|
|||||||
| Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
 |
|
|
Topic Tools |
|
#1
April 29th, 2009, 11:54 PM
|
|||
|
|||
|
Heavily Infected
Well, I got myself a Trojan the other day, so I decided to run a boot time scan using Avast!
Apparently, I had loads more than just a Trojan, what the scan found was some worms, rootkits, and something cypt. Now I can hardly do anything on the computer without a pop up coming up and the slow connections. Other than that, my antivirus is going nuts with warnings now. Any help would be appreciated. 
|
|
#2
May 1st, 2009, 12:33 PM
|
||||
|
||||
|
Hello, Wyvern0013
Welcome to the CyberTechHelp Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems. Please take note of some guidelines for this fix:
Step 1 Click here to download HijackThis. Save HJTInstall.exe to your Desktop. Double click on the HJTInstall.exe icon to start the program. By default it will install to C:\Program Files\Trend Micro\HijackThis After the final dialogue box it will launch HijackThis. Click on the scan button. It will scan and then ask you to save the log. Save the log, and post me it in your next reply. Step 2
Step 3 Go here, scroll down and download RootRepeal.zip to your Desktop. Unzip that, and then click RootRepeal.exe to open the scanner. Next click on the Report tab, and then click on Scan. A Window will open asking what to include in the scan. Check all of the below and then click Ok. Drivers Files Processes SSDT Stealth Objects Hidden Services You will then be asked which drive to scan. Check C: and click Ok again. The scan will start. It will take a little while so please be patient. When the scan has finished, click on Save Report. Name the log RootRepeal.txt and save it to your Documents folder (it should default there). When you have done this, please copy and paste it in this thread.
|
|
#3
May 4th, 2009, 09:52 PM
|
|||
|
|||
|
hijackthis
Sorry for the wait between posts, last few times I turned the computer on it would freeze after most of the startup programs began running.
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:49:15 PM, on 5/4/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\LxrSII1s.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Evidence Eliminator\ee.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Steam\Steam.exe C:\Program Files\DNA\btdna.exe C:\WINDOWS\system32\DL32.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Virtual Assistant\bin\mpbtn.exe C:\WINDOWS\System32\svchost.exe C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Google Toolbar\gtb4.tmp.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\TEMP\ppirmwc4hm.exe C:\WINDOWS\TEMP\ppirmwc4hm.exe C:\WINDOWS\TEMP\ppirmwc4hm.exe C:\WINDOWS\TEMP\ppirmwc4hm.exe C:\WINDOWS\TEMP\ppirmwc4hm.exe C:\WINDOWS\TEMP\ppirmwc4hm.exe C:\WINDOWS\TEMP\ppirmwc4hm.exe C:\WINDOWS\TEMP\ppirmwc4hm.exe C:\WINDOWS\TEMP\ppirmwc4hm.exe C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\731921221.exe c:\cuysn.exe C:\WINDOWS\System32\svchost.exe c:\windows\ld08.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myembarq.com/index.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=localhost:7171 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local;<local> O2 - BHO: C:\WINDOWS\system32\jkshfuiehi.dll - {c2ba40a1-74f3-42bd-f434-12345a2c8953} - C:\WINDOWS\system32\jkshfuiehi.dll O2 - BHO: (no name) - {d490608a-1a7c-4d61-a6e0-76a5aa6b09e7} - C:\WINDOWS\system32\femififi.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe" O4 - HKLM\..\Run: [EarthLink Installer] " /C O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [nirasoheka] Rundll32.exe "C:\WINDOWS\system32\ruzomivu.dll",s O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [CPMdb6333aa] Rundll32.exe "c:\windows\system32\dubipoja.dll",a O4 - HKLM\..\Run: [d8500036] rundll32.exe "C:\WINDOWS\system32\dorigome.dll",b O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe O4 - HKLM\..\Run: [sysLDtray] c:\windows\ld08.exe O4 - HKCU\..\Run: [Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe /m O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [] C:\WINDOWS\TEMP\ppirmwc4hm.exe O4 - HKCU\..\Run: [Windows Resurections] C:\WINDOWS\TEMP\cgdqn76u2.exe O4 - HKCU\..\Run: [dll32] dll32 O4 - HKCU\..\Run: [DL32] DL32 O4 - HKCU\..\Run: [Diagnostic Manager] C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\731921221.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe O4 - HKCU\..\Run: [uidenhiufgsduiazghs] C:\WINDOWS\TEMP\ppirmwc4hm.exe O4 - HKCU\..\Run: [A00F48D255.exe] C:\WINDOWS\TEMP\_A00F48D255.exe O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Compaq_Owner\reader_s.exe O4 - HKUS\S-1-5-19\..\Run: [nirasoheka] Rundll32.exe "C:\WINDOWS\system32\ruzomivu.dll",s (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [nirasoheka] Rundll32.exe "C:\WINDOWS\system32\ruzomivu.dll",s (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Virtual Assistant.lnk = C:\Program Files\Virtual Assistant\bin\matcli.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/tes...enXInstall.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard.com/support/includes/cabs/si.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1171849042171 O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://studiocams.cumulusfwb.com/axiscamcontrol.ocx O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players...stallAsst2.cab O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.co...p/DigWXMSN.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab O20 - AppInit_DLLs: C:\WINDOWS\system32\nayitazi.dll c:\windows\system32\dubipoja.dll O20 - Winlogon Notify: __c002c925 - C:\WINDOWS\system32\__c002C925.dat O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\dubipoja.dll (file missing) O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\dubipoja.dll (file missing) O22 - SharedTaskScheduler: sdfsefsfdvdubgiungfuyd - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\jkshfuiehi.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\ O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- End of file - 12593 bytes
|
|
#4
May 4th, 2009, 09:55 PM
|
|||
|
|||
|
RSIT log
Logfile of random's system information tool 1.06 (written by random/random)
Run by Compaq_Owner at 2009-05-04 15:54:27 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 2 GB (3%) free of 53 GB Total RAM: 1279 MB (41% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:54:31 PM, on 5/4/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\LxrSII1s.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Evidence Eliminator\ee.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Steam\Steam.exe C:\Program Files\DNA\btdna.exe C:\WINDOWS\system32\DL32.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Virtual Assistant\bin\mpbtn.exe C:\WINDOWS\System32\svchost.exe C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Google Toolbar\gtb4.tmp.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\TEMP\ppirmwc4hm.exe C:\WINDOWS\TEMP\ppirmwc4hm.exe C:\WINDOWS\TEMP\ppirmwc4hm.exe C:\WINDOWS\TEMP\ppirmwc4hm.exe C:\WINDOWS\TEMP\ppirmwc4hm.exe C:\WINDOWS\TEMP\ppirmwc4hm.exe C:\WINDOWS\TEMP\ppirmwc4hm.exe C:\WINDOWS\TEMP\ppirmwc4hm.exe C:\WINDOWS\TEMP\ppirmwc4hm.exe C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\731921221.exe c:\cuysn.exe C:\WINDOWS\System32\svchost.exe c:\windows\ld08.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Compaq_Owner\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Compaq_Owner.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myembarq.com/index.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=localhost:7171 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local;<local> O2 - BHO: C:\WINDOWS\system32\jkshfuiehi.dll - {c2ba40a1-74f3-42bd-f434-12345a2c8953} - C:\WINDOWS\system32\jkshfuiehi.dll O2 - BHO: (no name) - {d490608a-1a7c-4d61-a6e0-76a5aa6b09e7} - C:\WINDOWS\system32\femififi.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe" O4 - HKLM\..\Run: [EarthLink Installer] " /C O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [nirasoheka] Rundll32.exe "C:\WINDOWS\system32\ruzomivu.dll",s O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [CPMdb6333aa] Rundll32.exe "c:\windows\system32\dubipoja.dll",a O4 - HKLM\..\Run: [d8500036] rundll32.exe "C:\WINDOWS\system32\dorigome.dll",b O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe O4 - HKLM\..\Run: [sysLDtray] c:\windows\ld08.exe O4 - HKCU\..\Run: [Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe /m O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [] C:\WINDOWS\TEMP\ppirmwc4hm.exe O4 - HKCU\..\Run: [Windows Resurections] C:\WINDOWS\TEMP\cgdqn76u2.exe O4 - HKCU\..\Run: [dll32] dll32 O4 - HKCU\..\Run: [DL32] DL32 O4 - HKCU\..\Run: [Diagnostic Manager] C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\731921221.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe O4 - HKCU\..\Run: [uidenhiufgsduiazghs] C:\WINDOWS\TEMP\ppirmwc4hm.exe O4 - HKCU\..\Run: [A00F48D255.exe] C:\WINDOWS\TEMP\_A00F48D255.exe O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Compaq_Owner\reader_s.exe O4 - HKUS\S-1-5-19\..\Run: [nirasoheka] Rundll32.exe "C:\WINDOWS\system32\ruzomivu.dll",s (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [nirasoheka] Rundll32.exe "C:\WINDOWS\system32\ruzomivu.dll",s (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Virtual Assistant.lnk = C:\Program Files\Virtual Assistant\bin\matcli.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/tes...enXInstall.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard.com/support/includes/cabs/si.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1171849042171 O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://studiocams.cumulusfwb.com/axiscamcontrol.ocx O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players...stallAsst2.cab O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.co...p/DigWXMSN.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab O20 - AppInit_DLLs: C:\WINDOWS\system32\nayitazi.dll c:\windows\system32\dubipoja.dll O20 - Winlogon Notify: __c002c925 - C:\WINDOWS\system32\__c002C925.dat O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\dubipoja.dll (file missing) O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\dubipoja.dll (file missing) O22 - SharedTaskScheduler: sdfsefsfdvdubgiungfuyd - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\jkshfuiehi.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\ O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- End of file - 12652 bytes
|
|
#5
May 4th, 2009, 09:56 PM
|
|||
|
|||
|
RSIT log -continued-
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{c2ba40a1-74f3-42bd-f434-12345a2c8953}] C:\WINDOWS\system32\jkshfuiehi.dll - C:\WINDOWS\system32\jkshfuiehi.dll [2009-05-04 15000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{d490608a-1a7c-4d61-a6e0-76a5aa6b09e7}] C:\WINDOWS\system32\femififi.dll [2009-01-25 66560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-29 251504] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-03-02 155648] "nwiz"=nwiz.exe /install [] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2003-07-28 4841472] "Motive SmartBridge"=C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintD SLAlert.exe [2008-07-21 438359] "Lexmark 4200 Series"=C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe [2004-01-16 57344] "EarthLink Installer"= /C [] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.e xe [2009-02-05 81000] "IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2006-11-21 842584] "googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648] "ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056] "nirasoheka"=C:\WINDOWS\system32\ruzomivu.dll [2009-01-25 66560] "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-04-29 198160] "CPMdb6333aa"=c:\windows\system32\dubipoja.dll ,a [] "d8500036"=C:\WINDOWS\system32\dorigome.dll,b [] "reader_s"=C:\WINDOWS\System32\reader_s.exe [] "sysLDtray"=c:\windows\ld08.exe [2009-05-04 14336] [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run] "Evidence Eliminator"=C:\Program Files\Evidence Eliminator\ee.exe [2004-04-29 896002] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885408] "Steam"=C:\Program Files\Steam\Steam.exe [2009-02-18 1410296] "BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2009-03-22 321344] ""=C:\WINDOWS\TEMP\ppirmwc4hm.exe [2009-05-04 15001] "Windows Resurections"=C:\WINDOWS\TEMP\cgdqn76u2.exe [] "dll32"=dll32 [] "DL32"=DL32 [] "Diagnostic Manager"=C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\731921 221.exe [2009-05-04 19969] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe [2009-04-29 39408] "uidenhiufgsduiazghs"=C:\WINDOWS\TEMP\ppirmwc4hm.e xe [2009-05-04 15001] "A00F48D255.exe"=C:\WINDOWS\TEMP\_A00F48D255.e xe [2009-05-04 37376] "reader_s"=C:\Documents and Settings\Compaq_Owner\reader_s.exe [] C:\Documents and Settings\All Users\Start Menu\Programs\Startup Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe Virtual Assistant.lnk - C:\Program Files\Virtual Assistant\bin\matcli.exe C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\WINDOWS\system32\nayitazi.d ll c:\windows\system32\dubipoja.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2006-06-07 61440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxsrvc.dll [2004-08-21 344064] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c002c925] C:\WINDOWS\system32\__c002C925.dat [2009-05-04 27648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\dubipoja.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\explorer\SharedTaskScheduler] STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\dubipoja.dll [] sdfsefsfdvdubgiungfuyd - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\jkshfuiehi.dll [2009-05-04 15000] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa] "notification packages"=scecli C:\WINDOWS\system32\nayitazi.dll [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\System] "DisableRegistryTools"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 "NoFolderOptions"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\explorer] "AllowLegacyWebView"= "AllowUnhashedWebView"= "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Alwil Software\Avast4\ashAvast.exe"="C:\Program Files\Alwil Software\Avast4\ashAvast.exe:*:Enabled:avast! Antivirus" "C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC" "C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk" "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\sys tem32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" "C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\sys tem32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*  isabled:iTunes""C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Documents and Settings\Compaq_Owner\Desktop\Stronghold Crusader\Stronghold Crusader.exe"="C:\Documents and Settings\Compaq_Owner\Desktop\Stronghold Crusader\Stronghold Crusader.exe:*:Enabled:Stronghold Crusader" "C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi" "%windir%\system32\drivers\svchost.exe"="%windir%\ system32\drivers\svchost.exe:*:Enabled:svchost" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled NA""C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorre nt" "C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster" "C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager" "C:\Nexon\Combat Arms\NMService.exe"="C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core" "C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe :*:Enabled:Explorer" "C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\syst em32\logonui.exe:*:Enabled:logonui" "C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\sys tem32\winlogon.exe:*:Enabled:winlogon" "C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:IEXPLORE" [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles% \iTunes\iTunes.exe:*:enabled:iTunes" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\drivers\svchost.exe"="%windir%\ system32\drivers\svchost.exe:*:Enabled:svchost" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\L] shell\AutoRun\command - L:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{2aef9f84-90e4-11dc-bdbb-0011d85a7eb5}] shell\AutoRun\command - K:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{cfc4bc4c-8ac9-11da-bacf-0011d85a7eb5}] shell\AutoRun\command - J:\JDSecure\Windows\JDSecure31.exe
|
|
#6
May 4th, 2009, 09:57 PM
|
|||
|
|||
|
RSIT log -continued-
======List of files/folders created in the last 1 months======
2009-05-04 15:54:27 ----D---- C:\rsit 2009-05-04 15:48:24 ----D---- C:\Program Files\Trend Micro 2009-05-04 15:39:10 ----H---- C:\WINDOWS\ld08.exe 2009-05-04 15:38:57 ----A---- C:\cuysn.exe 2009-05-04 15:38:38 ----A---- C:\dtmb.exe 2009-05-04 15:15:48 ----A---- C:\iriddiia.exe 2009-05-04 15:14:43 ----A---- C:\WINDOWS\system32\jkshfuiehi.dll 2009-05-04 14:15:43 ----A---- C:\WINDOWS\instsp2.exe 2009-05-02 16:00:28 ----A---- C:\WINDOWS\system32\bemusugo.dll 2009-04-30 22:40:39 ----A---- C:\WINDOWS\system32\dagihama.dll 2009-04-30 22:40:04 ----A---- C:\WINDOWS\system32\rekomuzu.dll 2009-04-29 16:52:31 ----N---- C:\WINDOWS\system32\trz8.tmp 2009-04-29 16:52:10 ----HT---- C:\WINDOWS\system32\739ea44.dll 2009-04-29 16:52:10 ----HT---- C:\WINDOWS\system32\1336ada0.dll 2009-04-29 16:51:24 ----N---- C:\WINDOWS\system32\trz6.tmp 2009-04-29 14:10:51 ----A---- C:\WINDOWS\st_1241036485.exe 2009-04-29 10:49:56 ----A---- C:\WINDOWS\system32\DL32.exe 2009-04-29 10:46:58 ----SH---- C:\WINDOWS\system32\emogirod.ini 2009-04-28 21:32:23 ----ASH---- C:\WINDOWS\system32\yatunuke.dll 2009-04-28 21:32:23 ----ASH---- C:\WINDOWS\system32\fapajeve.dll 2009-04-28 09:33:01 ----ASH---- C:\WINDOWS\system32\wifowigu.dll 2009-04-28 09:33:01 ----ASH---- C:\WINDOWS\system32\lubiniyo.dll 2009-04-27 08:09:21 ----D---- C:\WINDOWS\system32\796525 2009-04-27 07:31:45 ----SH---- C:\WINDOWS\system32\aluyakul.ini 2009-04-26 02:53:01 ----SH---- C:\WINDOWS\system32\uyuketob.ini 2009-04-25 14:52:06 ----SH---- C:\WINDOWS\system32\ekerujew.ini 2009-04-25 02:54:18 ----SH---- C:\WINDOWS\system32\ujagikoj.ini 2009-04-24 14:23:29 ----SHD---- C:\WINDOWS\system32\82268DF6EBB5DAB2 2009-04-24 14:23:29 ----A---- C:\cqcsss.exe 2009-04-24 01:07:44 ----SH---- C:\WINDOWS\system32\sijuvese.dll 2009-04-24 01:07:26 ----SH---- C:\WINDOWS\system32\remowoka.exe 2009-04-24 01:07:26 ----SH---- C:\WINDOWS\system32\donuvona.dll 2009-04-23 13:06:38 ----SH---- C:\WINDOWS\system32\ipalukas.ini 2009-04-23 01:06:17 ----SH---- C:\WINDOWS\system32\upufetok.ini 2009-04-22 13:06:03 ----SH---- C:\WINDOWS\system32\awavoyim.ini 2009-04-22 01:05:42 ----SH---- C:\WINDOWS\system32\efuruwit.ini 2009-04-22 00:44:20 ----D---- C:\Program Files\directx 2009-04-21 11:15:16 ----SH---- C:\WINDOWS\system32\ukegavos.ini 2009-04-20 22:29:53 ----SH---- C:\WINDOWS\system32\ogolapaf.ini 2009-04-20 10:31:31 ----SH---- C:\WINDOWS\system32\irebitam.ini 2009-04-19 22:03:50 ----SH---- C:\WINDOWS\system32\ikuvawub.ini 2009-04-19 10:04:10 ----SH---- C:\WINDOWS\system32\erigosug.ini 2009-04-18 14:37:05 ----SH---- C:\WINDOWS\system32\yoguyutu.dll 2009-04-18 02:37:21 ----SH---- C:\WINDOWS\system32\oguraroh.ini 2009-04-17 14:29:27 ----SH---- C:\WINDOWS\system32\omiruzum.ini 2009-04-17 02:29:09 ----SH---- C:\WINDOWS\system32\oposizuh.ini 2009-04-16 03:31:03 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$ 2009-04-16 03:30:23 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$ 2009-04-16 03:18:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$ 2009-04-16 03:17:19 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$ 2009-04-16 03:05:31 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$ 2009-04-16 03:04:15 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$ 2009-04-15 22:41:18 ----N---- C:\WINDOWS\system32\xpsp4res.dll ======List of files/folders modified in the last 1 months====== 2009-05-04 15:53:11 ----D---- C:\Program Files\Mozilla Firefox 2009-05-04 15:51:38 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\DNA 2009-05-04 15:48:24 ----RD---- C:\Program Files 2009-05-04 15:46:44 ----D---- C:\WINDOWS\system32 2009-05-04 15:44:29 ----D---- C:\WINDOWS\Temp 2009-05-04 15:39:11 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-05-04 15:39:10 ----HD---- C:\WINDOWS 2009-05-04 15:39:02 ----D---- C:\WINDOWS\system32\drivers 2009-05-04 15:14:47 ----ASH---- C:\WINDOWS\system32\sewezuna.dll 2009-05-04 15:14:28 ----D---- C:\WINDOWS\system32\CatRoot2 2009-05-04 15:14:26 ----ASH---- C:\WINDOWS\system32\yuyirore.dll 2009-05-04 14:21:30 ----D---- C:\Program Files\Steam 2009-05-04 14:21:22 ----D---- C:\Program Files\DNA 2009-05-04 14:15:42 ----ASH---- C:\WINDOWS\system32\petokulu.dll 2009-05-03 14:55:11 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-05-02 20:10:29 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\BitTorrent 2009-05-01 14:54:53 ----ASH---- C:\WINDOWS\system32\yigekote.dll 2009-04-29 15:38:30 ----D---- C:\Program Files\Common Files\Real 2009-04-29 15:38:03 ----A---- C:\WINDOWS\system32\rmoc3260.dll 2009-04-29 15:36:44 ----A---- C:\WINDOWS\system32\pndx5032.dll 2009-04-29 15:36:44 ----A---- C:\WINDOWS\system32\pndx5016.dll 2009-04-29 15:36:09 ----A---- C:\WINDOWS\system32\pncrt.dll 2009-04-29 15:31:17 ----D---- C:\Program Files\Google 2009-04-29 15:29:34 ----D---- C:\Documents and Settings\All Users\Application Data\Google 2009-04-27 19:30:00 ----ASH---- C:\WINDOWS\system32\sizehawi.dll 2009-04-27 19:29:59 ----ASH---- C:\WINDOWS\system32\jayodaye.dll 2009-04-27 07:31:16 ----ASH---- C:\WINDOWS\system32\vanuwado.dll 2009-04-27 07:31:16 ----ASH---- C:\WINDOWS\system32\parodupa.exe 2009-04-26 14:52:25 ----ASH---- C:\WINDOWS\system32\giletisa.dll 2009-04-26 13:13:55 ----A---- C:\WINDOWS\lexstat.ini 2009-04-25 14:51:51 ----ASH---- C:\WINDOWS\system32\hugekoja.dll 2009-04-25 14:51:50 ----N---- C:\WINDOWS\system32\wejureke.dll 2009-04-25 02:54:26 ----ASH---- C:\WINDOWS\system32\pofokago.dll 2009-04-24 14:22:50 ----ASH---- C:\WINDOWS\system32\gowoyisa.dll 2009-04-23 13:06:40 ----ASH---- C:\WINDOWS\system32\diwajame.exe 2009-04-23 13:06:38 ----ASH---- C:\WINDOWS\system32\fidasuko.dll 2009-04-23 01:06:17 ----ASH---- C:\WINDOWS\system32\namopiya.exe 2009-04-23 01:06:15 ----ASH---- C:\WINDOWS\system32\yulejoka.dll.vir 2009-04-22 13:06:22 ----ASH---- C:\WINDOWS\system32\metunale.dll 2009-04-22 13:05:53 ----N---- C:\WINDOWS\system32\miyovawa.dll 2009-04-22 13:05:52 ----ASH---- C:\WINDOWS\system32\sesimuvi.dll 2009-04-22 01:05:32 ----N---- C:\WINDOWS\system32\tiwurufe.dll 2009-04-22 01:05:30 ----ASH---- C:\WINDOWS\system32\bikusono.dll 2009-04-22 01:05:29 ----ASH---- C:\WINDOWS\system32\gipekoji.exe 2009-04-21 11:14:53 ----ASH---- C:\WINDOWS\system32\vuvimama.exe 2009-04-21 11:14:53 ----ASH---- C:\WINDOWS\system32\diyudejo.dll 2009-04-17 04:38:24 ----D---- C:\WINDOWS\Prefetch 2009-04-17 02:29:23 ----ASH---- C:\WINDOWS\system32\jayamuja.dll 2009-04-17 02:28:55 ----ASH---- C:\WINDOWS\system32\mevabiri.dll 2009-04-17 02:28:53 ----N---- C:\WINDOWS\system32\huzisopo.dll 2009-04-17 00:00:51 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-04-16 04:09:26 ----D---- C:\WINDOWS\system32\wbem 2009-04-16 04:09:25 ----D---- C:\WINDOWS\AppPatch 2009-04-16 03:31:19 ----HD---- C:\WINDOWS\inf 2009-04-16 03:30:40 ----A---- C:\WINDOWS\imsins.BAK 2009-04-16 03:28:40 ----D---- C:\WINDOWS\system32\en-US 2009-04-16 03:28:40 ----D---- C:\Program Files\Internet Explorer 2009-04-16 03:27:53 ----D---- C:\WINDOWS\ie7updates 2009-04-16 03:18:21 ----HD---- C:\WINDOWS\$hf_mig$ 2009-04-16 03:16:12 ----SHD---- C:\WINDOWS\Installer 2009-04-16 03:16:10 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944] R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-13 37760] R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768] R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376] R1 FsVga;FsVga; C:\WINDOWS\system32\DRIVERS\fsvga.sys [2004-08-04 12160] R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2004-09-24 12928] R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560] R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032] R2 LxrSII1d;Secure II Driver; \??\C:\WINDOWS\system32\Drivers\LxrSII1d.sys [] R2 npf;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2008-06-01 34064] R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-01-25 1149888] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424] R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-06-07 1580544] R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-12-20 45568] R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2005-02-02 14408] R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-10-05 25280] R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2006-11-08 21760] R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2002-07-30 23808] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S3 a0xtka6o;a0xtka6o; C:\WINDOWS\system32\drivers\a0xtka6o.sys [] S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [] S3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-12-20 45568] S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2003-11-12 41984] S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [] S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [] S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-08-21 737874] S3 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352] S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128] S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] S3 npkcrypt;npkcrypt; \??\C:\Program Files\Gravity\RO\npkcrypt.sys [] S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2003-07-28 1341339] S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2002-10-04 46976] S3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2004-09-30 229888] S3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [] S3 TIEHDUSB;TIEHDUSB; C:\WINDOWS\system32\drivers\tiehdusb.sys [2004-02-04 49536] S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2004-12-07 172672] S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-06-07 409600] R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-07-25 100032] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680] R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2004-01-13 311296] R2 LxrSII1s;Lexar Secure II; C:\WINDOWS\system32\LxrSII1s.exe [2005-05-19 53248] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-08-07 66872] R2 SymWSC;SymWMI Service; c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-11-02 316544] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040] R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920] S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-06-07 520192] S2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2003-07-28 77824] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe [2007-10-24 70144] S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-29 137200] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2005-12-20 323584] S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE [2006-07-25 2119360] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] -----------------EOF-----------------
|
|
#7
May 5th, 2009, 12:29 AM
|
|||
|
|||
|
RSIT info
Haha, sorry, my internet browser died on me.
I will now finish posting my RSIT info info.txt logfile of random's system information tool 1.06 2009-05-04 15:54:34 ======Uninstall list====== -->C:\PROGRA~1\VIRTUA~1\Uninstall.exe Sprint -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER -->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf -->VTUninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Timer' 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419} ABBYY FineReader 5.0 Sprint Plus-->MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2} Adobe Acrobat 4.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll" Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_acti veX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plug in.exe Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000} Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log Advanced Spyware Remover Free Edition-->"C:\Program Files\Advanced Spyware Remover\unins000.exe" Agere Systems PCI Soft Modem-->agrsmdel ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Catalyst Control Center-->MsiExec.exe /I{BE83EC7F-7519-4036-8B59-ECE494308124} ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallI NFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class ISPLAY -cleanATI HYDRAVISION-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe" ATI Parental Control & Encoder-->MsiExec.exe /I{8D70145A-3BD3-4DBF-9CBF-223EF4A43257} avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} Combat Arms-->"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexon.net/ngm/NGM/Bin/NGMDll.dll -game:33563143 -locale:US Combined Community Codec Pack 2006-01-18 (Remove Only)-->C:\Program Files\Combined Community Codec Pack\Uninstall.exe Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\s puninst.exe" DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN Evidence Eliminator-->C:\PROGRA~1\EVIDEN~1\UNWISE.EXE C:\PROGRA~1\EVIDEN~1\INSTALL.LOG FLV Player 2.0 (build 25)-->C:\Program Files\FLV Player\uninst.exe G-Force-->C:\Program Files\SoundSpectrum\G-Force\Uninstall.exe Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe" Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913 CC9D1.exe" /uninstall Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe Help and Support Additions-->C:\PROGRA~1\HELPAN~1\UNWISE.EXE C:\PROGRA~1\HELPAN~1\INSTALL.LOG Hero Editor V0.96-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Hero Editor\ST6UNST.LOG" High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spun inst.exe HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spunin st.exe" Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spunin st.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spunin st.exe" ILLUSION RapeLay-->MsiExec.exe /X{D1E1F028-1953-43A3-BFD8-D2A00EC06E36} iTunes-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\ IDriver.exe /M{501BADCD-F8F7-44CB-AC3F-6ED25C1A28B5} /l1033 J2SE Runtime Environment 5.0 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010} J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110} J2SE Runtime Environment 5.0 Update 8-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080} Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030} KBD-->C:\HP\KBD\KBD.EXE uninstalled Lexmark 4200 Series Fax Solutions-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\I Driver.exe /M{C439D065-5B64-4563-A6B9-1AA202633E13} /l1033 /z/U Lexmark 4200 Series-->C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBMUN 5C.EXE -dLexmark 4200 Series LiveUpdate 3.0 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U Magic Workstation 0.94f-->"C:\Program Files\Magic Workstation\unins000.exe" Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Upd ates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Upda tes\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\sp uninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationA PIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMa pping$\spuninst\spuninst.exe" Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE} Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE} Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE} Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE} Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office Professional 2007 Subscription-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL Microsoft Office Professional 2007-->MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuni nst.exe" Microsoft Windows Application Compatibility Database-->C:\WINDOWS\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44} mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} Norton Security Center-->MsiExec.exe /X{503AA035-41E2-4858-B31F-1E49AC66C309} NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\system32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf Paint.NET v3.36-->MsiExec.exe /X{43602F34-1AA3-44FB-AEB2-D08C2C73743F} Pando Media Booster-->C:\Program Files\Pando Networks\Media Booster\uninst.exe PC-Doctor for Windows-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA} /l1033 PS2-->C:\WINDOWS\system32\ps2.exe uninstall Python 2.2 combined Win32 extensions-->C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log Python 2.2.1-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG QuickTime-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\ IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1033 Ragnarok Online-->"C:\WINDOWS\IFinst27.exe" -UC:\Program Files\Gravity\Ro2\Gravity\RO\Gravity\RO\IFU1AC.inf Ragnarok Sakray-->"C:\WINDOWS\IFinst27.exe" -UC:\Program Files\Gravity\RO\IFU20.inf RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} S3 S3Display-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Display' S3 S3Gamma2-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Gamma2' S3 S3Info2-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Info2' S3 S3Overlay-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Overlay' Secure Browsing-->"C:\Program Files\NetProject\sbun.exe" Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85} Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85} Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7} Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7} Security Update for 2007 Microsoft Office System (KB960003)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {F04F8702-18D0-458D-921E-146FB7CD38CF} Security Update for 2007 Microsoft Office System (KB960003)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F04F8702-18D0-458D-921E-146FB7CD38CF} Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Microsoft Office Excel 2007 (KB959997)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {9EAC3AEC-5C81-4856-A05B-DE9DC236D740} Security Update for Microsoft Office Excel 2007 (KB959997)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {9EAC3AEC-5C81-4856-A05B-DE9DC236D740} Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4} Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77} Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77} Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85} Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F} Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F} Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC} Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC} Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C} Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C} Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spunin st.exe" Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spunin st.exe" Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41} Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS
|
|
#8
May 5th, 2009, 12:29 AM
|
|||
|
|||
|
info continued
\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe" Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\sp uninst.exe" Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\ spuninst.exe" Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\ spuninst.exe" Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\s puninst.exe" Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spunin st.exe" Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spunin st.exe" Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spunin st.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spunin st.exe" Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spunin st.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spunin st.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spunin st.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spunin st.exe" Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spunin st.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spunin st.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spunin st.exe" Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spunin st.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spunin st.exe" Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spunin st.exe" Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spunin st.exe" Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spunin st.exe" Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spunin st.exe" Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spunin st.exe" Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spunin st.exe" Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spunin st.exe" Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spunin st.exe" Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spunin st.exe" Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spunin st.exe" Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spunin st.exe" Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spunin st.exe" Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spunin st.exe" Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spunin st.exe" Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spunin st.exe" Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spunin st.exe" Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spunin st.exe" Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spunin st.exe" Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spunin st.exe" Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spunin st.exe" Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} SpyNoMore 2.67-->C:\Program Files\SpyNoMore\uninst.exe Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} Stronghold Crusader Extreme-->"C:\Program Files\InstallShield Installation Information\{8C3727F2-8E37-49E4-820C-03B1677F53B6}\setup.exe" -runfromtemp -l0x0009 -removeonly TI Connect 1.6-->MsiExec.exe /I{A8B94669-8654-4126-BD28-D0D2412CDED6} Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756} Update for Office 2007 (KB946691)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278} Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278} Update for Outlook 2007 Junk Email Filter (kb962871)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {297857BF-4011-449B-BD74-DB64D182821C} Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spunin st.exe" Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spunin st.exe" Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spunin st.exe" Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F} VIA Rhine-Family Fast-Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA VIA/S3G Display Driver-->VTsetvga.exe -s -rRundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\system32\hg201hp.inf VideoLAN VLC media player 0.8.6f-->C:\Program Files\VideoLAN\VLC\uninstall.exe ViewSonic Monitor Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B4FEA924-630D-11D4-B78E-005004566E4D}\Setup.exe" -l0x9 Virtual Assistant-->C:\WINDOWS\Motive\Sprint\MCCUninst.exe War Rock-->C:\Program Files\InstallShield Installation Information\{E397F6F0-AEE4-4236-BB05-1351350F8365}\setup.exe -runfromtemp -l0x0009 -removeonly Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536} Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C} Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5} Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuni nst.exe" Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst. exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spu ninst.exe" winpcap-nmap 4.02-->"C:\Program Files\WinPcap\uninstall.exe" WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe ======Security center information====== AV: avast! antivirus 4.8.1335 [VPS 090504-0] ======System event log====== Computer Name: JAMES Event Code: 1001 Message: Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 7A79053C5189. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. Record Number: 93818 Source Name: Dhcp Time Written: 20090417135043.000000-300 Event Type: error User: Computer Name: JAMES Event Code: 1000 Message: Your computer has lost the lease to its IP address 5.60.81.137 on the Network Card with network address 7A79053C5189. Record Number: 93817 Source Name: Dhcp Time Written: 20090417135040.000000-300 Event Type: error User: Computer Name: JAMES Event Code: 1003 Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 7A79053C5189. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. Record Number: 93816 Source Name: Dhcp Time Written: 20090417135040.000000-300 Event Type: warning User: Computer Name: JAMES Event Code: 1000 Message: Your computer has lost the lease to its IP address 5.60.81.137 on the Network Card with network address 7A79053C5189. Record Number: 93809 Source Name: Dhcp Time Written: 20090417094351.000000-300 Event Type: error User: Computer Name: JAMES Event Code: 1003 Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 7A79053C5189. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. Record Number: 93808 Source Name: Dhcp Time Written: 20090417094351.000000-300 Event Type: warning User: =====Application event log===== Computer Name: JAMES Event Code: 2004 Message: Unable to open the Server service. Server performance data will not be returned. Error code returned is in data DWORD 0. Record Number: 39176 Source Name: PerfNet Time Written: 20090221131246.000000-360 Event Type: error User: Computer Name: JAMES Event Code: 1517 Message: Windows saved user JAMES\Compaq_Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. Record Number: 39175 Source Name: Userenv Time Written: 20090221023649.000000-360 Event Type: warning User: NT AUTHORITY\SYSTEM Computer Name: JAMES Event Code: 1000 Message: Faulting application acrord32.exe, version 7.0.0.0, faulting module escript.api, version 7.0.0.1333, fault address 0x0001bca6. Record Number: 39174 Source Name: Application Error Time Written: 20090220233024.000000-360 Event Type: error User: Computer Name: JAMES Event Code: 1517 Message: Windows saved user JAMES\Compaq_Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. Record Number: 39156 Source Name: Userenv Time Written: 20090220034339.000000-360 Event Type: warning User: NT AUTHORITY\SYSTEM Computer Name: JAMES Event Code: 1517 Message: Windows saved user JAMES\Compaq_Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. Record Number: 39148 Source Name: Userenv Time Written: 20090219211720.000000-360 Event Type: warning User: NT AUTHORITY\SYSTEM ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%systemroot%\system32;%systemroot%;%systemr oot%\system32\wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows;C:\Program Files\QuickTime\QTSystem;C:\Program Files\ATI Technologies\ATI.ACE "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD "PROCESSOR_REVISION"=0a00 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;. WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CLASSPATH"=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip -----------------EOF-----------------
|
|
#10
May 6th, 2009, 01:26 AM
|
|||
|
|||
|
I will try to post the logfile.
There has been some problems trying to run rootrepeal. The last two times I have tried to run it, my computer has shut down on its own, I don't know if that is supposed to happen or what. Will try again soon.
|
|
#11
May 6th, 2009, 01:56 AM
|
|||
|
|||
|
rootrepeal part1
ROOTREPEAL (c) AD, 2007-2008
================================================== Scan Time: 2009/05/05 19:40 Program Version: Version 1.2.3.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: ai8gfeyo.SYS Image Path: C:\WINDOWS\System32\Drivers\ai8gfeyo.SYS Address: 0xB92BE000 Size: 421888 File Visible: No Status: - Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xA4D3D000 Size: 98304 File Visible: No Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF79A1000 Size: 8192 File Visible: No Status: - Name: PCI_NTPNP9810 Image Path: \Driver\PCI_NTPNP9810 Address: 0x00000000 Size: 0 File Visible: No Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xA1ADE000 Size: 45056 File Visible: No Status: - Hidden/Locked Files ------------------- Path: C:\hiberfil.sys Status: Locked to the Windows API! Path: C:\WINDOWS\$NtServicePackUninstall$\ndis.sys Status: Size mismatch (API: 182656, Raw: 182912) Path: C:\WINDOWS\Temp\Google Toolbar\gtm6.tmp Status: Locked to the Windows API! Path: C:\WINDOWS\system32\dllcache\ndis.sys Status: Size mismatch (API: 182656, Raw: 212224) Path: C:\WINDOWS\system32\drivers\8cdc8837.sys Status: Locked to the Windows API! Path: C:\WINDOWS\system32\drivers\ndis.sys Status: Size mismatch (API: 182656, Raw: 212224) Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Perflib_Perfdata_1260.dat Status: Allocation size mismatch (API: 16384, Raw: 0) Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Perflib_Perfdata_e88.dat Status: Allocation size mismatch (API: 16384, Raw: 0) Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\etilqs_DcZiMGIeYwyWxniWfmIN Status: Allocation size mismatch (API: 32768, Raw: 0) Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\etilqs_v4UDOGCl9dZBAdPo3YVR Status: Allocation size mismatch (API: 32768, Raw: 0) Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\etilqs_xrjQzr8PT69pls7pLWsA Status: Allocation size mismatch (API: 32768, Raw: 0) Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\etilqs_yA0r0oDJ0l5TnJmXjGt9 Status: Allocation size mismatch (API: 32768, Raw: 0) Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Perflib_Perfdata_958.dat Status: Allocation size mismatch (API: 16384, Raw: 0) Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Perflib_Perfdata_980.dat Status: Allocation size mismatch (API: 16384, Raw: 0) Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Perflib_Perfdata_9b0.dat Status: Allocation size mismatch (API: 16384, Raw: 0) Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Perflib_Perfdata_a04.dat Status: Allocation size mismatch (API: 16384, Raw: 0) Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Perflib_Perfdata_b24.dat Status: Allocation size mismatch (API: 16384, Raw: 0) Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Perflib_Perfdata_1254.dat Status: Allocation size mismatch (API: 16384, Raw: 0) Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Perflib_Perfdata_128.dat Status: Allocation size mismatch (API: 16384, Raw: 0) Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Perflib_Perfdata_16fc.dat Status: Allocation size mismatch (API: 16384, Raw: 0) Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Perflib_Perfdata_1b08.dat Status: Allocation size mismatch (API: 16384, Raw: 0) Path: C:\Program Files\Diablo\1134206\vids\35088_~1.FLV:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} Status: Visible to the Windows API, but not on disk. Path: C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Status: Size mismatch (API: 13132405, Raw: 13120584) Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\BS2DPR8F\down[1] Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\EZ3JG4OQ\info_48[2] Status: Invisible to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\EZ3JG4OQ\errorPageStrings[3] Status: Invisible to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\EZ3JG4OQ\bullet[1] Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\EZ3JG4OQ\httpErrorPagesScripts[1] Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\UFDNH3W3\bullet[4] Status: Invisible to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\UFDNH3W3\down[2] Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\UFDNH3W3\http_404[2] Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\OCA4865WWCAHRDJFJCAS3AN UDCAJML59PCAOXKNB7CARHPG4MCARRLXZ6CARM8JVRCAWYIRHL CA6W5ZP0CAMOHLMACAB3F498CA5HBOMKCAPULUFGCAU9S9KECA WGZRX1CAT73VBGCA5EDJGTCAJFMS4SCAHAZ3CXCATBR6NB.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\FCA8NOHTKCAAOGR8JCAVCNR 0OCAF0VN6ICAF1SC1BCADO7XLLCA0PCYX2CAM3QOC8CARX7CI9 CACPYMFRCAOII1K9CA57XIJCCA07KCAGCAV667UCCAXFRVSUCA ZA4J2QCA6CABKICAOEZ8DACAGPWXA3CAIMKUPICAOTEE8B.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\FGMPTCAJ6PEYOCAHG5XQJCA Q3AVSCCA7ROV65CA3X97AKCA353NFJCAH93ONRCAXCAI5ICAWD L4DZCAYY4G9KCA7TOBFRCAZC1R8YCAHD1TH3CAVR5SB2CA0KMW BYCA63B0EOCAB5RO7XCAA2RY39CA71RUO1CAAMQCJUCA78X7HG Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\FM1EUCA262TUSCAA0786SCA GDPXVSCA0CXVQUCAHVYPGDCA3879WGCA9O2B4ACA6XQ4WNCA6Z 3BTNCAEXH3RPCA9H569DCA7TIHQQCAB0QAB4CA7ZPGVWCA34ZD S4CABB20PWCAFBS1V0CA01W5E3CAO75F9ICAC6XWCQCAE87RZZ Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\3CA8X70NVCA9OZCICCA83P9 GFCA9EOEI1CAPSKP33CAQ4E94ACAVPPYXXCASSS1KOCANI72KI CALWX8VJCASTP0I1CA80CXKYCA2RYVB0CA3NLG8GCAAVDHR6CA YI5P5MCA92JGVXCA4GI3Q9CAIT3T4DCAO8MDHRCA31TZS0.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\3CALFOOKTCAG094S9CANOZY PSCANGJ38PCAZGOYF2CAPC2PSQCA3J98PFCARQN6O9CAO15RFM CA0L6EI9CATG8Y2DCAKDGTU8CAWC7GEQCAGCFUFNCA8JS1I7CA VTPNZLCAL2MH5YCADJMI96CAPV0JNICARQRZEYCAFXZ77D.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\3CAT2XKANCACWE2PBCABNTX PECAHWE38FCA9U3PMHCAZB4BQ5CAWIGZLFCAKMXIBHCA5UV73F CAATR253CASV3F1GCAWVWVARCAILFGIQCAC4AO47CA4Y9BULCA XP5WQGCAOH780YCA7Z9NNSCA9JMWPKCAGUH1Q4CAV06K0C.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\RCAA02SXGCAWSCYTCCACFYM YJCAVXURHHCABXWD8WCAX6U3HUCATDERR9CAGGUR1RCARYYQDG CAWJWDE7CATXB3NQCAL2OC89CAN0YG6HCAWY6MT9CABSJW60CA UV7CASCAXRN3ILCAFT8TSVCANIOAM5CA28KIQSCAXLJULF.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\4CA3J3PDUCAR3NBD2CAD726 L0CA07B2E3CAM1EJALCAABAPIVCADRJ47ACAFIMC4NCA0S73ZS CAA5FZFYCA8OX6QSCAKEYEN2CAEU5NPMCAARCGBACAZFSTTZCA XU26A2CA0HBNVTCA03LFW2CATT5OHYCACCRU7MCAVOKG65.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\6CA4RJJ8XCARR9Y52CA9ELU TSCAS7NEY0CATL7IUECA92IKINCA9LALGWCAPH9AYZCA4I5CQW CAVWP80QCACVMHEBCAE274GQCAAEFG1YCAI1R8RMCAUS8IG2CA FVH9QICA2W6F4GCAYAAFNECAGSPBOSCAA305T7CAFFJRN9.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\ACATCDBJWCA8Y6I64CA373V P1CAFHYKRKCAH5CVV7CAUDXWVUCA66F5VSCACERZW3CAPHUGKA CAQN6Q75CAE4SR85CA3FO3HZCAL5GH34CA6EF3XMCA7WPC3GCA L11KW1CAB5H0LQCACQYDROCAL384TVCAV1NTSNCA8DL3SD.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\CCA25PTCDCA7EG74CCABFXA CSCA52G1N0CA2SXCH6CA42U17KCAUH5WBECAT5RCDRCAM3BEBA CAOVFDNOCAAM7VVECA30PSA6CATI2EMSCAU6R82CCALZ7Y5JCA 7CV5OUCAV3ADD7CAE1ZL8TCA7CEUTQCAM13ULLCAL4STOV.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\CCA9JZ603CAZ1C8OCCAO0XE XMCAFWII34CA7UJD6ICAFX5W26CAYID21MCAZI3PZLCAO9HL0D CA93RRRMCAD8GTJYCA2GRC89CA1NE3S1CAL5ILXDCAYDKT7UCA DUPLIJCAURL3YWCA7JY2VWCAEE6G8VCAPFH7CECA6K279G.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\CCAFC19W9CA13N3HCCA5LMW RBCAHJ5PJ2CAPA688KCACN1G2BCANVM4WKCA133E1RCA6JYPYN CADU5S1QCA9NK1O0CAH5MG48CAR4SIBPCAQCGEBACA34EHLTCA 73JT0NCAJT0T40CAPK05I5CA8PVMXLCA6V840YCA2726QI.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\TCA3MI8QCCA1TG7YCCA4IMS JWCAQPUH2PCAA7WLDHCAMJ4YJVCA46ZRLTCAZJQV6JCA10T0K3 CAAP725BCAC4H15XCA9IPDU8CAOP7AFJCAKQPSQBCATSRZVGCA 8NT8PCCADJ129RCAPYZJY7CAQLY4FECA5JGR7ZCA45JWGG.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\TCAGDG91ECADIAOPSCAQY4U KPCA1ROJHKCA8EFJ3FCARIXG0TCAYWYJUSCA7EQ9GOCAD6P6RU CAWJPQEKCAXX09MSCA7FF71SCAJUSJUGCA3T5XO6CA5NBR39CA 7EP1G5CA3UURRXCAKYXXIWCAK3DPS5CAEBSHDNCAXA5VWI.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\HCA09WOYYCA9NZYEBCAXOAD 0RCAN395JACAUDXF72CAW1JK9ICAD5E043CAVJ6WWXCAW5M6WF CA24L3KECAX990Y5CA8OEYVGCA254FAQCAZOG156CA2YJKW7CA OTVWBBCA5YNTJPCAVTLGEOCA7KQIEWCAY54WQRCAE7YCK7.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\HCAZRMNHCCADLXTVMCA4ILJ 3LCAZEME3OCAZDYRIUCAV513RMCAT4ADW7CA7PTXCGCAE5NXVH CA635QK2CAKKHGMACAGB02DOCAXKSO03CAUNZ92XCAWFW2TGCA G9QRD6CASZ8MXMCA7N4QROCAUD4BMKCAL7ZALPCAK22ONZ.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\d=w2nnM62MjJg;kpu=machi nima;kr=F;khd=0;kt=K;ko=p;kpid=676;kga=-1;u=w2nnM62MjJg%7C676;kgg=-1;kcr=us;custp=cMTZY1rFXO3Rj44D5VMyiw;dc_dedup=1;p tile=1;dcopt=ist;ord=4985581[1].htm Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\DCA2UYYBOCAIDOK02CAHD71 TZCAVHR4P7CA32N4DVCAPD51XTCAJRASDZCA4WBOQBCAN13TJN CA3M1JO3CA22BKOCCAWGM3EOCA1HWD8FCA5KFJMJCA0M1LLHCA W4J477CA4WHNRZCAEUWXRICAVOWKQDCAQXR48VCAXC4UU5.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\MCA4JSJXFCALR4AZZCA7DXO 0ZCAXI93TECA5E3JOPCADFBC10CAE1MJFGCA7W6J70CAKALRLZ CANUU9HHCA36TM78CAD0GXPZCAW688IFCACQPQB7CATTM93VCA RD2YVWCA5F5TI1CAFSMYHPCAF2VL0HCA43SOVICAZN5764.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\MCAE5EXUXCARY7JAPCA3LP2 Z8CAF93OLACAFW6FY7CAJNOOTBCA5895OACAQY3LHOCAVUUY89 CA4R6RCQCAQL6TUSCAKG7H0TCAKNK1WFCA0YI21RCACKF028CA X3SKL0CAWSE2W3CAV819WXCAB1W6KLCAP5HQYJCA1N4YKR.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\MCANE6CCCCAYCGTMRCAX6K8 D6CA13JYQ7CADJFZ18CA5W81F1CAREYL14CAKZ1V4YCA4P14NY CA6HTARHCAVWNZQVCAS68AVDCAL8K9ZQCAN9L1ZDCAU3GDB7CA LFZB2VCA66YPBPCAR0CBOICACDCDPJCAESI2Q0CAD455VD.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\MCAV42X54CA0B4EMKCA2F5N QBCAM5TP7KCA7QF0FACAI0T0WACASTXUAXCAEQEEHCCAUW1DO5 CASKL2CKCA5S0EHSCA7Z56A5CA634ONVCAVFXBT1CAD37070CA IEM8B4CA7JSP5BCA5RUBLMCANKIHJXCAB5BFWBCA7OS8EP.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\XCA9ZKMB4CAEJ2GOOCAZ96A 58CA0DXNUPCAFRU99YCAM3LKT2CAC8VSWVCA2ODLQQCAE9N3ZB CAVSTR4LCAVV7UWXCA37QGKTCAQB0103CAQKJW39CA2827LXCA LA7RB4CA3JMTDJCAG5JR3ACABN7PTVCAHQSDISCA47YEMK.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\XCAF8KJNDCALI06CMCAC2P5 HZCASQ0F67CANWWQUPCAJPEUQQCAGXI8RICAK08E2TCA3AX4UG CAPJVYAGCA90UJK8CA4OQURPCARGER49CACCI3AXCA4DRAJGCA P21MKMCA4W6EKTCANX44X2CA52MNU4CAVG3JGKCAQDDRKI.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\XCAMOO27YCA6NBGJSCA1VLE PTCALWLYIOCACKE0FZCAP7PQYICA77Y1TDCABK2ESKCAFVQM12 CABFMV8CCA9Q9171CA865B62CASTH10MCA1RRAB4CAIJW3UBCA 6ABWIYCAHF2OTRCAOX4TGUCA9HZFXICAZROZ8JCALDDUL1.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\DgyMl5BMl5BanBnXkFtZTcw MjcyODkyMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZATrailer,37,63,27,83,verdena b,9,255,255,255,1_[1].jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\DM4OF5BMl5BanBnXkFtZTcw MDA5NzY4MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZATrailer,37,63,27,83,verdena b,9,255,255,255,1_[1].jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\G69TVCANMMY6MCA9KU5QSCA CZ4NB1CAA3A74XCA26WFY2CAJOP4AJCAS36JS8CATPQH25CA35 4DWQCAMRRRW8CADJL8JXCAAE3ZMHCAXIOM6OCAIY0DCHCA3Z92 9XCA3GTIOCCAYDFI2PCA5DAY16CA7AJ4CMCATV1F2MCALSUIII Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\BCABH9VNHCAG916QKCAEPL7 SSCA8QMJXACAE2EX4FCADNOOYZCAH44R9KCAES0I0LCATIN4N6 CAK01D4DCAF01XB1CAXTUF8YCA8H2NQICAVA1X5YCA35P600CA X3I615CAVV1O25CAVO3CNPCAAXCUM9CAKCDSOKCA9JV1LS.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\BM311CAP2ZE0ZCAZA0C79CA 7RFUM9CAW6I3D2CAN158O9CAXAPAUJCAC233M1CAWJ8RAQCA3Q 5YCSCAWIB21XCAWE095ACAJBK5GRCAW2OLPNCAHL275ECAPJKI BNCADTT5PZCACBVAC5CAYOFVTWCAKZI304CAYAKCANCA0NHDOP Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\8CAIJUREACA7QNNTICATYEV 3BCABSOZ44CAKLM1YICAN2BOKYCASNJ9AVCAZX40SJCAHMGAJA CA1GJ4R0CATHMFM3CAZ5U74KCAI1G051CAKRCCZXCAALO493CA 89OSN7CA0TS9KMCAZIUU9HCAGGZ59BCAYQSNLECAIYAOV9.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\8CAQWXKZ6CA3NK7QCCAC320 9HCA3ACP0GCAKXH9BDCA0GIG5KCASMD9U2CASLL94ACAUBFKTD CAT3V457CA6WX1E5CA6KLIQTCAH227Z8CAAD0ZTXCA356JF1CA I9CFABCASYW8NHCAKYGK2HCA5MRJGXCABM37V1CAA55OYZ.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\9CAWYUOQACARKNDOHCA1JTH Q9CAXLEQ0NCACHGRSBCA35I2TLCAGA39P7CAA0K59SCA4K3JDH CA1QYJXQCANF02QFCAV0305PCAGX2Y1LCALQP4WMCA3U8EYACA PA8I3LCA25U3AXCAELY1ORCA7LVW4UCADAFMTGCAJ0R46H.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\;tile=3;sz=1008x40%2C7x 1;p=ns;r=afc;id=nm0001383;g=fm;g=ad;id=tt0133240;i d=ch0000556;g=sf;tt=f;k=pu;g=brc;m=PG;g=ro;coo=usa ;k=c;g=baa;g=an;ord=5200359917005375[1] Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\=2;sz=468x60%2C728x90%2 C1008x150%2C9x1;p=t;r=afc;id=nm0001383;g=fm;g=ad;i d=tt0133240;id=ch0000556;g=sf;tt=f;k=pu;g=brc;m=PG ;g=ro;coo=usa;k=c;g=baa;g=an;ord=5200359917005375[1] Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\DCAUE52NNCA253PIVCAAJ7D 8MCAF0HEH8CAHXQJI3CANJXH96CABU4I4ECA00NADTCAWP7IYD CAJNDTWUCABM3FUICAPA5148CA2Q6UGYCADH7A8LCABROOGECA HQ8279CAFHY11MCAL9MPR7CALVBWM8CA84LXV1CA5BIBV6.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\DCAWK91QXCAJQAWLTCATYWY VHCAQRIWYLCA9T6LGRCAUT1R8ECA4EITA6CA7GKQEXCA3RGACE CADIQQIQCA9Q0WOYCAXM8EA2CAR20NHWCADTID00CAHDYQ0PCA YU725TCAFUL1MWCA4E2GK0CA8VHBRJCAW7ES6WCA02HHJV.jpg Status: Locked to the Windows API!
|
|
#12
May 6th, 2009, 01:59 AM
|
|||
|
|||
|
part 2
Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\HCMEVCAR5VDY4CA315ZM2CA 42JC07CA374ZOUCAJKJ8V6CAS9T6LNCANNQ68WCA72Y643CAFW JSD8CALMRSGGCAWK3XIJCA802DHFCAF8WYJ1CA8U8LWCCA68KF 0GCAJBU5I9CAYOP999CAXV5IS0CA2XZ6J8CA50SDYTCABFFVMC
Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\MHDVTCALI6X3VCA4KNOD9CA YCWN3KCASWNQCZCAEPSV7WCAZ80BPSCAVG7ELICAGYDPD7CA3O XI2RCAFKLP4ZCAPSMSRNCA8IV5GKCAQRXYXACAD5WZAFCAYSL5 TICAJ902HCCAHCGCOZCAYEP6B2CA705JEJCA7DBQSNCAP2TWNX Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\UCA3C83RMCAO4WC1VCA46WK URCAAV9SQICA228FDWCAG5CTUXCAEWVLWUCAEVX16ECAUGMX23 CA2C2IVOCAO7NXXJCAXWPPRGCALDT2XGCA9NF9R1CAIZ00P7CA X84K0YCA9F9VY5CACUC2NPCA87OUNHCAWV64DVCAAYK7RZ.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\UCASM99X9CAHPK8VNCA04S5 BPCAV1QZ29CA8NVOICCA60VWZVCA7L1X96CARZ5OMLCATPNOCD CAHB5TMRCADC1D15CA56ZFMHCAZUJ45OCA8XID7BCAHBK0H0CA 5BNRJ6CA20G62MCAK7979FCAZDQKT1CAJZ5R0XCAW81HWE.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\VCAO06ZBOCA2BJNSUCA599N 71CAR0U039CADJAVIICAYP2E52CAFCSIFVCAYOMMR4CAH5F7RA CAYWE2QOCAFK29V6CAEKX5SBCAGLF7NGCAKWD3KJCA11ETT7CA SGB59ICA399O3YCAENGHCKCAM9RBNUCA8QL7QACAZDJADX.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\SDE4KCA75PJT2CAC78NLACA 3YF0SVCADYXOH7CAPD721UCA87O0RPCA0K3NOGCAGR3VJPCAJF 02ZCCAW32UR0CAYAQ0BECA6SKZHECAKKZKZACA3V26Z2CAX36L 4CCAA6PM37CA3CT780CAD9FZ9FCAEMMUPCCAJDPUC0CA1MSINI Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\4CA82EK2CCAMGTSMRCAIME7 M0CAW8GAN8CA8WXON0CAER7F2PCA5OJLHECA9DOB1YCAYDSGMB CAL3C01TCAE5L0GCCAYM3V3YCAZ8CJ08CAWWPF09CAO5YIO6CA UGZDI1CAND5T30CAXA6JYSCA9YQICGCATZ0JEZCA7B29YL.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\4CA9UK0FLCAKML3J0CA1NV5 A6CAG3834GCAE8D2KRCAT18B5BCAEY9Q6BCAOMUXJKCANPU7E6 CARY4XYTCAP0NNCJCAXT835UCAUIED2FCA6MC5OWCARPXGQOCA DQA96LCAK73IN1CA4GPK0MCAHQ3J56CA95TI3ECABQLFX5.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\LCAEUCNT0CA0MV7YACAZSPM TPCAB2XN8SCA98X99YCALPKUI5CA18DF1JCA2ZKGIYCAAIQ44W CAAWE86ACA1GZKNVCANFPGVZCAPFV5JLCACD9O3SCAHG4GE7CA DVX8WRCA5HGNUFCA57BWF0CA7OX6WICA11PRR5CAUDZZHG.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\2CA5AIXRNCA3KLWV5CAGAKJ 5MCAS63JAECAS5M3BZCAEAX6ZFCAJXIZ9HCAUNJ3SWCA3G5TFO CANWLW9QCA9P1K8XCA81Z6QBCAR8793XCAQI5DYYCASAGGGTCA 787V3PCA85U3GACALN2414CA2I37I1CA4NA6T8CA8R3ESN.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\2CAH1GRHYCAOQ3OHBCAWE09 C5CAG3FWEPCA8HRYU4CAZ5LOWRCAX30L52CAYD9236CA8J6Q0T CAWRWWQ6CAVKRRSCCA429W8UCAZSWYX0CA2EX8GWCAWTD2LWCA HQ6N8YCA6LQNEACA1GETXJCA7X3XC5CA8RTSZUCAPMHL25.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\ZCAKKBPLBCA52V139CA43B9 YICA31DEEMCAAENN4JCAZI0XXYCAI9U3ZNCAGI11Z7CA86I60Z CAT4QDTUCA40BWSWCAJ164NOCA5XYE87CAPQLSL0CARGGTW8CA K27YM0CAHINJK0CAZ8596BCAGAMH71CAL1Q6L5CAJ6MI5L.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\zM5N15BMl5BanBnXkFtZTcw NzAxODE0Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZATrailer,37,63,27,83,verdena b,9,255,255,255,1_[1].jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\SCAKCPQ2KCAZM4GFYCASJPK MNCAZHCK72CA11DSC0CAEDDFH3CAFD8A14CAJE8F1DCAU4WWVO CANBQKUDCAUUY8V4CAR4PXH0CA5LA62LCAMATBJACAZWJ2LJCA NAGGVLCA34VT7UCAP96KOCCAQWBKS4CANPNU1XCAV29IHL.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\YCA0CVM5RCAYZE6GQCA2XZM 8ACA2OIHO4CAB3FGWUCAGUT0UWCA94Q07GCA5KDG08CAD96BFS CAD6Y73BCAAVM341CAD70NRXCAL8NWYSCAFLHDKZCA1J9P6NCA 7LD1N4CAYBXANKCA0MOU6CCA3NFU5SCA77UOK0CA9JF767.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\WCAQIGAHHCARRBVAZCAEUZ0 P8CABI91TZCAW9BNQ0CALD64TJCA4ISFZWCAA9HFI4CAEYLGCQ CADZNUI9CAAAQRUJCABRSP3ACA3Q5841CADH70X2CAT65GO9CA GF6GB8CA9MIONUCACNK2X2CAW73VMICA68YLI2CAY5MLH1.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\WCAR462K2CAKD08JVCA7CU4 JRCA9HUTZKCAY144WFCA9SRFELCATFKDE5CAQM3R7JCA6K7M2Q CAYX8RSCCA55WCZTCAGJ5NVACAFOB11BCARVULVLCA45QI4KCA 2WEZWJCAV18D7DCAF30A3CCAPAZ4QBCA02RK00CAL9VV0A.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\67K38CAOUIDWGCARKR44VCA 3IM1PJCA4PA1D3CA9RJAD2CAVWK1EDCA2VZ9FECAAX87V7CAFA 2HFUCAEMO4D6CAKOLQYDCA067GRLCAPP5FSYCA6HITLTCAVXY9 MDCA2HYJH0CA7JA9JXCA9TSCG9CAUA9CJECARMF8TXCA7HVM2G Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\30GNBK1U\DCAITMFAFCAWBBP72CA36VZ TFCASD8X9XCAULAU1ZCADOLC5WCA800TQSCA899GCKCA2350TL CAVT27X7CAORHAZWCALPS09LCA841LLCCA10OJRNCAZJFMSNCA 73IKV6CAYVV0EWCANHQPNZCA7JT9BTCAH0M745CADNAFRA.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\75SPEDA0\0CA2PEJNRCAFVWFVVCAV0KM 6LCAOIVN4RCA3PEY3KCA99H6JHCA3KDUGGCAOPA44ACA1GCQZ6 CARDT0DVCAUA6Y6SCA2RCJIXCAHPDGO7CAQB82RACAZG6WTDCA 6VI65PCAQ4H809CABVZQVDCACH1H40CATVCKUYCAXNO5R9.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\75SPEDA0\0CAG1UHD7CA0U4ITFCAK8P3 CGCA36NBFVCAU3SWO7CA88MJQMCABDDQHYCANBD6U6CAQ11M2Q CAFCT4QACAYDCJK0CAZII4RRCAUXLH25CAGJABVFCA35GT9NCA QAXZWPCAO4N2X8CA1Q0UG2CAYU4VCQCA4BDT3YCAJTHFY4.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\75SPEDA0\0CAU3TZ5WCAC9KE06CAAQES K2CABWUJUCCA6RMELHCANSISA7CAQSHRD0CAPBXWXICAFI5AMT CATOVVENCA2RBACECAV27G1FCALYYQ83CAN7ABS7CAGOHW26CA W7645RCAS21E29CA51VDV8CA000RVBCAYU9P70CAI98A88.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\75SPEDA0\0CAW0OCXACAM2V5CTCAMNKL QFCA55XZHJCAFSZX4CCAZL8SL6CAC07YHVCAVW09W5CAD2P2Y1 CA34O6L4CAGWU0FCCAEIYT36CA3T8015CAZPK53PCAC71A46CA USXDYACANGHP17CAZUALXLCA4FLD6PCAX9Q70OCA7C8K0E.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\75SPEDA0\fold_main.js.v48851.488 51.48851.48851.48851.38771.48851.48851.69525.38771 .71746.71745.62864.38771.66362.39083.71541.69832.3 8771.63688.38771.67041.67088.55944.71775[1].14 Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\75SPEDA0\1CANBUVGVCAWQRQB1CA6E9Y U0CAGJULKFCAOM185YCA4AVRP4CAHAQY9GCADPO1Y5CAHQ2PNG CAX2L1P9CAUULAWCCAJH4AYGCASO0Q8PCA3K85MQCARPIBSWCA HAH9VKCAJ6G3MJCAEOCVW0CA4U85KYCA024H2KCADX6J3S.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\75SPEDA0\1CAZJ7363CA41FLCLCA507R I4CAF95OE2CATILTVPCAU3J4H0CA47PGRDCATOXOZLCAE8GODF CA4H4HZNCA4TG9A3CAA92E40CA076GMKCAB73R7XCAXF7090CA P5888XCA2GREDWCA0HQB0KCA6I16EICAOEXT75CAJ4XD0D.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\75SPEDA0\3CA4QF960CAVPZ8AWCAZ6K2 Y9CA4VK1ICCAPH067RCAHIP9QJCA17J8H6CAGLUBVMCAGCY0Q0 CADYM2VZCA76149LCAISUHZJCA6P7NANCA2XSBMVCAJCJI9RCA S5MOFTCALXBU3VCA9BPLT5CAY3BI9LCAR2FDDHCAHWXSWM.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\75SPEDA0\4CAW6QCQKCA4IGK2YCAYC2Q EKCAPCO7ZECA311RDNCAFS8I41CAX5I2NQCAQCIIVSCADWKZ22 CAU5G3G8CA32G9BUCAS5BROGCARAJZH1CAOJZYZLCA4X156KCA 542R1FCADIMGAACA2IVOPGCAJGL2C0CAXR2ZKBCA5NHZVO.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\75SPEDA0\7CAD6FDVVCARONGX6CA5XL1 GCCAYFF0RGCAWFNQYMCA8IPWQGCA6H0ZPBCATQHSKZCALTPCCM CAK2K3ULCAIVQV1ICAUUZWW8CAK0QQE8CANXWX1PCAY1M5RWCA ELDKQ2CATZ2Q59CA573A8ICAQHZEMTCA7OTY1DCAM3PITM.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\75SPEDA0\1CA76O6T2CA0MUSPSCAZFIS 5BCATWG9USCA8NBJ3JCAXZ8Q60CANONWJRCAHDJHPTCA4KZC7Y CAK7E9M2CA0NXFY7CAXJCVVZCAZX8D2XCAHFFMLCCA6JUU39CA V0XP72CAHB1O4SCATY478QCAHPJIVGCA25J2MFCAEA1M3S.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\75SPEDA0\BCAG06HQECAQFFBC6CAYBBT D3CA9HLGV2CAT9XVFQCA0U0JX2CACDYMECCA91DP5NCAHMQB58 CASOFA2SCAAO1YBMCADXTRVMCAV4PBPOCACIWSSHCAR3UTZCCA 5KU8BBCAP5VF9OCAGSTA1JCA86KLPBCAPM15MQCA8DM0EG.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\75SPEDA0\JCAP1TL5UCAJDUGY9CAKNCW IACASM861ECAN1WYJHCA4OEMA9CABET7YBCA2ZLUOACA1D9OCG CA156343CA0ADEGUCAVVESC1CA1E8P0DCAOCVTJCCA9GVBE0CA B128Y2CA0QQZWHCAYY8D0ACAK4KP7DCAV45PJFCABGKYZS.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\75SPEDA0\JCAR04NBKCA0G32Y8CAFMRR 3SCA03MZYKCAQ4JET1CA8T4CJPCAWQ61WUCAJ8X01NCAGK8252 CAYPKSH8CASL319ICAO2T6TYCAB35G9WCAEEEHFJCA18E2FXCA 5A7KXSCAVEWM22CA3BQC0BCAEPZ2M2CAS2563ECAOBH191.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\75SPEDA0\JCASIRM9SCAFB7RMZCAIS5B R0CANFGAL2CA2L0SC1CAKY17SMCA3B72ILCAZ9S733CAB7FG9J CAA67FUNCADWZIFMCAP4KK4NCA3YI6UECAM0EQNMCABSIJMHCA R6F7ZVCASCGRVMCALFHOJPCA69MOWACAAKSKXVCAYU6W8X.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\75SPEDA0\ICA9QTP3NCAYRZJGACAGX1U 8JCAYC2JG4CA9EAFOTCAVUT0MFCACA0FLKCA9ZMHS2CAWYVZ1X CABIB0W1CAKIZADCCAA2273YCARJS3GQCAQ7UGUGCAH56J05CA 4DM385CAKEORF7CAM54Q6NCAV6NW3PCAFJVZQRCAW2213O.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\75SPEDA0\ICA9ZPKPHCAR50N32CAQV7E 2YCAIZ7QGDCAZ09BFCCAE7U1P6CAOKC3YRCA7YTR75CA6Z44YC CAKLRIPGCA1PHBXZCAXUGG5ZCA9T4UZ1CA9WOCQ4CA1Q2XSRCA RB4E50CA0O4XTCCAVSI51GCA5IDDXNCAF63YBFCAT62WOS.jpg Status: Locked to the Windows API! Path: C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\75SPEDA0\SCAJMSK3YCAA5UDQFCAD4NW AACAYE04U9CAYF5PDPCA0XZF0VCAQCYPUXCAOGEV5ECA85GQ87 CAAGQNNXCAK33Z2NCA3OVBKDCABOBDK8CAM5GDNZCAPGDMY8CA IMJAZ2CASVS6GKCAE2U5VOCA9HTTLXCA3EJF28CA3L0UEW.jpg Status: Locked to the Windows API! Path: CSSDT ------------------- #: 025 Function Name: NtClose Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa8e436b8 #: 035 Function Name: NtCreateEvent Status: Hooked by "C:\WINDOWS\System32\drivers\8cdc8837.sys" at address 0xb9c9952d #: 041 Function Name: NtCreateKey Status: Hooked by "C:\WINDOWS\System32\drivers\8cdc8837.sys" at address 0xb9c97605 #: 065 Function Name: NtDeleteValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa8e43a52 #: 068 Function Name: NtDuplicateObject Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa8e4314c #: 071 Function Name: NtEnumerateKey Status: Hooked by "sptd.sys" at address 0xf74f2fb2 #: 073 Function Name: NtEnumerateValueKey Status: Hooked by "sptd.sys" at address 0xf74f3340 #: 119 Function Name: NtOpenKey Status: Hooked by "C:\WINDOWS\System32\drivers\8cdc8837.sys" at address 0xb9c976c5 #: 122 Function Name: NtOpenProcess Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa8e4308c #: 128 Function Name: NtOpenThread Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa8e430f0 #: 160 Function Name: NtQueryKey Status: Hooked by "sptd.sys" at address 0xf74f3418 #: 177 Function Name: NtQueryValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa8e4376e #: 204 Function Name: NtRestoreKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa8e4372e #: 247 Function Name: NtSetValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa8e438ae
|
|
#13
May 6th, 2009, 05:30 AM
|
||||
|
||||
|
Please make sure you temporarily disable any security/protection applications as they may interfere with running programs needed to eradicate infections.
Next, download ComboFix Save to the Desktop
|
|
#14
May 6th, 2009, 10:02 AM
|
|||
|
|||
|
There was actually more to the rootrepeal log, but because of the problems I am having on the computer, it has been difficult to post the rest of it without the connection giving out.
Should I post the rest of it, or just proceed with the instructions in your latest post? (I am currently on my laptop which is why I am able to even get online at the moment)
|
|
| Bookmarks |
«
Previous Topic
|
Next Topic
»
| Topic Tools | |
|
|
Similar Topics
|
||||
| Topic | Topic Starter | Forum | Replies | Last Post |
| CPU loading heavily | jmnew | Windows 7 | 9 | May 9th, 2020 08:51 AM |
| PLEASE HELP ME!! My laptop is heavily infected with virus. | lana1016 | Malware Removal | 69 | January 15th, 2010 10:55 PM |
| Heavily Infected With Virus!! Spyware, Adware, Trojan, Etc. | lana1016 | Malware Removal | 29 | May 6th, 2009 02:17 AM |
| Heavily infected with malware + spyware. PLEASE HELP | blueray | Malware Removal | 15 | September 21st, 2008 03:49 PM |
| That's why u don't have to drick heavily! | itschahat | Jokes Forum | 1 | July 21st, 2007 04:42 AM |
All times are GMT +1. The time now is 06:24 PM.