Antivir - Please Help

View previous topic View next topic Go down

Antivir - Please Help

Post by someonehelp on 31st July 2010, 7:12 pm

Hi,

I have Antivir on my very old computer and I have tried to follow some of the other instructions posted but with no luck. When I uncheck the proxy button on IE, the 'Apply' button is greyed out, so this doesn't work. I tried to start my computer in safe mode but it reboots itself in the process everytime I try . So I have no way of accessing the internet on that computer.

I hope you can help. Thanks.

someonehelp
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-07-31
OS OS : xp
Points Points : 23548
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by Crush on 31st July 2010, 7:13 pm



Welcome to GeekPolice Forums! I'm Crush but, you can call me Chris too Smile and I will be helping you with your Malware issues.

A few things to keep in mind as we progress:

1. We are all volunteer staff here so we log in and assess threads when real life, work, family, and other obligations permit. Additionally, we are located all over the world. There may be a bit of a time delay due to this.

2. Malware Removal threads are very time intensive. Each entry must be researched until it can be said with 100% certainty whether or not it can stay or needs to be removed. Sometimes additional work is needed to weed out suspect entries

3. This may turn into a long ordeal but, rest assured we will stay with you until you are completely disinfected.

4. Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer. Do not run any tools unless specifically asked to by a member of one of these usergroups

5. If you are not the original poster of this thread DO NOT run any fixes given to the poster in this thread. They are all custom tailored specifically to this user. It could prove to be disastrous.

6. Please keep responding until I give you the "All Clear". Absence of symptoms does not mean that everything is clear.

7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

8. If you have any questions or issues please stop and ask! We are all here to help.


IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.


If you follow these instructions, everything should go smoothly Smile.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted.

To do this click , then click Preferences. Make sure Always notify me of replies is set to Yes


With that out of the way:

Download [You must be registered and logged in to see this link.] to your Desktop


  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    Code:
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    nvstor32.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    ws2_32.dll
    proquota.exe
    imm32.dll
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    nvrd32.sys
    /md5stop
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles



  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time



Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42128
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by someonehelp on 31st July 2010, 8:08 pm

Thank you for your quick response. I have copied the files below. Please note that during the scan, a message popped up saying the file sf .bin was infected.

Thanks.

OTL FILE:

OTL logfile created on: 31/07/2010 20:47:08 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = F:\
Windows XP Professional Edition (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2600.0000)
Locale: 00000809 | Country: United Kingdom | Language: eng | Date Format: dd/MM/yyyy

256.00 Mb Total Physical Memory | 57.00 Mb Available Physical Memory | 22.00% Memory free
428.00 Mb Paging File | 302.00 Mb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 192 384 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 7.64 Gb Free Space | 41.00% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 249.35 Mb Total Space | 37.35 Mb Free Space | 14.98% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: hidden
Current User Name: hidden
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/31 20:42:56 | 000,574,976 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2010/07/31 16:38:32 | 000,283,904 | ---- | M] () -- C:\Documents and Settings\hidden\Application Data\rqhrbbxsh\ormnyxctssd.exe
PRC - [2010/06/28 21:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 21:57:16 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/01/11 22:16:38 | 000,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2006/02/23 19:10:38 | 000,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2002/09/08 23:07:18 | 001,000,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2000/07/06 20:11:00 | 000,032,768 | ---- | M] () -- C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE
PRC - [1997/02/14 12:22:42 | 000,195,072 | ---- | M] (Voyetra Technologies Inc.) -- C:\VOYETRA\AS2\AS2TRAY.EXE


========== Modules (SafeList) ==========

MOD - [2010/07/31 20:42:56 | 000,574,976 | ---- | M] (OldTimer Tools) -- F:\hidden.exe
MOD - [2002/09/08 23:09:32 | 000,921,088 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
MOD - [2002/09/08 23:07:42 | 000,106,547 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/06/28 21:57:16 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 21:57:16 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 21:57:16 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- E:\EngraveLab Educate\CADlink.sys -- (CADlink)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\ati6eixx.sys -- (ati6eixx)
DRV - [2010/06/28 21:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 21:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 21:33:14 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 21:32:46 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 21:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2003/12/08 11:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2003/12/08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\alcaudsl.sys -- (alcaudsl)
DRV - [2001/08/17 14:02:32 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2001/08/17 13:47:22 | 000,009,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NtApm.sys -- (NtApm)
DRV - [2001/08/17 13:28:14 | 000,765,884 | ---- | M] (U.S. Robotics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\USRTI.SYS -- (USRTI)
DRV - [2001/08/17 12:50:56 | 000,050,432 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SiSV.sys -- (SiSV)
DRV - [2001/08/17 12:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)
DRV - [2001/08/17 12:12:42 | 000,023,070 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643

FF - HKLM\software\mozilla\Firefox\Extensions\\{845CF37D-D46E-449B-AF12-7507651F8B58}: C:\Documents and Settings\hidden\Application Data\{845CF37D-D46E-449B-AF12-7507651F8B58} [2008/11/20 10:52:26 | 000,000,000 | ---D | M]

[2008/05/31 22:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Mozilla\Extensions
[2008/05/31 22:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Mozilla\Extensions\home2@tomtom.com

O1 HOSTS File: ([2006/01/07 19:01:52 | 000,149,441 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost.localdomain
O1 - Hosts: 127.0.0.1 sitefinder.Verisign.com # Verisign has joined the game
O1 - Hosts: 127.0.0.1 sitefinder-idn.Verisign.com # of trying to hijack mistyped
O1 - Hosts: 127.0.0.1 # URLs to their site.
O1 - Hosts: 127.0.0.1 # and potentially other sites.
O1 - Hosts: 127.0.0.1 media.fastclick.net # Likewise, this may interefer with some
O1 - Hosts: 127.0.0.1 # sites.
O1 - Hosts: 127.0.0.1 #up CSS on livejournal
O1 - Hosts: 127.0.0.1 # problems with NPR.org
O1 - Hosts: 127.0.0.1 06272002-dbase.hitcountz.net # Web bugs in spam
O1 - Hosts: 127.0.0.1 123counter.mycomputer.com
O1 - Hosts: 127.0.0.1 123counter.superstats.com
O1 - Hosts: 127.0.0.1 1ca.cqcounter.com
O1 - Hosts: 127.0.0.1 1uk.cqcounter.com
O1 - Hosts: 127.0.0.1 1us.cqcounter.com
O1 - Hosts: 127.0.0.1 2001-007.com
O1 - Hosts: 127.0.0.1 4-counter.com
O1 - Hosts: 127.0.0.1 abscbn.spinbox.net
O1 - Hosts: 127.0.0.1 activity.serving-sys.com #eyeblaster.com
O1 - Hosts: 127.0.0.1 ad-logics.com
O1 - Hosts: 127.0.0.1 adclient.rottentomatoes.com
O1 - Hosts: 127.0.0.1 adcodes.aim4media.com
O1 - Hosts: 127.0.0.1 adcounter.globeandmail.com
O1 - Hosts: 127.0.0.1 adcounter.theglobeandmail.com
O1 - Hosts: 4539 more lines...
O2 - BHO: (no name) - {13F20E4F-F379-41EA-8F80-CCAAE787362A} - C:\WINDOWS\System32\nnnmnkjk.dll File not found
O2 - BHO: (no name) - {4BA7E09D-C8BD-4B87-A065-63E77A854029} - C:\WINDOWS\System32\ddcAqQGW.dll File not found
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\System32\vtUmLExx.dll File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O2 - BHO: (no name) - {c83a94d6-7733-4d2f-bff2-6e039b726f5e} - C:\WINDOWS\System32\lehetojo.dll File not found
O2 - BHO: (no name) - {DB68B50B-7876-4FD1-837B-B96AFB4F74EF} - C:\WINDOWS\System32\rqRKCssS.dll File not found
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {2CF0B992-5EEB-4143-99C2-5297EF71F44B} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\msdxm.ocx ()
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CPM340e2a31] C:\WINDOWS\System32\sunasuyu.DLL File not found
O4 - HKLM..\Run: [D066UUtility] C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE ()
O4 - HKLM..\Run: [EbatesMoeMoneyMaker0] C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe File not found
O4 - HKLM..\Run: [fodejotane] C:\WINDOWS\System32\kuzeyogi.DLL File not found
O4 - HKLM..\Run: [gwiz] C:\WINDOWS\System32\arpl.exe File not found
O4 - HKLM..\Run: [Kcanum] File not found
O4 - HKLM..\Run: [lluatkql] C:\Documents and Settings\hidden\Application Data\rqhrbbxsh\ormnyxctssd.exe ()
O4 - HKLM..\Run: [msbb] C:\WINDOWS\System32\msbb.exe File not found
O4 - HKLM..\Run: [rhapcihdzblcj] C:\WINDOWS\System32\dnaxeae.exe File not found
O4 - HKLM..\Run: [SystemTray] File not found
O4 - HKLM..\Run: [TBllEe] C:\WINDOWS\relsd.exe File not found
O4 - HKLM..\Run: [Ultimate Cleaner] C:\Program Files\Ultimate Cleaner\App.exe File not found
O4 - HKLM..\Run: [Ultimate Defender] C:\Program Files\Ultimate Defender\App.exe File not found
O4 - HKLM..\Run: [VoyetraAudioStation2] C:\VOYETRA\AS2\AS2TRAY.EXE (Voyetra Technologies Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [COM+ Manager] C:\Documents and Settings\hidden\.COMMgr\complmgr.exe File not found
O4 - HKCU..\Run: [gadcom] C:\Documents and Settings\hidden\Application Data\gadcom\gadcom.exe File not found
O4 - HKCU..\Run: [lluatkql] C:\Documents and Settings\hidden\Application Data\rqhrbbxsh\ormnyxctssd.exe ()
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\MSN Messenger\MsnMsgr.Exe File not found
O4 - HKCU..\Run: [sysav] C:\Documents and Settings\hidden\Application Data\winav.exe File not found
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\HOMERunner.exe File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: Wallpaper =
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found
O9 - Extra Button: @shdoclc.dll,-866@1033,Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\WEB\related.htm ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864@1033,Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\WEB\related.htm ()
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {034CC2DC-3245-4B26-B5C7-7B8777739CB7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {0522708F-0D6C-7DF8-085F-288474A63F11} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {07ABDE4B-B4E3-2161-434B-22801DA58C2D} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {0DD59632-6A06-3B74-C9D7-3B2B264230FC} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {0DF950C9-47C1-0D9A-FC26-4EBA53B158A6} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {466583FB-C061-277D-F6F6-6CB77D1F0C28} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {47B7E474-439D-07A0-7D60-732616FE6823} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {4CEDBC97-9F52-0998-6039-28B6495395A9} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {572FECFC-F318-3508-7BE4-5FFD19C790D0} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {584500CB-BA31-6980-C704-31C539EF3E5E} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {5A0FD641-25BF-043C-AEF1-02AC575B96AB} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {5BFDB69B-F8BA-7601-F8D7-48512F58308D} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {5D614C73-516B-11A6-5D2F-21A4737DF2D2} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {642496E4-C176-5F3F-8137-27FE0799EAAF} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {731C3B64-014E-0B77-4ACA-0A740CAC628C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {7EA1B0EB-F285-1746-E496-35F5092ED220} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {7F6A6D02-05F2-3908-9C96-614901141404} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {9656B666-992F-4D74-8588-8CA69E97D90C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB77} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\SYSTEM32\msdxm.ocx ()
O18 - Protocol\Filter\text/html {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - Reg Error: Key error. File not found
O20 - AppInit_DLLs: (C:\WINDOWS\System32\juyarono.dll) - C:\WINDOWS\System32\juyarono.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\sunasuyu.dll) - C:\WINDOWS\System32\sunasuyu.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20 - Winlogon\Notify\nnnmnkjk: DllName - nnnmnkjk.dll - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\ssqNHbXO: DllName - ssqNHbXO.dll - File not found
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\vtUmLExx: DllName - vtUmLExx.dll - File not found
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\wmiurv: DllName - wmiurv32.dll - File not found
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - C:\WINDOWS\System32\sunasuyu.dll File not found
O22 - SharedTaskScheduler: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - STS - C:\WINDOWS\System32\sunasuyu.dll File not found
O28 - HKLM ShellExecuteHooks: {13F20E4F-F379-41EA-8F80-CCAAE787362A} - C:\WINDOWS\System32\nnnmnkjk.dll File not found
O28 - HKLM ShellExecuteHooks: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\System32\vtUmLExx.dll File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (schannel.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O29 - HKLM SecurityProviders - (xlibgfl254.dll) - File not found
O29 - HKLM SecurityProviders - (append.dll) - File not found
O30 - LSA: Authentication Packages - (C:\WINDOWS\System32\rqRKCssS) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/05/20 20:44:20 | 000,000,194 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/07/31 16:39:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hidden\Application Data\rqhrbbxsh
[2010/07/06 14:27:15 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/07/06 14:26:52 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/07/06 14:26:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/20 17:45:30 | 000,000,000 | -HSD | C] -- C:\FOUND.002
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\Documents and Settings\hidden\My Documents\*.tmp files -> C:\Documents and Settings\hidden\My Documents\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/31 20:53:18 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\PCHealth Scheduler for Data Collection.job
[2010/07/31 20:43:18 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/31 20:43:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/31 20:43:00 | 268,017,664 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/31 20:41:42 | 007,864,320 | -H-- | M] () -- C:\Documents and Settings\hidden\NTUSER.DAT
[2010/07/31 20:41:42 | 000,000,250 | -HS- | M] () -- C:\Documents and Settings\hidden\ntuser.ini
[2010/07/31 16:54:26 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/07/31 16:38:32 | 000,283,904 | ---- | M] () -- C:\Documents and Settings\hidden\file.exe
[2010/07/31 16:01:28 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/07/31 15:48:42 | 000,002,184 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/07 14:00:02 | 000,000,502 | ---- | M] () -- C:\WINDOWS\tasks\Tune-up Application Start.job
[2010/07/06 14:28:12 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/07/06 14:28:10 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/06/28 21:57:34 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/28 21:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/28 21:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/28 21:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/28 21:33:14 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/28 21:32:46 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/28 21:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/28 21:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\Documents and Settings\hidden\My Documents\*.tmp files -> C:\Documents and Settings\hidden\My Documents\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/31 20:02:48 | 268,017,664 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/31 16:38:31 | 000,283,904 | ---- | C] () -- C:\Documents and Settings\hidden\file.exe
[2010/07/06 14:28:11 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2009/02/06 12:23:00 | 001,649,418 | -HS- | C] () -- C:\WINDOWS\System32\ofdovigf.ini
[2009/01/25 18:02:12 | 001,438,325 | -HS- | C] () -- C:\WINDOWS\System32\aslsukgm.ini
[2009/01/18 15:59:57 | 001,407,285 | -HS- | C] () -- C:\WINDOWS\System32\ygvhtbln.ini
[2009/01/18 15:04:39 | 001,407,285 | -HS- | C] () -- C:\WINDOWS\System32\cestjnyi.ini
[2009/01/17 10:25:20 | 001,407,263 | -HS- | C] () -- C:\WINDOWS\System32\koibvywr.ini
[2009/01/16 11:19:38 | 001,469,219 | -HS- | C] () -- C:\WINDOWS\System32\imkpfone.ini
[2009/01/10 12:08:17 | 001,469,219 | -HS- | C] () -- C:\WINDOWS\System32\oheonesi.ini
[2009/01/05 10:57:11 | 001,348,473 | -HS- | C] () -- C:\WINDOWS\System32\qlaebhks.ini
[2009/01/03 11:06:15 | 001,311,620 | -HS- | C] () -- C:\WINDOWS\System32\hnehxalx.ini
[2009/01/02 10:45:21 | 001,311,620 | -HS- | C] () -- C:\WINDOWS\System32\thincvsr.ini
[2008/12/30 12:53:08 | 001,312,223 | -HS- | C] () -- C:\WINDOWS\System32\lfbdrgch.ini
[2008/12/27 17:48:26 | 001,311,238 | -HS- | C] () -- C:\WINDOWS\System32\uxjmesov.ini
[2008/12/26 13:06:27 | 000,383,807 | -HS- | C] () -- C:\WINDOWS\System32\SssCKRqr.ini2
[2008/12/26 13:06:26 | 000,383,807 | -HS- | C] () -- C:\WINDOWS\System32\SssCKRqr.ini
[2008/11/23 10:57:12 | 001,557,753 | -HS- | C] () -- C:\WINDOWS\System32\inahiwar.ini
[2008/11/22 11:43:40 | 000,000,120 | -HS- | C] () -- C:\WINDOWS\System32\ewomirev.ini
[2008/11/21 13:58:08 | 001,553,568 | -HS- | C] () -- C:\WINDOWS\System32\ewakoruz.ini
[2008/11/20 10:48:16 | 001,476,282 | -HS- | C] () -- C:\WINDOWS\System32\ihiyeyem.ini
[2008/06/20 16:01:58 | 002,013,920 | -HS- | C] () -- C:\WINDOWS\System32\hrlkwcfv.ini
[2008/06/19 15:57:21 | 001,639,650 | -HS- | C] () -- C:\WINDOWS\System32\coasxhno.ini
[2008/06/17 20:32:38 | 000,000,235 | ---- | C] () -- C:\WINDOWS\cookies.ini
[2008/06/17 14:12:12 | 001,588,831 | -HS- | C] () -- C:\WINDOWS\System32\swlivbvy.ini
[2008/06/16 10:39:21 | 001,630,364 | -HS- | C] () -- C:\WINDOWS\System32\tapikatp.ini
[2008/06/16 10:37:30 | 000,000,022 | ---- | C] () -- C:\WINDOWS\pskt.ini
[2008/06/15 16:57:48 | 001,659,661 | -HS- | C] () -- C:\WINDOWS\System32\noathqgw.ini
[2008/06/15 16:56:13 | 000,652,754 | -HS- | C] () -- C:\WINDOWS\System32\WGQqAcdd.ini2
[2008/06/15 16:56:12 | 000,652,754 | -HS- | C] () -- C:\WINDOWS\System32\WGQqAcdd.ini
[2008/02/27 15:50:42 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Ps_setup.ini
[2008/02/27 15:35:51 | 000,000,037 | ---- | C] () -- C:\WINDOWS\D660UES.ini
[2007/12/09 21:38:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth2.dll
[2007/12/09 21:38:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth1.dll
[2007/12/09 21:38:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll
[2006/12/17 18:01:51 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2006/04/27 21:31:03 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI
[2006/04/14 19:59:38 | 000,000,020 | ---- | C] () -- C:\WINDOWS\powerplayer.ini
[2006/04/14 19:59:34 | 000,000,104 | ---- | C] () -- C:\WINDOWS\psnetwork.ini
[2006/03/03 12:48:36 | 000,000,549 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/02/26 17:23:30 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/02/26 17:21:10 | 000,000,122 | ---- | C] () -- C:\WINDOWS\ORCH.INI
[2006/02/26 17:02:03 | 000,000,827 | ---- | C] () -- C:\WINDOWS\AUDIOMIX.INI
[2006/02/26 17:02:03 | 000,000,093 | ---- | C] () -- C:\WINDOWS\midiplay.ini
[2006/02/26 17:02:03 | 000,000,092 | ---- | C] () -- C:\WINDOWS\wavplay.ini
[2006/02/26 17:02:02 | 000,000,143 | ---- | C] () -- C:\WINDOWS\audioviw.ini
[2006/02/26 17:02:02 | 000,000,125 | ---- | C] () -- C:\WINDOWS\vuninst.ini
[2006/02/26 17:02:02 | 000,000,110 | ---- | C] () -- C:\WINDOWS\powerbar.ini
[2006/02/26 17:02:02 | 000,000,050 | ---- | C] () -- C:\WINDOWS\audiosta.ini
[2006/02/09 15:26:22 | 000,000,045 | ---- | C] () -- C:\WINDOWS\IILDJMM.ini
[2006/02/09 14:53:07 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2005/06/26 14:44:12 | 000,001,039 | ---- | C] () -- C:\WINDOWS\psmplay.ini
[2005/06/26 14:25:35 | 000,000,070 | ---- | C] () -- C:\WINDOWS\mmpoly.ini
[2005/06/05 18:45:38 | 000,000,579 | ---- | C] () -- C:\WINDOWS\AWSHKWV.INI
[2005/03/04 13:26:40 | 000,032,523 | ---- | C] () -- C:\WINDOWS\SGTBoxf.INI
[2005/02/11 08:18:43 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2005/02/11 08:18:43 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2005/02/11 08:18:43 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2005/02/11 08:18:43 | 000,000,472 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2005/02/11 08:18:43 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2004/07/05 21:07:18 | 000,032,411 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
[2004/03/27 12:50:46 | 000,905,463 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2003/12/29 21:14:16 | 000,000,119 | ---- | C] () -- C:\WINDOWS\System32\winnet.ini
[2003/09/13 16:03:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2003/06/17 15:45:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2003/06/14 17:36:13 | 000,188,416 | ---- | C] () -- C:\WINDOWS\ATLControls.dll
[2003/03/02 13:48:04 | 000,000,804 | ---- | C] () -- C:\WINDOWS\System32\ncase.ini
[2003/03/01 12:53:53 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\msbb.dll
[2003/02/08 12:36:50 | 000,001,125 | ---- | C] () -- C:\WINDOWS\Winamp.ini
[2003/02/08 12:36:19 | 000,000,041 | ---- | C] () -- C:\WINDOWS\winampa.ini
[2003/02/02 13:01:41 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2003/02/02 13:00:30 | 000,000,040 | ---- | C] () -- C:\WINDOWS\phbase.ini
[2003/02/02 12:59:59 | 000,000,572 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2003/02/02 12:59:28 | 000,000,022 | ---- | C] () -- C:\WINDOWS\OP70.INI
[2003/02/02 12:57:08 | 000,001,711 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2003/02/02 12:57:08 | 000,000,028 | ---- | C] () -- C:\WINDOWS\album.ini
[2003/02/01 22:20:09 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/02/01 20:20:25 | 000,012,484 | ---- | C] () -- C:\WINDOWS\IOS.INI
[2003/02/01 20:20:25 | 000,000,787 | ---- | C] () -- C:\WINDOWS\SCANREG.INI
[2003/02/01 20:20:25 | 000,000,225 | ---- | C] () -- C:\WINDOWS\TELEPHON.INI
[2003/02/01 20:20:25 | 000,000,060 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2003/02/01 20:20:25 | 000,000,054 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2003/02/01 20:20:25 | 000,000,028 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2003/02/01 20:20:25 | 000,000,026 | ---- | C] () -- C:\WINDOWS\MSOFFICE.INI
[2003/02/01 20:20:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\progman.ini
[2003/02/01 20:20:24 | 000,007,885 | ---- | C] () -- C:\WINDOWS\NETDET.INI
[2003/02/01 20:20:24 | 000,005,068 | ---- | C] () -- C:\WINDOWS\DELETEFI.INI
[2003/02/01 20:20:24 | 000,003,598 | ---- | C] () -- C:\WINDOWS\HTMLHELP.INI
[2002/09/08 23:08:06 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2002/01/20 13:26:36 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\SimpleResize.dll
[1999/01/22 18:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1980/01/01 00:00:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ICMFILTER.DLL
[1980/01/01 00:00:00 | 000,000,025 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

========== LOP Check ==========

[2003/02/02 09:55:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2006/01/07 19:01:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kazaa
[2008/05/31 21:31:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/05/09 20:02:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/07/06 14:26:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2003/02/02 13:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Canon
[2003/03/22 13:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Browser Pal
[2003/11/06 20:52:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\{2CF0B992-5EEB-4143-99C2-5297EF71F44B}
[2007/03/04 12:36:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\uTorrent
[2007/03/04 17:07:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\MoyeaFLV2Video
[2007/06/24 17:23:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\tiny
[2007/12/30 18:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\SPSS
[2007/08/04 15:02:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Leadertech
[2007/12/14 18:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\SPSS 15.0 for Windows
[2008/03/17 11:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\ApplicationHistory
[2008/04/05 14:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\CutePDF Writer
[2008/04/05 14:46:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Bullzip
[2008/05/31 22:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\TomTom
[2008/12/27 18:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\gadcom
[2008/11/20 10:52:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\{845CF37D-D46E-449B-AF12-7507651F8B58}
[2009/05/09 19:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\GetRightToGo
[2010/07/31 16:39:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\rqhrbbxsh
[2006/01/07 18:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Kazaa Lite
[2006/02/24 19:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\.BitTornado
[2006/04/14 19:57:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\ppStream
[2006/09/02 12:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Ultimate Defender
[2006/09/17 21:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Ultimate Cleaner
[2010/07/07 14:00:02 | 000,000,502 | ---- | M] () -- C:\WINDOWS\Tasks\Tune-up Application Start.job
[2010/07/31 20:53:18 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\PCHealth Scheduler for Data Collection.job

========== Purity Check ==========



========== Custom Scans ==========


< iaStor.sys >

< nvstor.sys >

< nvstor32.sys >

< atapi.sys >

< IdeChnDr.sys >

< viasraid.sys >

< AGP440.sys >

< vaxscsi.sys >

< nvatabus.sys >

< viamraid.sys >

< nvata.sys >

< nvgts.sys >

< iastorv.sys >

< ViPrt.sys >

< eNetHook.dll >

< explorer.exe >

< svchost.exe >

< userinit.exe >

< qmgr.dll >

< ws2_32.dll >

< proquota.exe >

< imm32.dll >

< kernel32.dll >

< ndis.sys >

< autochk.exe >

< spoolsv.exe >

< xmlprov.dll >

< ntmssvc.dll >

< mswsock.dll >

< Beep.SYS >

< ntfs.sys >

< termsrv.dll >

< sfcfiles.dll >

< st3shark.sys >

< ahcix86.sys >

< srsvc.dll >

< nvrd32.sys >

< /md5stop >
Invalid Switch: md5stop

< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< End of report >

Extras file:

OTL Extras logfile created on: 31/07/2010 20:47:08 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = F:\
Windows XP Professional Edition (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2600.0000)
Locale: 00000809 | Country: United Kingdom | Language: eng | Date Format: dd/MM/yyyy

256.00 Mb Total Physical Memory | 57.00 Mb Available Physical Memory | 22.00% Memory free
428.00 Mb Paging File | 302.00 Mb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 192 384 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 7.64 Gb Free Space | 41.00% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 249.35 Mb Total Space | 37.35 Mb Free Space | 14.98% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: hidden
Current User Name: hidden
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL %1,%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.reg [@ = regfile] -- regedit.exe "%1"

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL %1,%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- %1
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{14C35072-D7D0-4B29-B5BF-C94E426D77E9}" = Sky Broadband
"{15B25E12-3E5F-4C13-A637-9EC72A55491E}" = SPSS 15.0 for Windows
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 13
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{8610BEA1-FD76-4340-8326-7946DDC2EE7B}" = iTunes
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AC76BA86-7AD7-5670-0000-800000000003}" = Korean Fonts Support For Adobe Reader 8
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AltnetDM" = Peer Points Manager
"ArcSoft PhotoStudio 2000" = ArcSoft PhotoStudio 2000
"avast5" = avast! Free Antivirus
"InterVideo DirectShow Filter_is1" = InterVideo DirectShow Filter 2.6
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"msbb" = Search Assistant
"Need2FindBar Uninstall" = Need2Find Bar
"oeupdate" = Outlook Express Q823353
"OmniPagePro9.0DeinstKey" = OmniPage Pro 9.0
"P2P Networking" = P2P Networking
"Q309521" = Windows XP Hotfix (SP1) [See Q309521 for more information]
"Q311889" = Windows XP Hotfix (SP1) [See Q311889 for more information]
"Q311967" = Windows XP Hotfix (SP1) [See Q311967 for more information]
"Q313450" = Windows XP Hotfix (SP1) [See Q313450 for more information]
"Q314862" = Windows XP Hotfix (SP1) [See Q314862 for more information]
"Q315000" = Windows XP Hotfix (SP1) [See Q315000 for more information]
"Q315403" = Windows XP Hotfix (SP1) [See Q315403 for more information]
"Q317277" = Windows XP Hotfix (SP1) [See Q317277 for more information]
"Q318138" = Windows XP Hotfix (SP1) [See Q318138 for more information]
"Q319580" = Windows XP Application Compatibility Update[Q319580]
"Q323172" = Windows XP Hotfix (SP1) [See Q323172 for more information]
"Q324096" = Windows XP Hotfix (SP1) [See Q324096 for more information]
"Q324380" = Windows XP Hotfix (SP1) [See Q324380 for more information]
"Q326830" = Windows XP Hotfix (SP1) [See Q326830 for more information]
"Q328940" = Windows XP Hotfix (SP1) [See Q328940 for more information]
"Q329048" = Windows XP Hotfix (SP1) [See Q329048 for more information]
"Q329115" = Windows XP Hotfix (SP2) [See Q329115 for more information]
"Q329170" = Windows XP Hotfix (SP1) Q329170
"Q329390" = Windows XP Hotfix (SP1) [See Q329390 for more information]
"Q329441" = Windows XP Hotfix (SP1) [See Q329441 for more information]
"Q329834" = Windows XP Hotfix (SP1) [See Q329834 for more information]
"Q810577" = Windows XP Hotfix (SP1) Q810577
"Q810833" = Windows XP Hotfix (SP1) Q810833
"Q811493" = Windows XP Hotfix (SP1) Q811493
"Q815021" = Windows XP Hotfix (SP1) Q815021
"Q817606" = Windows XP Hotfix (SP1) Q817606
"Q819696" = Windows XP Hotfix (SP1) Q819696
"Q828026" = Windows Media Player Hotfix [See Q828026 for more information]
"RealPlayer 6.0" = RealPlayer
"Tiny soft" = Tiny soft
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinZip" = WinZip

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 11/10/2009 10:31:02 | Computer Name = hidden | Source = avast! | ID = 33554522
Description =

Error - 11/10/2009 10:31:03 | Computer Name = hidden | Source = avast! | ID = 33554522
Description =

Error - 11/10/2009 10:33:48 | Computer Name = hidden | Source = avast! | ID = 33554522
Description =

Error - 11/10/2009 10:33:48 | Computer Name = hidden | Source = avast! | ID = 33554522
Description =

Error - 11/10/2009 10:41:23 | Computer Name = hidden | Source = avast! | ID = 33554522
Description =

Error - 11/10/2009 10:41:25 | Computer Name = hidden | Source = avast! | ID = 33554522
Description =

Error - 11/10/2009 10:49:26 | Computer Name = hidden | Source = avast! | ID = 33554522
Description =

Error - 11/10/2009 10:53:56 | Computer Name = hidden | Source = avast! | ID = 33554522
Description =

Error - 11/10/2009 10:53:56 | Computer Name = hidden | Source = avast! | ID = 33554522
Description =

Error - 25/12/2009 12:59:14 | Computer Name = hidden | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 04/09/2004 13:32:00 | Computer Name = hidden | Source = Application Hang | ID = 1001
Description = Fault bucket 02094221.

Error - 04/09/2004 13:36:07 | Computer Name = hidden | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2600.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 04/09/2004 13:36:07 | Computer Name = hidden | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2600.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 04/09/2004 13:41:58 | Computer Name = hidden | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2600.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 04/09/2004 13:41:59 | Computer Name = hidden | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2600.0, faulting module
ole32.dll, version 5.1.2600.136, fault address 0x0007bcf7.

Error - 04/09/2004 13:58:40 | Computer Name = hidden | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2600.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 04/09/2004 14:10:21 | Computer Name = hidden | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2600.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 04/09/2004 14:29:16 | Computer Name = hidden | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2600.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 06/09/2004 07:05:49 | Computer Name = hidden | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2600.0, faulting module
unknown, version 0.0.0.0, fault address 0x01a4797c.

Error - 06/09/2004 12:27:43 | Computer Name = hidden | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 8.0.0.4482, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 30/04/2003 11:50:15 | Computer Name = hidden | Source = Service Control Manager | ID = 7022
Description = The Background Intelligent Transfer Service service hung on starting.

Error - 01/05/2003 12:25:04 | Computer Name = hidden | Source = Service Control Manager | ID = 7022
Description = The Background Intelligent Transfer Service service hung on starting.

Error - 02/05/2003 09:49:02 | Computer Name = hidden | Source = Service Control Manager | ID = 7022
Description = The Background Intelligent Transfer Service service hung on starting.

Error - 02/05/2003 10:54:25 | Computer Name = hidden | Source = Service Control Manager | ID = 7022
Description = The Background Intelligent Transfer Service service hung on starting.

Error - 04/05/2003 07:06:28 | Computer Name = hidden | Source = Service Control Manager | ID = 7022
Description = The Background Intelligent Transfer Service service hung on starting.

Error - 08/05/2003 15:04:11 | Computer Name = hidden | Source = Service Control Manager | ID = 7022
Description = The Background Intelligent Transfer Service service hung on starting.

Error - 08/05/2003 15:07:45 | Computer Name = hidden | Source = System Error | ID = 1003
Description = Error code 00000051, parameter1 00000003, parameter2 00000001, parameter3
00ea3000, parameter4 e133ca30.

Error - 10/04/2003 08:56:41 | Computer Name = hidden | Source = W32Time | ID = 39452706
Description = The time service has detected that the system time needs to be changed
by +2591984 seconds. The time service will not change the system time by more than
+54000 seconds. Verify that your time and time zone are correct, and that the time
source time.windows.com (ntp.m|0x1|80.40.12.76:123->207.46.248.43:123) is working
properly.

Error - 18/04/2003 12:17:17 | Computer Name = hidden | Source = W32Time | ID = 39452706
Description = The time service has detected that the system time needs to be changed
by +2591969 seconds. The time service will not change the system time by more than
+54000 seconds. Verify that your time and time zone are correct, and that the time
source time.windows.com (ntp.m|0x1|80.40.12.13:123->207.46.248.43:123) is working
properly.

Error - 21/07/2003 15:29:58 | Computer Name = hidden | Source = W32Time | ID = 39452706
Description = The time service has detected that the system time needs to be changed
by -5270436 seconds. The time service will not change the system time by more than
-54000 seconds. Verify that your time and time zone are correct, and that the time
source time.windows.com (ntp.m|0x1|80.40.7.244:123->207.46.248.43:123) is working
properly.


< End of report >

someonehelp
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-07-31
OS OS : xp
Points Points : 23548
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by Crush on 31st July 2010, 8:33 pm

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42128
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by someonehelp on 31st July 2010, 8:48 pm

I downloaded commy.exe to my usb and saved it to the infected pc's desktop but it says the file commy.exe is infected. i've tried renaming it, and saving it again, but i get the same error message...

Thanks.


someonehelp
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-07-31
OS OS : xp
Points Points : 23548
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by Crush on 31st July 2010, 9:00 pm

Ok. Try this first:

Please download and run RKill.

[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.]

  • Save it to your Desktop.
  • Double click the RKill desktop icon.
  • It will quickly run and launch a log. If it does not launch a log, try another download link until it does.
  • Please post its log in your next reply.
  • After it has run successfully, delete RKill.

Note: This tool only kills the active infection, the actual infection will not be gone. Once you reboot the infection will be active again! Please do not reboot until instructed further to do so.

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42128
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by someonehelp on 31st July 2010, 9:09 pm

I tried all 3 links but i get the same message for each of them, the file rkill is infected.

Can i run it straight from my usb or does it have to be saved on the desktop?

someonehelp
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-07-31
OS OS : xp
Points Points : 23548
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by Crush on 31st July 2010, 9:11 pm

It has to be on the Desktop. Can you try Safe Mode With Networking please? In order to get to Safe Mode With Networking reboot your PC and hit F8 as the PC boots up. choose Safe Mode With Networking in the menu you are presented with.

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42128
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by someonehelp on 31st July 2010, 9:17 pm

I have already tried this. It keeps rebooting itself while in the process of starting in safe mode with networking. So I am not able to start in safe mode unfortunately...

Thanks.

someonehelp
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-07-31
OS OS : xp
Points Points : 23548
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by Crush on 31st July 2010, 9:21 pm

Hi,

I'll get back to you on this Smile. I need to do some thinking.

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42128
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by Crush on 31st July 2010, 10:48 pm

Please download and run the following

[You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.]

which are renamed copies of rkill.com, and try them instead.

Then Rename ComboFix to firefox.com

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42128
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by someonehelp on 31st July 2010, 11:13 pm

Still get the same error messages I'm afraid... It seems like the files get infected as soon as I copy them on to the desktop. The only thing that worked was OTL which was run straight from my usb.

I tried running the above from my usb as well but it still didn't work.

Is anything going to remove this thing?!

Your help is appreciated!

someonehelp
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-07-31
OS OS : xp
Points Points : 23548
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by Crush on 31st July 2010, 11:32 pm

Did you try running combofix as a renamed firefox.com?

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42128
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by someonehelp on 31st July 2010, 11:52 pm

I have just tried running it but it says it can't find the file, even though I changed in the name of it in the Run box.

I tried it by renaming it to firefox.com and firefox, incase it didn't like the firefox.com.exe in the command.

Not sure what I am doing wrong...

someonehelp
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-07-31
OS OS : xp
Points Points : 23548
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by Crush on 1st August 2010, 12:43 am

We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Standard REATOGO Windows Recovery Environment.
  • Place a blank CD-R disc in to your CD burning drive.
  • Download [You must be registered and logged in to see this link.] and double-click on it to burn to a CD using ISO Burner.
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps [You must be registered and logged in to see this link.]
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to Non-Microsoft
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\_OTL\MovedFiles
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42128
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by someonehelp on 1st August 2010, 10:45 am

After OTL has started, there are 3 options for Drivers, None, Use SafeList and All. I cannot see a Non-Microsoft option.

Which one do I choose?

someonehelp
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-07-31
OS OS : xp
Points Points : 23548
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by Crush on 1st August 2010, 6:13 pm

Safe List please

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42128
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by someonehelp on 1st August 2010, 6:43 pm

OTL logfile created on: 8/1/2010 8:30:11 PM - Run
OTLPE by OldTimer - Version 3.1.40.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2600.0000)
Locale: 00000809 | Country: United Kingdom | Language: eng | Date Format: dd/MM/yyyy

256.00 Mb Total Physical Memory | 77.00 Mb Available Physical Memory | 30.00% Memory free
216.00 Mb Paging File | 94.00 Mb Available in Paging File | 44.00% Paging File free
Paging file location(s): C:\pagefile.sys 192 384 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 7.44 Gb Free Space | 39.93% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 280.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/06/28 21:57:16 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 21:57:16 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 21:57:16 | 000,040,384 | ---- | M] (AVAST Software) [Auto] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- E:\EngraveLab Educate\CADlink.sys -- (CADlink)
DRV - File not found [Kernel | Boot] -- C:\WINDOWS\System32\Drivers\ati6eixx.sys -- (ati6eixx)
DRV - File not found [Kernel | Boot] -- C:\WINDOWS\System32\Drivers\ati5xdxx.sys -- (ati5xdxx)
DRV - File not found [Kernel | Boot] -- C:\WINDOWS\System32\Drivers\ati0mrxx.sys -- (ati0mrxx)
DRV - [2010/06/28 21:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 21:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 21:33:14 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 21:32:46 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 21:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2003/12/08 11:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2003/12/08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\alcaudsl.sys -- (alcaudsl)
DRV - [2001/08/17 14:02:32 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2001/08/17 13:47:22 | 000,009,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\NtApm.sys -- (NtApm)
DRV - [2001/08/17 13:28:14 | 000,765,884 | ---- | M] (U.S. Robotics, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\USRTI.SYS -- (USRTI)
DRV - [2001/08/17 12:50:56 | 000,050,432 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\SiSV.sys -- (SiSV)
DRV - [2001/08/17 12:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)
DRV - [2001/08/17 12:12:42 | 000,023,070 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\hidden_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\hidden_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\hidden_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\hidden_ON_C\..\URLSearchHook: {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - Reg Error: Key error. File not found
IE - HKU\hidden_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\hidden_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKU\hidden_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643


FF - HKLM\software\mozilla\Firefox\Extensions\\{845CF37D-D46E-449B-AF12-7507651F8B58}: C:\Documents and Settings\hidden\Application Data\{845CF37D-D46E-449B-AF12-7507651F8B58} [2008/11/20 10:52:26 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/01/07 19:01:52 | 000,149,441 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost.localdomain
O1 - Hosts: 127.0.0.1 sitefinder.Verisign.com # Verisign has joined the game
O1 - Hosts: 127.0.0.1 sitefinder-idn.Verisign.com # of trying to hijack mistyped
O1 - Hosts: 127.0.0.1 # URLs to their site.
O1 - Hosts: 127.0.0.1 # and potentially other sites.
O1 - Hosts: 127.0.0.1 media.fastclick.net # Likewise, this may interefer with some
O1 - Hosts: 127.0.0.1 # sites.
O1 - Hosts: 127.0.0.1 #up CSS on livejournal
O1 - Hosts: 127.0.0.1 # problems with NPR.org
O1 - Hosts: 127.0.0.1 06272002-dbase.hitcountz.net # Web bugs in spam
O1 - Hosts: 127.0.0.1 123counter.mycomputer.com
O1 - Hosts: 127.0.0.1 123counter.superstats.com
O1 - Hosts: 127.0.0.1 1ca.cqcounter.com
O1 - Hosts: 127.0.0.1 1uk.cqcounter.com
O1 - Hosts: 127.0.0.1 1us.cqcounter.com
O1 - Hosts: 127.0.0.1 2001-007.com
O1 - Hosts: 127.0.0.1 4-counter.com
O1 - Hosts: 127.0.0.1 abscbn.spinbox.net
O1 - Hosts: 127.0.0.1 activity.serving-sys.com #eyeblaster.com
O1 - Hosts: 127.0.0.1 ad-logics.com
O1 - Hosts: 127.0.0.1 adclient.rottentomatoes.com
O1 - Hosts: 127.0.0.1 adcodes.aim4media.com
O1 - Hosts: 127.0.0.1 adcounter.globeandmail.com
O1 - Hosts: 127.0.0.1 adcounter.theglobeandmail.com
O1 - Hosts: 4539 more lines...
O2 - BHO: (no name) - {13F20E4F-F379-41EA-8F80-CCAAE787362A} - C:\WINDOWS\System32\nnnmnkjk.dll File not found
O2 - BHO: (no name) - {4BA7E09D-C8BD-4B87-A065-63E77A854029} - C:\WINDOWS\System32\ddcAqQGW.dll File not found
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\System32\vtUmLExx.dll File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O2 - BHO: (no name) - {c83a94d6-7733-4d2f-bff2-6e039b726f5e} - C:\WINDOWS\System32\lehetojo.dll File not found
O2 - BHO: (no name) - {DB68B50B-7876-4FD1-837B-B96AFB4F74EF} - C:\WINDOWS\System32\rqRKCssS.dll File not found
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {2CF0B992-5EEB-4143-99C2-5297EF71F44B} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\msdxm.ocx ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKU\hidden_ON_C\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKU\hidden_ON_C\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CPM340e2a31] C:\WINDOWS\System32\sunasuyu.DLL File not found
O4 - HKLM..\Run: [D066UUtility] C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE ()
O4 - HKLM..\Run: [EbatesMoeMoneyMaker0] C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe File not found
O4 - HKLM..\Run: [fodejotane] C:\WINDOWS\System32\kuzeyogi.DLL File not found
O4 - HKLM..\Run: [gwiz] C:\WINDOWS\System32\arpl.exe File not found
O4 - HKLM..\Run: [lluatkql] C:\Documents and Settings\hidden\Application Data\rqhrbbxsh\ormnyxctssd.exe ()
O4 - HKLM..\Run: [msbb] C:\WINDOWS\System32\msbb.exe File not found
O4 - HKLM..\Run: [rhapcihdzblcj] C:\WINDOWS\System32\dnaxeae.exe File not found
O4 - HKLM..\Run: [SystemTray] C:\WINDOWS\System32\systray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TBllEe] C:\WINDOWS\relsd.exe File not found
O4 - HKLM..\Run: [Ultimate Cleaner] C:\Program Files\Ultimate Cleaner\App.exe File not found
O4 - HKLM..\Run: [Ultimate Defender] C:\Program Files\Ultimate Defender\App.exe File not found
O4 - HKLM..\Run: [VoyetraAudioStation2] C:\VOYETRA\AS2\AS2TRAY.EXE (Voyetra Technologies Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKU\LocalService_ON_C..\Run: [fodejotane] C:\WINDOWS\System32\kuzeyogi.DLL File not found
O4 - HKU\NetworkService_ON_C..\Run: [fodejotane] C:\WINDOWS\System32\kuzeyogi.DLL File not found
O4 - HKU\hidden_ON_C..\Run: [COM+ Manager] C:\Documents and Settings\hidden\.COMMgr\complmgr.exe File not found
O4 - HKU\hidden_ON_C..\Run: [gadcom] C:\Documents and Settings\hidden\Application Data\gadcom\gadcom.exe File not found
O4 - HKU\hidden_ON_C..\Run: [lluatkql] C:\Documents and Settings\hidden\Application Data\rqhrbbxsh\ormnyxctssd.exe ()
O4 - HKU\hidden_ON_C..\Run: [MsnMsgr] C:\Program Files\MSN Messenger\MsnMsgr.Exe File not found
O4 - HKU\hidden_ON_C..\Run: [sysav] C:\Documents and Settings\hidden\Application Data\winav.exe File not found
O4 - HKU\hidden_ON_C..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\HOMERunner.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\.protected ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKU\hidden_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\hidden_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKU\hidden_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKU\hidden_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 1
O7 - HKU\hidden_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\hidden_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\hidden_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: Wallpaper =
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found
O9 - Extra Button: @shdoclc.dll,-866@1033,Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\WEB\related.htm ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864@1033,Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\WEB\related.htm ()
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {034CC2DC-3245-4B26-B5C7-7B8777739CB7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {0522708F-0D6C-7DF8-085F-288474A63F11} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {07ABDE4B-B4E3-2161-434B-22801DA58C2D} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {0DD59632-6A06-3B74-C9D7-3B2B264230FC} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {0DF950C9-47C1-0D9A-FC26-4EBA53B158A6} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {466583FB-C061-277D-F6F6-6CB77D1F0C28} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {47B7E474-439D-07A0-7D60-732616FE6823} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {4CEDBC97-9F52-0998-6039-28B6495395A9} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {572FECFC-F318-3508-7BE4-5FFD19C790D0} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {584500CB-BA31-6980-C704-31C539EF3E5E} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {5A0FD641-25BF-043C-AEF1-02AC575B96AB} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {5BFDB69B-F8BA-7601-F8D7-48512F58308D} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {5D614C73-516B-11A6-5D2F-21A4737DF2D2} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {642496E4-C176-5F3F-8137-27FE0799EAAF} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {731C3B64-014E-0B77-4ACA-0A740CAC628C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {7EA1B0EB-F285-1746-E496-35F5092ED220} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {7F6A6D02-05F2-3908-9C96-614901141404} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {9656B666-992F-4D74-8588-8CA69E97D90C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB77} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\SYSTEM32\msdxm.ocx ()
O18 - Protocol\Filter\text/html {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - Reg Error: Key error. File not found
O20 - AppInit_DLLs: (C:\WINDOWS\System32\juyarono.dll) - C:\WINDOWS\System32\juyarono.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\sunasuyu.dll) - C:\WINDOWS\System32\sunasuyu.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\nnnmnkjk: DllName - nnnmnkjk.dll - File not found
O20 - Winlogon\Notify\ssqNHbXO: DllName - ssqNHbXO.dll - File not found
O20 - Winlogon\Notify\vtUmLExx: DllName - vtUmLExx.dll - File not found
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\wmiurv: DllName - wmiurv32.dll - File not found
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - C:\WINDOWS\System32\sunasuyu.dll File not found
O22 - SharedTaskScheduler: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - STS - C:\WINDOWS\System32\sunasuyu.dll File not found
O28 - HKLM ShellExecuteHooks: {13F20E4F-F379-41EA-8F80-CCAAE787362A} - C:\WINDOWS\System32\nnnmnkjk.dll File not found
O28 - HKLM ShellExecuteHooks: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\System32\vtUmLExx.dll File not found
O29 - HKLM SecurityProviders - (xlibgfl254.dll) - File not found
O29 - HKLM SecurityProviders - (append.dll) - File not found
O30 - LSA: Authentication Packages - (C:\WINDOWS\System32\rqRKCssS) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/05/20 20:44:20 | 000,000,194 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/01 00:45:30 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/07/31 16:39:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hidden\Application Data\rqhrbbxsh
[2010/07/06 14:27:15 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/07/06 14:26:52 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\Documents and Settings\hidden\My Documents\*.tmp files -> C:\Documents and Settings\hidden\My Documents\*.tmp -> ]
[3 C:\Documents and Settings\hidden\My Documents\*.tmp files -> C:\Documents and Settings\hidden\My Documents\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/01 11:21:02 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\PCHealth Scheduler for Data Collection.job
[2010/08/01 01:20:14 | 000,786,432 | -H-- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/07/31 20:43:18 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/31 20:43:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/31 20:43:00 | 268,017,664 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/31 20:41:46 | 000,524,288 | -H-- | M] () -- C:\Documents and Settings\NetworkService\ntuser.dat
[2010/07/31 20:41:46 | 000,524,288 | -H-- | M] () -- C:\Documents and Settings\LocalService\ntuser.dat
[2010/07/31 20:41:42 | 007,864,320 | -H-- | M] () -- C:\Documents and Settings\hidden\NTUSER.DAT
[2010/07/31 20:41:42 | 000,000,250 | -HS- | M] () -- C:\Documents and Settings\hidden\ntuser.ini
[2010/07/31 16:38:32 | 000,283,904 | ---- | M] () -- C:\Documents and Settings\hidden\file.exe
[2010/07/31 16:01:28 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/07/31 15:48:42 | 000,002,184 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/07 14:00:02 | 000,000,502 | ---- | M] () -- C:\WINDOWS\tasks\Tune-up Application Start.job
[2010/07/06 14:28:10 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\Documents and Settings\hidden\My Documents\*.tmp files -> C:\Documents and Settings\hidden\My Documents\*.tmp -> ]
[3 C:\Documents and Settings\hidden\My Documents\*.tmp files -> C:\Documents and Settings\hidden\My Documents\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/31 20:02:48 | 268,017,664 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/31 16:38:31 | 000,283,904 | ---- | C] () -- C:\Documents and Settings\hidden\file.exe
[2009/02/06 12:23:00 | 001,649,418 | -HS- | C] () -- C:\WINDOWS\System32\ofdovigf.ini
[2009/01/25 18:02:12 | 001,438,325 | -HS- | C] () -- C:\WINDOWS\System32\aslsukgm.ini
[2009/01/18 15:59:57 | 001,407,285 | -HS- | C] () -- C:\WINDOWS\System32\ygvhtbln.ini
[2009/01/18 15:04:39 | 001,407,285 | -HS- | C] () -- C:\WINDOWS\System32\cestjnyi.ini
[2009/01/17 10:25:20 | 001,407,263 | -HS- | C] () -- C:\WINDOWS\System32\koibvywr.ini
[2009/01/16 11:19:38 | 001,469,219 | -HS- | C] () -- C:\WINDOWS\System32\imkpfone.ini
[2009/01/10 12:08:17 | 001,469,219 | -HS- | C] () -- C:\WINDOWS\System32\oheonesi.ini
[2009/01/05 10:57:11 | 001,348,473 | -HS- | C] () -- C:\WINDOWS\System32\qlaebhks.ini
[2009/01/03 11:06:15 | 001,311,620 | -HS- | C] () -- C:\WINDOWS\System32\hnehxalx.ini
[2009/01/02 10:45:21 | 001,311,620 | -HS- | C] () -- C:\WINDOWS\System32\thincvsr.ini
[2008/12/30 12:53:08 | 001,312,223 | -HS- | C] () -- C:\WINDOWS\System32\lfbdrgch.ini
[2008/12/27 17:48:26 | 001,311,238 | -HS- | C] () -- C:\WINDOWS\System32\uxjmesov.ini
[2008/12/26 13:06:27 | 000,383,807 | -HS- | C] () -- C:\WINDOWS\System32\SssCKRqr.ini2
[2008/12/26 13:06:26 | 000,383,807 | -HS- | C] () -- C:\WINDOWS\System32\SssCKRqr.ini
[2008/11/23 10:57:12 | 001,557,753 | -HS- | C] () -- C:\WINDOWS\System32\inahiwar.ini
[2008/11/22 11:43:40 | 000,000,120 | -HS- | C] () -- C:\WINDOWS\System32\ewomirev.ini
[2008/11/21 13:58:08 | 001,553,568 | -HS- | C] () -- C:\WINDOWS\System32\ewakoruz.ini
[2008/11/20 10:48:16 | 001,476,282 | -HS- | C] () -- C:\WINDOWS\System32\ihiyeyem.ini
[2008/06/20 16:01:58 | 002,013,920 | -HS- | C] () -- C:\WINDOWS\System32\hrlkwcfv.ini
[2008/06/19 15:57:21 | 001,639,650 | -HS- | C] () -- C:\WINDOWS\System32\coasxhno.ini
[2008/06/17 20:32:38 | 000,000,235 | ---- | C] () -- C:\WINDOWS\cookies.ini
[2008/06/17 14:12:12 | 001,588,831 | -HS- | C] () -- C:\WINDOWS\System32\swlivbvy.ini
[2008/06/16 10:39:21 | 001,630,364 | -HS- | C] () -- C:\WINDOWS\System32\tapikatp.ini
[2008/06/16 10:37:30 | 000,000,022 | ---- | C] () -- C:\WINDOWS\pskt.ini
[2008/06/15 16:57:48 | 001,659,661 | -HS- | C] () -- C:\WINDOWS\System32\noathqgw.ini
[2008/06/15 16:56:13 | 000,652,754 | -HS- | C] () -- C:\WINDOWS\System32\WGQqAcdd.ini2
[2008/06/15 16:56:12 | 000,652,754 | -HS- | C] () -- C:\WINDOWS\System32\WGQqAcdd.ini
[2008/02/27 15:50:42 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Ps_setup.ini
[2008/02/27 15:35:51 | 000,000,037 | ---- | C] () -- C:\WINDOWS\D660UES.ini
[2008/01/29 15:55:24 | 000,000,180 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2008/01/29 15:55:21 | 000,786,432 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2008/01/29 15:55:21 | 000,090,112 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.LOG
[2008/01/29 15:55:21 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.ref.LOG
[2007/12/09 21:38:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth2.dll
[2007/12/09 21:38:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth1.dll
[2007/12/09 21:38:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll
[2007/06/24 17:24:17 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\hidden\Application Data\xxx.exe
[2006/12/17 18:01:51 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2006/09/08 10:56:07 | 001,420,315 | ---- | C] () -- C:\Documents and Settings\hidden\Application Data\Install.dat
[2006/04/27 21:31:03 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI
[2006/04/14 19:59:38 | 000,000,020 | ---- | C] () -- C:\WINDOWS\powerplayer.ini
[2006/04/14 19:59:34 | 000,000,104 | ---- | C] () -- C:\WINDOWS\psnetwork.ini
[2006/03/03 12:48:36 | 000,000,549 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/02/26 17:23:30 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/02/26 17:21:10 | 000,000,122 | ---- | C] () -- C:\WINDOWS\ORCH.INI
[2006/02/26 17:02:03 | 000,000,827 | ---- | C] () -- C:\WINDOWS\AUDIOMIX.INI
[2006/02/26 17:02:03 | 000,000,093 | ---- | C] () -- C:\WINDOWS\midiplay.ini
[2006/02/26 17:02:03 | 000,000,092 | ---- | C] () -- C:\WINDOWS\wavplay.ini
[2006/02/26 17:02:02 | 000,000,143 | ---- | C] () -- C:\WINDOWS\audioviw.ini
[2006/02/26 17:02:02 | 000,000,125 | ---- | C] () -- C:\WINDOWS\vuninst.ini
[2006/02/26 17:02:02 | 000,000,110 | ---- | C] () -- C:\WINDOWS\powerbar.ini
[2006/02/26 17:02:02 | 000,000,050 | ---- | C] () -- C:\WINDOWS\audiosta.ini
[2006/02/09 15:26:22 | 000,000,045 | ---- | C] () -- C:\WINDOWS\IILDJMM.ini
[2006/02/09 14:53:07 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2005/06/26 14:44:12 | 000,001,039 | ---- | C] () -- C:\WINDOWS\psmplay.ini
[2005/06/26 14:25:35 | 000,000,070 | ---- | C] () -- C:\WINDOWS\mmpoly.ini
[2005/06/05 18:45:38 | 000,000,579 | ---- | C] () -- C:\WINDOWS\AWSHKWV.INI
[2005/03/27 16:39:21 | 004,194,441 | ---- | C] () -- C:\Documents and Settings\hidden\Application Data\sdi.db
[2005/03/04 13:26:40 | 000,032,523 | ---- | C] () -- C:\WINDOWS\SGTBoxf.INI
[2005/02/11 08:18:43 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2005/02/11 08:18:43 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2005/02/11 08:18:43 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2005/02/11 08:18:43 | 000,000,472 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2005/02/11 08:18:43 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2004/07/05 21:07:18 | 000,032,411 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
[2004/03/27 12:50:46 | 000,905,463 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2003/12/29 21:14:16 | 000,000,119 | ---- | C] () -- C:\WINDOWS\System32\winnet.ini
[2003/09/13 16:03:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2003/06/17 15:45:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2003/06/14 17:36:13 | 000,188,416 | ---- | C] () -- C:\WINDOWS\ATLControls.dll
[2003/03/02 13:48:04 | 000,000,804 | ---- | C] () -- C:\WINDOWS\System32\ncase.ini
[2003/03/01 12:53:53 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\msbb.dll
[2003/02/08 12:36:50 | 000,001,125 | ---- | C] () -- C:\WINDOWS\Winamp.ini
[2003/02/08 12:36:19 | 000,000,041 | ---- | C] () -- C:\WINDOWS\winampa.ini
[2003/02/02 13:01:41 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2003/02/02 13:00:30 | 000,000,040 | ---- | C] () -- C:\WINDOWS\phbase.ini
[2003/02/02 12:59:59 | 000,000,572 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2003/02/02 12:59:28 | 000,000,022 | ---- | C] () -- C:\WINDOWS\OP70.INI
[2003/02/02 12:57:08 | 000,001,711 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2003/02/02 12:57:08 | 000,000,028 | ---- | C] () -- C:\WINDOWS\album.ini
[2003/02/02 12:40:35 | 000,058,368 | ---- | C] () -- C:\Documents and Settings\hidden\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/02/01 22:20:09 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/02/01 22:07:00 | 000,000,250 | -HS- | C] () -- C:\Documents and Settings\hidden\ntuser.ini
[2003/02/01 22:05:32 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2003/02/01 22:05:31 | 000,524,288 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat
[2003/02/01 22:05:31 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2003/02/01 22:05:31 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.ref.LOG
[2003/02/01 22:05:30 | 000,000,180 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2003/02/01 22:05:29 | 000,524,288 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat
[2003/02/01 22:05:29 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2003/02/01 22:05:29 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.ref.LOG
[2003/02/01 20:20:25 | 000,012,484 | ---- | C] () -- C:\WINDOWS\IOS.INI
[2003/02/01 20:20:25 | 000,000,787 | ---- | C] () -- C:\WINDOWS\SCANREG.INI
[2003/02/01 20:20:25 | 000,000,225 | ---- | C] () -- C:\WINDOWS\TELEPHON.INI
[2003/02/01 20:20:25 | 000,000,060 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2003/02/01 20:20:25 | 000,000,054 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2003/02/01 20:20:25 | 000,000,028 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2003/02/01 20:20:25 | 000,000,026 | ---- | C] () -- C:\WINDOWS\MSOFFICE.INI
[2003/02/01 20:20:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\progman.ini
[2003/02/01 20:20:24 | 000,007,885 | ---- | C] () -- C:\WINDOWS\NETDET.INI
[2003/02/01 20:20:24 | 000,005,068 | ---- | C] () -- C:\WINDOWS\DELETEFI.INI
[2003/02/01 20:20:24 | 000,003,598 | ---- | C] () -- C:\WINDOWS\HTMLHELP.INI
[2003/02/01 20:20:07 | 007,864,320 | -H-- | C] () -- C:\Documents and Settings\hidden\NTUSER.DAT
[2003/02/01 20:20:07 | 000,024,576 | -H-- | C] () -- C:\Documents and Settings\hidden\ntuser.dat.LOG
[2003/02/01 18:34:22 | 000,023,357 | -H-- | C] () -- C:\Program Files\folder.htt
[2002/09/08 23:08:06 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2002/01/20 13:26:36 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\SimpleResize.dll
[1999/01/22 18:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1980/01/01 00:00:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ICMFILTER.DLL
[1980/01/01 00:00:00 | 000,000,025 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

========== LOP Check ==========

[2003/02/02 13:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Canon
[2003/03/22 13:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Browser Pal
[2003/11/06 20:52:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\{2CF0B992-5EEB-4143-99C2-5297EF71F44B}
[2007/03/04 12:36:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\uTorrent
[2007/03/04 17:07:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\MoyeaFLV2Video
[2007/06/24 17:23:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\tiny
[2007/12/30 18:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\SPSS
[2007/08/04 15:02:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Leadertech
[2007/12/14 18:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\SPSS 15.0 for Windows
[2008/03/17 11:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\ApplicationHistory
[2008/04/05 14:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\CutePDF Writer
[2008/04/05 14:46:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Bullzip
[2008/05/31 22:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\TomTom
[2008/12/27 18:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\gadcom
[2008/11/20 10:52:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\{845CF37D-D46E-449B-AF12-7507651F8B58}
[2009/05/09 19:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\GetRightToGo
[2010/07/31 16:39:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\rqhrbbxsh
[2006/01/07 18:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Kazaa Lite
[2006/02/24 19:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\.BitTornado
[2006/04/14 19:57:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\ppStream
[2006/09/02 12:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Ultimate Defender
[2006/09/17 21:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Ultimate Cleaner
[2010/07/07 14:00:02 | 000,000,502 | ---- | M] () -- C:\WINDOWS\Tasks\Tune-up Application Start.job
[2010/08/01 11:21:02 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\PCHealth Scheduler for Data Collection.job

========== Purity Check ==========


< End of report >

someonehelp
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-07-31
OS OS : xp
Points Points : 23548
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by Crush on 1st August 2010, 7:36 pm

Hi,

Lots of stuff to fix here!

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O2 - BHO: (no name) - {13F20E4F-F379-41EA-8F80-CCAAE787362A} - C:\WINDOWS\System32\nnnmnkjk.dll File not found
    O2 - BHO: (no name) - {4BA7E09D-C8BD-4B87-A065-63E77A854029} - C:\WINDOWS\System32\ddcAqQGW.dll File not found
    O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\System32\vtUmLExx.dll File not found
    O2 - BHO: (no name) - {c83a94d6-7733-4d2f-bff2-6e039b726f5e} - C:\WINDOWS\System32\lehetojo.dll File not found
    O2 - BHO: (no name) - {DB68B50B-7876-4FD1-837B-B96AFB4F74EF} - C:\WINDOWS\System32\rqRKCssS.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {2CF0B992-5EEB-4143-99C2-5297EF71F44B} - No CLSID value found.
    O4 - HKLM..\Run: [fodejotane] C:\WINDOWS\System32\kuzeyogi.DLL File not found
    O4 - HKLM..\Run: [gwiz] C:\WINDOWS\System32\arpl.exe File not found
    O4 - HKLM..\Run: [lluatkql] C:\Documents and Settings\hidden\Application Data\rqhrbbxsh\ormnyxctssd.exe ()
    O4 - HKLM..\Run: [msbb] C:\WINDOWS\System32\msbb.exe File not found
    O4 - HKLM..\Run: [rhapcihdzblcj] C:\WINDOWS\System32\dnaxeae.exe File not found
    O4 - HKLM..\Run: [TBllEe] C:\WINDOWS\relsd.exe File not found
    O4 - HKLM..\Run: [Ultimate Cleaner] C:\Program Files\Ultimate Cleaner\App.exe File not found
    O4 - HKLM..\Run: [Ultimate Defender] C:\Program Files\Ultimate Defender\App.exe File not found
    O4 - HKU\LocalService_ON_C..\Run: [fodejotane] C:\WINDOWS\System32\kuzeyogi.DLL File not found
    O4 - HKU\NetworkService_ON_C..\Run: [fodejotane] C:\WINDOWS\System32\kuzeyogi.DLL File not found
    O4 - HKU\hidden_ON_C..\Run: [COM+ Manager] C:\Documents and Settings\hidden\.COMMgr\complmgr.exe File not found
    O4 - HKU\hidden_ON_C..\Run: [gadcom] C:\Documents and Settings\hidden\Application Data\gadcom\gadcom.exe File not found
    O4 - HKU\hidden_ON_C..\Run: [lluatkql] C:\Documents and Settings\hidden\Application Data\rqhrbbxsh\ormnyxctssd.exe ()
    O4 - HKU\hidden_ON_C..\Run: [MsnMsgr] C:\Program Files\MSN Messenger\MsnMsgr.Exe File not found
    O4 - HKU\hidden_ON_C..\Run: [sysav] C:\Documents and Settings\hidden\Application Data\winav.exe File not found
    O4 - HKU\hidden_ON_C..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\HOMERunner.exe File not found
    O18 - Protocol\Filter\text/html {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - Reg Error: Key error. File not found
    O20 - AppInit_DLLs: (C:\WINDOWS\System32\juyarono.dll) - C:\WINDOWS\System32\juyarono.dll File not found
    O20 - AppInit_DLLs: (c:\windows\system32\sunasuyu.dll) - C:\WINDOWS\System32\sunasuyu.dll File not found
    O20 - Winlogon\Notify\nnnmnkjk: DllName - nnnmnkjk.dll - File not found
    O20 - Winlogon\Notify\ssqNHbXO: DllName - ssqNHbXO.dll - File not found
    O20 - Winlogon\Notify\vtUmLExx: DllName - vtUmLExx.dll - File not found
    O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
    O20 - Winlogon\Notify\wmiurv: DllName - wmiurv32.dll - File not found
    O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - C:\WINDOWS\System32\sunasuyu.dll File not found
    O22 - SharedTaskScheduler: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - STS - C:\WINDOWS\System32\sunasuyu.dll File not found
    O28 - HKLM ShellExecuteHooks: {13F20E4F-F379-41EA-8F80-CCAAE787362A} - C:\WINDOWS\System32\nnnmnkjk.dll File not found
    O28 - HKLM ShellExecuteHooks: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\System32\vtUmLExx.dll File not found
    O29 - HKLM SecurityProviders - (xlibgfl254.dll) - File not found
    O29 - HKLM SecurityProviders - (append.dll) - File not found
    O30 - LSA: Authentication Packages - (C:\WINDOWS\System32\rqRKCssS) - File not found

    :Commands
    [emptytemp]
    [emptyflash]
    [resethosts]


  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42128
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by someonehelp on 1st August 2010, 7:57 pm

When I click on OTL it says the application failed to start because framedyn.dll was not found....

someonehelp
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-07-31
OS OS : xp
Points Points : 23548
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by Crush on 1st August 2010, 8:29 pm

Ok. Forget that for now.

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.



Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42128
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by someonehelp on 1st August 2010, 9:42 pm

After I put the command in the Run box it says errors encountered while performing this operation.

someonehelp
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-07-31
OS OS : xp
Points Points : 23548
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by Crush on 2nd August 2010, 1:18 am

Ok. Try just double clicking it and running the program please

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42128
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by someonehelp on 2nd August 2010, 8:01 pm

Hi,

I still get the same error message.

someonehelp
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-07-31
OS OS : xp
Points Points : 23548
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by Crush on 3rd August 2010, 9:15 pm

Hi,

I'm currently on vacation. If someone else wants to pick this up for you by all means have at it guys Smile

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42128
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by someonehelp on 14th August 2010, 12:30 pm

Hi,

Just wondering if you have come up with any more ideas?

Thanks.

someonehelp
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-07-31
OS OS : xp
Points Points : 23548
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by Crush on 14th August 2010, 7:10 pm

Hi,

Sorry. It looks like this got missed.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log in your reply

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42128
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by someonehelp on 15th August 2010, 10:42 am

Hi,

I cannot install the program as it tries to save files to the cd-rom drive and it doesn't give me an option to save to the hard drive.

Is it because I am using a cd-rom to start the pc? You asked me to do this previously as nothing seemed to work when I started the pc normally.

someonehelp
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-07-31
OS OS : xp
Points Points : 23548
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by Crush on 16th August 2010, 3:55 am

Hi,

What have you done with this PC over the last few days while I was on vacation? This will help to determine if anything has changed in terms of infection.

I see some junk in the old OTL can you post a new one to confirm that it is still there?

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42128
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by someonehelp on 17th August 2010, 5:20 pm

I haven't used the pc since you last provided help, so everything should be the same.

The code is below;

OTL logfile created on: 17/08/2010 00:52:45 - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\hidden\Desktop
Windows XP Professional Edition (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2600.0000)
Locale: 00000809 | Country: United Kingdom | Language: eng | Date Format: dd/MM/yyyy

256.00 Mb Total Physical Memory | 81.00 Mb Available Physical Memory | 32.00% Memory free
428.00 Mb Paging File | 312.00 Mb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 192 384 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 7.49 Gb Free Space | 40.20% Space Free | Partition Type: FAT32
Drive D: | 280.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
Drive F: | 249.35 Mb Total Space | 27.92 Mb Free Space | 11.20% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: hidden
Current User Name: hidden
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/01 20:50:50 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\hidden\Desktop\OTL.exe
PRC - [2010/06/28 21:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 21:57:16 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/01/11 22:16:38 | 000,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2006/02/23 19:10:38 | 000,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2002/09/08 23:08:06 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\savedump.exe
PRC - [2002/09/08 23:07:18 | 001,000,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2000/07/06 20:11:00 | 000,032,768 | ---- | M] () -- C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE
PRC - [1997/02/14 12:22:42 | 000,195,072 | ---- | M] (Voyetra Technologies Inc.) -- C:\VOYETRA\AS2\AS2TRAY.EXE


========== Modules (SafeList) ==========

MOD - [2010/08/01 20:50:50 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\hidden\Desktop\OTL.exe
MOD - [2002/09/08 23:09:32 | 000,921,088 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
MOD - [2002/09/08 23:07:42 | 000,106,547 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/06/28 21:57:16 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 21:57:16 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 21:57:16 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- E:\EngraveLab Educate\CADlink.sys -- (CADlink)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\ati6eixx.sys -- (ati6eixx)
DRV - [2010/06/28 21:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 21:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 21:33:14 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 21:32:46 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 21:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2003/12/08 11:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2003/12/08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\alcaudsl.sys -- (alcaudsl)
DRV - [2001/08/17 14:02:32 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2001/08/17 13:47:22 | 000,009,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NtApm.sys -- (NtApm)
DRV - [2001/08/17 13:28:14 | 000,765,884 | ---- | M] (U.S. Robotics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\USRTI.SYS -- (USRTI)
DRV - [2001/08/17 12:50:56 | 000,050,432 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SiSV.sys -- (SiSV)
DRV - [2001/08/17 12:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)
DRV - [2001/08/17 12:12:42 | 000,023,070 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643

FF - HKLM\software\mozilla\Firefox\Extensions\\{845CF37D-D46E-449B-AF12-7507651F8B58}: C:\Documents and Settings\hidden\Application Data\{845CF37D-D46E-449B-AF12-7507651F8B58} [2008/11/20 10:52:26 | 000,000,000 | ---D | M]

[2008/05/31 22:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Mozilla\Extensions
[2008/05/31 22:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Mozilla\Extensions\home2@tomtom.com

O1 HOSTS File: ([2006/01/07 19:01:52 | 000,149,441 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost.localdomain
O1 - Hosts: 127.0.0.1 sitefinder.Verisign.com # Verisign has joined the game
O1 - Hosts: 127.0.0.1 sitefinder-idn.Verisign.com # of trying to hijack mistyped
O1 - Hosts: 127.0.0.1 # URLs to their site.
O1 - Hosts: 127.0.0.1 # and potentially other sites.
O1 - Hosts: 127.0.0.1 media.fastclick.net # Likewise, this may interefer with some
O1 - Hosts: 127.0.0.1 # sites.
O1 - Hosts: 127.0.0.1 #up CSS on livejournal
O1 - Hosts: 127.0.0.1 # problems with NPR.org
O1 - Hosts: 127.0.0.1 06272002-dbase.hitcountz.net # Web bugs in spam
O1 - Hosts: 127.0.0.1 123counter.mycomputer.com
O1 - Hosts: 127.0.0.1 123counter.superstats.com
O1 - Hosts: 127.0.0.1 1ca.cqcounter.com
O1 - Hosts: 127.0.0.1 1uk.cqcounter.com
O1 - Hosts: 127.0.0.1 1us.cqcounter.com
O1 - Hosts: 127.0.0.1 2001-007.com
O1 - Hosts: 127.0.0.1 4-counter.com
O1 - Hosts: 127.0.0.1 abscbn.spinbox.net
O1 - Hosts: 127.0.0.1 activity.serving-sys.com #eyeblaster.com
O1 - Hosts: 127.0.0.1 ad-logics.com
O1 - Hosts: 127.0.0.1 adclient.rottentomatoes.com
O1 - Hosts: 127.0.0.1 adcodes.aim4media.com
O1 - Hosts: 127.0.0.1 adcounter.globeandmail.com
O1 - Hosts: 127.0.0.1 adcounter.theglobeandmail.com
O1 - Hosts: 4539 more lines...
O2 - BHO: (no name) - {13F20E4F-F379-41EA-8F80-CCAAE787362A} - C:\WINDOWS\System32\nnnmnkjk.dll File not found
O2 - BHO: (no name) - {4BA7E09D-C8BD-4B87-A065-63E77A854029} - C:\WINDOWS\System32\ddcAqQGW.dll File not found
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\System32\vtUmLExx.dll File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O2 - BHO: (no name) - {c83a94d6-7733-4d2f-bff2-6e039b726f5e} - C:\WINDOWS\System32\lehetojo.dll File not found
O2 - BHO: (no name) - {DB68B50B-7876-4FD1-837B-B96AFB4F74EF} - C:\WINDOWS\System32\rqRKCssS.dll File not found
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {2CF0B992-5EEB-4143-99C2-5297EF71F44B} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\msdxm.ocx ()
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CPM340e2a31] C:\WINDOWS\System32\sunasuyu.DLL File not found
O4 - HKLM..\Run: [D066UUtility] C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE ()
O4 - HKLM..\Run: [EbatesMoeMoneyMaker0] C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe File not found
O4 - HKLM..\Run: [fodejotane] C:\WINDOWS\System32\kuzeyogi.DLL File not found
O4 - HKLM..\Run: [gwiz] C:\WINDOWS\System32\arpl.exe File not found
O4 - HKLM..\Run: [Kcanum] File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [lluatkql] C:\Documents and Settings\hidden\Application Data\rqhrbbxsh\ormnyxctssd.exe ()
O4 - HKLM..\Run: [msbb] C:\WINDOWS\System32\msbb.exe File not found
O4 - HKLM..\Run: [rhapcihdzblcj] C:\WINDOWS\System32\dnaxeae.exe File not found
O4 - HKLM..\Run: [SystemTray] File not found
O4 - HKLM..\Run: [TBllEe] C:\WINDOWS\relsd.exe File not found
O4 - HKLM..\Run: [Ultimate Cleaner] C:\Program Files\Ultimate Cleaner\App.exe File not found
O4 - HKLM..\Run: [Ultimate Defender] C:\Program Files\Ultimate Defender\App.exe File not found
O4 - HKLM..\Run: [VoyetraAudioStation2] C:\VOYETRA\AS2\AS2TRAY.EXE (Voyetra Technologies Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [COM+ Manager] C:\Documents and Settings\hidden\.COMMgr\complmgr.exe File not found
O4 - HKCU..\Run: [gadcom] C:\Documents and Settings\hidden\Application Data\gadcom\gadcom.exe File not found
O4 - HKCU..\Run: [lluatkql] C:\Documents and Settings\hidden\Application Data\rqhrbbxsh\ormnyxctssd.exe ()
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\MSN Messenger\MsnMsgr.Exe File not found
O4 - HKCU..\Run: [sysav] C:\Documents and Settings\hidden\Application Data\winav.exe File not found
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\HOMERunner.exe File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: Wallpaper =
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found
O9 - Extra Button: @shdoclc.dll,-866@1033,Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\WEB\related.htm ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864@1033,Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\WEB\related.htm ()
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {034CC2DC-3245-4B26-B5C7-7B8777739CB7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {0522708F-0D6C-7DF8-085F-288474A63F11} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {07ABDE4B-B4E3-2161-434B-22801DA58C2D} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {0DD59632-6A06-3B74-C9D7-3B2B264230FC} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {0DF950C9-47C1-0D9A-FC26-4EBA53B158A6} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {466583FB-C061-277D-F6F6-6CB77D1F0C28} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {47B7E474-439D-07A0-7D60-732616FE6823} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {4CEDBC97-9F52-0998-6039-28B6495395A9} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {572FECFC-F318-3508-7BE4-5FFD19C790D0} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {584500CB-BA31-6980-C704-31C539EF3E5E} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {5A0FD641-25BF-043C-AEF1-02AC575B96AB} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {5BFDB69B-F8BA-7601-F8D7-48512F58308D} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {5D614C73-516B-11A6-5D2F-21A4737DF2D2} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {642496E4-C176-5F3F-8137-27FE0799EAAF} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {731C3B64-014E-0B77-4ACA-0A740CAC628C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {7EA1B0EB-F285-1746-E496-35F5092ED220} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {7F6A6D02-05F2-3908-9C96-614901141404} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {9656B666-992F-4D74-8588-8CA69E97D90C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB77} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\SYSTEM32\msdxm.ocx ()
O18 - Protocol\Filter\text/html {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - Reg Error: Key error. File not found
O20 - AppInit_DLLs: (C:\WINDOWS\System32\juyarono.dll) - C:\WINDOWS\System32\juyarono.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\sunasuyu.dll) - C:\WINDOWS\System32\sunasuyu.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20 - Winlogon\Notify\nnnmnkjk: DllName - nnnmnkjk.dll - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\ssqNHbXO: DllName - ssqNHbXO.dll - File not found
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\vtUmLExx: DllName - vtUmLExx.dll - File not found
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\wmiurv: DllName - wmiurv32.dll - File not found
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - C:\WINDOWS\System32\sunasuyu.dll File not found
O22 - SharedTaskScheduler: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - STS - C:\WINDOWS\System32\sunasuyu.dll File not found
O28 - HKLM ShellExecuteHooks: {13F20E4F-F379-41EA-8F80-CCAAE787362A} - C:\WINDOWS\System32\nnnmnkjk.dll File not found
O28 - HKLM ShellExecuteHooks: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\System32\vtUmLExx.dll File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (schannel.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O29 - HKLM SecurityProviders - (xlibgfl254.dll) - File not found
O29 - HKLM SecurityProviders - (append.dll) - File not found
O30 - LSA: Authentication Packages - (C:\WINDOWS\System32\rqRKCssS) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/05/20 20:44:20 | 000,000,194 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 12:06:41 | 000,000,053 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{8771fec3-361f-11d7-8d65-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{8771fec3-361f-11d7-8d65-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8771fec3-361f-11d7-8d65-806d6172696f}\Shell\AutoRun\command - "" = D:\reatogoMenu.exe -- [2005/07/16 22:36:50 | 000,240,128 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/08/17 00:52:26 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\hidden\Desktop\OTL.exe
[2010/08/15 14:31:19 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2010/08/01 00:45:30 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/07/31 16:39:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hidden\Application Data\rqhrbbxsh
[2010/07/06 14:27:15 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/07/06 14:26:52 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/07/06 14:26:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/20 17:45:30 | 000,000,000 | -HSD | C] -- C:\FOUND.002
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\Documents and Settings\hidden\My Documents\*.tmp files -> C:\Documents and Settings\hidden\My Documents\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/08/17 01:01:28 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\PCHealth Scheduler for Data Collection.job
[2010/08/17 00:51:28 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/17 00:50:32 | 000,002,184 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/17 00:50:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/17 00:50:26 | 268,017,664 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/01 20:50:50 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\hidden\Desktop\OTL.exe
[2010/07/31 20:41:42 | 007,864,320 | -H-- | M] () -- C:\Documents and Settings\hidden\NTUSER.DAT
[2010/07/31 20:41:42 | 000,000,250 | -HS- | M] () -- C:\Documents and Settings\hidden\ntuser.ini
[2010/07/31 16:54:26 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/07/31 16:38:32 | 000,283,904 | ---- | M] () -- C:\Documents and Settings\hidden\file.exe
[2010/07/31 16:01:28 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/07/07 14:00:02 | 000,000,502 | ---- | M] () -- C:\WINDOWS\tasks\Tune-up Application Start.job
[2010/07/06 14:28:12 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/07/06 14:28:10 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/06/28 21:57:34 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/28 21:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/28 21:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/28 21:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/28 21:33:14 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/28 21:32:46 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/28 21:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/28 21:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\Documents and Settings\hidden\My Documents\*.tmp files -> C:\Documents and Settings\hidden\My Documents\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/31 20:02:48 | 268,017,664 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/31 16:38:31 | 000,283,904 | ---- | C] () -- C:\Documents and Settings\hidden\file.exe
[2010/07/06 14:28:11 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2009/02/06 12:23:00 | 001,649,418 | -HS- | C] () -- C:\WINDOWS\System32\ofdovigf.ini
[2009/01/25 18:02:12 | 001,438,325 | -HS- | C] () -- C:\WINDOWS\System32\aslsukgm.ini
[2009/01/18 15:59:57 | 001,407,285 | -HS- | C] () -- C:\WINDOWS\System32\ygvhtbln.ini
[2009/01/18 15:04:39 | 001,407,285 | -HS- | C] () -- C:\WINDOWS\System32\cestjnyi.ini
[2009/01/17 10:25:20 | 001,407,263 | -HS- | C] () -- C:\WINDOWS\System32\koibvywr.ini
[2009/01/16 11:19:38 | 001,469,219 | -HS- | C] () -- C:\WINDOWS\System32\imkpfone.ini
[2009/01/10 12:08:17 | 001,469,219 | -HS- | C] () -- C:\WINDOWS\System32\oheonesi.ini
[2009/01/05 10:57:11 | 001,348,473 | -HS- | C] () -- C:\WINDOWS\System32\qlaebhks.ini
[2009/01/03 11:06:15 | 001,311,620 | -HS- | C] () -- C:\WINDOWS\System32\hnehxalx.ini
[2009/01/02 10:45:21 | 001,311,620 | -HS- | C] () -- C:\WINDOWS\System32\thincvsr.ini
[2008/12/30 12:53:08 | 001,312,223 | -HS- | C] () -- C:\WINDOWS\System32\lfbdrgch.ini
[2008/12/27 17:48:26 | 001,311,238 | -HS- | C] () -- C:\WINDOWS\System32\uxjmesov.ini
[2008/12/26 13:06:27 | 000,383,807 | -HS- | C] () -- C:\WINDOWS\System32\SssCKRqr.ini2
[2008/12/26 13:06:26 | 000,383,807 | -HS- | C] () -- C:\WINDOWS\System32\SssCKRqr.ini
[2008/11/23 10:57:12 | 001,557,753 | -HS- | C] () -- C:\WINDOWS\System32\inahiwar.ini
[2008/11/22 11:43:40 | 000,000,120 | -HS- | C] () -- C:\WINDOWS\System32\ewomirev.ini
[2008/11/21 13:58:08 | 001,553,568 | -HS- | C] () -- C:\WINDOWS\System32\ewakoruz.ini
[2008/11/20 10:48:16 | 001,476,282 | -HS- | C] () -- C:\WINDOWS\System32\ihiyeyem.ini
[2008/06/20 16:01:58 | 002,013,920 | -HS- | C] () -- C:\WINDOWS\System32\hrlkwcfv.ini
[2008/06/19 15:57:21 | 001,639,650 | -HS- | C] () -- C:\WINDOWS\System32\coasxhno.ini
[2008/06/17 20:32:38 | 000,000,235 | ---- | C] () -- C:\WINDOWS\cookies.ini
[2008/06/17 14:12:12 | 001,588,831 | -HS- | C] () -- C:\WINDOWS\System32\swlivbvy.ini
[2008/06/16 10:39:21 | 001,630,364 | -HS- | C] () -- C:\WINDOWS\System32\tapikatp.ini
[2008/06/16 10:37:30 | 000,000,022 | ---- | C] () -- C:\WINDOWS\pskt.ini
[2008/06/15 16:57:48 | 001,659,661 | -HS- | C] () -- C:\WINDOWS\System32\noathqgw.ini
[2008/06/15 16:56:13 | 000,652,754 | -HS- | C] () -- C:\WINDOWS\System32\WGQqAcdd.ini2
[2008/06/15 16:56:12 | 000,652,754 | -HS- | C] () -- C:\WINDOWS\System32\WGQqAcdd.ini
[2008/02/27 15:50:42 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Ps_setup.ini
[2008/02/27 15:35:51 | 000,000,037 | ---- | C] () -- C:\WINDOWS\D660UES.ini
[2007/12/09 21:38:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth2.dll
[2007/12/09 21:38:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth1.dll
[2007/12/09 21:38:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll
[2006/12/17 18:01:51 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2006/04/27 21:31:03 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI
[2006/04/14 19:59:38 | 000,000,020 | ---- | C] () -- C:\WINDOWS\powerplayer.ini
[2006/04/14 19:59:34 | 000,000,104 | ---- | C] () -- C:\WINDOWS\psnetwork.ini
[2006/03/03 12:48:36 | 000,000,549 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/02/26 17:23:30 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/02/26 17:21:10 | 000,000,122 | ---- | C] () -- C:\WINDOWS\ORCH.INI
[2006/02/26 17:02:03 | 000,000,827 | ---- | C] () -- C:\WINDOWS\AUDIOMIX.INI
[2006/02/26 17:02:03 | 000,000,093 | ---- | C] () -- C:\WINDOWS\midiplay.ini
[2006/02/26 17:02:03 | 000,000,092 | ---- | C] () -- C:\WINDOWS\wavplay.ini
[2006/02/26 17:02:02 | 000,000,143 | ---- | C] () -- C:\WINDOWS\audioviw.ini
[2006/02/26 17:02:02 | 000,000,125 | ---- | C] () -- C:\WINDOWS\vuninst.ini
[2006/02/26 17:02:02 | 000,000,110 | ---- | C] () -- C:\WINDOWS\powerbar.ini
[2006/02/26 17:02:02 | 000,000,050 | ---- | C] () -- C:\WINDOWS\audiosta.ini
[2006/02/09 15:26:22 | 000,000,045 | ---- | C] () -- C:\WINDOWS\IILDJMM.ini
[2006/02/09 14:53:07 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2005/06/26 14:44:12 | 000,001,039 | ---- | C] () -- C:\WINDOWS\psmplay.ini
[2005/06/26 14:25:35 | 000,000,070 | ---- | C] () -- C:\WINDOWS\mmpoly.ini
[2005/06/05 18:45:38 | 000,000,579 | ---- | C] () -- C:\WINDOWS\AWSHKWV.INI
[2005/03/04 13:26:40 | 000,032,523 | ---- | C] () -- C:\WINDOWS\SGTBoxf.INI
[2005/02/11 08:18:43 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2005/02/11 08:18:43 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2005/02/11 08:18:43 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2005/02/11 08:18:43 | 000,000,472 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2005/02/11 08:18:43 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2004/07/05 21:07:18 | 000,032,411 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
[2004/03/27 12:50:46 | 000,905,463 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2003/12/29 21:14:16 | 000,000,119 | ---- | C] () -- C:\WINDOWS\System32\winnet.ini
[2003/09/13 16:03:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2003/06/17 15:45:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2003/06/14 17:36:13 | 000,188,416 | ---- | C] () -- C:\WINDOWS\ATLControls.dll
[2003/03/02 13:48:04 | 000,000,804 | ---- | C] () -- C:\WINDOWS\System32\ncase.ini
[2003/03/01 12:53:53 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\msbb.dll
[2003/02/08 12:36:50 | 000,001,125 | ---- | C] () -- C:\WINDOWS\Winamp.ini
[2003/02/08 12:36:19 | 000,000,041 | ---- | C] () -- C:\WINDOWS\winampa.ini
[2003/02/02 13:01:41 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2003/02/02 13:00:30 | 000,000,040 | ---- | C] () -- C:\WINDOWS\phbase.ini
[2003/02/02 12:59:59 | 000,000,572 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2003/02/02 12:59:28 | 000,000,022 | ---- | C] () -- C:\WINDOWS\OP70.INI
[2003/02/02 12:57:08 | 000,001,711 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2003/02/02 12:57:08 | 000,000,028 | ---- | C] () -- C:\WINDOWS\album.ini
[2003/02/01 22:20:09 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/02/01 20:20:25 | 000,012,484 | ---- | C] () -- C:\WINDOWS\IOS.INI
[2003/02/01 20:20:25 | 000,000,787 | ---- | C] () -- C:\WINDOWS\SCANREG.INI
[2003/02/01 20:20:25 | 000,000,225 | ---- | C] () -- C:\WINDOWS\TELEPHON.INI
[2003/02/01 20:20:25 | 000,000,060 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2003/02/01 20:20:25 | 000,000,054 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2003/02/01 20:20:25 | 000,000,028 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2003/02/01 20:20:25 | 000,000,026 | ---- | C] () -- C:\WINDOWS\MSOFFICE.INI
[2003/02/01 20:20:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\progman.ini
[2003/02/01 20:20:24 | 000,007,885 | ---- | C] () -- C:\WINDOWS\NETDET.INI
[2003/02/01 20:20:24 | 000,005,068 | ---- | C] () -- C:\WINDOWS\DELETEFI.INI
[2003/02/01 20:20:24 | 000,003,598 | ---- | C] () -- C:\WINDOWS\HTMLHELP.INI
[2002/09/08 23:08:06 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2002/01/20 13:26:36 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\SimpleResize.dll
[1999/01/22 18:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1980/01/01 00:00:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ICMFILTER.DLL
[1980/01/01 00:00:00 | 000,000,025 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

========== LOP Check ==========

[2003/02/02 09:55:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2006/01/07 19:01:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kazaa
[2008/05/31 21:31:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/05/09 20:02:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/07/06 14:26:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2003/02/02 13:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Canon
[2003/03/22 13:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Browser Pal
[2003/11/06 20:52:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\{2CF0B992-5EEB-4143-99C2-5297EF71F44B}
[2007/03/04 12:36:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\uTorrent
[2007/03/04 17:07:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\MoyeaFLV2Video
[2007/06/24 17:23:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\tiny
[2007/12/30 18:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\SPSS
[2007/08/04 15:02:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Leadertech
[2007/12/14 18:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\SPSS 15.0 for Windows
[2008/03/17 11:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\ApplicationHistory
[2008/04/05 14:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\CutePDF Writer
[2008/04/05 14:46:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Bullzip
[2008/05/31 22:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\TomTom
[2008/12/27 18:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\gadcom
[2008/11/20 10:52:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\{845CF37D-D46E-449B-AF12-7507651F8B58}
[2009/05/09 19:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\GetRightToGo
[2010/07/31 16:39:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\rqhrbbxsh
[2006/01/07 18:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Kazaa Lite
[2006/02/24 19:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\.BitTornado
[2006/04/14 19:57:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\ppStream
[2006/09/02 12:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Ultimate Defender
[2006/09/17 21:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hidden\Application Data\Ultimate Cleaner
[2010/07/07 14:00:02 | 000,000,502 | ---- | M] () -- C:\WINDOWS\Tasks\Tune-up Application Start.job
[2010/08/17 01:01:28 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\PCHealth Scheduler for Data Collection.job

========== Purity Check ==========


< End of report >

someonehelp
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-07-31
OS OS : xp
Points Points : 23548
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by Crush on 17th August 2010, 5:53 pm

Hi,

You're in a bit of a mess here. But, nothing we can't fix. NOTE: If this fix freezes the computer please delete the O16 entries and try again.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643
    O2 - BHO: (no name) - {13F20E4F-F379-41EA-8F80-CCAAE787362A} - C:\WINDOWS\System32\nnnmnkjk.dll File not found
    O2 - BHO: (no name) - {4BA7E09D-C8BD-4B87-A065-63E77A854029} - C:\WINDOWS\System32\ddcAqQGW.dll File not found
    O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\System32\vtUmLExx.dll File not found
    O2 - BHO: (no name) - {c83a94d6-7733-4d2f-bff2-6e039b726f5e} - C:\WINDOWS\System32\lehetojo.dll File not found
    O2 - BHO: (no name) - {DB68B50B-7876-4FD1-837B-B96AFB4F74EF} - C:\WINDOWS\System32\rqRKCssS.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {2CF0B992-5EEB-4143-99C2-5297EF71F44B} - No CLSID value found.
    O4 - HKLM..\Run: [CPM340e2a31] C:\WINDOWS\System32\sunasuyu.DLL File not found
    O4 - HKLM..\Run: [gwiz] C:\WINDOWS\System32\arpl.exe File not found
    O4 - HKLM..\Run: [Kcanum] File not found
    O4 - HKLM..\Run: [KernelFaultCheck] File not found
    O4 - HKLM..\Run: [lluatkql] C:\Documents and Settings\hidden\Application Data\rqhrbbxsh\ormnyxctssd.exe ()
    O4 - HKLM..\Run: [msbb] C:\WINDOWS\System32\msbb.exe File not found
    O4 - HKLM..\Run: [rhapcihdzblcj] C:\WINDOWS\System32\dnaxeae.exe File not found
    O4 - HKLM..\Run: [SystemTray] File not found
    O4 - HKLM..\Run: [TBllEe] C:\WINDOWS\relsd.exe File not found
    O4 - HKLM..\Run: [Ultimate Cleaner] C:\Program Files\Ultimate Cleaner\App.exe File not found
    O4 - HKLM..\Run: [Ultimate Defender] C:\Program Files\Ultimate Defender\App.exe File not found
    O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
    O16 - DPF: {034CC2DC-3245-4B26-B5C7-7B8777739CB7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
    O16 - DPF: {0522708F-0D6C-7DF8-085F-288474A63F11} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
    O16 - DPF: {07ABDE4B-B4E3-2161-434B-22801DA58C2D} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
    O16 - DPF: {0DD59632-6A06-3B74-C9D7-3B2B264230FC} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
    O16 - DPF: {0DF950C9-47C1-0D9A-FC26-4EBA53B158A6} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
    O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
    O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
    O16 - DPF: {466583FB-C061-277D-F6F6-6CB77D1F0C28} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
    O16 - DPF: {47B7E474-439D-07A0-7D60-732616FE6823} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
    O16 - DPF: {4CEDBC97-9F52-0998-6039-28B6495395A9} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
    O16 - DPF: {572FECFC-F318-3508-7BE4-5FFD19C790D0} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
    O16 - DPF: {584500CB-BA31-6980-C704-31C539EF3E5E} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
    O16 - DPF: {5A0FD641-25BF-043C-AEF1-02AC575B96AB} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
    O16 - DPF: {5BFDB69B-F8BA-7601-F8D7-48512F58308D} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
    O16 - DPF: {5D614C73-516B-11A6-5D2F-21A4737DF2D2} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
    O16 - DPF: {642496E4-C176-5F3F-8137-27FE0799EAAF} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
    O16 - DPF: {731C3B64-014E-0B77-4ACA-0A740CAC628C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
    O16 - DPF: {7EA1B0EB-F285-1746-E496-35F5092ED220} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
    O16 - DPF: {7F6A6D02-05F2-3908-9C96-614901141404} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
    O16 - DPF: {9656B666-992F-4D74-8588-8CA69E97D90C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
    O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
    O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB77} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
    O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
    O16 - DPF: DirectAnimation Java Classes [You must be registered and logged in to see this link.] (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
    O18 - Protocol\Filter\text/html {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - Reg Error: Key error. File not found
    O20 - AppInit_DLLs: (C:\WINDOWS\System32\juyarono.dll) - C:\WINDOWS\System32\juyarono.dll File not found
    O20 - AppInit_DLLs: (c:\windows\system32\sunasuyu.dll) - C:\WINDOWS\System32\sunasuyu.dll File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found
    O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found
    O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
    O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
    O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
    O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
    O20 - Winlogon\Notify\nnnmnkjk: DllName - nnnmnkjk.dll - File not found
    O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
    O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
    O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
    O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
    O20 - Winlogon\Notify\ssqNHbXO: DllName - ssqNHbXO.dll - File not found
    O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - File not found
    O20 - Winlogon\Notify\vtUmLExx: DllName - vtUmLExx.dll - File not found
    O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
    O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
    O20 - Winlogon\Notify\wmiurv: DllName - wmiurv32.dll - File not found
    O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - C:\WINDOWS\System32\sunasuyu.dll File not found
    O22 - SharedTaskScheduler: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - STS - C:\WINDOWS\System32\sunasuyu.dll File not found
    O28 - HKLM ShellExecuteHooks: {13F20E4F-F379-41EA-8F80-CCAAE787362A} - C:\WINDOWS\System32\nnnmnkjk.dll File not found
    O28 - HKLM ShellExecuteHooks: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\System32\vtUmLExx.dll File not found
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
    O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
    O29 - HKLM SecurityProviders - (schannel.dll) - File not found
    O29 - HKLM SecurityProviders - (digest.dll) - File not found
    O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
    O29 - HKLM SecurityProviders - (xlibgfl254.dll) - File not found
    O29 - HKLM SecurityProviders - (append.dll) - File not found
    O30 - LSA: Authentication Packages - (C:\WINDOWS\System32\rqRKCssS) - File not found

    :commands
    [emptytemp]
    [emptyflash]
    [resethosts]
    [reboot]


  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42128
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by someonehelp on 17th August 2010, 7:02 pm

Hi,

The code is below. There was a message saying it could not delete one of the temp internet files because it was corrupt.

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13F20E4F-F379-41EA-8F80-CCAAE787362A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{13F20E4F-F379-41EA-8F80-CCAAE787362A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4BA7E09D-C8BD-4B87-A065-63E77A854029}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4BA7E09D-C8BD-4B87-A065-63E77A854029}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c83a94d6-7733-4d2f-bff2-6e039b726f5e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c83a94d6-7733-4d2f-bff2-6e039b726f5e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DB68B50B-7876-4FD1-837B-B96AFB4F74EF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB68B50B-7876-4FD1-837B-B96AFB4F74EF}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2CF0B992-5EEB-4143-99C2-5297EF71F44B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2CF0B992-5EEB-4143-99C2-5297EF71F44B}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CPM340e2a31 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\gwiz deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Kcanum deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\lluatkql deleted successfully.
File C:\Documents and Settings\hidden\Application Data\rqhrbbxsh\ormnyxctssd.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\msbb deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\rhapcihdzblcj deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SystemTray deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TBllEe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Ultimate Cleaner deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Ultimate Defender deleted successfully.
Starting removal of ActiveX control {00000055-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\fhg.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000055-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000055-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{00000055-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000055-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {034CC2DC-3245-4B26-B5C7-7B8777739CB7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{034CC2DC-3245-4B26-B5C7-7B8777739CB7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{034CC2DC-3245-4B26-B5C7-7B8777739CB7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{034CC2DC-3245-4B26-B5C7-7B8777739CB7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{034CC2DC-3245-4B26-B5C7-7B8777739CB7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{034CC2DC-3245-4B26-B5C7-7B8777739CB7}\ not found.
Starting removal of ActiveX control {0522708F-0D6C-7DF8-085F-288474A63F11}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0522708F-0D6C-7DF8-085F-288474A63F11}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0522708F-0D6C-7DF8-085F-288474A63F11}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0522708F-0D6C-7DF8-085F-288474A63F11}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0522708F-0D6C-7DF8-085F-288474A63F11}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0522708F-0D6C-7DF8-085F-288474A63F11}\ not found.
Starting removal of ActiveX control {07ABDE4B-B4E3-2161-434B-22801DA58C2D}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{07ABDE4B-B4E3-2161-434B-22801DA58C2D}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{07ABDE4B-B4E3-2161-434B-22801DA58C2D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07ABDE4B-B4E3-2161-434B-22801DA58C2D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{07ABDE4B-B4E3-2161-434B-22801DA58C2D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07ABDE4B-B4E3-2161-434B-22801DA58C2D}\ not found.
Starting removal of ActiveX control {0DD59632-6A06-3B74-C9D7-3B2B264230FC}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0DD59632-6A06-3B74-C9D7-3B2B264230FC}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0DD59632-6A06-3B74-C9D7-3B2B264230FC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0DD59632-6A06-3B74-C9D7-3B2B264230FC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0DD59632-6A06-3B74-C9D7-3B2B264230FC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0DD59632-6A06-3B74-C9D7-3B2B264230FC}\ not found.
Starting removal of ActiveX control {0DF950C9-47C1-0D9A-FC26-4EBA53B158A6}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0DF950C9-47C1-0D9A-FC26-4EBA53B158A6}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0DF950C9-47C1-0D9A-FC26-4EBA53B158A6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0DF950C9-47C1-0D9A-FC26-4EBA53B158A6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0DF950C9-47C1-0D9A-FC26-4EBA53B158A6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0DF950C9-47C1-0D9A-FC26-4EBA53B158A6}\ not found.
Starting removal of ActiveX control {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.8.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
Starting removal of ActiveX control {30000273-8230-4DD4-BE4F-6889D1E74167}
C:\WINDOWS\Downloaded Program Files\valent.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{30000273-8230-4DD4-BE4F-6889D1E74167}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30000273-8230-4DD4-BE4F-6889D1E74167}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{30000273-8230-4DD4-BE4F-6889D1E74167}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30000273-8230-4DD4-BE4F-6889D1E74167}\ not found.
Starting removal of ActiveX control {3334504D-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\mp43dmo.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3334504D-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3334504D-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3334504D-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3334504D-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {33564D57-0000-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\WMV9VCM.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33564D57-0000-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {466583FB-C061-277D-F6F6-6CB77D1F0C28}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{466583FB-C061-277D-F6F6-6CB77D1F0C28}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{466583FB-C061-277D-F6F6-6CB77D1F0C28}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{466583FB-C061-277D-F6F6-6CB77D1F0C28}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{466583FB-C061-277D-F6F6-6CB77D1F0C28}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{466583FB-C061-277D-F6F6-6CB77D1F0C28}\ not found.
Starting removal of ActiveX control {47B7E474-439D-07A0-7D60-732616FE6823}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{47B7E474-439D-07A0-7D60-732616FE6823}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{47B7E474-439D-07A0-7D60-732616FE6823}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47B7E474-439D-07A0-7D60-732616FE6823}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{47B7E474-439D-07A0-7D60-732616FE6823}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47B7E474-439D-07A0-7D60-732616FE6823}\ not found.
Starting removal of ActiveX control {4CEDBC97-9F52-0998-6039-28B6495395A9}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4CEDBC97-9F52-0998-6039-28B6495395A9}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4CEDBC97-9F52-0998-6039-28B6495395A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4CEDBC97-9F52-0998-6039-28B6495395A9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4CEDBC97-9F52-0998-6039-28B6495395A9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4CEDBC97-9F52-0998-6039-28B6495395A9}\ not found.
Starting removal of ActiveX control {572FECFC-F318-3508-7BE4-5FFD19C790D0}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{572FECFC-F318-3508-7BE4-5FFD19C790D0}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{572FECFC-F318-3508-7BE4-5FFD19C790D0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{572FECFC-F318-3508-7BE4-5FFD19C790D0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{572FECFC-F318-3508-7BE4-5FFD19C790D0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{572FECFC-F318-3508-7BE4-5FFD19C790D0}\ not found.
Starting removal of ActiveX control {584500CB-BA31-6980-C704-31C539EF3E5E}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{584500CB-BA31-6980-C704-31C539EF3E5E}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{584500CB-BA31-6980-C704-31C539EF3E5E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{584500CB-BA31-6980-C704-31C539EF3E5E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{584500CB-BA31-6980-C704-31C539EF3E5E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{584500CB-BA31-6980-C704-31C539EF3E5E}\ not found.
Starting removal of ActiveX control {5A0FD641-25BF-043C-AEF1-02AC575B96AB}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5A0FD641-25BF-043C-AEF1-02AC575B96AB}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5A0FD641-25BF-043C-AEF1-02AC575B96AB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A0FD641-25BF-043C-AEF1-02AC575B96AB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5A0FD641-25BF-043C-AEF1-02AC575B96AB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A0FD641-25BF-043C-AEF1-02AC575B96AB}\ not found.
Starting removal of ActiveX control {5BFDB69B-F8BA-7601-F8D7-48512F58308D}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5BFDB69B-F8BA-7601-F8D7-48512F58308D}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5BFDB69B-F8BA-7601-F8D7-48512F58308D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BFDB69B-F8BA-7601-F8D7-48512F58308D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5BFDB69B-F8BA-7601-F8D7-48512F58308D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BFDB69B-F8BA-7601-F8D7-48512F58308D}\ not found.
Starting removal of ActiveX control {5D614C73-516B-11A6-5D2F-21A4737DF2D2}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5D614C73-516B-11A6-5D2F-21A4737DF2D2}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5D614C73-516B-11A6-5D2F-21A4737DF2D2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D614C73-516B-11A6-5D2F-21A4737DF2D2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5D614C73-516B-11A6-5D2F-21A4737DF2D2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D614C73-516B-11A6-5D2F-21A4737DF2D2}\ not found.
Starting removal of ActiveX control {642496E4-C176-5F3F-8137-27FE0799EAAF}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{642496E4-C176-5F3F-8137-27FE0799EAAF}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{642496E4-C176-5F3F-8137-27FE0799EAAF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{642496E4-C176-5F3F-8137-27FE0799EAAF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{642496E4-C176-5F3F-8137-27FE0799EAAF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{642496E4-C176-5F3F-8137-27FE0799EAAF}\ not found.
Starting removal of ActiveX control {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
C:\WINDOWS\Downloaded Program Files\muweb.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}\ not found.
Starting removal of ActiveX control {731C3B64-014E-0B77-4ACA-0A740CAC628C}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{731C3B64-014E-0B77-4ACA-0A740CAC628C}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{731C3B64-014E-0B77-4ACA-0A740CAC628C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{731C3B64-014E-0B77-4ACA-0A740CAC628C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{731C3B64-014E-0B77-4ACA-0A740CAC628C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{731C3B64-014E-0B77-4ACA-0A740CAC628C}\ not found.
Starting removal of ActiveX control {7EA1B0EB-F285-1746-E496-35F5092ED220}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7EA1B0EB-F285-1746-E496-35F5092ED220}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7EA1B0EB-F285-1746-E496-35F5092ED220}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7EA1B0EB-F285-1746-E496-35F5092ED220}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7EA1B0EB-F285-1746-E496-35F5092ED220}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7EA1B0EB-F285-1746-E496-35F5092ED220}\ not found.
Starting removal of ActiveX control {7F6A6D02-05F2-3908-9C96-614901141404}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7F6A6D02-05F2-3908-9C96-614901141404}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7F6A6D02-05F2-3908-9C96-614901141404}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F6A6D02-05F2-3908-9C96-614901141404}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7F6A6D02-05F2-3908-9C96-614901141404}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F6A6D02-05F2-3908-9C96-614901141404}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {9656B666-992F-4D74-8588-8CA69E97D90C}
C:\WINDOWS\Downloaded Program Files\default.INF moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9656B666-992F-4D74-8588-8CA69E97D90C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9656B666-992F-4D74-8588-8CA69E97D90C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9656B666-992F-4D74-8588-8CA69E97D90C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9656B666-992F-4D74-8588-8CA69E97D90C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {D27CDB6E-AE6D-11CF-96B8-444553540000}
C:\WINDOWS\Downloaded Program Files\swflash.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Starting removal of ActiveX control {DB893839-10F0-4AF9-92FA-B23528F530AF}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DB893839-10F0-4AF9-92FA-B23528F530AF}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DB893839-10F0-4AF9-92FA-B23528F530AF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB893839-10F0-4AF9-92FA-B23528F530AF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{DB893839-10F0-4AF9-92FA-B23528F530AF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB893839-10F0-4AF9-92FA-B23528F530AF}\ not found.
Starting removal of ActiveX control {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB77}
C:\WINDOWS\Downloaded Program Files\start.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E53458D2-5A83-4BD1-8DE2-EEEBE73BAB77}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E53458D2-5A83-4BD1-8DE2-EEEBE73BAB77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E53458D2-5A83-4BD1-8DE2-EEEBE73BAB77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E53458D2-5A83-4BD1-8DE2-EEEBE73BAB77}\ not found.
Starting removal of ActiveX control {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FF3F0F03-0F01-131A-A3F9-08F02B23E0CC}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FF3F0F03-0F01-131A-A3F9-08F02B23E0CC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF3F0F03-0F01-131A-A3F9-08F02B23E0CC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{FF3F0F03-0F01-131A-A3F9-08F02B23E0CC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF3F0F03-0F01-131A-A3F9-08F02B23E0CC}\ not found.
File Animation Java Classes [You must be registered and logged in to see this link.] not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java [You must be registered and logged in to see this link.] not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/html\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\System32\juyarono.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\sunasuyu.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:explorer.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost:logonui.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:Control_RunDLL "sysdm.cpl" deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnmnkjk\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqNHbXO\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtUmLExx\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wmiurv\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\SSODL deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{13F20E4F-F379-41EA-8F80-CCAAE787362A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{13F20E4F-F379-41EA-8F80-CCAAE787362A}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:msapsspc.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:schannel.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:digest.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:msnsspc.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:xlibgfl254.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:append.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\WINDOWS\System32\rqRKCssS deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users
->Temp folder emptied: 104 bytes

User: hidden
->Temporary Internet Files folder emptied: 235176712 bytes
->Java cache emptied: 82641695 bytes
->Flash cache emptied: 39307 bytes

User: NetworkService
->Temporary Internet Files folder emptied: 402 bytes

User: LocalService
->Temporary Internet Files folder emptied: 4993026 bytes

User: All

User: Limewire

User: Incomplete

User: Administrator
->Temporary Internet Files folder emptied: 636634 bytes

%systemdrive% .tmp files removed: 16405 bytes
%systemroot% .tmp files removed: 8524649 bytes
%systemroot%\System32 .tmp files removed: 43537 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13034324 bytes
Session Manager Temp folder emptied: 0 bytes
Session Manager Tmp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 2644170 bytes
RecycleBin emptied: 18738845 bytes

Total Files Cleaned = 350.00 mb


[EMPTYFLASH]

User: Default User

User: All Users

User: hidden
->Flash cache emptied: 0 bytes

User: NetworkService

User: LocalService

User: All

User: Limewire

User: Incomplete

User: Administrator

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.9.1 log created on 08172010_231744

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\_avast5_\Webshlock.txt not found!

Registry entries deleted on Reboot...

someonehelp
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-07-31
OS OS : xp
Points Points : 23548
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by Crush on 17th August 2010, 7:07 pm

Perfect. Now that we have that cleaned up perhaps combofix will run.


Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.



Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42128
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by someonehelp on 18th August 2010, 6:42 pm

Hi,

Please see log below. (It is too big so 2nd half is in next reply).

ComboFix 10-08-17.02 - hidden 17/08/2010 21:06:14.1.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.0.1252.44.1033.18.256.71 [GMT 1:00]
Running from: c:\documents and settings\hidden\Desktop\commy.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\.protected
C:\bold.log
c:\docume~1\hidden\LOCALS~1\Temp\tmp1.tmp
c:\docume~1\hidden\LOCALS~1\Temp\tmp2.tmp
c:\documents and settings\All Users\Start Menu\Programs\Startup\.protected
c:\documents and settings\hidden\.COMMgr
c:\documents and settings\hidden\Application Data\gadcom
c:\documents and settings\hidden\Application Data\Install.dat
c:\documents and settings\hidden\Application Data\rqhrbbxsh
c:\documents and settings\hidden\Application Data\rqhrbbxsh\ormnyxctssd.exe
c:\documents and settings\hidden\Application Data\Ultimate Cleaner
c:\documents and settings\hidden\Application Data\Ultimate Defender
c:\documents and settings\hidden\Application Data\Ultimate Defender\logs\1165694545.log
c:\documents and settings\hidden\Application Data\Ultimate Defender\logs\1165750955.log
c:\documents and settings\hidden\Application Data\Ultimate Defender\logs\1171802164.log
c:\documents and settings\hidden\Application Data\Ultimate Defender\logs\1172921571.log
c:\documents and settings\hidden\Application Data\Ultimate Defender\logs\1173526514.log
c:\documents and settings\hidden\Application Data\Ultimate Defender\logs\1174132619.log
c:\documents and settings\hidden\Application Data\Ultimate Defender\logs\1177239168.log
c:\documents and settings\hidden\Application Data\Ultimate Defender\logs\1178360970.log
c:\documents and settings\hidden\Application Data\Ultimate Defender\logs\1180867251.log
c:\documents and settings\hidden\Application Data\Ultimate Defender\logs\1182077804.log
c:\documents and settings\hidden\Application Data\Ultimate Defender\logs\1183890954.log
c:\documents and settings\hidden\Application Data\Ultimate Defender\logs\1185098346.log
c:\documents and settings\hidden\Application Data\Ultimate Defender\logs\1185274845.log
c:\documents and settings\hidden\Application Data\xxx.exe
c:\documents and settings\hidden\file.exe
c:\program files\MyWay
c:\program files\MyWay\myBar\History\search
c:\program files\MyWay\myBar\Settings\prevcfg.htm
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\History\search
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\Need2Find
c:\program files\Need2Find\bar\1.bin\N2FFXTBR.JAR
c:\program files\Need2Find\bar\1.bin\N2NTSTBR.JAR
c:\program files\Need2Find\bar\1.bin\PARTNER.DAT
c:\program files\Need2Find\bar\Cache\000383D9
c:\program files\Need2Find\bar\Cache\001AA1B1
c:\program files\Need2Find\bar\Cache\033BB69C
c:\program files\Need2Find\bar\Cache\files.ini
c:\program files\Need2Find\bar\History\search
c:\program files\Need2Find\bar\Settings\prevcfg.htm
c:\program files\PestTrap
c:\program files\PestTrap\PestTrap.exe
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\unzipped\Programs\Startup\.protected
c:\windows\.protected
c:\windows\cdmxtras
c:\windows\cookies.ini
c:\windows\Fonts\acrsec.fon
c:\windows\Fonts\acrsecB.fon
c:\windows\Fonts\acrsecI.fon
c:\windows\GatorHDPlugin.log
c:\windows\inform.dat
c:\windows\pskt.ini
c:\windows\Readme.txt
c:\windows\start.exe
c:\windows\system32\AdCache
c:\windows\system32\AdCache\B_329_4_2_543300.htm
c:\windows\system32\aslsukgm.ini
c:\windows\system32\bb1.dat
c:\windows\system32\cache329
c:\windows\system32\cache329\B_329_0_0_105300.htm
c:\windows\system32\cache329\B_329_0_0_106800.htm
c:\windows\system32\cache329\B_329_0_0_107400.htm
c:\windows\system32\cache329\B_329_0_0_219900.gif
c:\windows\system32\cache329\B_329_0_0_220300.gif
c:\windows\system32\cache329\B_329_0_0_256700.gif
c:\windows\system32\cache329\B_329_0_0_395300.gif
c:\windows\system32\cache329\B_329_0_0_412100.htm
c:\windows\system32\cache329\B_329_0_0_412100.swf
c:\windows\system32\cache329\B_329_0_0_412200.htm
c:\windows\system32\cache329\B_329_0_0_412200.swf
c:\windows\system32\cache329\B_329_0_0_446700.htm
c:\windows\system32\cache329\B_329_0_0_446800.htm
c:\windows\system32\cache329\B_329_0_0_446900.htm
c:\windows\system32\cache329\B_329_0_0_479500.gif
c:\windows\system32\cache329\B_329_0_0_479800.gif
c:\windows\system32\cache329\B_329_0_0_603200.GIF
c:\windows\system32\cache329\B_329_0_1_395300.gif
c:\windows\system32\cache329\B_329_0_1_411700.gif
c:\windows\system32\cache329\B_329_0_1_411800.htm
c:\windows\system32\cache329\B_329_0_1_411800.swf
c:\windows\system32\cache329\B_329_0_1_411900.htm
c:\windows\system32\cache329\B_329_0_1_411900.swf
c:\windows\system32\cache329\B_329_0_1_412000.htm
c:\windows\system32\cache329\B_329_0_1_412000.swf
c:\windows\system32\cache329\B_329_0_1_412100.htm
c:\windows\system32\cache329\B_329_0_1_412100.swf
c:\windows\system32\cache329\B_329_0_1_412200.htm
c:\windows\system32\cache329\B_329_0_1_412200.swf
c:\windows\system32\cache329\B_329_0_1_500800.htm
c:\windows\system32\cache329\B_329_0_1_500800.swf
c:\windows\system32\cache329\B_329_0_1_501600.htm
c:\windows\system32\cache329\B_329_0_1_501600.swf
c:\windows\system32\cache329\B_329_0_1_502100.htm
c:\windows\system32\cache329\B_329_0_1_502100.swf
c:\windows\system32\cache329\B_329_0_1_502600.htm
c:\windows\system32\cache329\B_329_0_1_502600.swf
c:\windows\system32\cache329\B_329_0_1_503600.gif
c:\windows\system32\cache329\B_329_0_1_504000.gif
c:\windows\system32\cache329\B_329_0_1_504300.htm
c:\windows\system32\cache329\B_329_0_1_504300.swf
c:\windows\system32\cache329\B_329_0_1_504800.gif
c:\windows\system32\cache329\B_329_0_1_504800.htm
c:\windows\system32\cache329\B_329_0_1_504800.swf
c:\windows\system32\cache329\B_329_0_1_505700.gif
c:\windows\system32\cache329\B_329_0_1_506700.gif
c:\windows\system32\cache329\B_329_0_1_507000.gif
c:\windows\system32\cache329\B_329_0_1_517200.gif
c:\windows\system32\cache329\B_329_0_1_517500.gif
c:\windows\system32\cache329\B_329_0_1_518500.htm
c:\windows\system32\cache329\B_329_0_1_520300.htm
c:\windows\system32\cache329\B_329_0_1_520900.gif
c:\windows\system32\cache329\B_329_0_1_525600.GIF
c:\windows\system32\cache329\B_329_0_1_526400.gif
c:\windows\system32\cache329\B_329_0_1_527000.htm
c:\windows\system32\cache329\B_329_0_1_527000.swf
c:\windows\system32\cache329\B_329_0_1_529800.gif
c:\windows\system32\cache329\B_329_0_1_531500.GIF
c:\windows\system32\cache329\B_329_0_1_532100.gif
c:\windows\system32\cache329\B_329_0_1_535900.gif
c:\windows\system32\cache329\B_329_0_1_536400.gif
c:\windows\system32\cache329\B_329_0_1_537200.htm
c:\windows\system32\cache329\B_329_0_1_537200.swf
c:\windows\system32\cache329\B_329_0_1_537500.GIF
c:\windows\system32\cache329\B_329_0_1_538100.htm
c:\windows\system32\cache329\B_329_0_1_538100.swf
c:\windows\system32\cache329\B_329_0_1_538700.htm
c:\windows\system32\cache329\B_329_0_1_538700.swf
c:\windows\system32\cache329\B_329_0_1_542100.gif
c:\windows\system32\cache329\B_329_0_1_546900.htm
c:\windows\system32\cache329\B_329_0_1_546900.swf
c:\windows\system32\cache329\B_329_0_1_547800.gif
c:\windows\system32\cache329\B_329_0_1_550500.htm
c:\windows\system32\cache329\B_329_0_1_550500.swf
c:\windows\system32\cache329\B_329_0_1_552700.gif
c:\windows\system32\cache329\B_329_0_1_557800.htm
c:\windows\system32\cache329\B_329_0_1_560200.gif
c:\windows\system32\cache329\B_329_0_1_560800.gif
c:\windows\system32\cache329\B_329_0_1_561100.gif
c:\windows\system32\cache329\B_329_0_1_567000.htm
c:\windows\system32\cache329\B_329_0_1_567000.swf
c:\windows\system32\cache329\B_329_0_1_570100.gif
c:\windows\system32\cache329\B_329_0_1_583800.gif
c:\windows\system32\cache329\B_329_0_1_584300.gif
c:\windows\system32\cache329\B_329_0_1_584400.gif
c:\windows\system32\cache329\B_329_0_1_586700.gif
c:\windows\system32\cache329\B_329_0_1_590600.htm
c:\windows\system32\cache329\B_329_0_1_590600.swf
c:\windows\system32\cache329\B_329_0_1_593700.gif
c:\windows\system32\cache329\B_329_0_1_594200.htm
c:\windows\system32\cache329\B_329_0_1_594200.swf
c:\windows\system32\cache329\B_329_0_1_596300.gif
c:\windows\system32\cache329\B_329_0_1_596600.htm
c:\windows\system32\cache329\B_329_0_1_596600.swf
c:\windows\system32\cache329\B_329_0_1_597700.gif
c:\windows\system32\cache329\B_329_0_1_603100.GIF
c:\windows\system32\cache329\B_329_0_1_604400.htm
c:\windows\system32\cache329\B_329_0_1_604400.swf
c:\windows\system32\cache329\B_329_0_1_604600.htm
c:\windows\system32\cache329\B_329_0_1_604600.swf
c:\windows\system32\cache329\B_329_0_1_608100.gif
c:\windows\system32\cache329\B_329_0_1_612300.gif
c:\windows\system32\cache329\B_329_0_1_613200.gif
c:\windows\system32\cache329\B_329_0_1_613300.gif
c:\windows\system32\cache329\B_329_0_1_613500.gif
c:\windows\system32\cache329\B_329_0_1_624100.GIF
c:\windows\system32\cache329\B_329_0_1_624200.htm
c:\windows\system32\cache329\B_329_0_1_624200.swf
c:\windows\system32\cache329\B_329_0_1_630200.GIF
c:\windows\system32\cache329\B_329_0_1_630700.htm
c:\windows\system32\cache329\B_329_0_1_630700.swf
c:\windows\system32\cache329\B_329_0_1_630800.htm
c:\windows\system32\cache329\B_329_0_1_630800.swf
c:\windows\system32\cache329\B_329_0_1_630900.htm
c:\windows\system32\cache329\B_329_0_1_630900.swf
c:\windows\system32\cache329\B_329_0_1_631100.htm
c:\windows\system32\cache329\B_329_0_1_631100.swf
c:\windows\system32\cache329\B_329_0_1_632200.htm
c:\windows\system32\cache329\B_329_0_1_632200.swf
c:\windows\system32\cache329\B_329_0_1_636600.gif
c:\windows\system32\cache329\B_329_0_1_636700.gif
c:\windows\system32\cache329\B_329_0_1_636800.gif
c:\windows\system32\cache329\B_329_0_1_637700.gif
c:\windows\system32\cache329\B_329_0_1_638000.gif
c:\windows\system32\cache329\B_329_0_1_638100.gif
c:\windows\system32\cache329\B_329_0_1_641400.gif
c:\windows\system32\cache329\B_329_0_1_654300.GIF
c:\windows\system32\cache329\B_329_0_1_662300.gif
c:\windows\system32\cache329\B_329_0_1_667000.gif
c:\windows\system32\cache329\B_329_0_1_674800.gif
c:\windows\system32\cache329\B_329_0_1_679300.GIF
c:\windows\system32\cache329\B_329_0_1_680900.GIF
c:\windows\system32\cache329\B_329_0_1_684800.GIF
c:\windows\system32\cache329\B_329_0_1_689300.gif
c:\windows\system32\cache329\B_329_0_1_691200.GIF
c:\windows\system32\cache329\B_329_0_1_691800.gif
c:\windows\system32\cache329\B_329_0_1_693100.gif
c:\windows\system32\cache329\B_329_0_1_694200.GIF
c:\windows\system32\cache329\B_329_0_1_699200.gif
c:\windows\system32\cache329\B_329_0_1_705100.gif
c:\windows\system32\cache329\B_329_0_1_707600.gif
c:\windows\system32\cache329\B_329_0_1_718500.gif
c:\windows\system32\cache329\B_329_0_1_722700.GIF
c:\windows\system32\cache329\B_329_0_1_724200.GIF
c:\windows\system32\cache329\B_329_0_1_725600.GIF
c:\windows\system32\cache329\B_329_0_1_725700.GIF
c:\windows\system32\cache329\B_329_0_1_727900.GIF
c:\windows\system32\cache329\B_329_0_1_731400.gif
c:\windows\system32\cache329\B_329_0_1_733200.gif
c:\windows\system32\cache329\B_329_0_1_733900.gif
c:\windows\system32\cache329\B_329_0_1_734000.gif
c:\windows\system32\cache329\B_329_0_1_740100.GIF
c:\windows\system32\cache329\B_329_0_1_741800.GIF
c:\windows\system32\cache329\B_329_0_1_742400.GIF
c:\windows\system32\cache329\B_329_0_1_747300.GIF
c:\windows\system32\cache329\B_329_0_1_779200.GIF
c:\windows\system32\cache329\B_329_0_1_780400.GIF
c:\windows\system32\cache329\B_329_0_1_794500.GIF
c:\windows\system32\cache329\B_329_0_1_796700.GIF
c:\windows\system32\cache329\B_329_0_1_799000.GIF
c:\windows\system32\cache329\B_329_0_2_256700.gif
c:\windows\system32\cache329\B_329_0_2_284800.gif
c:\windows\system32\cache329\B_329_0_2_404800.gif
c:\windows\system32\cache329\B_329_0_2_407800.gif
c:\windows\system32\cache329\B_329_0_2_408400.gif
c:\windows\system32\cache329\B_329_0_2_480200.gif
c:\windows\system32\cache329\B_329_0_2_501000.gif
c:\windows\system32\cache329\B_329_0_2_501600.gif
c:\windows\system32\cache329\B_329_0_2_504500.htm
c:\windows\system32\cache329\B_329_0_2_504500.jpg
c:\windows\system32\cache329\B_329_0_2_506300.gif
c:\windows\system32\cache329\B_329_0_2_506700.gif
c:\windows\system32\cache329\B_329_0_2_506900.GIF
c:\windows\system32\cache329\B_329_0_2_507000.gif
c:\windows\system32\cache329\B_329_0_2_507100.GIF
c:\windows\system32\cache329\B_329_0_2_513100.gif
c:\windows\system32\cache329\B_329_0_2_523500.htm
c:\windows\system32\cache329\B_329_0_2_523500.swf
c:\windows\system32\cache329\B_329_0_2_525500.GIF
c:\windows\system32\cache329\B_329_0_2_526100.gif
c:\windows\system32\cache329\B_329_0_2_526500.GIF
c:\windows\system32\cache329\B_329_0_2_528600.gif
c:\windows\system32\cache329\B_329_0_2_532000.gif
c:\windows\system32\cache329\B_329_0_2_534500.gif
c:\windows\system32\cache329\B_329_0_2_535900.gif
c:\windows\system32\cache329\B_329_0_2_536400.gif
c:\windows\system32\cache329\B_329_0_2_538700.gif
c:\windows\system32\cache329\B_329_0_2_538800.gif
c:\windows\system32\cache329\B_329_0_2_540900.gif
c:\windows\system32\cache329\B_329_0_2_544600.gif
c:\windows\system32\cache329\B_329_0_2_547800.gif
c:\windows\system32\cache329\B_329_0_2_554200.gif
c:\windows\system32\cache329\B_329_0_2_554800.gif
c:\windows\system32\cache329\B_329_0_2_560200.gif
c:\windows\system32\cache329\B_329_0_2_560700.gif
c:\windows\system32\cache329\B_329_0_2_560800.gif
c:\windows\system32\cache329\B_329_0_2_560900.gif
c:\windows\system32\cache329\B_329_0_2_577900.gif
c:\windows\system32\cache329\B_329_0_2_580500.GIF
c:\windows\system32\cache329\B_329_0_2_580700.gif
c:\windows\system32\cache329\B_329_0_2_584300.gif
c:\windows\system32\cache329\B_329_0_2_584400.gif
c:\windows\system32\cache329\B_329_0_2_590800.gif
c:\windows\system32\cache329\B_329_0_2_593900.htm
c:\windows\system32\cache329\B_329_0_2_593900.swf
c:\windows\system32\cache329\B_329_0_2_596300.gif
c:\windows\system32\cache329\B_329_0_2_596500.htm
c:\windows\system32\cache329\B_329_0_2_596500.swf
c:\windows\system32\cache329\B_329_0_2_597100.gif
c:\windows\system32\cache329\B_329_0_2_597300.gif
c:\windows\system32\cache329\B_329_0_2_608100.gif
c:\windows\system32\cache329\B_329_0_2_609600.gif
c:\windows\system32\cache329\B_329_0_2_610000.gif
c:\windows\system32\cache329\B_329_0_2_611700.GIF
c:\windows\system32\cache329\B_329_0_2_612300.gif
c:\windows\system32\cache329\B_329_0_2_612900.gif
c:\windows\system32\cache329\B_329_0_2_613000.gif
c:\windows\system32\cache329\B_329_0_2_613200.gif
c:\windows\system32\cache329\B_329_0_2_613300.gif
c:\windows\system32\cache329\B_329_0_2_613400.gif
c:\windows\system32\cache329\B_329_0_2_613500.gif
c:\windows\system32\cache329\B_329_0_2_621500.gif
c:\windows\system32\cache329\B_329_0_2_622100.gif
c:\windows\system32\cache329\B_329_0_2_625000.htm
c:\windows\system32\cache329\B_329_0_2_625000.swf
c:\windows\system32\cache329\B_329_0_2_630100.gif
c:\windows\system32\cache329\B_329_0_2_630500.GIF
c:\windows\system32\cache329\B_329_0_2_632200.htm
c:\windows\system32\cache329\B_329_0_2_632200.swf
c:\windows\system32\cache329\B_329_0_2_636400.GIF
c:\windows\system32\cache329\B_329_0_2_636600.gif
c:\windows\system32\cache329\B_329_0_2_636700.gif
c:\windows\system32\cache329\B_329_0_2_636800.gif
c:\windows\system32\cache329\B_329_0_2_637700.gif
c:\windows\system32\cache329\B_329_0_2_645500.GIF
c:\windows\system32\cache329\B_329_0_2_661400.GIF
c:\windows\system32\cache329\B_329_0_2_662300.gif
c:\windows\system32\cache329\B_329_0_2_662400.GIF
c:\windows\system32\cache329\B_329_0_2_663000.GIF
c:\windows\system32\cache329\B_329_0_2_663100.GIF
c:\windows\system32\cache329\B_329_0_2_663300.GIF
c:\windows\system32\cache329\B_329_0_2_664300.GIF
c:\windows\system32\cache329\B_329_0_2_672600.GIF
c:\windows\system32\cache329\B_329_0_2_673800.GIF
c:\windows\system32\cache329\B_329_0_2_674800.gif
c:\windows\system32\cache329\B_329_0_2_676200.gif
c:\windows\system32\cache329\B_329_0_2_724700.gif
c:\windows\system32\cache329\B_329_0_2_725700.gif
c:\windows\system32\cache329\B_329_0_2_726200.gif
c:\windows\system32\cache329\B_329_0_2_737100.gif
c:\windows\system32\cache329\B_329_0_2_742500.GIF
c:\windows\system32\cache329\B_329_0_2_746000.GIF
c:\windows\system32\cache329\B_329_0_2_756400.gif
c:\windows\system32\cache329\B_329_0_2_770300.GIF
c:\windows\system32\cache329\B_329_0_2_770400.GIF
c:\windows\system32\cache329\B_329_0_2_770500.GIF
c:\windows\system32\cache329\B_329_0_2_770700.GIF
c:\windows\system32\cache329\B_329_0_3_256600.htm
c:\windows\system32\cache329\B_329_0_3_256600.swf
c:\windows\system32\cache329\B_329_0_3_264100.htm
c:\windows\system32\cache329\B_329_0_3_264100.swf
c:\windows\system32\cache329\B_329_0_3_312500.htm
c:\windows\system32\cache329\B_329_0_3_312500.swf
c:\windows\system32\cache329\B_329_0_3_408200.gif
c:\windows\system32\cache329\B_329_0_3_495800.htm
c:\windows\system32\cache329\B_329_0_3_517800.gif
c:\windows\system32\cache329\B_329_0_3_534000.gif
c:\windows\system32\cache329\B_329_0_3_539000.gif
c:\windows\system32\cache329\B_329_0_3_560200.gif
c:\windows\system32\cache329\B_329_0_3_560800.gif
c:\windows\system32\cache329\B_329_0_3_565200.htm
c:\windows\system32\cache329\B_329_0_3_565200.swf
c:\windows\system32\cache329\B_329_0_3_565800.htm
c:\windows\system32\cache329\B_329_0_3_565800.swf
c:\windows\system32\cache329\B_329_0_3_568000.htm
c:\windows\system32\cache329\B_329_0_3_568000.swf
c:\windows\system32\cache329\B_329_0_3_568400.htm
c:\windows\system32\cache329\B_329_0_3_568400.swf
c:\windows\system32\cache329\B_329_0_3_671400.gif
c:\windows\system32\cache329\B_329_0_3_707600.gif
c:\windows\system32\cache329\B_329_0_3_726000.gif
c:\windows\system32\cache329\B_329_0_4_315900.htm
c:\windows\system32\cache329\B_329_0_4_315900.jpg
c:\windows\system32\cache329\B_329_0_4_407800.gif
c:\windows\system32\cache329\B_329_0_4_408200.gif
c:\windows\system32\cache329\B_329_0_4_408400.gif
c:\windows\system32\cache329\B_329_0_4_800100.htm
c:\windows\system32\cache329\B_329_1_0_449200.gif
c:\windows\system32\cache329\B_329_1_0_449200.htm
c:\windows\system32\cache329\B_329_1_0_449600.gif
c:\windows\system32\cache329\B_329_1_0_449600.htm
c:\windows\system32\cache329\B_329_1_0_454300.gif
c:\windows\system32\cache329\B_329_1_0_454300.htm
c:\windows\system32\cache329\B_329_2_0_105300.htm
c:\windows\system32\cache329\B_329_2_0_106800.htm
c:\windows\system32\cache329\B_329_2_0_107400.htm
c:\windows\system32\cache329\B_329_2_0_395300.gif
c:\windows\system32\cache329\B_329_2_0_412100.htm
c:\windows\system32\cache329\B_329_2_0_412100.swf
c:\windows\system32\cache329\B_329_2_0_412200.htm
c:\windows\system32\cache329\B_329_2_0_412200.swf
c:\windows\system32\cache329\B_329_2_0_446700.htm
c:\windows\system32\cache329\B_329_2_0_446800.htm
c:\windows\system32\cache329\B_329_2_0_446900.htm
c:\windows\system32\cache329\B_329_2_0_479500.gif
c:\windows\system32\cache329\B_329_2_0_479800.gif
c:\windows\system32\cache329\B_329_2_0_603200.GIF
c:\windows\system32\cache329\B_329_2_1_395300.gif
c:\windows\system32\cache329\B_329_2_1_411700.gif
c:\windows\system32\cache329\B_329_2_1_411800.htm
c:\windows\system32\cache329\B_329_2_1_411800.swf
c:\windows\system32\cache329\B_329_2_1_411900.htm
c:\windows\system32\cache329\B_329_2_1_411900.swf
c:\windows\system32\cache329\B_329_2_1_412000.htm
c:\windows\system32\cache329\B_329_2_1_412000.swf
c:\windows\system32\cache329\B_329_2_1_412100.htm
c:\windows\system32\cache329\B_329_2_1_412100.swf
c:\windows\system32\cache329\B_329_2_1_412200.htm
c:\windows\system32\cache329\B_329_2_1_412200.swf
c:\windows\system32\cache329\B_329_2_1_500800.htm
c:\windows\system32\cache329\B_329_2_1_500800.swf
c:\windows\system32\cache329\B_329_2_1_501600.gif
c:\windows\system32\cache329\B_329_2_1_502100.htm
c:\windows\system32\cache329\B_329_2_1_502100.swf
c:\windows\system32\cache329\B_329_2_1_502600.htm
c:\windows\system32\cache329\B_329_2_1_502600.swf
c:\windows\system32\cache329\B_329_2_1_503400.gif
c:\windows\system32\cache329\B_329_2_1_503600.gif
c:\windows\system32\cache329\B_329_2_1_504000.gif
c:\windows\system32\cache329\B_329_2_1_504300.htm
c:\windows\system32\cache329\B_329_2_1_504300.swf
c:\windows\system32\cache329\B_329_2_1_504800.gif
c:\windows\system32\cache329\B_329_2_1_504800.htm
c:\windows\system32\cache329\B_329_2_1_504800.swf
c:\windows\system32\cache329\B_329_2_1_505700.gif
c:\windows\system32\cache329\B_329_2_1_506300.gif
c:\windows\system32\cache329\B_329_2_1_506700.gif
c:\windows\system32\cache329\B_329_2_1_507000.gif
c:\windows\system32\cache329\B_329_2_1_512200.GIF
c:\windows\system32\cache329\B_329_2_1_517200.gif
c:\windows\system32\cache329\B_329_2_1_517500.gif
c:\windows\system32\cache329\B_329_2_1_518500.htm
c:\windows\system32\cache329\B_329_2_1_520300.htm
c:\windows\system32\cache329\B_329_2_1_520900.gif
c:\windows\system32\cache329\B_329_2_1_521900.gif
c:\windows\system32\cache329\B_329_2_1_522100.gif
c:\windows\system32\cache329\B_329_2_1_525600.GIF
c:\windows\system32\cache329\B_329_2_1_526400.gif
c:\windows\system32\cache329\B_329_2_1_527000.htm
c:\windows\system32\cache329\B_329_2_1_527000.swf
c:\windows\system32\cache329\B_329_2_1_529800.gif
c:\windows\system32\cache329\B_329_2_1_530300.gif
c:\windows\system32\cache329\B_329_2_1_531500.GIF
c:\windows\system32\cache329\B_329_2_1_534500.gif
c:\windows\system32\cache329\B_329_2_1_534900.htm
c:\windows\system32\cache329\B_329_2_1_534900.swf
c:\windows\system32\cache329\B_329_2_1_535900.gif
c:\windows\system32\cache329\B_329_2_1_536400.gif
c:\windows\system32\cache329\B_329_2_1_537200.htm
c:\windows\system32\cache329\B_329_2_1_537200.swf
c:\windows\system32\cache329\B_329_2_1_537500.GIF
c:\windows\system32\cache329\B_329_2_1_538100.htm
c:\windows\system32\cache329\B_329_2_1_538100.swf
c:\windows\system32\cache329\B_329_2_1_538700.htm
c:\windows\system32\cache329\B_329_2_1_538700.swf
c:\windows\system32\cache329\B_329_2_1_540900.gif
c:\windows\system32\cache329\B_329_2_1_542100.gif
c:\windows\system32\cache329\B_329_2_1_546900.htm
c:\windows\system32\cache329\B_329_2_1_546900.swf
c:\windows\system32\cache329\B_329_2_1_547800.gif
c:\windows\system32\cache329\B_329_2_1_547800.htm
c:\windows\system32\cache329\B_329_2_1_547800.swf
c:\windows\system32\cache329\B_329_2_1_552700.gif
c:\windows\system32\cache329\B_329_2_1_557800.htm
c:\windows\system32\cache329\B_329_2_1_560800.gif
c:\windows\system32\cache329\B_329_2_1_561100.gif
c:\windows\system32\cache329\B_329_2_1_567000.htm
c:\windows\system32\cache329\B_329_2_1_567000.swf
c:\windows\system32\cache329\B_329_2_1_568200.gif
c:\windows\system32\cache329\B_329_2_1_568500.gif
c:\windows\system32\cache329\B_329_2_1_570100.gif
c:\windows\system32\cache329\B_329_2_1_581800.gif
c:\windows\system32\cache329\B_329_2_1_583000.gif
c:\windows\system32\cache329\B_329_2_1_583800.gif
c:\windows\system32\cache329\B_329_2_1_584300.gif
c:\windows\system32\cache329\B_329_2_1_584400.gif
c:\windows\system32\cache329\B_329_2_1_586700.gif
c:\windows\system32\cache329\B_329_2_1_587100.htm
c:\windows\system32\cache329\B_329_2_1_587100.swf
c:\windows\system32\cache329\B_329_2_1_590600.htm
c:\windows\system32\cache329\B_329_2_1_590600.swf
c:\windows\system32\cache329\B_329_2_1_593300.htm
c:\windows\system32\cache329\B_329_2_1_593300.swf
c:\windows\system32\cache329\B_329_2_1_593700.gif
c:\windows\system32\cache329\B_329_2_1_594200.htm
c:\windows\system32\cache329\B_329_2_1_594200.swf
c:\windows\system32\cache329\B_329_2_1_596300.gif
c:\windows\system32\cache329\B_329_2_1_596600.htm
c:\windows\system32\cache329\B_329_2_1_596600.swf
c:\windows\system32\cache329\B_329_2_1_597700.gif
c:\windows\system32\cache329\B_329_2_1_603100.GIF
c:\windows\system32\cache329\B_329_2_1_604400.htm
c:\windows\system32\cache329\B_329_2_1_604400.swf
c:\windows\system32\cache329\B_329_2_1_604600.htm
c:\windows\system32\cache329\B_329_2_1_604600.swf
c:\windows\system32\cache329\B_329_2_1_608100.gif
c:\windows\system32\cache329\B_329_2_1_611500.gif
c:\windows\system32\cache329\B_329_2_1_611700.gif
c:\windows\system32\cache329\B_329_2_1_612300.gif
c:\windows\system32\cache329\B_329_2_1_612900.gif
c:\windows\system32\cache329\B_329_2_1_613200.gif
c:\windows\system32\cache329\B_329_2_1_613300.gif
c:\windows\system32\cache329\B_329_2_1_613400.gif
c:\windows\system32\cache329\B_329_2_1_613500.gif
c:\windows\system32\cache329\B_329_2_1_619800.htm
c:\windows\system32\cache329\B_329_2_1_619800.swf
c:\windows\system32\cache329\B_329_2_1_620300.htm
c:\windows\system32\cache329\B_329_2_1_620300.swf
c:\windows\system32\cache329\B_329_2_1_620400.gif
c:\windows\system32\cache329\B_329_2_1_624100.GIF
c:\windows\system32\cache329\B_329_2_1_624200.htm
c:\windows\system32\cache329\B_329_2_1_624200.swf
c:\windows\system32\cache329\B_329_2_1_630200.GIF
c:\windows\system32\cache329\B_329_2_1_630800.htm
c:\windows\system32\cache329\B_329_2_1_630800.swf
c:\windows\system32\cache329\B_329_2_1_631000.gif
c:\windows\system32\cache329\B_329_2_1_631100.htm
c:\windows\system32\cache329\B_329_2_1_631100.swf
c:\windows\system32\cache329\B_329_2_1_632200.htm
c:\windows\system32\cache329\B_329_2_1_632200.swf
c:\windows\system32\cache329\B_329_2_1_636600.gif
c:\windows\system32\cache329\B_329_2_1_636700.gif
c:\windows\system32\cache329\B_329_2_1_636800.gif
c:\windows\system32\cache329\B_329_2_1_637700.gif
c:\windows\system32\cache329\B_329_2_1_638000.gif
c:\windows\system32\cache329\B_329_2_1_638100.gif
c:\windows\system32\cache329\B_329_2_1_641400.gif
c:\windows\system32\cache329\B_329_2_1_654300.GIF
c:\windows\system32\cache329\B_329_2_1_655100.gif
c:\windows\system32\cache329\B_329_2_1_662300.gif
c:\windows\system32\cache329\B_329_2_1_667000.gif
c:\windows\system32\cache329\B_329_2_1_679300.GIF
c:\windows\system32\cache329\B_329_2_1_680900.GIF
c:\windows\system32\cache329\B_329_2_1_682100.gif
c:\windows\system32\cache329\B_329_2_1_689300.gif
c:\windows\system32\cache329\B_329_2_1_690000.gif
c:\windows\system32\cache329\B_329_2_1_691200.GIF
c:\windows\system32\cache329\B_329_2_1_691800.gif
c:\windows\system32\cache329\B_329_2_1_693100.gif
c:\windows\system32\cache329\B_329_2_1_694200.GIF
c:\windows\system32\cache329\B_329_2_1_699200.gif
c:\windows\system32\cache329\B_329_2_1_700000.gif
c:\windows\system32\cache329\B_329_2_1_703700.gif
c:\windows\system32\cache329\B_329_2_1_705100.gif
c:\windows\system32\cache329\B_329_2_1_707600.gif
c:\windows\system32\cache329\B_329_2_1_718500.gif
c:\windows\system32\cache329\B_329_2_1_722700.GIF
c:\windows\system32\cache329\B_329_2_1_724200.GIF
c:\windows\system32\cache329\B_329_2_1_725200.gif
c:\windows\system32\cache329\B_329_2_1_725600.GIF
c:\windows\system32\cache329\B_329_2_1_725700.GIF
c:\windows\system32\cache329\B_329_2_1_726100.gif
c:\windows\system32\cache329\B_329_2_1_727900.GIF
c:\windows\system32\cache329\B_329_2_1_729700.gif
c:\windows\system32\cache329\B_329_2_1_733200.gif
c:\windows\system32\cache329\B_329_2_1_733900.gif
c:\windows\system32\cache329\B_329_2_1_734000.gif
c:\windows\system32\cache329\B_329_2_1_740000.GIF
c:\windows\system32\cache329\B_329_2_1_740100.GIF
c:\windows\system32\cache329\B_329_2_1_740200.GIF
c:\windows\system32\cache329\B_329_2_1_741800.GIF
c:\windows\system32\cache329\B_329_2_1_742400.GIF
c:\windows\system32\cache329\B_329_2_1_779200.GIF
c:\windows\system32\cache329\B_329_2_1_779600.GIF
c:\windows\system32\cache329\B_329_2_1_780400.GIF
c:\windows\system32\cache329\B_329_2_1_794500.GIF
c:\windows\system32\cache329\B_329_2_1_796700.GIF
c:\windows\system32\cache329\B_329_2_1_799000.GIF
c:\windows\system32\cache329\B_329_2_2_256700.gif
c:\windows\system32\cache329\B_329_2_2_284800.gif
c:\windows\system32\cache329\B_329_2_2_404800.gif
c:\windows\system32\cache329\B_329_2_2_407800.gif
c:\windows\system32\cache329\B_329_2_2_408400.gif
c:\windows\system32\cache329\B_329_2_2_480200.gif
c:\windows\system32\cache329\B_329_2_2_501000.gif
c:\windows\system32\cache329\B_329_2_2_501600.gif
c:\windows\system32\cache329\B_329_2_2_501600.htm
c:\windows\system32\cache329\B_329_2_2_501600.swf
c:\windows\system32\cache329\B_329_2_2_501900.htm
c:\windows\system32\cache329\B_329_2_2_501900.swf
c:\windows\system32\cache329\B_329_2_2_504500.htm
c:\windows\system32\cache329\B_329_2_2_504500.jpg
c:\windows\system32\cache329\B_329_2_2_504800.gif
c:\windows\system32\cache329\B_329_2_2_506300.gif
c:\windows\system32\cache329\B_329_2_2_506500.gif
c:\windows\system32\cache329\B_329_2_2_506700.gif
c:\windows\system32\cache329\B_329_2_2_506900.GIF
c:\windows\system32\cache329\B_329_2_2_507000.gif
c:\windows\system32\cache329\B_329_2_2_507100.GIF
c:\windows\system32\cache329\B_329_2_2_507100.htm
c:\windows\system32\cache329\B_329_2_2_507100.swf
c:\windows\system32\cache329\B_329_2_2_508200.gif
c:\windows\system32\cache329\B_329_2_2_521100.gif
c:\windows\system32\cache329\B_329_2_2_522200.gif
c:\windows\system32\cache329\B_329_2_2_523500.htm
c:\windows\system32\cache329\B_329_2_2_523500.swf
c:\windows\system32\cache329\B_329_2_2_523900.gif
c:\windows\system32\cache329\B_329_2_2_526100.gif
c:\windows\system32\cache329\B_329_2_2_528600.gif
c:\windows\system32\cache329\B_329_2_2_529600.htm
c:\windows\system32\cache329\B_329_2_2_529600.swf
c:\windows\system32\cache329\B_329_2_2_532000.gif
c:\windows\system32\cache329\B_329_2_2_534500.gif
c:\windows\system32\cache329\B_329_2_2_535900.gif
c:\windows\system32\cache329\B_329_2_2_536400.gif
c:\windows\system32\cache329\B_329_2_2_537200.htm
c:\windows\system32\cache329\B_329_2_2_537200.swf
c:\windows\system32\cache329\B_329_2_2_538700.htm
c:\windows\system32\cache329\B_329_2_2_538700.swf
c:\windows\system32\cache329\B_329_2_2_540900.gif
c:\windows\system32\cache329\B_329_2_2_541600.gif
c:\windows\system32\cache329\B_329_2_2_542400.gif
c:\windows\system32\cache329\B_329_2_2_542700.gif
c:\windows\system32\cache329\B_329_2_2_543200.gif
c:\windows\system32\cache329\B_329_2_2_543600.htm
c:\windows\system32\cache329\B_329_2_2_543600.swf
c:\windows\system32\cache329\B_329_2_2_544100.htm
c:\windows\system32\cache329\B_329_2_2_544100.swf
c:\windows\system32\cache329\B_329_2_2_544600.gif
c:\windows\system32\cache329\B_329_2_2_546600.htm
c:\windows\system32\cache329\B_329_2_2_546600.swf
c:\windows\system32\cache329\B_329_2_2_547400.gif
c:\windows\system32\cache329\B_329_2_2_550500.htm
c:\windows\system32\cache329\B_329_2_2_550500.swf
c:\windows\system32\cache329\B_329_2_2_551100.gif
c:\windows\system32\cache329\B_329_2_2_554200.gif
c:\windows\system32\cache329\B_329_2_2_554800.gif
c:\windows\system32\cache329\B_329_2_2_560200.gif
c:\windows\system32\cache329\B_329_2_2_560700.gif
c:\windows\system32\cache329\B_329_2_2_560800.gif
c:\windows\system32\cache329\B_329_2_2_577900.gif
c:\windows\system32\cache329\B_329_2_2_580700.gif
c:\windows\system32\cache329\B_329_2_2_584300.gif
c:\windows\system32\cache329\B_329_2_2_584400.gif
c:\windows\system32\cache329\B_329_2_2_590800.gif
c:\windows\system32\cache329\B_329_2_2_595700.gif
c:\windows\system32\cache329\B_329_2_2_596300.gif
c:\windows\system32\cache329\B_329_2_2_596500.htm
c:\windows\system32\cache329\B_329_2_2_596500.swf
c:\windows\system32\cache329\B_329_2_2_596600.htm
c:\windows\system32\cache329\B_329_2_2_596600.swf
c:\windows\system32\cache329\B_329_2_2_597000.gif
c:\windows\system32\cache329\B_329_2_2_597100.gif
c:\windows\system32\cache329\B_329_2_2_597200.gif
c:\windows\system32\cache329\B_329_2_2_597200.htm
c:\windows\system32\cache329\B_329_2_2_597200.swf
c:\windows\system32\cache329\B_329_2_2_597300.gif
c:\windows\system32\cache329\B_329_2_2_597800.gif
c:\windows\system32\cache329\B_329_2_2_602100.htm
c:\windows\system32\cache329\B_329_2_2_602100.swf
c:\windows\system32\cache329\B_329_2_2_608100.gif
c:\windows\system32\cache329\B_329_2_2_609600.gif
c:\windows\system32\cache329\B_329_2_2_610000.gif
c:\windows\system32\cache329\B_329_2_2_611000.htm
c:\windows\system32\cache329\B_329_2_2_611000.swf
c:\windows\system32\cache329\B_329_2_2_611700.GIF
c:\windows\system32\cache329\B_329_2_2_612300.gif
c:\windows\system32\cache329\B_329_2_2_612900.gif
c:\windows\system32\cache329\B_329_2_2_613000.gif
c:\windows\system32\cache329\B_329_2_2_613200.gif
c:\windows\system32\cache329\B_329_2_2_613300.gif
c:\windows\system32\cache329\B_329_2_2_613400.gif
c:\windows\system32\cache329\B_329_2_2_613500.gif
c:\windows\system32\cache329\B_329_2_2_619500.gif
c:\windows\system32\cache329\B_329_2_2_620500.gif
c:\windows\system32\cache329\B_329_2_2_621000.gif
c:\windows\system32\cache329\B_329_2_2_621100.gif
c:\windows\system32\cache329\B_329_2_2_621500.gif
c:\windows\system32\cache329\B_329_2_2_622100.gif
c:\windows\system32\cache329\B_329_2_2_623400.gif
c:\windows\system32\cache329\B_329_2_2_625000.htm
c:\windows\system32\cache329\B_329_2_2_625000.swf
c:\windows\system32\cache329\B_329_2_2_630100.gif
c:\windows\system32\cache329\B_329_2_2_630500.GIF
c:\windows\system32\cache329\B_329_2_2_632200.htm
c:\windows\system32\cache329\B_329_2_2_632200.swf
c:\windows\system32\cache329\B_329_2_2_634900.gif
c:\windows\system32\cache329\B_329_2_2_636400.GIF
c:\windows\system32\cache329\B_329_2_2_636600.gif
c:\windows\system32\cache329\B_329_2_2_636700.gif
c:\windows\system32\cache329\B_329_2_2_636800.gif
c:\windows\system32\cache329\B_329_2_2_637700.gif
c:\windows\system32\cache329\B_329_2_2_645500.GIF
c:\windows\system32\cache329\B_329_2_2_648300.htm
c:\windows\system32\cache329\B_329_2_2_650500.htm
c:\windows\system32\cache329\B_329_2_2_650500.swf
c:\windows\system32\cache329\B_329_2_2_653800.gif
c:\windows\system32\cache329\B_329_2_2_657800.gif
c:\windows\system32\cache329\B_329_2_2_662300.gif
c:\windows\system32\cache329\B_329_2_2_662400.GIF
c:\windows\system32\cache329\B_329_2_2_663000.GIF
c:\windows\system32\cache329\B_329_2_2_663100.GIF
c:\windows\system32\cache329\B_329_2_2_663300.GIF
c:\windows\system32\cache329\B_329_2_2_664100.gif
c:\windows\system32\cache329\B_329_2_2_664300.GIF
c:\windows\system32\cache329\B_329_2_2_667000.gif
c:\windows\system32\cache329\B_329_2_2_676700.gif
c:\windows\system32\cache329\B_329_2_2_679000.gif
c:\windows\system32\cache329\B_329_2_2_682100.gif
c:\windows\system32\cache329\B_329_2_2_700000.gif
c:\windows\system32\cache329\B_329_2_2_724700.gif
c:\windows\system32\cache329\B_329_2_2_725700.gif
c:\windows\system32\cache329\B_329_2_2_725900.gif
c:\windows\system32\cache329\B_329_2_2_726100.gif
c:\windows\system32\cache329\B_329_2_2_726200.gif
c:\windows\system32\cache329\B_329_2_2_737100.gif
c:\windows\system32\cache329\B_329_2_2_742500.GIF
c:\windows\system32\cache329\B_329_2_2_746000.GIF
c:\windows\system32\cache329\B_329_2_2_756400.gif
c:\windows\system32\cache329\B_329_2_2_770300.GIF
c:\windows\system32\cache329\B_329_2_2_770400.GIF
c:\windows\system32\cache329\B_329_2_2_770500.GIF
c:\windows\system32\cache329\B_329_2_2_770700.GIF
c:\windows\system32\cache329\B_329_2_3_256600.htm
c:\windows\system32\cache329\B_329_2_3_256600.swf
c:\windows\system32\cache329\B_329_2_3_264100.htm
c:\windows\system32\cache329\B_329_2_3_264100.swf
c:\windows\system32\cache329\B_329_2_3_284800.gif
c:\windows\system32\cache329\B_329_2_3_312500.htm
c:\windows\system32\cache329\B_329_2_3_312500.swf
c:\windows\system32\cache329\B_329_2_3_404800.gif
c:\windows\system32\cache329\B_329_2_3_408200.gif
c:\windows\system32\cache329\B_329_2_3_480200.gif
c:\windows\system32\cache329\B_329_2_3_482700.gif
c:\windows\system32\cache329\B_329_2_3_486000.gif
c:\windows\system32\cache329\B_329_2_3_513800.gif
c:\windows\system32\cache329\B_329_2_3_517800.gif
c:\windows\system32\cache329\B_329_2_3_526400.htm
c:\windows\system32\cache329\B_329_2_3_526400.jpg
c:\windows\system32\cache329\B_329_2_3_539000.gif
c:\windows\system32\cache329\B_329_2_3_560200.gif
c:\windows\system32\cache329\B_329_2_3_560800.gif
c:\windows\system32\cache329\B_329_2_3_572800.gif
c:\windows\system32\cache329\B_329_2_3_574300.gif
c:\windows\system32\cache329\B_329_2_3_585000.htm
c:\windows\system32\cache329\B_329_2_3_585000.swf
c:\windows\system32\cache329\B_329_2_3_588600.htm
c:\windows\system32\cache329\B_329_2_3_588600.swf
c:\windows\system32\cache329\B_329_2_3_668600.gif
c:\windows\system32\cache329\B_329_2_3_668800.gif
c:\windows\system32\cache329\B_329_2_3_671400.gif
c:\windows\system32\cache329\B_329_2_3_707600.gif
c:\windows\system32\cache329\B_329_2_3_726000.gif
c:\windows\system32\cache329\B_329_2_4_315900.htm
c:\windows\system32\cache329\B_329_2_4_315900.jpg
c:\windows\system32\cache329\B_329_2_4_407800.gif
c:\windows\system32\cache329\B_329_2_4_408200.gif
c:\windows\system32\cache329\B_329_2_4_408400.gif
c:\windows\system32\cache329\B_329_2_4_624200.htm
c:\windows\system32\cache329\B_329_2_4_624200.swf
c:\windows\system32\cache329\B_329_3_0_105300.htm
c:\windows\system32\cache329\B_329_3_0_106800.htm
c:\windows\system32\cache329\B_329_3_0_107400.htm
c:\windows\system32\cache329\B_329_3_0_256700.gif
c:\windows\system32\cache329\B_329_3_0_412100.htm
c:\windows\system32\cache329\B_329_3_0_412100.swf
c:\windows\system32\cache329\B_329_3_0_412200.htm
c:\windows\system32\cache329\B_329_3_0_412200.swf
c:\windows\system32\cache329\B_329_3_0_446700.htm
c:\windows\system32\cache329\B_329_3_0_446800.htm
c:\windows\system32\cache329\B_329_3_0_446900.htm
c:\windows\system32\cache329\B_329_3_0_479500.gif
c:\windows\system32\cache329\B_329_3_0_479800.gif
c:\windows\system32\cache329\B_329_3_0_603200.GIF
c:\windows\system32\cache329\B_329_3_1_395300.gif
c:\windows\system32\cache329\B_329_3_1_411700.gif
c:\windows\system32\cache329\B_329_3_1_411800.htm
c:\windows\system32\cache329\B_329_3_1_411800.swf
c:\windows\system32\cache329\B_329_3_1_411900.htm
c:\windows\system32\cache329\B_329_3_1_411900.swf
c:\windows\system32\cache329\B_329_3_1_412000.htm
c:\windows\system32\cache329\B_329_3_1_412000.swf
c:\windows\system32\cache329\B_329_3_1_412100.htm
c:\windows\system32\cache329\B_329_3_1_412100.swf
c:\windows\system32\cache329\B_329_3_1_412200.htm
c:\windows\system32\cache329\B_329_3_1_412200.swf
c:\windows\system32\cache329\B_329_3_1_500800.htm
c:\windows\system32\cache329\B_329_3_1_500800.swf
c:\windows\system32\cache329\B_329_3_1_502100.htm
c:\windows\system32\cache329\B_329_3_1_502100.swf
c:\windows\system32\cache329\B_329_3_1_502600.htm
c:\windows\system32\cache329\B_329_3_1_502600.swf
c:\windows\system32\cache329\B_329_3_1_503600.gif
c:\windows\system32\cache329\B_329_3_1_504000.gif
c:\windows\system32\cache329\B_329_3_1_504300.htm
c:\windows\system32\cache329\B_329_3_1_504300.swf
c:\windows\system32\cache329\B_329_3_1_504800.gif
c:\windows\system32\cache329\B_329_3_1_504800.htm
c:\windows\system32\cache329\B_329_3_1_504800.swf
c:\windows\system32\cache329\B_329_3_1_505700.gif
c:\windows\system32\cache329\B_329_3_1_506700.gif
c:\windows\system32\cache329\B_329_3_1_507000.gif
c:\windows\system32\cache329\B_329_3_1_517200.gif
c:\windows\system32\cache329\B_329_3_1_517500.gif
c:\windows\system32\cache329\B_329_3_1_518500.htm
c:\windows\system32\cache329\B_329_3_1_520300.htm
c:\windows\system32\cache329\B_329_3_1_520900.gif
c:\windows\system32\cache329\B_329_3_1_525600.GIF
c:\windows\system32\cache329\B_329_3_1_526400.gif
c:\windows\system32\cache329\B_329_3_1_527000.htm
c:\windows\system32\cache329\B_329_3_1_527000.swf
c:\windows\system32\cache329\B_329_3_1_531500.GIF
c:\windows\system32\cache329\B_329_3_1_534500.gif
c:\windows\system32\cache329\B_329_3_1_535900.gif
c:\windows\system32\cache329\B_329_3_1_536400.gif
c:\windows\system32\cache329\B_329_3_1_537200.htm
c:\windows\system32\cache329\B_329_3_1_537200.swf
c:\windows\system32\cache329\B_329_3_1_537500.GIF
c:\windows\system32\cache329\B_329_3_1_538100.htm
c:\windows\system32\cache329\B_329_3_1_538100.swf
c:\windows\system32\cache329\B_329_3_1_538700.htm
c:\windows\system32\cache329\B_329_3_1_538700.swf
c:\windows\system32\cache329\B_329_3_1_542100.gif
c:\windows\system32\cache329\B_329_3_1_546900.htm
c:\windows\system32\cache329\B_329_3_1_546900.swf
c:\windows\system32\cache329\B_329_3_1_547800.gif
c:\windows\system32\cache329\B_329_3_1_549100.htm
c:\windows\system32\cache329\B_329_3_1_549100.swf
c:\windows\system32\cache329\B_329_3_1_550500.htm
c:\windows\system32\cache329\B_329_3_1_550500.swf
c:\windows\system32\cache329\B_329_3_1_552700.gif
c:\windows\system32\cache329\B_329_3_1_557800.htm
c:\windows\system32\cache329\B_329_3_1_560800.gif
c:\windows\system32\cache329\B_329_3_1_561100.gif
c:\windows\system32\cache329\B_329_3_1_567000.htm
c:\windows\system32\cache329\B_329_3_1_567000.swf
c:\windows\system32\cache329\B_329_3_1_570100.gif
c:\windows\system32\cache329\B_329_3_1_583000.gif
c:\windows\system32\cache329\B_329_3_1_583800.gif
c:\windows\system32\cache329\B_329_3_1_584300.gif
c:\windows\system32\cache329\B_329_3_1_584400.gif
c:\windows\system32\cache329\B_329_3_1_586700.gif
c:\windows\system32\cache329\B_329_3_1_590600.htm
c:\windows\system32\cache329\B_329_3_1_590600.swf
c:\windows\system32\cache329\B_329_3_1_594200.htm
c:\windows\system32\cache329\B_329_3_1_594200.swf
c:\windows\system32\cache329\B_329_3_1_596300.gif
c:\windows\system32\cache329\B_329_3_1_596600.htm
c:\windows\system32\cache329\B_329_3_1_596600.swf
c:\windows\system32\cache329\B_329_3_1_603100.GIF
c:\windows\system32\cache329\B_329_3_1_604400.htm
c:\windows\system32\cache329\B_329_3_1_604400.swf
c:\windows\system32\cache329\B_329_3_1_604600.htm
c:\windows\system32\cache329\B_329_3_1_604600.swf

someonehelp
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-07-31
OS OS : xp
Points Points : 23548
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by someonehelp on 18th August 2010, 6:43 pm


c:\windows\system32\cache329\B_329_3_1_608100.gif
c:\windows\system32\cache329\B_329_3_1_612300.gif
c:\windows\system32\cache329\B_329_3_1_612900.gif
c:\windows\system32\cache329\B_329_3_1_613000.gif
c:\windows\system32\cache329\B_329_3_1_613200.gif
c:\windows\system32\cache329\B_329_3_1_613300.gif
c:\windows\system32\cache329\B_329_3_1_613400.gif
c:\windows\system32\cache329\B_329_3_1_613500.gif
c:\windows\system32\cache329\B_329_3_1_619800.htm
c:\windows\system32\cache329\B_329_3_1_619800.swf
c:\windows\system32\cache329\B_329_3_1_620400.gif
c:\windows\system32\cache329\B_329_3_1_624100.GIF
c:\windows\system32\cache329\B_329_3_1_624200.htm
c:\windows\system32\cache329\B_329_3_1_624200.swf
c:\windows\system32\cache329\B_329_3_1_630700.htm
c:\windows\system32\cache329\B_329_3_1_630700.swf
c:\windows\system32\cache329\B_329_3_1_630800.htm
c:\windows\system32\cache329\B_329_3_1_630800.swf
c:\windows\system32\cache329\B_329_3_1_630900.htm
c:\windows\system32\cache329\B_329_3_1_630900.swf
c:\windows\system32\cache329\B_329_3_1_631100.htm
c:\windows\system32\cache329\B_329_3_1_631100.swf
c:\windows\system32\cache329\B_329_3_1_632200.htm
c:\windows\system32\cache329\B_329_3_1_632200.swf
c:\windows\system32\cache329\B_329_3_1_636600.gif
c:\windows\system32\cache329\B_329_3_1_636700.gif
c:\windows\system32\cache329\B_329_3_1_636800.gif
c:\windows\system32\cache329\B_329_3_1_637700.gif
c:\windows\system32\cache329\B_329_3_1_638000.gif
c:\windows\system32\cache329\B_329_3_1_638100.gif
c:\windows\system32\cache329\B_329_3_1_641400.gif
c:\windows\system32\cache329\B_329_3_1_654300.GIF
c:\windows\system32\cache329\B_329_3_1_662300.gif
c:\windows\system32\cache329\B_329_3_1_667000.gif
c:\windows\system32\cache329\B_329_3_1_679300.GIF
c:\windows\system32\cache329\B_329_3_1_680900.GIF
c:\windows\system32\cache329\B_329_3_1_689300.gif
c:\windows\system32\cache329\B_329_3_1_691200.GIF
c:\windows\system32\cache329\B_329_3_1_691800.gif
c:\windows\system32\cache329\B_329_3_1_693100.gif
c:\windows\system32\cache329\B_329_3_1_694200.GIF
c:\windows\system32\cache329\B_329_3_1_699200.gif
c:\windows\system32\cache329\B_329_3_1_705100.gif
c:\windows\system32\cache329\B_329_3_1_707600.gif
c:\windows\system32\cache329\B_329_3_1_718500.gif
c:\windows\system32\cache329\B_329_3_1_722700.GIF
c:\windows\system32\cache329\B_329_3_1_724200.GIF
c:\windows\system32\cache329\B_329_3_1_725600.GIF
c:\windows\system32\cache329\B_329_3_1_725700.GIF
c:\windows\system32\cache329\B_329_3_1_733900.gif
c:\windows\system32\cache329\B_329_3_1_734000.gif
c:\windows\system32\cache329\B_329_3_1_740100.GIF
c:\windows\system32\cache329\B_329_3_1_741800.GIF
c:\windows\system32\cache329\B_329_3_1_742400.GIF
c:\windows\system32\cache329\B_329_3_1_779200.GIF
c:\windows\system32\cache329\B_329_3_1_780400.GIF
c:\windows\system32\cache329\B_329_3_1_794500.GIF
c:\windows\system32\cache329\B_329_3_1_796700.GIF
c:\windows\system32\cache329\B_329_3_1_799000.GIF
c:\windows\system32\cache329\B_329_3_2_256700.gif
c:\windows\system32\cache329\B_329_3_2_284800.gif
c:\windows\system32\cache329\B_329_3_2_404800.gif
c:\windows\system32\cache329\B_329_3_2_407800.gif
c:\windows\system32\cache329\B_329_3_2_480200.gif
c:\windows\system32\cache329\B_329_3_2_501000.gif
c:\windows\system32\cache329\B_329_3_2_501600.gif
c:\windows\system32\cache329\B_329_3_2_501600.htm
c:\windows\system32\cache329\B_329_3_2_501600.swf
c:\windows\system32\cache329\B_329_3_2_501900.htm
c:\windows\system32\cache329\B_329_3_2_501900.swf
c:\windows\system32\cache329\B_329_3_2_504500.htm
c:\windows\system32\cache329\B_329_3_2_504500.jpg
c:\windows\system32\cache329\B_329_3_2_506100.gif
c:\windows\system32\cache329\B_329_3_2_506300.gif
c:\windows\system32\cache329\B_329_3_2_506500.gif
c:\windows\system32\cache329\B_329_3_2_506700.gif
c:\windows\system32\cache329\B_329_3_2_506900.GIF
c:\windows\system32\cache329\B_329_3_2_507000.gif
c:\windows\system32\cache329\B_329_3_2_507100.GIF
c:\windows\system32\cache329\B_329_3_2_522200.gif
c:\windows\system32\cache329\B_329_3_2_523500.htm
c:\windows\system32\cache329\B_329_3_2_523500.swf
c:\windows\system32\cache329\B_329_3_2_526100.gif
c:\windows\system32\cache329\B_329_3_2_528600.gif
c:\windows\system32\cache329\B_329_3_2_532000.gif
c:\windows\system32\cache329\B_329_3_2_534500.gif
c:\windows\system32\cache329\B_329_3_2_535900.gif
c:\windows\system32\cache329\B_329_3_2_537200.htm
c:\windows\system32\cache329\B_329_3_2_537200.swf
c:\windows\system32\cache329\B_329_3_2_538100.htm
c:\windows\system32\cache329\B_329_3_2_538100.swf
c:\windows\system32\cache329\B_329_3_2_540900.gif
c:\windows\system32\cache329\B_329_3_2_544600.gif
c:\windows\system32\cache329\B_329_3_2_547800.gif
c:\windows\system32\cache329\B_329_3_2_554200.gif
c:\windows\system32\cache329\B_329_3_2_554800.gif
c:\windows\system32\cache329\B_329_3_2_558400.gif
c:\windows\system32\cache329\B_329_3_2_560200.gif
c:\windows\system32\cache329\B_329_3_2_560700.gif
c:\windows\system32\cache329\B_329_3_2_560800.gif
c:\windows\system32\cache329\B_329_3_2_577900.gif
c:\windows\system32\cache329\B_329_3_2_580700.gif
c:\windows\system32\cache329\B_329_3_2_584300.gif
c:\windows\system32\cache329\B_329_3_2_584400.gif
c:\windows\system32\cache329\B_329_3_2_590800.gif
c:\windows\system32\cache329\B_329_3_2_594200.htm
c:\windows\system32\cache329\B_329_3_2_594200.swf
c:\windows\system32\cache329\B_329_3_2_596300.gif
c:\windows\system32\cache329\B_329_3_2_596600.htm
c:\windows\system32\cache329\B_329_3_2_596600.swf
c:\windows\system32\cache329\B_329_3_2_597300.gif
c:\windows\system32\cache329\B_329_3_2_608100.gif
c:\windows\system32\cache329\B_329_3_2_611700.GIF
c:\windows\system32\cache329\B_329_3_2_612300.gif
c:\windows\system32\cache329\B_329_3_2_612900.gif
c:\windows\system32\cache329\B_329_3_2_613000.gif
c:\windows\system32\cache329\B_329_3_2_613200.gif
c:\windows\system32\cache329\B_329_3_2_613300.gif
c:\windows\system32\cache329\B_329_3_2_613400.gif
c:\windows\system32\cache329\B_329_3_2_613500.gif
c:\windows\system32\cache329\B_329_3_2_619500.gif
c:\windows\system32\cache329\B_329_3_2_621500.gif
c:\windows\system32\cache329\B_329_3_2_622100.gif
c:\windows\system32\cache329\B_329_3_2_623400.gif
c:\windows\system32\cache329\B_329_3_2_625000.htm
c:\windows\system32\cache329\B_329_3_2_625000.swf
c:\windows\system32\cache329\B_329_3_2_630100.gif
c:\windows\system32\cache329\B_329_3_2_630500.GIF
c:\windows\system32\cache329\B_329_3_2_632200.htm
c:\windows\system32\cache329\B_329_3_2_632200.swf
c:\windows\system32\cache329\B_329_3_2_634900.gif
c:\windows\system32\cache329\B_329_3_2_636400.GIF
c:\windows\system32\cache329\B_329_3_2_636600.gif
c:\windows\system32\cache329\B_329_3_2_636700.gif
c:\windows\system32\cache329\B_329_3_2_636800.gif
c:\windows\system32\cache329\B_329_3_2_637700.gif
c:\windows\system32\cache329\B_329_3_2_645500.GIF
c:\windows\system32\cache329\B_329_3_2_657800.gif
c:\windows\system32\cache329\B_329_3_2_662300.gif
c:\windows\system32\cache329\B_329_3_2_662400.GIF
c:\windows\system32\cache329\B_329_3_2_663000.GIF
c:\windows\system32\cache329\B_329_3_2_663100.GIF
c:\windows\system32\cache329\B_329_3_2_663300.GIF
c:\windows\system32\cache329\B_329_3_2_664100.gif
c:\windows\system32\cache329\B_329_3_2_664300.GIF
c:\windows\system32\cache329\B_329_3_2_676700.gif
c:\windows\system32\cache329\B_329_3_2_679000.gif
c:\windows\system32\cache329\B_329_3_2_724700.gif
c:\windows\system32\cache329\B_329_3_2_725800.gif
c:\windows\system32\cache329\B_329_3_2_726200.gif
c:\windows\system32\cache329\B_329_3_2_737100.gif
c:\windows\system32\cache329\B_329_3_2_742500.GIF
c:\windows\system32\cache329\B_329_3_2_746000.GIF
c:\windows\system32\cache329\B_329_3_2_756400.gif
c:\windows\system32\cache329\B_329_3_2_770300.GIF
c:\windows\system32\cache329\B_329_3_2_770400.GIF
c:\windows\system32\cache329\B_329_3_2_770500.GIF
c:\windows\system32\cache329\B_329_3_2_770700.GIF
c:\windows\system32\cache329\B_329_3_3_256600.htm
c:\windows\system32\cache329\B_329_3_3_256600.swf
c:\windows\system32\cache329\B_329_3_3_264100.htm
c:\windows\system32\cache329\B_329_3_3_264100.swf
c:\windows\system32\cache329\B_329_3_3_312500.htm
c:\windows\system32\cache329\B_329_3_3_312500.swf
c:\windows\system32\cache329\B_329_3_3_404800.gif
c:\windows\system32\cache329\B_329_3_3_480200.gif
c:\windows\system32\cache329\B_329_3_3_482700.gif
c:\windows\system32\cache329\B_329_3_3_486000.gif
c:\windows\system32\cache329\B_329_3_3_495800.htm
c:\windows\system32\cache329\B_329_3_3_513800.gif
c:\windows\system32\cache329\B_329_3_3_517800.gif
c:\windows\system32\cache329\B_329_3_3_534000.gif
c:\windows\system32\cache329\B_329_3_3_539000.gif
c:\windows\system32\cache329\B_329_3_3_556200.gif
c:\windows\system32\cache329\B_329_3_3_560200.gif
c:\windows\system32\cache329\B_329_3_3_560800.gif
c:\windows\system32\cache329\B_329_3_3_565200.htm
c:\windows\system32\cache329\B_329_3_3_565200.swf
c:\windows\system32\cache329\B_329_3_3_565800.htm
c:\windows\system32\cache329\B_329_3_3_565800.swf
c:\windows\system32\cache329\B_329_3_3_568000.htm
c:\windows\system32\cache329\B_329_3_3_568000.swf
c:\windows\system32\cache329\B_329_3_3_568400.htm
c:\windows\system32\cache329\B_329_3_3_568400.swf
c:\windows\system32\cache329\B_329_3_3_572800.gif
c:\windows\system32\cache329\B_329_3_3_574300.gif
c:\windows\system32\cache329\B_329_3_3_668600.gif
c:\windows\system32\cache329\B_329_3_3_668800.gif
c:\windows\system32\cache329\B_329_3_3_671400.gif
c:\windows\system32\cache329\B_329_3_3_707600.gif
c:\windows\system32\cache329\B_329_3_3_726000.gif
c:\windows\system32\cache329\B_329_3_4_315900.htm
c:\windows\system32\cache329\B_329_3_4_315900.jpg
c:\windows\system32\cache329\B_329_3_4_407800.gif
c:\windows\system32\cache329\B_329_3_4_408200.gif
c:\windows\system32\cache329\B_329_3_4_408400.gif
c:\windows\system32\cache329\B_329_3_4_800100.htm
c:\windows\system32\cache329\B_329_4_0_111600.htm
c:\windows\system32\cache329\B_329_4_0_152400.htm
c:\windows\system32\cache329\B_329_4_0_155300.htm
c:\windows\system32\cache329\B_329_4_0_164100.htm
c:\windows\system32\cache329\B_329_4_0_221900.gif
c:\windows\system32\cache329\B_329_4_0_221900.htm
c:\windows\system32\cache329\B_329_4_0_240300.gif
c:\windows\system32\cache329\B_329_4_0_240300.htm
c:\windows\system32\cache329\B_329_4_0_240600.gif
c:\windows\system32\cache329\B_329_4_0_240600.htm
c:\windows\system32\cache329\B_329_4_0_302800.htm
c:\windows\system32\cache329\B_329_4_0_313600.htm
c:\windows\system32\cache329\B_329_4_0_359800.htm
c:\windows\system32\cache329\B_329_4_0_418100.htm
c:\windows\system32\cache329\B_329_4_0_418200.htm
c:\windows\system32\cache329\B_329_4_0_438700.htm
c:\windows\system32\cache329\B_329_4_0_477600.htm
c:\windows\system32\cache329\B_329_4_1_500000.htm
c:\windows\system32\cache329\B_329_4_1_500100.htm
c:\windows\system32\cache329\B_329_4_1_501000.htm
c:\windows\system32\cache329\B_329_4_1_501400.htm
c:\windows\system32\cache329\B_329_4_1_501500.htm
c:\windows\system32\cache329\B_329_4_1_501500.swf
c:\windows\system32\cache329\B_329_4_1_501800.htm
c:\windows\system32\cache329\B_329_4_1_503000.htm
c:\windows\system32\cache329\B_329_4_1_503800.htm
c:\windows\system32\cache329\B_329_4_1_504000.htm
c:\windows\system32\cache329\B_329_4_1_504000.swf
c:\windows\system32\cache329\B_329_4_1_504800.htm
c:\windows\system32\cache329\B_329_4_1_504800.swf
c:\windows\system32\cache329\B_329_4_1_505000.htm
c:\windows\system32\cache329\B_329_4_1_505100.htm
c:\windows\system32\cache329\B_329_4_1_506400.htm
c:\windows\system32\cache329\B_329_4_1_506400.swf
c:\windows\system32\cache329\B_329_4_1_507200.htm
c:\windows\system32\cache329\B_329_4_1_507800.gif
c:\windows\system32\cache329\B_329_4_1_507800.htm
c:\windows\system32\cache329\B_329_4_1_508200.htm
c:\windows\system32\cache329\B_329_4_1_508600.htm
c:\windows\system32\cache329\B_329_4_1_509800.gif
c:\windows\system32\cache329\B_329_4_1_509800.htm
c:\windows\system32\cache329\B_329_4_1_510900.htm
c:\windows\system32\cache329\B_329_4_1_511200.htm
c:\windows\system32\cache329\B_329_4_1_511200.swf
c:\windows\system32\cache329\B_329_4_1_511800.htm
c:\windows\system32\cache329\B_329_4_1_512100.gif
c:\windows\system32\cache329\B_329_4_1_512100.htm
c:\windows\system32\cache329\B_329_4_1_512900.htm
c:\windows\system32\cache329\B_329_4_1_513500.htm
c:\windows\system32\cache329\B_329_4_1_513500.swf
c:\windows\system32\cache329\B_329_4_1_515200.gif
c:\windows\system32\cache329\B_329_4_1_515200.htm
c:\windows\system32\cache329\B_329_4_1_515500.htm
c:\windows\system32\cache329\B_329_4_1_516400.gif
c:\windows\system32\cache329\B_329_4_1_516400.htm
c:\windows\system32\cache329\B_329_4_1_516700.htm
c:\windows\system32\cache329\B_329_4_1_517200.htm
c:\windows\system32\cache329\B_329_4_1_517400.htm
c:\windows\system32\cache329\B_329_4_1_517500.htm
c:\windows\system32\cache329\B_329_4_1_517600.htm
c:\windows\system32\cache329\B_329_4_1_518800.htm
c:\windows\system32\cache329\B_329_4_1_518900.htm
c:\windows\system32\cache329\B_329_4_1_519000.htm
c:\windows\system32\cache329\B_329_4_1_520300.htm
c:\windows\system32\cache329\B_329_4_1_521100.htm
c:\windows\system32\cache329\B_329_4_1_521100.jpg
c:\windows\system32\cache329\B_329_4_1_521200.gif
c:\windows\system32\cache329\B_329_4_1_521200.htm
c:\windows\system32\cache329\B_329_4_1_521600.htm
c:\windows\system32\cache329\B_329_4_1_523300.htm
c:\windows\system32\cache329\B_329_4_1_524500.htm
c:\windows\system32\cache329\B_329_4_1_525000.htm
c:\windows\system32\cache329\B_329_4_1_526100.htm
c:\windows\system32\cache329\B_329_4_1_526300.htm
c:\windows\system32\cache329\B_329_4_1_527900.htm
c:\windows\system32\cache329\B_329_4_1_527900.swf
c:\windows\system32\cache329\B_329_4_1_528400.htm
c:\windows\system32\cache329\B_329_4_1_531600.htm
c:\windows\system32\cache329\B_329_4_1_531800.htm
c:\windows\system32\cache329\B_329_4_1_532200.htm
c:\windows\system32\cache329\B_329_4_1_532300.htm
c:\windows\system32\cache329\B_329_4_1_532300.swf
c:\windows\system32\cache329\B_329_4_1_534000.gif
c:\windows\system32\cache329\B_329_4_1_534000.htm
c:\windows\system32\cache329\B_329_4_1_535600.htm
c:\windows\system32\cache329\B_329_4_1_535600.swf
c:\windows\system32\cache329\B_329_4_1_535900.htm
c:\windows\system32\cache329\B_329_4_1_538300.htm
c:\windows\system32\cache329\B_329_4_1_539600.gif
c:\windows\system32\cache329\B_329_4_1_539600.htm
c:\windows\system32\cache329\B_329_4_1_540000.gif
c:\windows\system32\cache329\B_329_4_1_540000.htm
c:\windows\system32\cache329\B_329_4_1_540100.htm
c:\windows\system32\cache329\B_329_4_1_540100.swf
c:\windows\system32\cache329\B_329_4_1_540200.htm
c:\windows\system32\cache329\B_329_4_1_540200.swf
c:\windows\system32\cache329\B_329_4_1_540800.htm
c:\windows\system32\cache329\B_329_4_1_543000.htm
c:\windows\system32\cache329\B_329_4_1_544400.htm
c:\windows\system32\cache329\B_329_4_1_545500.htm
c:\windows\system32\cache329\B_329_4_1_546500.htm
c:\windows\system32\cache329\B_329_4_1_546500.swf
c:\windows\system32\cache329\B_329_4_1_548100.htm
c:\windows\system32\cache329\B_329_4_1_548300.htm
c:\windows\system32\cache329\B_329_4_1_548700.htm
c:\windows\system32\cache329\B_329_4_1_549100.htm
c:\windows\system32\cache329\B_329_4_1_552100.htm
c:\windows\system32\cache329\B_329_4_1_552200.htm
c:\windows\system32\cache329\B_329_4_1_556300.htm
c:\windows\system32\cache329\B_329_4_1_556300.swf
c:\windows\system32\cache329\B_329_4_1_557900.htm
c:\windows\system32\cache329\B_329_4_1_558100.gif
c:\windows\system32\cache329\B_329_4_1_558100.htm
c:\windows\system32\cache329\B_329_4_1_559200.gif
c:\windows\system32\cache329\B_329_4_1_559200.htm
c:\windows\system32\cache329\B_329_4_1_561500.htm
c:\windows\system32\cache329\B_329_4_1_561500.swf
c:\windows\system32\cache329\B_329_4_1_564000.htm
c:\windows\system32\cache329\B_329_4_1_564200.htm
c:\windows\system32\cache329\B_329_4_1_565100.htm
c:\windows\system32\cache329\B_329_4_1_565200.htm
c:\windows\system32\cache329\B_329_4_1_576900.htm
c:\windows\system32\cache329\B_329_4_1_577700.htm
c:\windows\system32\cache329\B_329_4_1_578200.htm
c:\windows\system32\cache329\B_329_4_1_578400.htm
c:\windows\system32\cache329\B_329_4_1_578900.htm
c:\windows\system32\cache329\B_329_4_1_578900.swf
c:\windows\system32\cache329\B_329_4_1_579500.htm
c:\windows\system32\cache329\B_329_4_1_582000.htm
c:\windows\system32\cache329\B_329_4_1_582100.htm
c:\windows\system32\cache329\B_329_4_1_582100.swf
c:\windows\system32\cache329\B_329_4_1_582900.htm
c:\windows\system32\cache329\B_329_4_1_583200.htm
c:\windows\system32\cache329\B_329_4_1_584400.gif
c:\windows\system32\cache329\B_329_4_1_584400.htm
c:\windows\system32\cache329\B_329_4_1_585800.htm
c:\windows\system32\cache329\B_329_4_1_586500.htm
c:\windows\system32\cache329\B_329_4_1_588300.htm
c:\windows\system32\cache329\B_329_4_1_588300.swf
c:\windows\system32\cache329\B_329_4_1_592300.htm
c:\windows\system32\cache329\B_329_4_1_592300.swf
c:\windows\system32\cache329\B_329_4_1_592500.gif
c:\windows\system32\cache329\B_329_4_1_592500.htm
c:\windows\system32\cache329\B_329_4_1_595900.htm
c:\windows\system32\cache329\B_329_4_1_597400.htm
c:\windows\system32\cache329\B_329_4_1_597900.gif
c:\windows\system32\cache329\B_329_4_1_597900.htm
c:\windows\system32\cache329\B_329_4_1_598800.htm
c:\windows\system32\cache329\B_329_4_1_602200.htm
c:\windows\system32\cache329\B_329_4_1_602400.htm
c:\windows\system32\cache329\B_329_4_1_604000.htm
c:\windows\system32\cache329\B_329_4_1_605200.htm
c:\windows\system32\cache329\B_329_4_1_605300.htm
c:\windows\system32\cache329\B_329_4_1_606500.htm
c:\windows\system32\cache329\B_329_4_1_607600.htm
c:\windows\system32\cache329\B_329_4_1_609600.htm
c:\windows\system32\cache329\B_329_4_1_610100.htm
c:\windows\system32\cache329\B_329_4_1_610100.swf
c:\windows\system32\cache329\B_329_4_1_611800.htm
c:\windows\system32\cache329\B_329_4_1_614100.htm
c:\windows\system32\cache329\B_329_4_1_614200.htm
c:\windows\system32\cache329\B_329_4_1_614900.htm
c:\windows\system32\cache329\B_329_4_1_617000.gif
c:\windows\system32\cache329\B_329_4_1_617000.htm
c:\windows\system32\cache329\B_329_4_1_618200.htm
c:\windows\system32\cache329\B_329_4_1_620800.htm
c:\windows\system32\cache329\B_329_4_1_632800.gif
c:\windows\system32\cache329\B_329_4_1_632800.htm
c:\windows\system32\cache329\B_329_4_1_632900.htm
c:\windows\system32\cache329\B_329_4_1_637800.htm
c:\windows\system32\cache329\B_329_4_1_639000.htm
c:\windows\system32\cache329\B_329_4_1_640900.htm
c:\windows\system32\cache329\B_329_4_1_641300.gif
c:\windows\system32\cache329\B_329_4_1_641300.htm
c:\windows\system32\cache329\B_329_4_1_641700.gif
c:\windows\system32\cache329\B_329_4_1_641700.htm
c:\windows\system32\cache329\B_329_4_1_641900.htm
c:\windows\system32\cache329\B_329_4_1_643400.htm
c:\windows\system32\cache329\B_329_4_1_644000.htm
c:\windows\system32\cache329\B_329_4_1_647700.htm
c:\windows\system32\cache329\B_329_4_1_656900.htm
c:\windows\system32\cache329\B_329_4_1_657900.htm
c:\windows\system32\cache329\B_329_4_1_663200.htm
c:\windows\system32\cache329\B_329_4_1_665100.gif
c:\windows\system32\cache329\B_329_4_1_665100.htm
c:\windows\system32\cache329\B_329_4_1_666300.gif
c:\windows\system32\cache329\B_329_4_1_666300.htm
c:\windows\system32\cache329\B_329_4_1_666600.gif
c:\windows\system32\cache329\B_329_4_1_666600.htm
c:\windows\system32\cache329\B_329_4_1_666700.gif
c:\windows\system32\cache329\B_329_4_1_666700.htm
c:\windows\system32\cache329\B_329_4_1_667400.htm
c:\windows\system32\cache329\B_329_4_1_667400.swf
c:\windows\system32\cache329\B_329_4_1_667600.gif
c:\windows\system32\cache329\B_329_4_1_667600.htm
c:\windows\system32\cache329\B_329_4_1_673500.htm
c:\windows\system32\cache329\B_329_4_1_677300.gif
c:\windows\system32\cache329\B_329_4_1_677300.htm
c:\windows\system32\cache329\B_329_4_1_679400.htm
c:\windows\system32\cache329\B_329_4_1_679900.htm
c:\windows\system32\cache329\B_329_4_1_681600.gif
c:\windows\system32\cache329\B_329_4_1_681600.htm
c:\windows\system32\cache329\B_329_4_1_681700.htm
c:\windows\system32\cache329\B_329_4_1_684200.gif
c:\windows\system32\cache329\B_329_4_1_684200.htm
c:\windows\system32\cache329\B_329_4_1_685000.gif
c:\windows\system32\cache329\B_329_4_1_685000.htm
c:\windows\system32\cache329\B_329_4_1_685700.htm
c:\windows\system32\cache329\B_329_4_1_690300.htm
c:\windows\system32\cache329\B_329_4_1_690900.htm
c:\windows\system32\cache329\B_329_4_1_693200.htm
c:\windows\system32\cache329\B_329_4_1_693400.htm
c:\windows\system32\cache329\B_329_4_1_716200.htm
c:\windows\system32\cache329\B_329_4_1_716400.htm
c:\windows\system32\cache329\B_329_4_1_717900.gif
c:\windows\system32\cache329\B_329_4_1_717900.htm
c:\windows\system32\cache329\B_329_4_1_731900.htm
c:\windows\system32\cache329\B_329_4_1_733900.htm
c:\windows\system32\cache329\B_329_4_1_736100.htm
c:\windows\system32\cache329\B_329_4_1_738600.htm
c:\windows\system32\cache329\B_329_4_1_751100.htm
c:\windows\system32\cache329\B_329_4_1_756800.htm
c:\windows\system32\cache329\B_329_4_1_759300.gif
c:\windows\system32\cache329\B_329_4_1_759300.htm
c:\windows\system32\cache329\B_329_4_1_765000.htm
c:\windows\system32\cache329\B_329_4_1_765300.htm
c:\windows\system32\cache329\B_329_4_1_769500.htm
c:\windows\system32\cache329\B_329_4_1_775100.gif
c:\windows\system32\cache329\B_329_4_1_775100.htm
c:\windows\system32\cache329\B_329_4_1_782300.htm
c:\windows\system32\cache329\B_329_4_1_783100.htm
c:\windows\system32\cache329\B_329_4_1_785700.htm
c:\windows\system32\cache329\B_329_4_1_797800.htm
c:\windows\system32\cache329\B_329_4_2_106600.gif
c:\windows\system32\cache329\B_329_4_2_106600.htm
c:\windows\system32\cache329\B_329_4_2_500000.htm
c:\windows\system32\cache329\B_329_4_2_503500.htm
c:\windows\system32\cache329\B_329_4_2_503800.htm
c:\windows\system32\cache329\B_329_4_2_507200.htm
c:\windows\system32\cache329\B_329_4_2_508500.htm
c:\windows\system32\cache329\B_329_4_2_508600.gif
c:\windows\system32\cache329\B_329_4_2_508600.htm
c:\windows\system32\cache329\B_329_4_2_511200.htm
c:\windows\system32\cache329\B_329_4_2_511200.swf
c:\windows\system32\cache329\B_329_4_2_512200.htm
c:\windows\system32\cache329\B_329_4_2_513500.htm
c:\windows\system32\cache329\B_329_4_2_513500.swf
c:\windows\system32\cache329\B_329_4_2_519300.htm
c:\windows\system32\cache329\B_329_4_2_519900.gif
c:\windows\system32\cache329\B_329_4_2_519900.htm
c:\windows\system32\cache329\B_329_4_2_521200.htm
c:\windows\system32\cache329\B_329_4_2_522400.htm
c:\windows\system32\cache329\B_329_4_2_522400.jpg
c:\windows\system32\cache329\B_329_4_2_523700.htm
c:\windows\system32\cache329\B_329_4_2_524100.htm
c:\windows\system32\cache329\B_329_4_2_529000.htm
c:\windows\system32\cache329\B_329_4_2_530300.gif
c:\windows\system32\cache329\B_329_4_2_530300.htm
c:\windows\system32\cache329\B_329_4_2_530500.htm
c:\windows\system32\cache329\B_329_4_2_535600.htm
c:\windows\system32\cache329\B_329_4_2_535600.swf
c:\windows\system32\cache329\B_329_4_2_535800.htm
c:\windows\system32\cache329\B_329_4_2_535800.jpg
c:\windows\system32\cache329\B_329_4_2_535900.htm
c:\windows\system32\cache329\B_329_4_2_537900.htm
c:\windows\system32\cache329\B_329_4_2_537900.swf
c:\windows\system32\cache329\B_329_4_2_539600.gif
c:\windows\system32\cache329\B_329_4_2_539600.htm
c:\windows\system32\cache329\B_329_4_2_540000.gif
c:\windows\system32\cache329\B_329_4_2_540000.htm
c:\windows\system32\cache329\B_329_4_2_540100.htm
c:\windows\system32\cache329\B_329_4_2_540100.swf
c:\windows\system32\cache329\B_329_4_2_540200.htm
c:\windows\system32\cache329\B_329_4_2_540200.swf
c:\windows\system32\cache329\B_329_4_2_543300.htm
c:\windows\system32\cache329\B_329_4_2_544400.htm
c:\windows\system32\cache329\B_329_4_2_546500.htm
c:\windows\system32\cache329\B_329_4_2_546500.swf
c:\windows\system32\cache329\B_329_4_2_552000.htm
c:\windows\system32\cache329\B_329_4_2_552400.htm
c:\windows\system32\cache329\B_329_4_2_552500.htm
c:\windows\system32\cache329\B_329_4_2_553800.htm
c:\windows\system32\cache329\B_329_4_2_555600.htm
c:\windows\system32\cache329\B_329_4_2_556100.htm
c:\windows\system32\cache329\B_329_4_2_564000.htm
c:\windows\system32\cache329\B_329_4_2_565500.gif
c:\windows\system32\cache329\B_329_4_2_565500.htm
c:\windows\system32\cache329\B_329_4_2_565600.htm
c:\windows\system32\cache329\B_329_4_2_565800.htm
c:\windows\system32\cache329\B_329_4_2_566200.gif
c:\windows\system32\cache329\B_329_4_2_566200.htm
c:\windows\system32\cache329\B_329_4_2_566700.htm
c:\windows\system32\cache329\B_329_4_2_570000.htm
c:\windows\system32\cache329\B_329_4_2_574500.htm
c:\windows\system32\cache329\B_329_4_2_576400.htm
c:\windows\system32\cache329\B_329_4_2_576400.swf
c:\windows\system32\cache329\B_329_4_2_578200.htm
c:\windows\system32\cache329\B_329_4_2_579500.htm
c:\windows\system32\cache329\B_329_4_2_584500.gif
c:\windows\system32\cache329\B_329_4_2_584500.htm
c:\windows\system32\cache329\B_329_4_2_592800.gif
c:\windows\system32\cache329\B_329_4_2_592800.htm
c:\windows\system32\cache329\B_329_4_2_606500.htm
c:\windows\system32\cache329\B_329_4_2_621900.htm
c:\windows\system32\cache329\B_329_4_2_625100.htm
c:\windows\system32\cache329\B_329_4_2_632400.htm
c:\windows\system32\cache329\B_329_4_2_635300.htm
c:\windows\system32\cache329\B_329_4_2_635300.jpg
c:\windows\system32\cache329\B_329_4_2_644600.htm
c:\windows\system32\cache329\B_329_4_2_645900.htm
c:\windows\system32\cache329\B_329_4_2_647000.htm
c:\windows\system32\cache329\B_329_4_2_648600.htm
c:\windows\system32\cache329\B_329_4_2_652500.htm
c:\windows\system32\cache329\B_329_4_2_655400.htm
c:\windows\system32\cache329\B_329_4_2_655400.swf
c:\windows\system32\cache329\B_329_4_2_655500.htm
c:\windows\system32\cache329\B_329_4_2_655600.htm
c:\windows\system32\cache329\B_329_4_2_655600.swf
c:\windows\system32\cache329\B_329_4_2_663200.htm
c:\windows\system32\cache329\B_329_4_2_665100.gif
c:\windows\system32\cache329\B_329_4_2_665100.htm
c:\windows\system32\cache329\B_329_4_2_666300.gif
c:\windows\system32\cache329\B_329_4_2_666300.htm
c:\windows\system32\cache329\B_329_4_2_666600.gif
c:\windows\system32\cache329\B_329_4_2_666600.htm
c:\windows\system32\cache329\B_329_4_2_666700.gif
c:\windows\system32\cache329\B_329_4_2_666700.htm
c:\windows\system32\cache329\B_329_4_2_681600.gif
c:\windows\system32\cache329\B_329_4_2_681600.htm
c:\windows\system32\cache329\B_329_4_2_681900.gif
c:\windows\system32\cache329\B_329_4_2_681900.htm
c:\windows\system32\cache329\B_329_4_2_689900.htm
c:\windows\system32\cache329\B_329_4_2_692800.htm
c:\windows\system32\cache329\B_329_4_2_756300.htm
c:\windows\system32\cache329\B_329_4_2_800400.htm
c:\windows\system32\cache329\B_329_4_3_105900.htm
c:\windows\system32\cache329\B_329_4_3_164000.htm
c:\windows\system32\cache329\B_329_4_3_240300.gif
c:\windows\system32\cache329\B_329_4_3_240300.htm
c:\windows\system32\cache329\B_329_4_3_256800.gif
c:\windows\system32\cache329\B_329_4_3_256800.htm
c:\windows\system32\cache329\B_329_4_3_333300.gif
c:\windows\system32\cache329\B_329_4_3_333300.htm
c:\windows\system32\cache329\B_329_4_3_359800.htm
c:\windows\system32\cache329\B_329_4_3_386000.gif
c:\windows\system32\cache329\B_329_4_3_386000.htm
c:\windows\system32\cache329\B_329_4_3_388400.htm
c:\windows\system32\cache329\B_329_4_3_388400.jpg
c:\windows\system32\cache329\B_329_4_3_388500.htm
c:\windows\system32\cache329\B_329_4_3_388500.jpg
c:\windows\system32\cache329\B_329_4_3_418100.htm
c:\windows\system32\cache329\B_329_4_3_418200.htm
c:\windows\system32\cache329\B_329_4_3_438700.htm
c:\windows\system32\cache329\B_329_4_3_540200.htm
c:\windows\system32\cache329\B_329_4_3_540200.swf
c:\windows\system32\cache329\B_329_4_3_541700.htm
c:\windows\system32\cache329\B_329_4_3_547500.htm
c:\windows\system32\cache329\B_329_4_3_547500.swf
c:\windows\system32\cache329\B_329_4_3_547700.gif
c:\windows\system32\cache329\B_329_4_3_547700.htm
c:\windows\system32\cache329\B_329_4_3_547800.gif
c:\windows\system32\cache329\B_329_4_3_547800.htm
c:\windows\system32\cache329\B_329_4_3_547900.htm
c:\windows\system32\cache329\B_329_4_3_547900.swf
c:\windows\system32\cache329\B_329_4_3_548600.gif
c:\windows\system32\cache329\B_329_4_3_548600.htm
c:\windows\system32\cache329\B_329_4_3_548800.htm
c:\windows\system32\cache329\B_329_4_3_548800.swf
c:\windows\system32\cache329\B_329_4_3_553100.htm
c:\windows\system32\cache329\B_329_4_3_553100.swf
c:\windows\system32\cache329\B_329_4_3_577500.htm
c:\windows\system32\cache329\B_329_4_3_591700.htm
c:\windows\system32\cache329\B_329_4_3_591700.swf
c:\windows\system32\cache329\B_329_4_3_592200.htm
c:\windows\system32\cache329\B_329_4_3_592200.swf
c:\windows\system32\cache329\B_329_4_3_593800.htm
c:\windows\system32\cache329\B_329_4_3_593800.swf
c:\windows\system32\cache329\B_329_4_3_596600.gif
c:\windows\system32\cache329\B_329_4_3_596600.htm
c:\windows\system32\cache329\B_329_4_3_598800.gif
c:\windows\system32\cache329\B_329_4_3_598800.htm
c:\windows\system32\cache329\B_329_4_3_601800.htm
c:\windows\system32\cache329\B_329_4_3_601800.jpg
c:\windows\system32\cache329\B_329_4_3_631700.htm
c:\windows\system32\cache329\B_329_4_3_632300.htm
c:\windows\system32\cache329\B_329_4_3_703800.htm
c:\windows\system32\cache329\B_329_4_3_731700.gif
c:\windows\system32\cache329\B_329_4_3_731700.htm
c:\windows\system32\cache329\B_329_4_3_732400.gif
c:\windows\system32\cache329\B_329_4_3_732400.htm
c:\windows\system32\cache329\B_329_4_3_736600.htm
c:\windows\system32\cache329\B_329_4_3_747400.gif
c:\windows\system32\cache329\B_329_4_3_747400.htm
c:\windows\system32\cache329\B_329_4_3_747800.gif
c:\windows\system32\cache329\B_329_4_3_747800.htm
c:\windows\system32\cache329\B_329_4_3_767500.htm
c:\windows\system32\cache329\B_329_4_4_105900.htm
c:\windows\system32\cache329\B_329_4_4_221700.gif
c:\windows\system32\cache329\B_329_4_4_221700.htm
c:\windows\system32\cache329\B_329_4_4_221900.gif
c:\windows\system32\cache329\B_329_4_4_221900.htm
c:\windows\system32\cache329\B_329_4_4_240300.gif
c:\windows\system32\cache329\B_329_4_4_240300.htm
c:\windows\system32\cache329\B_329_4_4_256800.gif
c:\windows\system32\cache329\B_329_4_4_256800.htm
c:\windows\system32\cache329\B_329_4_4_333300.gif
c:\windows\system32\cache329\B_329_4_4_333300.htm
c:\windows\system32\cache329\B_329_4_4_365000.gif
c:\windows\system32\cache329\B_329_4_4_365000.htm
c:\windows\system32\cache329\B_329_4_4_369000.gif
c:\windows\system32\cache329\B_329_4_4_369000.htm
c:\windows\system32\cache329\B_329_4_4_386000.gif
c:\windows\system32\cache329\B_329_4_4_386000.htm
c:\windows\system32\cache329\B_329_4_4_388400.htm
c:\windows\system32\cache329\B_329_4_4_388400.jpg
c:\windows\system32\cache329\B_329_4_4_388500.htm
c:\windows\system32\cache329\B_329_4_4_388500.jpg
c:\windows\system32\cache329\B_329_4_4_417800.gif
c:\windows\system32\cache329\B_329_4_4_417800.htm
c:\windows\system32\cache329\B_329_4_4_418100.htm
c:\windows\system32\cache329\B_329_4_4_418200.htm
c:\windows\system32\cache329\B_329_4_4_425200.htm
c:\windows\system32\cache329\B_329_4_4_524100.htm
c:\windows\system32\cache329\B_329_4_4_539900.htm
c:\windows\system32\cache329\B_329_4_4_562600.htm
c:\windows\system32\cache329\B_329_4_4_664100.htm
c:\windows\system32\cache329\t_B_329_0_0_105300.htm
c:\windows\system32\cache329\t_B_329_0_0_106800.htm
c:\windows\system32\cache329\t_B_329_0_0_107400.htm
c:\windows\system32\cache329\t_B_329_2_0_105300.htm
c:\windows\system32\cache329\t_B_329_2_0_106800.htm
c:\windows\system32\cache329\t_B_329_2_0_107400.htm
c:\windows\system32\cache329\t_B_329_3_0_105300.htm
c:\windows\system32\cache329\t_B_329_3_0_106800.htm
c:\windows\system32\cache329\t_B_329_3_0_107400.htm
c:\windows\system32\cache329\t_B_329_4_0_111600.htm
c:\windows\system32\cache329\t_B_329_4_0_152400.htm
c:\windows\system32\cache329\t_B_329_4_0_155300.htm
c:\windows\system32\cache329\t_B_329_4_0_164100.htm
c:\windows\system32\cestjnyi.ini
c:\windows\system32\coasxhno.ini
c:\windows\system32\drivers\etc\.protected
c:\windows\system32\ekd.txt
c:\windows\system32\ewakoruz.ini
c:\windows\system32\ewomirev.ini
c:\windows\system32\hcdxUc3L.exe.a_a
c:\windows\system32\hnehxalx.ini
c:\windows\system32\hrlkwcfv.ini
c:\windows\system32\ihiyeyem.ini
c:\windows\system32\imkpfone.ini
c:\windows\system32\inahiwar.ini
c:\windows\system32\koibvywr.ini
c:\windows\system32\lfbdrgch.ini
c:\windows\system32\logs
c:\windows\system32\msbb.dll
c:\windows\system32\ncase.ini
c:\windows\system32\noathqgw.ini
c:\windows\system32\ofdovigf.ini
c:\windows\system32\oheonesi.ini
c:\windows\system32\P2P Networking
c:\windows\system32\P2P Networking\Cache\Database\index256.dbb
c:\windows\system32\P2P Networking\P2P Networking.eng
c:\windows\system32\P2P Networking\P2P Networking.LOG
c:\windows\system32\pac.txt
c:\windows\system32\ps1.dat
c:\windows\system32\qlaebhks.ini
c:\windows\system32\rc.dat
c:\windows\SYSTEM32\SssCKRqr.ini
c:\windows\SYSTEM32\SssCKRqr.ini2
c:\windows\system32\swlivbvy.ini
c:\windows\system32\tapikatp.ini
c:\windows\system32\thincvsr.ini
c:\windows\system32\uxjmesov.ini
c:\windows\SYSTEM32\WGQqAcdd.ini
c:\windows\system32\WGQqAcdd.ini2
c:\windows\system32\ygvhtbln.ini
c:\windows\Web\default.htt
c:\windows\ynh.dx

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RESTORE
-------\Legacy_TCPSR


((((((((((((((((((((((((( Files Created from 2010-07-18 to 2010-08-18 )))))))))))))))))))))))))))))))
.

2010-08-18 17:07 . 2010-08-18 17:07 -------- d-----w- c:\windows\system32\KB905474
2010-08-18 17:00 . 2010-08-18 17:00 -------- d-----w- c:\windows\LastGood
2010-08-17 22:17 . 2010-08-17 22:17 -------- d-----w- C:\_OTL
2010-08-15 13:31 . 2010-08-15 13:31 -------- d-----w- C:\Malwarebytes' Anti-Malware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-06 13:26 . 2010-07-06 13:26 -------- d-----w- c:\program files\Alwil Software
2010-07-06 13:26 . 2010-07-06 13:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-06-28 20:57 . 2010-07-06 13:27 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2008-02-05 11:33 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2008-02-05 11:35 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2008-04-06 14:23 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2008-02-05 11:35 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2008-02-05 11:35 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2008-02-05 11:35 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2008-02-05 11:35 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2003-02-01 17:34 . 2003-02-01 17:34 23357 ---h--w- c:\program files\folder.htt
.

------- Sigcheck -------

[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\wscntfy.exe

[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\xmlprov.dll

c:\windows\System32\wscntfy.exe ... is missing !!
c:\windows\System32\xmlprov.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"D066UUtility"="c:\windows\TWAIN_32\D66U\D066UUTY.EXE" [2000-07-06 32768]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-02-23 35328]
"VoyetraAudioStation2"="c:\voyetra\AS2\as2tray.exe" [1997-02-14 195072]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-05 267064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\ctfmon.exe" [2002-09-08 13312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
??? ? ? ?? ? [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

R0 ati6eixx;ati6eixx;c:\windows\System32\Drivers\ati6eixx.sys [x]
R3 NtApm;NT Apm/Legacy Interface Driver;c:\windows\system32\DRIVERS\NtApm.sys [2001-08-17 9344]
S1 aswSP;aswSP; [x]
S3 SiSV;SiSV;c:\windows\system32\DRIVERS\SiSV.sys [2001-08-17 50432]
S3 USRTI;U.S. Robotics Faxmodem Driver TI;c:\windows\system32\DRIVERS\USRTI.SYS [2001-08-17 765884]

.
Contents of the 'Scheduled Tasks' folder

2010-03-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 11:34]

2010-08-18 c:\windows\Tasks\WGASetup.job
- c:\windows\System32\KB905474\wgasetup.exe [2010-08-18 21:18]
.
.
------- Supplementary Scan -------
.
mLocal Page = c:\windows\SYSTEM\blank.htm
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Ebates - [You must be registered and logged in to see this link.] files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm
IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - [You must be registered and logged in to see this link.]
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\windows\web\related.htm
TCP: {49EE4D47-81D8-4BAA-94A2-F64A37BE272D} = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
HKCU-Run-TomTomHOME.exe - c:\program files\TomTom HOME 2\HOMERunner.exe
HKCU-Run-COM+ Manager - c:\documents and settings\hidden\.COMMgr\complmgr.exe
HKLM-Run-EbatesMoeMoneyMaker0 - c:\program files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe
HKLM-Run-fodejotane - c:\windows\System32\kuzeyogi.dll
SafeBoot-ati0inxx.sys
SafeBoot-ati0mrxx.sys
SafeBoot-ati1inxx.sys
SafeBoot-ati1vbxx.sys
SafeBoot-ati3afxx.sys
SafeBoot-ati3yexx.sys
SafeBoot-ati5inxx.sys
SafeBoot-ati5xdxx.sys
SafeBoot-ati6eixx.sys
SafeBoot-ati6mqxx.sys
SafeBoot-ati7tyxx.sys
MSConfigStartUp-AltnetPointsManager - c:\program files\altnet\points manager\points manager.exe
MSConfigStartUp-Bargains - c:\program files\Bargain Buddy\bin2\bargains.exe
MSConfigStartUp-Belt - c:\windows\Belt.exe
MSConfigStartUp-EanthologyApp - c:\progra~1\COMMON~1\EACCEL~1\EANTHO~1.EXE
MSConfigStartUp-eanth_critical_update_alert - c:\progra~1\ACCELE~1\ANTI-V~1\EANTH_~1.EXE
MSConfigStartUp-Microsoft Inet Xp - teekids.exe
MSConfigStartUp-msbb - c:\windows\system32\msbb.exe
MSConfigStartUp-New - c:\progra~1\NEWDOT~1\NEWDOT~1.DLL
MSConfigStartUp-P2P Networking - c:\windows\System32\P2P Networking\P2P Networking.exe
MSConfigStartUp-P2P Networking3 - c:\windows\System32\P2P Networking\P2P Networking3.exe
MSConfigStartUp-RunDLL - c:\windows\Downloaded Program Files\bridge.dll
MSConfigStartUp-RunWindowsUpdate - c:\windows\uptodate.exe
MSConfigStartUp-WebScan - c:\progra~1\ACCELE~1\ANTI-V~1\DEFSCA~1.EXE
MSConfigStartUp-windows auto update - msblast.exe
MSConfigStartUp-Windows Automation - mslaugh.exe
AddRemove-AltnetDM - c:\program files\Altnet\Download Manager\AltnetUninstall.exe
AddRemove-ArcSoft PhotoStudio 2000 - c:\program files\ArcSoft\PhotoStudio 2000\Uninst.isu
AddRemove-P2P Networking - c:\windows\System32\P2P Networking\P2P Networking.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-08-18 18:13
Windows 5.1.2600 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
COM+ Manager = "c:\documents and settings\hidden\.COMMgr\complmgr.exe"?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(368)
c:\windows\system32\ODBC32.dll
c:\windows\system32\RASAPI32.dll

- - - - - - - > 'lsass.exe'(424)
c:\windows\system32\RASAPI32.dll
c:\windows\System32\dssenh.dll

- - - - - - - > 'explorer.exe'(3740)
c:\windows\System32\msi.dll
c:\windows\system32\RASAPI32.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\System32\wdfmgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2010-08-18 18:25:31 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-18 17:24

Pre-Run: 8,337,702,912 bytes free
Post-Run: 10,498,260,992 bytes free

WinXP_EN_PRO_BF.EXE
[boot loader]
timeout = 30
default = multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS = "Microsoft Windows XP Professional" /fastdetect

- - End Of File - - F3F207284ACF34B03F3B7848EB5C8D7D

someonehelp
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-07-31
OS OS : xp
Points Points : 23548
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by Crush on 18th August 2010, 6:54 pm

Man what a mess!!

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    MIA::
    c:\windows\System32\wscntfy.exe
    c:\windows\System32\xmlprov.dll

    Folder::
    c:\documents and settings\hidden\

    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42128
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by someonehelp on 18th August 2010, 8:10 pm

ComboFix 10-08-17.04 - hidden 18/08/2010 20:46:53.2.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.0.1252.44.1033.18.256.77 [GMT 1:00]
Running from: c:\documents and settings\hidden\Desktop\commy.exe
Command switches used :: c:\documents and settings\hidden\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\System32\wscntfy.exe . . . is missing!!

c:\windows\System32\xmlprov.dll . . . is missing!!

.
((((((((((((((((((((((((( Files Created from 2010-07-18 to 2010-08-18 )))))))))))))))))))))))))))))))
.

2010-08-18 17:07 . 2010-08-18 17:07 -------- d-----w- c:\windows\system32\KB905474
2010-08-18 17:00 . 2010-08-18 17:00 -------- d-----w- c:\windows\LastGood
2010-08-17 22:17 . 2010-08-17 22:17 -------- d-----w- C:\_OTL
2010-08-15 13:31 . 2010-08-15 13:31 -------- d-----w- C:\Malwarebytes' Anti-Malware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-06 13:26 . 2010-07-06 13:26 -------- d-----w- c:\program files\Alwil Software
2010-07-06 13:26 . 2010-07-06 13:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-06-28 20:57 . 2010-07-06 13:27 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2008-02-05 11:33 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2008-02-05 11:35 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2008-04-06 14:23 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2008-02-05 11:35 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2008-02-05 11:35 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2008-02-05 11:35 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2008-02-05 11:35 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2003-02-01 17:34 . 2003-02-01 17:34 23357 ---h--w- c:\program files\folder.htt
.

------- Sigcheck -------

[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\wscntfy.exe

[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\xmlprov.dll

c:\windows\System32\wscntfy.exe ... is missing !!
c:\windows\System32\xmlprov.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"D066UUtility"="c:\windows\TWAIN_32\D66U\D066UUTY.EXE" [2000-07-06 32768]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-02-23 35328]
"VoyetraAudioStation2"="c:\voyetra\AS2\as2tray.exe" [1997-02-14 195072]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-05 267064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\ctfmon.exe" [2002-09-08 13312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [06/04/2008 15:23 165456]
R3 SiSV;SiSV;c:\windows\SYSTEM32\DRIVERS\SiSV.sys [01/02/2003 20:05 50432]
R3 USRTI;U.S. Robotics Faxmodem Driver TI;c:\windows\SYSTEM32\DRIVERS\USRTI.SYS [01/02/2003 20:05 765884]
S0 ati6eixx;ati6eixx;c:\windows\System32\Drivers\ati6eixx.sys --> c:\windows\System32\Drivers\ati6eixx.sys [?]
S3 NtApm;NT Apm/Legacy Interface Driver;c:\windows\SYSTEM32\DRIVERS\NtApm.sys [01/02/2003 20:06 9344]
.
Contents of the 'Scheduled Tasks' folder

2010-03-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 11:34]

2010-08-18 c:\windows\Tasks\WGASetup.job
- c:\windows\System32\KB905474\wgasetup.exe [2010-08-18 21:18]
.
.
------- Supplementary Scan -------
.
mLocal Page = c:\windows\SYSTEM\blank.htm
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Ebates - [You must be registered and logged in to see this link.] files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm
IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - [You must be registered and logged in to see this link.]
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\windows\web\related.htm
TCP: {49EE4D47-81D8-4BAA-94A2-F64A37BE272D} = 192.168.0.1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-08-18 21:01
Windows 5.1.2600 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(368)
c:\windows\system32\ODBC32.dll
c:\windows\system32\RASAPI32.dll

- - - - - - - > 'lsass.exe'(424)
c:\windows\system32\RASAPI32.dll
c:\windows\System32\dssenh.dll

- - - - - - - > 'explorer.exe'(2976)
c:\windows\System32\msi.dll
c:\windows\system32\RASAPI32.dll
.
Completion time: 2010-08-18 21:07:59
ComboFix-quarantined-files.txt 2010-08-18 20:07
ComboFix2.txt 2010-08-18 17:25

Pre-Run: 10,496,655,360 bytes free
Post-Run: 10,483,400,704 bytes free

- - End Of File - - 6316D76DE48D928B2284C21F631AF2E9

someonehelp
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-07-31
OS OS : xp
Points Points : 23548
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by Crush on 18th August 2010, 8:21 pm

Do you have your Windows CD?

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42128
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by someonehelp on 18th August 2010, 8:30 pm

I don't think i have it anymore. I will have a look but doubt I'll find it.

Is there another option?

someonehelp
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-07-31
OS OS : xp
Points Points : 23548
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by Crush on 18th August 2010, 8:45 pm

Can you borrow one off a friend? We need to replace some files.

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42128
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by someonehelp on 19th August 2010, 5:23 pm

Does it need to be a Windows XP cd?

someonehelp
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-07-31
OS OS : xp
Points Points : 23548
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by Crush on 19th August 2010, 7:33 pm

It needs to be the same version as your currently installed OS

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42128
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by someonehelp on 27th August 2010, 6:01 pm

Hi,

Unfortunatley, at the moment I can't get hold of a Windows xp cd.

Is there anything else you can do?

Thanks.

someonehelp
Novice
Novice

Posts Posts : 22
Joined Joined : 2010-07-31
OS OS : xp
Points Points : 23548
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivir - Please Help

Post by Crush on 27th August 2010, 6:17 pm

I'll see what we can do but it would be great if you can get a CD

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42128
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum