlogon .exe
[2010/10/28 20:33:16 | 000,035,360 | ---- | M] () -- C:\WINDOWS\services .exe
[2010/10/28 20:32:35 | 000,035,348 | ---- | M] () -- C:\WINDOWS\nvsvc32 .exe
[2010/10/28 20:32:32 | 000,035,348 | ---- | M] () -- C:\WINDOWS\services .exe
[2010/10/28 20:32:22 | 000,035,372 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:31:57 | 000,035,344 | ---- | M] () -- C:\WINDOWS\services .exe
[2010/10/28 20:31:55 | 000,035,368 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:31:14 | 000,035,376 | ---- | M] () -- C:\WINDOWS\services .exe
[2010/10/28 20:30:56 | 000,035,376 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:30:49 | 000,035,348 | ---- | M] () -- C:\WINDOWS\hexdump .exe
[2010/10/28 20:30:41 | 000,035,352 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:30:24 | 000,035,388 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:30:21 | 000,035,344 | ---- | M] () -- C:\WINDOWS\spoolsv .exe
[2010/10/28 20:30:15 | 000,035,344 | ---- | M] () -- C:\WINDOWS\hexdump .exe
[2010/10/28 20:30:11 | 000,035,348 | ---- | M] () -- C:\WINDOWS\setup .exe
[2010/10/28 20:29:35 | 000,035,368 | -H-- | M] () -- C:\WINDOWS\setup .exe
[2010/10/28 20:29:35 | 000,035,340 | ---- | M] () -- C:\WINDOWS\spoolsv .exe
[2010/10/28 20:29:16 | 000,035,376 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:29:15 | 000,035,364 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:28:58 | 000,035,340 | ---- | M] () -- C:\WINDOWS\spoolsv .exe
[2010/10/28 20:28:45 | 000,035,364 | ---- | M] () -- C:\WINDOWS\hexdump .exe
[2010/10/28 20:28:31 | 000,035,356 | ---- | M] () -- C:\WINDOWS\win16 .exe
[2010/10/28 20:28:29 | 000,035,356 | ---- | M] () -- C:\WINDOWS\login .exe
[2010/10/28 20:28:02 | 000,035,360 | ---- | M] () -- C:\WINDOWS\hexdump .exe
[2010/10/28 20:27:30 | 000,035,364 | ---- | M] () -- C:\WINDOWS\login .exe

========== LOP Check ==========

[2009/08/23 14:07:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2009/08/23 14:29:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/11/27 12:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MS\Application Data\Agqiq
[2010/11/27 12:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MS\Application Data\Agsan
[2010/11/27 18:32:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MS\Application Data\Biufo
[2010/11/27 12:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MS\Application Data\Fyxo
[2010/11/27 12:33:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MS\Application Data\Ifur
[2010/11/27 12:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MS\Application Data\Kiopme
[2010/11/27 13:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MS\Application Data\Luezi
[2010/11/27 14:37:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MS\Application Data\MSNInstaller
[2010/11/27 17:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MS\Application Data\Ohodip
[2010/11/27 18:50:17 | 000,000,282 | ---- | M] () -- C:\WINDOWS\Tasks\BackOnTrack Instant Restore Idle.job

========== Purity Check ==========



< End of report >



OTL Extras logfile created on: 27/11/2010 18:47:56 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\MS\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,015.00 Mb Total Physical Memory | 625.00 Mb Available Physical Memory | 62.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 118.32 Gb Free Space | 79.39% Space Free | Partition Type: NTFS

Computer Name: DIONS | User Name: MS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Hewlett-Packard\HP QuickSync\jre\bin\javaw.exe" = C:\Program Files\Hewlett-Packard\HP QuickSync\jre\bin\javaw.exe:*:Disabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Windows Live\Messenger\msnmsgr .exe" = C:\Program Files\Windows Live\Messenger\msnmsgr .exe:*:Enabled:Windows Live Messenger -- ()
"C:\Program Files\Windows Live\Messenger\msnmsgr .exe" = C:\Program Files\Windows Live\Messenger\msnmsgr .exe:*:Enabled:Windows Live Messenger -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0517F875-BBB2-4812-A63E-733B33CEF215}" = Roxio Instant Restore
"{10385C4F-A6B2-4913-975D-6828928222EC}" = HP User Guides 0165
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2B682751-E749-441C-A4B3-1F538E26E56E}" = Roxio Instant Restore Recovery Disk
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{32F9BACF-FCD3-4B6A-AD85-255A449B6FA5}" = Roxio BackOnTrack
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam-50
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{69DAC00A-7665-4E9B-B441-093D40736429}" = HP BatteryCheck 2.10 A2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = HP Integrated Module with Bluetooth wireless technology
"{87A83C6F-F53C-448A-B078-FF00E3EAEB29}" = Roxio Disaster Recovery
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{909B62B0-8ACA-4061-A83B-09CAEF609619}" = MSXML 6.0 Parser
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EEA95E6C-6847-49BE-83C9-ED92D8E18983}" = HP QuickSync
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WildTangent hp Master Uninstall" = HP Games
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 27/11/2010 13:00:43 | Computer Name = DIONS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 27/11/2010 13:00:43 | Computer Name = DIONS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 27/11/2010 13:03:03 | Computer Name = DIONS | Source = LoadPerf | ID = 3002
Description = The performance counter explain text string value in the registry
is incorrectly formatted. The bogus string is ???, the bogus index value is the first
DWORD in Data section while the last valid index values are the second and third
DWORD in Data section.

Error - 27/11/2010 13:12:25 | Computer Name = DIONS | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....F9962A8212.crt>
with error: The connection with the server was terminated abnormally

Error - 27/11/2010 13:12:25 | Computer Name = DIONS | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....F9962A8212.crt>
with error: This network connection does not exist.

Error - 27/11/2010 13:30:25 | Computer Name = DIONS | Source = LoadPerf | ID = 3002
Description = The performance counter explain text string value in the registry
is incorrectly formatted. The bogus string is ???, the bogus index value is the first
DWORD in Data section while the last valid index values are the second and third
DWORD in Data section.

Error - 27/11/2010 14:21:45 | Computer Name = DIONS | Source = LoadPerf | ID = 3002
Description = The performance counter explain text string value in the registry
is incorrectly formatted. The bogus string is ???, the bogus index value is the first
DWORD in Data section while the last valid index values are the second and third
DWORD in Data section.

Error - 27/11/2010 14:50:24 | Computer Name = DIONS | Source = LoadPerf | ID = 3002
Description = The performance counter explain text string value in the registry
is incorrectly formatted. The bogus string is ???, the bogus index value is the first
DWORD in Data section while the last valid index values are the second and third
DWORD in Data section.

[ System Events ]
Error - 27/11/2010 13:26:58 | Computer Name = DIONS | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the hpqwmiex service to connect.

Error - 27/11/2010 13:26:58 | Computer Name = DIONS | Source = Service Control Manager | ID = 7000
Description = The hpqwmiex service failed to start due to the following error: %%1053

Error - 27/11/2010 13:39:00 | Computer Name = DIONS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 27/11/2010 14:17:36 | Computer Name = DIONS | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 27/11/2010 14:17:57 | Computer Name = DIONS | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the BOTService service.

Error - 27/11/2010 14:17:57 | Computer Name = DIONS | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 27/11/2010 14:45:58 | Computer Name = DIONS | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 27/11/2010 14:46:05 | Computer Name = DIONS | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the BOTService service.

Error - 27/11/2010 14:46:05 | Computer Name = DIONS | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 27/11/2010 14:46:58 | Computer Name = DIONS | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.


< End of report >
  • 0

Advertisements


#26
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi Clareykins,

Thank you for posting the logs.

I could still see lots of work to do. But I am glad we are now doing it on a working computer. :D

I am formulating a fix and may be able to post it tomorrow. Please be patient.

How's the laptop now?
  • 0

#27
Clareykins

Clareykins

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
It's a mess still, I uninstalled the expired Norton and replaced it with Avira and it bleeps every minute or so with another virus. Counted detections so far 6453. Like you said though, at least it's bootable now, takes almost five minutes to boot but still bootable lol. Thanks for all of your help so far! Looking forward to another one of your fixes. :D
  • 0

#28
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi Clareykins,

Here's some more work. :D

Step One

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFSript.txt.
Attached File  CFScript.txt   11.15KB   390 downloads

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Step Two

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Step Three

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode.

    You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter
    .

  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the Licence agreement and click on next
  • It will by default install it to your desktop folder.Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • Hidden Startup Objects
  • System Memory
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)


Leave the rest of the settings as they appear as default.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.


  • 0

#29
Clareykins

Clareykins

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
The log.txt:-
ComboFix 10-11-27.01 - MS 28/11/2010 15:19:56.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1015.552 [GMT 0:00]
Running from: c:\documents and settings\MS\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\MS\My Documents\Downloads\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\documents and settings\Default User\Start Menu\Programs\Startup\ceex.exe"
"c:\documents and settings\MS\Application Data\Biufo\ofuqy.exe"
"c:\windows\avp32 .exe"
"c:\windows\avp32 .exe"
"c:\windows\avp32 .exe"
"c:\windows\avp32 .exe"
"c:\windows\avp32 .exe"
"c:\windows\avp32 .exe"
"c:\windows\avp32 .exe"
"c:\windows\avp32 .exe"
"c:\windows\avp32 .exe"
"c:\windows\avp32 .exe"
"c:\windows\avp32 .exe"
"c:\windows\avp32 .exe"
"c:\windows\hexdump .exe"
"c:\windows\hexdump .exe"
"c:\windows\hexdump .exe"
"c:\windows\hexdump .exe"
"c:\windows\hexdump .exe"
"c:\windows\hexdump .exe"
"c:\windows\hexdump .exe"
"c:\windows\hexdump .exe"
"c:\windows\hexdump .exe"
"c:\windows\hexdump .exe"
"c:\windows\hexdump .exe"
"c:\windows\hexdump .exe"
"c:\windows\hexdump .exe"
"c:\windows\hexdump .exe"
"c:\windows\jusched .exe"
"c:\windows\login .exe"
"c:\windows\login .exe"
"c:\windows\login .exe"
"c:\windows\login .exe"
"c:\windows\login .exe"
"c:\windows\login .exe"
"c:\windows\login .exe"
"c:\windows\login .exe"
"c:\windows\login .exe"
"c:\windows\login .exe"
"c:\windows\login .exe"
"c:\windows\login .exe"
"c:\windows\login .exe"
"c:\windows\login .exe"
"c:\windows\login .exe"
"c:\windows\login .exe"
"c:\windows\login .exe"
"c:\windows\login .exe"
"c:\windows\login .exe"
"c:\windows\login .exe"
"c:\windows\login .exe"
"c:\windows\login .exe"
"c:\windows\login .exe"
"c:\windows\login .exe"
"c:\windows\login .exe"
"c:\windows\login .exe"
"c:\windows\login .exe"
"c:\windows\login .exe"
"c:\windows\login .exe"
"c:\windows\login .exe"
"c:\windows\login .exe"
"c:\windows\login .exe"
"c:\windows\login .exe"
"c:\windows\login .exe"
"c:\windows\login .exe"
"c:\windows\login .exe"
"c:\windows\login .exe"
"c:\windows\login .exe"
"c:\windows\login .exe"
"c:\windows\login .exe"
"c:\windows\login .exe"
"c:\windows\login .exe"
"c:\windows\login .exe"
"c:\windows\login .exe"
"c:\windows\login .exe"
"c:\windows\login .exe"
"c:\windows\login .exe"
"c:\windows\lsass .exe"
"c:\windows\lsass .exe"
"c:\windows\lsass .exe"
"c:\windows\lsass .exe"
"c:\windows\lsass .exe"
"c:\windows\lsass .exe"
"c:\windows\lsass .exe"
"c:\windows\lsass .exe"
"c:\windows\lsass .exe"
"c:\windows\lsass .exe"
"c:\windows\lsass .exe"
"c:\windows\nvsvc32 .exe"
"c:\windows\nvsvc32 .exe"
"c:\windows\nvsvc32 .exe"
"c:\windows\nvsvc32 .exe"
"c:\windows\nvsvc32 .exe"
"c:\windows\nvsvc32 .exe"
"c:\windows\nvsvc32 .exe"
"c:\windows\nvsvc32 .exe"
"c:\windows\nvsvc32 .exe"
"c:\windows\nvsvc32 .exe"
"c:\windows\nvsvc32 .exe"
"c:\windows\nvsvc32 .exe"
"c:\windows\nvsvc32 .exe"
"c:\windows\nvsvc32 .exe"
"c:\windows\nvsvc32 .exe"
"c:\windows\services .exe"
"c:\windows\services .exe"
"c:\windows\services .exe"
"c:\windows\services .exe"
"c:\windows\services .exe"
"c:\windows\services .exe"
"c:\windows\services .exe"
"c:\windows\services .exe"
"c:\windows\services .exe"
"c:\windows\services .exe"
"c:\windows\services .exe"
"c:\windows\services .exe"
"c:\windows\services .exe"
"c:\windows\services .exe"
"c:\windows\services .exe"
"c:\windows\services .exe"
"c:\windows\services .exe"
"c:\windows\setup .exe"
"c:\windows\setup .exe"
"c:\windows\setup .exe"
"c:\windows\setup .exe"
"c:\windows\setup .exe"
"c:\windows\setup .exe"
"c:\windows\setup .exe"
"c:\windows\setup .exe"
"c:\windows\setup .exe"
"c:\windows\setup .exe"
"c:\windows\setup .exe"
"c:\windows\setup .exe"
"c:\windows\spoolsv .exe"
"c:\windows\spoolsv .exe"
"c:\windows\spoolsv .exe"
"c:\windows\spoolsv .exe"
"c:\windows\spoolsv .exe"
"c:\windows\spoolsv .exe"
"c:\windows\spoolsv .exe"
"c:\windows\spoolsv .exe"
"c:\windows\spoolsv .exe"
"c:\windows\spoolsv .exe"
"c:\windows\spoolsv .exe"
"c:\windows\spoolsv .exe"
"c:\windows\spoolsv .exe"
"c:\windows\TEMP\dtrq\setup.exe run"
"c:\windows\win16 .exe"
"c:\windows\win16 .exe"
"c:\windows\win16 .exe"
"c:\windows\win16 .exe"
"c:\windows\win16 .exe"
"c:\windows\win16 .exe"
"c:\windows\win16 .exe"
"c:\windows\win16 .exe"
"c:\windows\win16 .exe"
"c:\windows\win16 .exe"
"c:\windows\win16 .exe"
"c:\windows\win16 .exe"
"c:\windows\win16 .exe"
"c:\windows\win16 .exe"
"c:\windows\win16 .exe"
"c:\windows\win16 .exe"
"c:\windows\win16 .exe"
"c:\windows\win16 .exe"
"c:\windows\win16 .exe"
"c:\windows\win16 .exe"
"c:\windows\win16 .exe"
"c:\windows\win16 .exe"
"c:\windows\win16 .exe"
"c:\windows\win16 .exe"
"c:\windows\win16 .exe"
"c:\windows\win16 .exe"
"c:\windows\win16 .exe"
"c:\windows\win16 .exe"
"c:\windows\win16 .exe"
"c:\windows\win16 .exe"
"c:\windows\win16 .exe"
"c:\windows\win16 .exe"
"c:\windows\win16 .exe"
"c:\windows\win16 .exe"
"c:\windows\win16 .exe"
"c:\windows\win16 .exe"
"c:\windows\win16 .exe"
"c:\windows\win16 .exe"
"c:\windows\win16 .exe"
"c:\windows\win16 .exe"
"c:\windows\win16 .exe"
"c:\windows\winlogon .exe"
"c:\windows\winlogon .exe"
"c:\windows\winlogon .exe"
"c:\windows\winlogon .exe"
"c:\windows\winlogon .exe"
"c:\windows\winlogon .exe"
"c:\windows\winlogon .exe"
"c:\windows\winlogon .exe"
"c:\windows\winlogon .exe"
"c:\windows\winlogon .exe"
"c:\windows\winlogon .exe"
"c:\windows\winlogon .exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\MS\Application Data\Agqiq
c:\documents and settings\MS\Application Data\Agsan
c:\documents and settings\MS\Application Data\Biufo
c:\documents and settings\MS\Application Data\Fyxo
c:\documents and settings\MS\Application Data\Ifur
c:\documents and settings\MS\Application Data\Kiopme
c:\documents and settings\MS\Application Data\Luezi
c:\documents and settings\MS\Application Data\MSNInstaller
c:\documents and settings\MS\Application Data\MSNInstaller\msninstallerlog.xml
c:\documents and settings\MS\Application Data\Ohodip
c:\program files\Microsoft\DesktopLayer.exe
c:\windows\avp32 .exe
c:\windows\avp32 .exe
c:\windows\avp32 .exe
c:\windows\avp32 .exe
c:\windows\avp32 .exe
c:\windows\avp32 .exe
c:\windows\avp32 .exe
c:\windows\avp32 .exe
c:\windows\avp32 .exe
c:\windows\avp32 .exe
c:\windows\avp32 .exe
c:\windows\hexdump .exe
c:\windows\hexdump .exe
c:\windows\hexdump .exe
c:\windows\hexdump .exe
c:\windows\hexdump .exe
c:\windows\hexdump .exe
c:\windows\hexdump .exe
c:\windows\hexdump .exe
c:\windows\hexdump .exe
c:\windows\hexdump .exe
c:\windows\hexdump .exe
c:\windows\hexdump .exe
c:\windows\hexdump .exe
c:\windows\jusched .exe
c:\windows\login .exe
c:\windows\login .exe
c:\windows\login .exe
c:\windows\login .exe
c:\windows\login .exe
c:\windows\login .exe
c:\windows\login .exe
c:\windows\login .exe
c:\windows\login .exe
c:\windows\login .exe
c:\windows\login .exe
c:\windows\login .exe
c:\windows\login .exe
c:\windows\login .exe
c:\windows\login .exe
c:\windows\login .exe
c:\windows\login .exe
c:\windows\login .exe
c:\windows\login .exe
c:\windows\login .exe
c:\windows\login .exe
c:\windows\login .exe
c:\windows\login .exe
c:\windows\login .exe
c:\windows\login .exe
c:\windows\login .exe
c:\windows\login .exe
c:\windows\login .exe
c:\windows\login .exe
c:\windows\login .exe
c:\windows\login .exe
c:\windows\login .exe
c:\windows\login .exe
c:\windows\login .exe
c:\windows\login .exe
c:\windows\login .exe
c:\windows\login .exe
c:\windows\login .exe
c:\windows\login .exe
c:\windows\login .exe
c:\windows\login .exe
c:\windows\login .exe
c:\windows\login .exe
c:\windows\login .exe
c:\windows\login .exe
c:\windows\login .exe
c:\windows\lsass .exe
c:\windows\lsass .exe
c:\windows\lsass .exe
c:\windows\lsass .exe
c:\windows\lsass .exe
c:\windows\lsass .exe
c:\windows\lsass .exe
c:\windows\lsass .exe
c:\windows\lsass .exe
c:\windows\lsass .exe
c:\windows\lsass .exe
c:\windows\nvsvc32 .exe
c:\windows\nvsvc32 .exe
c:\windows\nvsvc32 .exe
c:\windows\nvsvc32 .exe
c:\windows\nvsvc32 .exe
c:\windows\nvsvc32 .exe
c:\windows\nvsvc32 .exe
c:\windows\nvsvc32 .exe
c:\windows\nvsvc32 .exe
c:\windows\nvsvc32 .exe
c:\windows\nvsvc32 .exe
c:\windows\nvsvc32 .exe
c:\windows\nvsvc32 .exe
c:\windows\nvsvc32 .exe
c:\windows\services .exe
c:\windows\services .exe
c:\windows\services .exe
c:\windows\services .exe
c:\windows\services .exe
c:\windows\services .exe
c:\windows\services .exe
c:\windows\services .exe
c:\windows\services .exe
c:\windows\services .exe
c:\windows\services .exe
c:\windows\services .exe
c:\windows\services .exe
c:\windows\services .exe
c:\windows\services .exe
c:\windows\services .exe
c:\windows\setup .exe
c:\windows\setup .exe
c:\windows\setup .exe
c:\windows\setup .exe
c:\windows\setup .exe
c:\windows\setup .exe
c:\windows\setup .exe
c:\windows\setup .exe
c:\windows\setup .exe
c:\windows\setup .exe
c:\windows\setup .exe
c:\windows\spoolsv .exe
c:\windows\spoolsv .exe
c:\windows\spoolsv .exe
c:\windows\spoolsv .exe
c:\windows\spoolsv .exe
c:\windows\spoolsv .exe
c:\windows\spoolsv .exe
c:\windows\spoolsv .exe
c:\windows\spoolsv .exe
c:\windows\spoolsv .exe
c:\windows\spoolsv .exe
c:\windows\spoolsv .exe
c:\windows\system32\dmlconf.dat
c:\windows\system32\drivers\jlojou.sys
c:\windows\win16 .exe
c:\windows\win16 .exe
c:\windows\win16 .exe
c:\windows\win16 .exe
c:\windows\win16 .exe
c:\windows\win16 .exe
c:\windows\win16 .exe
c:\windows\win16 .exe
c:\windows\win16 .exe
c:\windows\win16 .exe
c:\windows\win16 .exe
c:\windows\win16 .exe
c:\windows\win16 .exe
c:\windows\win16 .exe
c:\windows\win16 .exe
c:\windows\win16 .exe
c:\windows\win16 .exe
c:\windows\win16 .exe
c:\windows\win16 .exe
c:\windows\win16 .exe
c:\windows\win16 .exe
c:\windows\win16 .exe
c:\windows\win16 .exe
c:\windows\win16 .exe
c:\windows\win16 .exe
c:\windows\win16 .exe
c:\windows\win16 .exe
c:\windows\win16 .exe
c:\windows\win16 .exe
c:\windows\win16 .exe
c:\windows\win16 .exe
c:\windows\win16 .exe
c:\windows\win16 .exe
c:\windows\win16 .exe
c:\windows\win16 .exe
c:\windows\win16 .exe
c:\windows\win16 .exe
c:\windows\win16 .exe
c:\windows\win16 .exe
c:\windows\win16 .exe
c:\windows\winlogon .exe
c:\windows\winlogon .exe
c:\windows\winlogon .exe
c:\windows\winlogon .exe
c:\windows\winlogon .exe
c:\windows\winlogon .exe
c:\windows\winlogon .exe
c:\windows\winlogon .exe
c:\windows\winlogon .exe
c:\windows\winlogon .exe
c:\windows\winlogon .exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AMSERVICE
-------\Service_AMService
-------\Service_naeeoa


((((((((((((((((((((((((( Files Created from 2010-10-28 to 2010-11-28 )))))))))))))))))))))))))))))))
.

2010-11-28 01:46 . 2010-11-28 01:46 -------- d-----w- c:\program files\Common Files\McAfee
2010-11-28 01:44 . 2010-11-28 01:55 -------- d-----w- c:\program files\McAfee
2010-11-28 01:44 . 2010-11-28 01:45 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-11-27 19:30 . 2010-09-18 06:53 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-11-27 19:30 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-11-27 19:30 . 2010-09-18 06:53 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-11-27 19:30 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-11-27 19:30 . 2010-09-18 06:53 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-11-27 19:30 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-11-27 19:29 . 2010-08-23 16:12 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-11-27 19:29 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-11-27 19:26 . 2010-09-10 05:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-27 19:26 . 2010-09-10 05:58 43520 ------w- c:\windows\system32\dllcache\licmgr10.dll
2010-11-27 19:26 . 2010-09-10 05:58 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2010-11-27 19:22 . 2010-08-16 08:45 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-11-27 19:22 . 2010-08-16 08:45 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2010-11-27 15:31 . 2010-11-27 15:31 -------- d-----w- c:\program files\CCleaner
2010-11-27 14:53 . 2008-04-14 00:06 8832 ----a-w- c:\windows\system32\drivers\wmiacpi.sys
2010-11-27 14:50 . 2010-11-27 14:50 -------- d-----w- c:\windows\system32\NtmsData
2010-11-27 14:37 . 2010-11-27 14:47 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-27 14:37 . 2010-08-02 16:10 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-27 14:37 . 2010-06-17 15:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-11-27 14:37 . 2010-06-17 15:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-11-27 14:37 . 2010-11-27 14:37 -------- d-----w- c:\program files\Avira
2010-11-27 14:37 . 2010-11-27 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-11-27 12:37 . 2010-11-27 12:37 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-11-27 12:35 . 2010-11-27 12:35 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-11-27 09:56 . 2010-11-27 18:00 -------- d-----w- c:\documents and settings\MS
2010-11-27 04:37 . 2010-11-28 02:16 633856 ----a-w- C:\OTLPE.exe
2010-11-27 04:34 . 2010-11-27 04:34 -------- d-----w- C:\_OTL
2010-11-27 04:30 . 2010-11-27 04:30 -------- d-----w- C:\replace
2010-11-27 01:24 . 2010-11-27 01:24 -------- d-----w- c:\documents and settings\Administrator
2010-11-26 23:36 . 2010-04-29 15:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-26 23:36 . 2010-11-26 23:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-26 23:35 . 2010-04-29 15:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-26 23:35 . 2010-11-28 15:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-16 08:14 . 2010-10-16 08:14 28784 ----a-w- C:\asgu.exe
2010-09-18 12:23 . 2010-09-18 12:23 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-01 11:51 . 2010-09-01 11:51 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2010-08-31 13:42 1852800 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-11-27_18.33.52 )))))))))))))))))))))))))))))))))))))))))
.
- 2010-05-25 18:31 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
+ 2010-11-27 19:23 . 2010-06-21 14:46 46080 c:\windows\system32\tzchange.exe
+ 2010-08-27 05:57 . 2010-08-27 05:57 99840 c:\windows\system32\srvsvc.dll
- 2009-08-23 14:09 . 2009-05-26 09:01 17272 c:\windows\system32\spmsg.dll
+ 2009-08-23 14:09 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
- 2008-04-15 12:00 . 2008-04-15 04:00 33280 c:\windows\system32\rundll32.exe
+ 2008-04-15 12:00 . 2008-04-15 12:00 33280 c:\windows\system32\rundll32.exe
+ 2010-11-27 19:25 . 2010-09-10 05:58 66560 c:\windows\system32\mshtmled.dll
- 2008-04-15 12:00 . 2009-03-08 03:31 66560 c:\windows\system32\mshtmled.dll
- 2010-08-28 21:28 . 2010-06-24 12:21 55296 c:\windows\system32\msfeedsbs.dll
+ 2010-11-27 19:25 . 2010-09-10 05:58 55296 c:\windows\system32\msfeedsbs.dll
+ 2010-11-27 19:26 . 2010-09-10 05:58 25600 c:\windows\system32\jsproxy.dll
- 2010-08-28 21:28 . 2010-06-24 12:21 25600 c:\windows\system32\jsproxy.dll
- 2010-08-28 21:28 . 2010-06-24 12:22 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2010-11-27 19:25 . 2010-09-10 05:58 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2010-08-27 05:57 . 2010-08-27 05:57 99840 c:\windows\system32\dllcache\srvsvc.dll
+ 2010-11-27 19:25 . 2010-09-10 05:58 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2010-11-27 19:25 . 2010-09-10 05:58 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2010-08-28 21:28 . 2010-06-24 12:21 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2010-03-23 04:31 . 2010-03-23 04:31 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2010-09-22 09:43 . 2010-09-22 09:43 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
- 2010-06-06 19:45 . 2010-09-14 19:59 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-06-06 19:45 . 2010-11-27 20:00 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-11-28 00:05 . 2010-06-24 12:22 12800 c:\windows\ie8updates\KB2360131-IE8\xpshims.dll
+ 2010-11-28 00:05 . 2009-03-08 03:31 66560 c:\windows\ie8updates\KB2360131-IE8\mshtmled.dll
+ 2010-11-28 00:05 . 2010-06-24 12:21 55296 c:\windows\ie8updates\KB2360131-IE8\msfeedsbs.dll
+ 2010-11-28 00:05 . 2009-03-08 03:34 43008 c:\windows\ie8updates\KB2360131-IE8\licmgr10.dll
+ 2010-11-28 00:05 . 2010-06-24 12:21 25600 c:\windows\ie8updates\KB2360131-IE8\jsproxy.dll
+ 2010-11-28 00:53 . 2010-11-28 00:53 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\70ee6267f7bad40e8707d402277770c3\System.Web.DynamicData.Design.ni.dll
- 2010-08-28 22:46 . 2010-08-28 22:46 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-11-27 19:55 . 2010-11-27 19:55 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-11-27 19:55 . 2010-11-27 19:55 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-08-28 22:46 . 2010-08-28 22:46 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-11-27 19:57 . 2010-11-27 19:57 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-08-28 22:46 . 2010-08-28 22:46 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-08-28 22:46 . 2010-08-28 22:46 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-11-27 19:56 . 2010-11-27 19:56 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-11-27 19:56 . 2010-11-27 19:56 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-08-28 22:46 . 2010-08-28 22:46 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-08-28 22:46 . 2010-08-28 22:46 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-11-27 19:56 . 2010-11-27 19:56 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2010-08-28 22:46 . 2010-08-28 22:46 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2010-11-27 19:57 . 2010-11-27 19:57 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-08-28 22:46 . 2010-08-28 22:46 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-11-27 19:57 . 2010-11-27 19:57 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-08-28 22:46 . 2010-08-28 22:46 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-11-27 19:56 . 2010-11-27 19:56 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-08-28 22:46 . 2010-08-28 22:46 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-11-27 19:56 . 2010-11-27 19:56 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2010-11-27 19:56 . 2010-11-27 19:56 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-08-28 22:46 . 2010-08-28 22:46 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-11-27 19:56 . 2010-11-27 19:56 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-08-28 22:46 . 2010-08-28 22:46 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-11-27 19:56 . 2010-11-27 19:56 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2010-08-28 22:46 . 2010-08-28 22:46 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-11-27 19:56 . 2010-11-27 19:56 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2010-07-22 05:57 . 2010-07-22 05:57 5120 c:\windows\system32\xpsp4res.dll
+ 2010-08-26 12:52 . 2010-08-26 12:52 5120 c:\windows\system32\xpsp4res.dll
+ 2010-11-27 19:56 . 2010-11-27 19:56 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-08-28 22:46 . 2010-08-28 22:46 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-08-28 22:46 . 2010-08-28 22:46 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-11-27 19:57 . 2010-11-27 19:57 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2010-11-27 19:56 . 2010-11-27 19:56 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-08-28 22:46 . 2010-08-28 22:46 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-11-27 19:56 . 2010-11-27 19:56 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-11-27 19:56 . 2010-11-27 19:56 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-11-27 19:56 . 2010-11-27 19:56 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2010-08-28 21:28 . 2010-06-24 12:22 916480 c:\windows\system32\wininet.dll
+ 2010-11-27 19:25 . 2010-09-10 05:58 916480 c:\windows\system32\wininet.dll
- 2010-01-13 17:31 . 2009-10-15 16:28 119808 c:\windows\system32\t2embed.dll
+ 2010-08-27 08:02 . 2010-08-27 08:02 119808 c:\windows\system32\t2embed.dll
+ 2010-11-27 19:25 . 2010-09-10 05:58 206848 c:\windows\system32\occache.dll
- 2010-08-28 21:28 . 2010-06-24 12:22 206848 c:\windows\system32\occache.dll
+ 2010-11-27 19:25 . 2010-09-10 05:58 611840 c:\windows\system32\mstime.dll
- 2010-08-28 21:28 . 2010-06-24 12:22 611840 c:\windows\system32\mstime.dll
+ 2010-11-27 19:25 . 2010-09-10 05:58 602112 c:\windows\system32\msfeeds.dll
- 2010-08-28 21:28 . 2010-06-24 12:21 184320 c:\windows\system32\iepeers.dll
+ 2010-11-27 19:25 . 2010-09-10 05:58 184320 c:\windows\system32\iepeers.dll
+ 2010-11-27 19:25 . 2010-09-10 05:58 387584 c:\windows\system32\iedkcs32.dll
- 2010-08-28 21:28 . 2010-06-24 12:21 387584 c:\windows\system32\iedkcs32.dll
- 2010-08-28 21:28 . 2010-06-23 12:08 173056 c:\windows\system32\ie4uinit.exe
+ 2010-11-27 19:25 . 2010-08-26 12:22 173056 c:\windows\system32\ie4uinit.exe
+ 2009-04-11 02:01 . 2010-11-28 13:52 246312 c:\windows\system32\FNTCACHE.DAT
+ 2010-08-26 13:39 . 2010-08-26 13:39 357248 c:\windows\system32\drivers\srv.sys
+ 2010-07-12 12:55 . 2010-07-12 12:55 218112 c:\windows\system32\dllcache\wordpad.exe
+ 2010-11-27 19:25 . 2010-09-10 05:58 916480 c:\windows\system32\dllcache\wininet.dll
- 2010-08-28 21:28 . 2010-06-24 12:22 916480 c:\windows\system32\dllcache\wininet.dll
- 2010-01-13 17:31 . 2009-10-15 16:28 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2010-08-27 08:02 . 2010-08-27 08:02 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2010-08-26 13:39 . 2010-08-26 13:39 357248 c:\windows\system32\dllcache\srv.sys
- 2010-08-28 21:28 . 2010-06-24 12:22 206848 c:\windows\system32\dllcache\occache.dll
+ 2010-11-27 19:25 . 2010-09-10 05:58 206848 c:\windows\system32\dllcache\occache.dll
- 2010-08-28 21:28 . 2010-06-24 12:22 611840 c:\windows\system32\dllcache\mstime.dll
+ 2010-11-27 19:25 . 2010-09-10 05:58 611840 c:\windows\system32\dllcache\mstime.dll
+ 2010-11-27 19:25 . 2010-09-10 05:58 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2010-09-18 12:23 . 2010-09-18 12:23 974848 c:\windows\system32\dllcache\mfc42u.dll
- 2010-08-28 21:28 . 2010-06-24 12:21 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2010-11-27 19:25 . 2010-09-10 05:58 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2010-11-27 19:25 . 2010-09-10 05:58 184320 c:\windows\system32\dllcache\iepeers.dll
- 2010-08-28 21:28 . 2010-06-24 12:21 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2010-11-27 19:25 . 2010-09-10 05:58 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2010-08-28 21:28 . 2010-06-24 12:21 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2010-08-28 21:28 . 2010-06-24 12:21 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2010-11-27 19:25 . 2010-09-10 05:58 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2010-08-28 21:28 . 2010-06-23 12:08 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2010-11-27 19:25 . 2010-08-26 12:22 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2010-09-01 11:51 . 2010-09-01 11:51 285824 c:\windows\system32\dllcache\atmfd.dll
- 2010-03-23 04:31 . 2010-03-23 04:31 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2010-09-22 09:43 . 2010-09-22 09:43 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2010-09-23 21:02 . 2010-09-23 21:02 798208 c:\windows\Installer\157ba9.msp
+ 2010-11-28 00:05 . 2010-06-24 12:22 916480 c:\windows\ie8updates\KB2360131-IE8\wininet.dll
+ 2010-11-28 00:05 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2360131-IE8\spuninst\updspapi.dll
+ 2010-11-28 00:05 . 2009-05-26 09:01 231288 c:\windows\ie8updates\KB2360131-IE8\spuninst\spuninst.exe
+ 2010-11-28 00:05 . 2010-06-24 12:22 206848 c:\windows\ie8updates\KB2360131-IE8\occache.dll
+ 2010-11-28 00:05 . 2010-06-24 12:22 611840 c:\windows\ie8updates\KB2360131-IE8\mstime.dll
+ 2010-11-28 00:05 . 2010-06-24 12:21 599040 c:\windows\ie8updates\KB2360131-IE8\msfeeds.dll
+ 2010-11-28 00:05 . 2010-06-24 12:21 247808 c:\windows\ie8updates\KB2360131-IE8\ieproxy.dll
+ 2010-11-28 00:05 . 2010-06-24 12:21 184320 c:\windows\ie8updates\KB2360131-IE8\iepeers.dll
+ 2010-11-28 00:05 . 2010-11-27 20:04 743424 c:\windows\ie8updates\KB2360131-IE8\iedvtool.dll
+ 2010-11-28 00:05 . 2010-06-24 12:21 387584 c:\windows\ie8updates\KB2360131-IE8\iedkcs32.dll
+ 2010-11-28 00:05 . 2010-06-23 12:08 173056 c:\windows\ie8updates\KB2360131-IE8\ie4uinit.exe
+ 2010-11-28 00:52 . 2010-11-28 00:52 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\7f9a1ae146571025fd49914b5c71a39b\System.Web.Routing.ni.dll
+ 2010-11-28 00:54 . 2010-11-28 00:54 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\b1646e54b708b9824f4193f87eb00c0e\System.Web.Extensions.Design.ni.dll
+ 2010-11-28 00:53 . 2010-11-28 00:53 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\504a93e73da77c502ecf98bfdfc1485e\System.Web.Entity.ni.dll
+ 2010-11-28 00:54 . 2010-11-28 00:54 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f22334fbd9497d79448fffef515ae0cc\System.Web.Entity.Design.ni.dll
+ 2010-11-28 00:53 . 2010-11-28 00:53 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\af5452305588da228a74e30324681d20\System.Web.DynamicData.ni.dll
+ 2010-11-28 00:51 . 2010-11-28 00:51 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\9d9bca1a8993c427984aa1bc9c165a33\System.Web.Abstractions.ni.dll
+ 2010-11-28 00:48 . 2010-11-28 00:48 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.Wrapper.dll
+ 2010-11-28 00:48 . 2010-11-28 00:48 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\15724a7517f939c9b300f341fb5620b8\System.EnterpriseServices.ni.dll
+ 2010-11-28 00:47 . 2010-11-28 00:47 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\165bd290e518b9397ca55192985fdee3\System.Data.Entity.Design.ni.dll
+ 2010-11-28 00:44 . 2010-11-28 00:44 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\72d3aacfca2e1ce835c210f5a1decb36\ServiceModelReg.ni.exe
+ 2010-11-27 21:54 . 2010-11-27 21:54 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\af4a3ae6d5c1cafa57002beb487b8d7a\AspNetMMCExt.ni.dll
- 2010-08-28 22:46 . 2010-08-28 22:46 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-11-27 19:55 . 2010-11-27 19:55 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-11-27 19:55 . 2010-11-27 19:55 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-08-28 22:46 . 2010-08-28 22:46 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-11-27 19:56 . 2010-11-27 19:56 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-08-28 22:46 . 2010-08-28 22:46 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-08-28 22:46 . 2010-08-28 22:46 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-11-27 19:56 . 2010-11-27 19:56 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-11-27 19:56 . 2010-11-27 19:56 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-08-28 22:46 . 2010-08-28 22:46 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-08-28 22:46 . 2010-08-28 22:46 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-11-27 19:56 . 2010-11-27 19:56 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2010-08-28 22:46 . 2010-08-28 22:46 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-11-27 19:57 . 2010-11-27 19:57 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-08-28 22:46 . 2010-08-28 22:46 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-11-27 19:57 . 2010-11-27 19:57 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-11-27 19:56 . 2010-11-27 19:56 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-08-28 22:46 . 2010-08-28 22:46 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-11-27 19:56 . 2010-11-27 19:56 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-08-28 22:46 . 2010-08-28 22:46 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-11-27 19:55 . 2010-11-27 19:55 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-08-28 22:46 . 2010-08-28 22:46 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-11-27 19:57 . 2010-11-27 19:57 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-08-28 22:46 . 2010-08-28 22:46 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2010-08-28 22:46 . 2010-08-28 22:46 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2010-11-27 19:57 . 2010-11-27 19:57 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-08-28 22:46 . 2010-08-28 22:46 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-11-27 19:57 . 2010-11-27 19:57 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-08-28 22:46 . 2010-08-28 22:46 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-11-27 19:57 . 2010-11-27 19:57 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-11-27 19:56 . 2010-11-27 19:56 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-08-28 22:46 . 2010-08-28 22:46 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-08-28 22:46 . 2010-08-28 22:46 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-11-27 19:56 . 2010-11-27 19:56 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-11-27 19:56 . 2010-11-27 19:56 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-08-28 22:46 . 2010-08-28 22:46 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-08-28 22:46 . 2010-08-28 22:46 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2010-11-27 19:56 . 2010-11-27 19:56 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-08-28 22:46 . 2010-08-28 22:46 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-11-27 19:57 . 2010-11-27 19:57 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2010-08-28 22:46 . 2010-08-28 22:46 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-11-27 19:56 . 2010-11-27 19:56 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-08-28 22:46 . 2010-08-28 22:46 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-11-27 19:55 . 2010-11-27 19:55 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-08-28 22:46 . 2010-08-28 22:46 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-11-27 19:56 . 2010-11-27 19:56 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2010-11-27 19:56 . 2010-11-27 19:56 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-11-27 19:56 . 2010-11-27 19:56 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-08-28 22:46 . 2010-08-28 22:46 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-11-27 19:57 . 2010-11-27 19:57 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-11-27 19:29 . 2010-08-23 16:12 1054208 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
+ 2010-11-27 19:25 . 2010-09-10 05:58 1210880 c:\windows\system32\urlmon.dll
+ 2010-07-16 12:05 . 2010-07-16 12:05 1288192 c:\windows\system32\ole32.dll
+ 2010-11-27 19:25 . 2010-09-10 05:58 5957120 c:\windows\system32\mshtml.dll
- 2010-08-28 21:28 . 2010-06-24 12:21 1986560 c:\windows\system32\iertutil.dll
+ 2010-11-27 19:25 . 2010-09-10 05:58 1986560 c:\windows\system32\iertutil.dll
+ 2010-08-31 13:42 . 2010-08-31 13:42 1852800 c:\windows\system32\dllcache\win32k.sys
+ 2010-11-27 19:25 . 2010-09-10 05:58 1210880 c:\windows\system32\dllcache\urlmon.dll
+ 2010-07-16 12:05 . 2010-07-16 12:05 1288192 c:\windows\system32\dllcache\ole32.dll
+ 2010-01-29 15:01 . 2010-11-27 19:25 1315328 c:\windows\system32\dllcache\msoe.dll
- 2010-01-29 15:01 . 2010-01-29 15:01 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2010-11-27 19:25 . 2010-09-10 05:58 5957120 c:\windows\system32\dllcache\mshtml.dll
- 2010-08-28 21:27 . 2010-06-18 13:36 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2010-08-28 21:27 . 2010-11-27 19:25 3558912 c:\windows\system32\dllcache\moviemk.exe
- 2010-08-28 21:28 . 2010-06-24 12:21 1986560 c:\windows\system32\dllcache\iertutil.dll
+ 2010-11-27 19:25 . 2010-09-10 05:58 1986560 c:\windows\system32\dllcache\iertutil.dll
- 2010-03-23 04:32 . 2010-03-23 04:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-09-22 09:44 . 2010-09-22 09:44 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2010-09-23 07:39 . 2010-09-23 07:39 4265472 c:\windows\Installer\395c8a.msp
+ 2010-11-28 00:05 . 2010-06-24 12:22 1210368 c:\windows\ie8updates\KB2360131-IE8\urlmon.dll
+ 2010-11-28 00:05 . 2010-06-24 12:22 5951488 c:\windows\ie8updates\KB2360131-IE8\mshtml.dll
+ 2010-11-28 00:05 . 2010-06-24 12:21 1986560 c:\windows\ie8updates\KB2360131-IE8\iertutil.dll
+ 2010-11-28 02:08 . 2010-11-28 02:08 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\bec60fe2e934a6284224ab45b0e981e2\System.WorkflowServices.ni.dll
+ 2010-11-28 02:07 . 2010-11-28 02:07 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\09da139c48e2f5e76994a5c0f2e5b19e\System.Workflow.Runtime.ni.dll
+ 2010-11-28 02:06 . 2010-11-28 02:06 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\6809417da74ff937e18b3034f1eac2f2\System.Workflow.ComponentModel.ni.dll
+ 2010-11-28 02:04 . 2010-11-28 02:04 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\6c91ee82035d30efa8893e7b0396bbb0\System.Workflow.Activities.ni.dll
+ 2010-11-28 00:55 . 2010-11-28 00:55 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\181254ba0cb690decedb950fd26d7bea\System.Web.Services.ni.dll
+ 2010-11-28 00:54 . 2010-11-28 00:54 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\4200f716e9a41cb91d17516ba864e586\System.Web.Mobile.ni.dll
+ 2010-11-28 00:52 . 2010-11-28 00:52 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\da367bc2ecf2c9c5b4f858b6dba9e2ea\System.Web.Extensions.ni.dll
+ 2010-11-28 00:49 . 2010-11-28 00:49 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\8e34e273d036b7468fc4e951a1fde437\System.ServiceModel.Web.ni.dll
+ 2010-11-27 22:29 . 2010-11-27 22:29 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\095bb4f033374647b6d66c51f16bb886\System.IdentityModel.ni.dll
+ 2010-11-28 00:47 . 2010-11-28 00:47 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\b8c9267d87b7358e1a5f00bf1572c313\System.Data.Services.ni.dll
+ 2010-11-28 00:46 . 2010-11-28 00:46 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a27783547338dbebf84101a685ba641b\Microsoft.VisualBasic.ni.dll
- 2010-08-28 22:46 . 2010-08-28 22:46 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-11-27 19:57 . 2010-11-27 19:57 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-08-28 22:46 . 2010-08-28 22:46 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-11-27 19:57 . 2010-11-27 19:57 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2010-11-27 19:55 . 2010-11-27 19:55 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-08-28 22:46 . 2010-08-28 22:46 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-11-28 00:16 . 2010-11-28 00:16 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2009-12-31 17:26 . 2009-12-31 17:26 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2010-08-28 22:46 . 2010-08-28 22:46 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-11-27 19:55 . 2010-11-27 19:55 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-11-27 19:55 . 2010-11-27 19:55 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-08-28 22:46 . 2010-08-28 22:46 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-08-28 22:46 . 2010-08-28 22:46 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-11-27 19:57 . 2010-11-27 19:57 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2010-08-28 22:46 . 2010-08-28 22:46 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-11-27 19:57 . 2010-11-27 19:57 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-08-25 23:36 . 2010-08-25 23:36 10841088 c:\windows\system32\wmp.dll
- 2009-07-13 23:43 . 2009-07-13 23:43 10841088 c:\windows\system32\wmp.dll
+ 2010-01-27 19:15 . 2010-11-02 16:47 35758536 c:\windows\system32\MRT.exe
+ 2010-11-27 19:25 . 2010-09-10 05:58 11080192 c:\windows\system32\ieframe.dll
+ 2010-08-25 23:36 . 2010-08-25 23:36 10841088 c:\windows\system32\dllcache\wmp.dll
- 2009-07-13 23:43 . 2009-07-13 23:43 10841088 c:\windows\system32\dllcache\wmp.dll
+ 2010-11-27 19:25 . 2010-09-10 05:58 11080192 c:\windows\system32\dllcache\ieframe.dll
+ 2010-11-27 19:58 . 2010-11-27 19:58 20303872 c:\windows\Installer\395c95.msp
+ 2010-11-28 00:05 . 2010-06-24 16:51 11077120 c:\windows\ie8updates\KB2360131-IE8\ieframe.dll
+ 2010-11-28 00:51 . 2010-11-28 00:51 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\41f436dae3c8146752d06130f7331527\System.Web.ni.dll
+ 2010-11-28 00:41 . 2010-11-28 00:41 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\75aeb590008d6e166f7be18f935c52d2\System.ServiceModel.ni.dll
+ 2010-11-27 20:04 . 2010-11-27 20:04 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\fdc42078fd10e4dc8b05087900c63977\System.Design.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"HP BTW Detect Program"="c:\program files\HP\HPBTWD.exe" [2010-11-28 401408]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-01-16 1418536]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-07-06 737280]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP QuickSync\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [23/08/2009 14:06 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [23/08/2009 14:06 15856]
R0 SysCow;SysCow;c:\windows\system32\drivers\syscow32x.sys [01/07/2009 22:10 103792]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [23/08/2009 14:06 25584]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [02/06/2009 18:05 457200]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [27/11/2010 14:38 135336]
R2 BOTService;BOTService;c:\program files\Roxio\BackOnTrack\Instant Restore\BOTService.exe [09/07/2009 03:08 199152]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [20/05/2010 17:19 88176]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [23/08/2009 13:53 113664]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [31/03/2009 20:11 39424]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-11-28 c:\windows\Tasks\BackOnTrack Instant Restore Idle.job
- c:\program files\Roxio\BackOnTrack\Instant Restore\RstIdle.exe [2009-07-09 03:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cnnb
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
FF - ProfilePath - c:\documents and settings\MS\Application Data\Mozilla\Firefox\Profiles\j2hwx8xn.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\MS\Application Data\Mozilla\Firefox\Profiles\j2hwx8xn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: PinkHope: {333b42b0-9c75-11db-b606-0800200c9a66} - c:\documents and settings\MS\Application Data\Mozilla\Firefox\Profiles\j2hwx8xn.default\extensions\{333b42b0-9c75-11db-b606-0800200c9a66}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SysTrayApp - %ProgramFiles%\IDT\WDM\sttray.exe
HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam .exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-28 15:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3696)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\idt\wdm\STacSV.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\IDT\WDM\sttray.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\\?\c:\windows\system32\WBEM\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2010-11-28 15:36:07 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-28 15:36
ComboFix2.txt 2010-11-27 18:36

Pre-Run: 122,509,901,824 bytes free
Post-Run: 122,471,247,872 bytes free

- - End Of File - - 8C121FB1561BE0417664815AB5105AC1


mbam-log.txt:-
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5205

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

28/11/2010 16:02:09
mbam-log-2010-11-28 (16-02-09).txt

Scan type: Quick scan
Objects scanned: 149666
Time elapsed: 9 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\program files\microsoft\desktoplayer.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe) Good: (userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Microsoft\desktoplayer.exe (Trojan.Agent) -> Delete on reboot.
C:\Program Files\Mozilla Firefox\firefoxSrv.exe (Trojan.PWS) -> Quarantined and deleted successfully.

Step three seemed to go ok, asked to uninstall when it was done and rebooted, on starting back up though it asked to uninstall again, popped up with more infections and after I clicked 'Disenfect all' it froze up. The kas.txt below:-

Autoscan: stopped 2 minutes ago (events: 3, objects: 8, time: 00:01:20)
28/11/2010 16:32:39 Task stopped
28/11/2010 16:31:52 Detected: Backdoor.Win32.IRCNite.bfq C:\Program Files\Microsoft\DesktopLayer.exe
28/11/2010 16:31:18 Task started
Disinfect active threats: running (events: 12, objects: 1094, time: 00:02:25)
28/11/2010 16:34:33 Will be deleted on system restart: Virus.Win32.Nimnul.a C:\Program Files\Windows Media Player\wmpnetwk.exe
28/11/2010 16:34:33 Cannot be deleted: Virus.Win32.Nimnul.a C:\Program Files\Windows Media Player\wmpnetwk.exe Object is locked
28/11/2010 16:34:16 Untreated: Virus.Win32.Nimnul.a C:\Program Files\Windows Media Player\wmpnetwk.exe Cannot be disinfected
28/11/2010 16:34:14 Detected: Virus.Win32.Nimnul.a C:\Program Files\Windows Media Player\wmpnetwk.exe
28/11/2010 16:33:51 Will be deleted on system restart: Virus.Win32.Nimnul.a C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
28/11/2010 16:33:51 Cannot be deleted: Virus.Win32.Nimnul.a C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe Object is locked
28/11/2010 16:33:34 Untreated: Virus.Win32.Nimnul.a C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe Cannot be disinfected
28/11/2010 16:33:30 Detected: Virus.Win32.Nimnul.a C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
28/11/2010 16:33:14 Deleted: Virus.Win32.Nimnul.a C:\Program Files\HP\HPBTWD.exe
28/11/2010 16:33:14 Deleted: Virus.Win32.Nimnul.a C:\Program Files\HP\HPBTWD.exe
28/11/2010 16:32:59 Detected: Virus.Win32.Nimnul.a C:\Program Files\HP\HPBTWD.exe
28/11/2010 16:32:38 Task started
  • 0

#30
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
How is the computer running now?

Could you run OTL again and post a fresh scan choosing "Quickscan" when you do so.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP