[Resolved] Pop Ups that I can not stop or remove.

Computer forums for help with removing malicious software (malware) and improving computer security

grin Welcome to What the Tech! ( Log In | Register ) What tech support ought to be... Fast, friendly and free! Once registered - you'll have the ability to post your question in the appropriate forum below. Additionally, if you can assist another member by sharing your tech knowledge, please post a reply! Best of all - Registration and all assistance is FREE! Once you've completed registration, simply choose the appropriate forum below, click on the "new topic" button, and post your question! What are you waiting for? Register today! *Registered users see NO ADVERTISING.

What the Tech > Spyware / Malware / Virus Removal > Infections Removal

2 Pages

1 2 >

[Resolved] Pop Ups that I can not stop or remove.

Options

YellowSVT View Member Profile	Jun 26 2009, 12:27 PM Post #1
New Member Group: Authentic Member Posts: 14 Joined: 26-June 09 Member No.: 86,434 Operating System: Windows XP	I think the Pop Ups were caused by installing WinAmp, I downloaded it, didn't like it and removed it via the control panel. I am not sure if the Pop Ups started before or after deleting WInAmp. I used an earlier version of HJT and removed a couple of obvious problems, this really slowed down the Pop Ups and for a while I thought I had won, but alas I am still getting some. I am not totally computer illiterate, but I am far, far from an expert. I think I have followed you instructions but I am 62 years old so please have a little patients with an old guy. Any help will be greatly appreciated Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:18:56, on 06/26/09 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Qurb\QSP-3.0.311.7\QOELoader.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Broadcom\BACS\BacsTray.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\AdwareAlert\AdwareAlert.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe C:\Program Files\Evidence Eliminator\ee.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Chuck\Desktop\hijackthis.exe C:\WINDOWS\SYSTEM32\NOTEPAD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://q13.trb.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O1 - Hosts: 64.124.166.37 klite.com O1 - Hosts: 64.124.166.37 www.klite.com O1 - Hosts: 64.124.166.37 k-lite.com O1 - Hosts: 64.124.166.37 www.k-lite.com O1 - Hosts: 64.124.166.37 kazaalite.com O1 - Hosts: 64.124.166.37 www.kazzalite.com O1 - Hosts: 64.124.166.37 kazalite.com O1 - Hosts: 64.124.166.37 www.kazalite.com O1 - Hosts: 64.124.166.37 kaazalite.com O1 - Hosts: 64.124.166.37 www.kaazalite.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: WebExcellenceAdviceTool - {CD1A4F51-6371-6621-312A-B4CD3941F6DE} - C:\Program Files\WebExcellenceAdviceTool\WebExcellenceAdviceTool.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\Qurb\QSP-3.0.311.7\QOELoader.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [bacstray] C:\Program Files\Broadcom\BACS\\BacsTray.exe O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Chuck\Desktop\HijackThis.exe /startupscan O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup O4 - HKCU\..\Run: [Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe /m O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1 O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Etomi\Plugins\RazaWebHook.dll/3000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://download.windowsupdate.com O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/activedata/nprdtinf.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1210951203531 O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c9f210d4c28a4c) (gupdate1c9f210d4c28a4c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe -- End of file - 12739 bytes

SpySentinel View Member Profile	Jun 26 2009, 02:46 PM Post #2
Trusted Group: Malware Team Posts: 554 Joined: 26-January 08 From: The United States Member No.: 76,329 Operating System: Windows XP SP2	Hi YellowSVT, My name is SpySentinel and I will be helping you with your malware problem. Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding. Step #1 Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. O1 - Hosts: 64.124.166.37 klite.com O1 - Hosts: 64.124.166.37 www.klite.com O1 - Hosts: 64.124.166.37 k-lite.com O1 - Hosts: 64.124.166.37 www.k-lite.com O1 - Hosts: 64.124.166.37 kazaalite.com O1 - Hosts: 64.124.166.37 www.kazzalite.com O1 - Hosts: 64.124.166.37 kazalite.com O1 - Hosts: 64.124.166.37 www.kazalite.com O1 - Hosts: 64.124.166.37 kaazalite.com O1 - Hosts: 64.124.166.37 www.kaazalite.com O2 - BHO: WebExcellenceAdviceTool - {CD1A4F51-6371-6621-312A-B4CD3941F6DE} - C:\Program Files\WebExcellenceAdviceTool\WebExcellenceAdviceTool.dll O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Etomi\Plugins\RazaWebHook.dll/3000 Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. After that, Reboot Step #2 Please download Malwarebytes' Anti-Malware Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. Step #3 Download Rooter.exe to your desktop Then doubleclick it to start the tool A Notepad file containing the report will open, also found at %systemdrive%\Rooter.txt. Post that here Step #4 Download OTL to your desktop. Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

YellowSVT View Member Profile	Jun 26 2009, 05:23 PM Post #3
New Member Group: Authentic Member Posts: 14 Joined: 26-June 09 Member No.: 86,434 Operating System: Windows XP	I think this is everything you wanted. Malwarebytes' Anti-Malware 1.38 Database version: 2340 Windows 5.1.2600 Service Pack 3 06/26/09 15:31:07 mbam-log-2009-06-26 (15-31-07).txt Scan type: Quick Scan Objects scanned: 110096 Time elapsed: 11 minute(s), 40 second(s) Memory Processes Infected: 2 Memory Modules Infected: 0 Registry Keys Infected: 31 Registry Values Infected: 5 Registry Data Items Infected: 2 Folders Infected: 24 Files Infected: 222 Memory Processes Infected: C:\Program Files\AdwareAlert\AdwareAlert.exe (Rogue.AdwareAlert) -> Unloaded process successfully. C:\Program Files\Evidence Eliminator\Ee.exe (Rogue.EvidenceEliminator) -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\eeshellx.shellext (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{0e6117e2-c367-4be3-8045-52669e71b5df} (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f272845d-cec2-4f95-92ee-6d08fdfbd471} (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a7c6e906-b0b8-4810-ae82-71809ed409eb} (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\promo2.promoie (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\promo2.promoie.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\webexcellenceadvicetool.webexcellenceadvicetool (Adware.PlayMP3z) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\webexcellenceadvicetool.webexcellenceadvicetool.1 (Adware.PlayMP3z) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{755c6bc2-a679-4025-84d3-4ae283a87b14} (Rogue.AdwareAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{418d86be-7386-4f1a-83e0-53604adbda74} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Installer\UpgradeCodes\7c673a5b871b8cd419f47dd0de5a6d18 (Rogue.AdwareAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.AntiVirus2008) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7aa32fc7-133b-4ae7-998e-ced0d9829b12} (Trojan.Dialer) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{57071861-57f2-4272-a519-6f599cadd6fd} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cd1a4f51-6371-6621-312a-b4cd3941f6de} (Adware.PlayMP3z) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7c673a5b871b8cd419f47dd0de5a6d18 (Rogue.AdwareAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{755c6bc2-a679-4025-84d3-4ae283a87b14} (Rogue.AdwareAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5b4016981c40d5f4b9925ed64ad7b526 (Rogue.AdwareAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\70b07021d02a5e347a162b223ea41cd5 (Rogue.AdwareAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\a491438a809f60f458df33e67c80a5d2 (Rogue.AdwareAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\cb6591e4426ef2b49aee7437e1144918 (Rogue.AdwareAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Evidence Eliminator (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Evidence Eliminator Safe Recycle (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Evidence Eliminator Quick Mode (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Evidence Eliminator Safe Restart (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Evidence Eliminator Safe Shutdown (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\Evidence Eliminator (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Evidence Eliminator (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Registry Mighty_is1 (Rogue.RegistryMighty) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Registry Mighty (Rogue.RegistryMighty) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{a7c6e906-b0b8-4810-ae82-71809ed409eb} (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\program files\adwarealert\ (Rogue.AdwareAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\documents and settings\all users\start menu\programs\adwarealert\ (Rogue.AdwareAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegedit (Hijack.Regedit) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: c:\documents and settings\All Users\Start Menu\Programs\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\Application Data\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\Log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\Quarantine (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\quarantine\19-06-2009-16-47-04 (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\Settings (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Lynn\Application Data\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Lynn\application data\adwarealert\Log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Lynn\application data\adwarealert\Settings (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Program Files\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully. C:\Program Files\MyWaySA (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\MyWaySA\SrchAsDe\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\Start Menu\Programs\Evidence Eliminator (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. C:\Program Files\Evidence Eliminator (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Help (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\Start Menu\Programs\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully. C:\Program Files\Registry Mighty (Rogue.RegistryMighty) -> Quarantined and deleted successfully. c:\program files\registry mighty\RepairBackup (Rogue.RegistryMighty) -> Quarantined and deleted successfully. c:\program files\registry mighty\repairbackup\del (Rogue.RegistryMighty) -> Quarantined and deleted successfully. c:\documents and settings\All Users\Start Menu\Programs\Registry Mighty (Rogue.RegistryMighty) -> Quarantined and deleted successfully. C:\Program Files\WebExcellenceAdviceTool (Adware.PlayMP3z) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\SYSTEM32\Eeshellx.dll (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\documents and settings\all users\start menu\Programs\adwarealert\AdwareAlert on the Web.lnk (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\all users\start menu\Programs\adwarealert\AdwareAlert.lnk (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\Log\2009 Jun 26 - 03_10_24 PM_640.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\Log\2009 Jun 26 - 09_57_07 AM_218.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\quarantine\19-06-2009-16-47-04\0.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\quarantine\19-06-2009-16-47-04\0.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\quarantine\19-06-2009-16-47-04\1.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\quarantine\19-06-2009-16-47-04\1.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\quarantine\19-06-2009-16-47-04\10.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\quarantine\19-06-2009-16-47-04\10.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\quarantine\19-06-2009-16-47-04\11.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\quarantine\19-06-2009-16-47-04\11.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\quarantine\19-06-2009-16-47-04\12.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\quarantine\19-06-2009-16-47-04\12.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\quarantine\19-06-2009-16-47-04\13.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\quarantine\19-06-2009-16-47-04\13.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\quarantine\19-06-2009-16-47-04\14.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\quarantine\19-06-2009-16-47-04\14.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\quarantine\19-06-2009-16-47-04\15.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\quarantine\19-06-2009-16-47-04\15.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\quarantine\19-06-2009-16-47-04\16.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\quarantine\19-06-2009-16-47-04\16.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\quarantine\19-06-2009-16-47-04\17.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\quarantine\19-06-2009-16-47-04\17.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\quarantine\19-06-2009-16-47-04\18.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\quarantine\19-06-2009-16-47-04\18.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\quarantine\19-06-2009-16-47-04\19.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\quarantine\19-06-2009-16-47-04\19.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\quarantine\19-06-2009-16-47-04\2.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\quarantine\19-06-2009-16-47-04\2.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\quarantine\19-06-2009-16-47-04\20.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\quarantine\19-06-2009-16-47-04\20.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\quarantine\19-06-2009-16-47-04\21.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\quarantine\19-06-2009-16-47-04\21.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\quarantine\19-06-2009-16-47-04\22.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\quarantine\19-06-2009-16-47-04\22.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\quarantine\19-06-2009-16-47-04\23.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\quarantine\19-06-2009-16-47-04\23.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\quarantine\19-06-2009-16-47-04\24.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\quarantine\19-06-2009-16-47-04\24.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\quarantine\19-06-2009-16-47-04\25.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\quarantine\19-06-2009-16-47-04\25.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\quarantine\19-06-2009-16-47-04\3.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\quarantine\19-06-2009-16-47-04\3.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\quarantine\19-06-2009-16-47-04\4.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\quarantine\19-06-2009-16-47-04\4.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\quarantine\19-06-2009-16-47-04\5.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\quarantine\19-06-2009-16-47-04\5.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\quarantine\19-06-2009-16-47-04\6.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\quarantine\19-06-2009-16-47-04\6.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\quarantine\19-06-2009-16-47-04\7.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\quarantine\19-06-2009-16-47-04\7.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\quarantine\19-06-2009-16-47-04\8.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\quarantine\19-06-2009-16-47-04\8.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\quarantine\19-06-2009-16-47-04\9.qit (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\application data\adwarealert\quarantine\19-06-2009-16-47-04\9.qnf (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Lynn\application data\adwarealert\Log\2009 Jun 26 - 11_48_56 AM_015.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\program files\adwarealert\AdwareAlert.exe (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\program files\adwarealert\AdwareAlert.url (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\program files\adwarealert\DataBase.ref (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\program files\adwarealert\vistaCPtasks.xml (Rogue.AdwareAlert) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\start menu\Programs\evidence eliminator\Evidence Eliminator Help.lnk (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\start menu\Programs\evidence eliminator\Evidence Eliminator License Agreement.lnk (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\start menu\Programs\evidence eliminator\Evidence Eliminator Read Me.lnk (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\start menu\Programs\evidence eliminator\Evidence Eliminator.lnk (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Ee.exe (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\INSTALL.LOG (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\License.txt (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\ReadMe.txt (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\UNWISE.EXE (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\UNWISE.INI (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Config.dat (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Drives.dat (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Files.dat (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\FilesContents.dat (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Folders.dat (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\FolderScans.dat (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\IECookiesKeep.dat (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\IEDownloadedKeep.dat (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\MozillaCookiesKeep.dat (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\OE5ChoiceList.dat (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\PlugInSelections.dat (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\ScanMasks.dat (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\TBChoiceList.dat (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\AbsoluteFTP.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\ACDSEE Photo Viewer v3.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Adaptec Easy CD Creator v4.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Adobe Acrobat Reader v3.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Adobe Acrobat Reader v3.1.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Adobe Acrobat Reader v4.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Adobe Acrobat Reader v5.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Adobe Acrobat Reader v5.1.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Adobe Acrobat Reader v6.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Adobe Acrobat Reader v7.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Adobe Acrobat v6.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Adobe Photoshop v5.0 LE.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Adobe Photoshop v5.5.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Adobe Photoshop v5.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Adobe Photoshop v6.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Adobe Photoshop v7.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Adobe Photoshop v8.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Adobe Photoshop v9.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\ASPack.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Avant Browser.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Cabinet Manager.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Copernic 2000 Pro.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Copernic 2000.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Copernic Agent.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Corel Paintshop Pro v10.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Cute FTP v3.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Cute FTP v4.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Cute FTP v7.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Delphi v3.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Delphi v4.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Delphi v5.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\DiskKeeper v5.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\DivXPlayer.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Download Accelerator.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Eudora Mail.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\EventLog.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\FTP Explorer.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\GetRight ExplorerBar.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\GetRight v4.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\GoogleBar.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\GoogleNavigation.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\GoZilla.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Helios TextPad v3.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Helios TextPad v4.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\HelpWriter.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Icon Extractor.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\ICQ 2000a.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\InstallShield Express.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\J2 Messenger.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\JASC Paintshop Pro v5.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\JASC Paintshop Pro v6.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\JASC Paintshop Pro v7.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\JASC Paintshop Pro v8.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Jet PhotoShell v1.2.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Kazaa.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Limewire v4.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Macromedia Flash v4.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\MasterSplitter v2.1.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\McAfee Virus Scan v4.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Microangelo 98.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Micrografx Picture Publisher v7.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Micrografx Picture Publisher v8.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Microsoft FrontPage Express.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Microsoft FrontPage.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Microsoft Help Workshop.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Microsoft HTML Help.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Microsoft Office.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Microsoft Publisher 2000.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Microsoft Send-To Extensions.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Microsoft Windows Paint.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Microsoft Windows WordPad.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\My Network Places.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Napster Music Community.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\NEATO Labels.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\NeoPlanet v5.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Norton AntiVirus 2000 (v6).eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Norton Antivirus 2003.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Norton File Manager.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Norton Internet Security 2004.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Norton Personal Firewall.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Norton Utilities 2000.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\NoteTab Pro.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Opera Browser.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\PackageForTheWeb.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Personal Ancestral File.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Quicktime.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Real Audio Player v6 v7 v8.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Real Download v4.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Real Player v10.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\RealOne Player.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\RemoteDesktop.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Roxio Easy CD Creator v6.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\SureThing CD Labeler.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Telnet.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Ulead Gif Animator v4.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Ulead Photo Explorer v4.2.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Ulead Photo Viewer v4.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Ulead PhotoImpact v10.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Ulead PhotoImpact v5.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Ulead PhotoImpact Viewer v4.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\UltraEdit v4.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\UltraEdit v7.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Web Ferret v3.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\WinOnCD.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\WinRar v2.6.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\WinRar v2.70.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\WinRar v3.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\WinZip v7.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\WinZip v8.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Wise Installer.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Yahoo Player.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\YahooMessenger.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\ZipMagic 2000.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Data\Plug-Ins\Zone Alarm.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\program files\evidence eliminator\Help\ee.chm (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\start menu\Programs\PlayMP3z\Run PlayMP3z.pif (Adware.PlayMP3Z) -> Quarantined and deleted successfully. c:\program files\registry mighty\Code (Rogue.RegistryMighty) -> Quarantined and deleted successfully. c:\program files\registry mighty\errorlist.txt (Rogue.RegistryMighty) -> Quarantined and deleted successfully. c:\program files\registry mighty\MightyHelp.chm (Rogue.RegistryMighty) -> Quarantined and deleted successfully. c:\program files\registry mighty\MightyUpdate.exe (Rogue.RegistryMighty) -> Quarantined and deleted successfully. c:\program files\registry mighty\RegistryMighty.exe (Rogue.RegistryMighty) -> Quarantined and deleted successfully. c:\program files\registry mighty\RegistryMighty.url (Rogue.RegistryMighty) -> Quarantined and deleted successfully. c:\program files\registry mighty\ScanResult (Rogue.RegistryMighty) -> Quarantined and deleted successfully. c:\program files\registry mighty\unins000.dat (Rogue.RegistryMighty) -> Quarantined and deleted successfully. c:\program files\registry mighty\unins000.exe (Rogue.RegistryMighty) -> Quarantined and deleted successfully. c:\program files\registry mighty\Update.ini (Rogue.RegistryMighty) -> Quarantined and deleted successfully. c:\program files\registry mighty\repairbackup\del.txt (Rogue.RegistryMighty) -> Quarantined and deleted successfully. c:\program files\registry mighty\repairbackup\removestartup.dat (Rogue.RegistryMighty) -> Quarantined and deleted successfully. c:\program files\registry mighty\repairbackup\startup.dat (Rogue.RegistryMighty) -> Quarantined and deleted successfully. c:\documents and settings\all users\start menu\Programs\registry mighty\Registry Mighty Help.lnk (Rogue.RegistryMighty) -> Quarantined and deleted successfully. c:\documents and settings\all users\start menu\Programs\registry mighty\Registry Mighty on the Web.lnk (Rogue.RegistryMighty) -> Quarantined and deleted successfully. c:\documents and settings\all users\start menu\Programs\registry mighty\Registry Mighty.lnk (Rogue.RegistryMighty) -> Quarantined and deleted successfully. c:\documents and settings\all users\start menu\Programs\registry mighty\Uninstall Registry Mighty.lnk (Rogue.RegistryMighty) -> Quarantined and deleted successfully. c:\program files\webexcellenceadvicetool\uninstall.exe (Adware.PlayMP3z) -> Quarantined and deleted successfully. C:\WINDOWS\hosts (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\Chuck\Desktop\Evidence Eliminator.lnk (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully. c:\documents and settings\all users\Desktop\AdwareAlert.lnk (Rogue.AdwareAlert) -> Quarantined and deleted successfully. Rooter.exe (v1.0.2) by Eric_71 . SeDebugPrivilege granted successfully ... . Windows XP Home Edition (5.1.2600) Service Pack 3 [32_bits] - x86 Family 15 Model 4 Stepping 3, GenuineIntel . [wscsvc] (Security Center) RUNNING (state:4) [SharedAccess] RUNNING (state:4) Windows Firewall -> Disabled ! . Internet Explorer 8.0.6001.18702 . C:\ [Fixed-NTFS] .. ( Total:70 Go - Free:42 Go ) D:\ [CD_Rom] E:\ [CD_Rom] F:\ [Removable] . Scan : 15:43.03 Path : C:\Documents and Settings\Chuck\Desktop\Rooter.exe User : Chuck ( Administrator -> YES ) . ----------------------\\ Processes . Locked [System Process] (0) ______ System (4) ______ \SystemRoot\System32\smss.exe (848) ______ \??\C:\WINDOWS\system32\csrss.exe (904) ______ \??\C:\WINDOWS\system32\winlogon.exe (932) ______ C:\WINDOWS\system32\services.exe (976) ______ C:\WINDOWS\system32\lsass.exe (988) ______ C:\WINDOWS\system32\Ati2evxx.exe (1196) ______ C:\WINDOWS\system32\svchost.exe (1216) ______ C:\WINDOWS\system32\svchost.exe (1308) ______ C:\Program Files\Windows Defender\MsMpEng.exe (1448) ______ C:\WINDOWS\System32\svchost.exe (1488) ______ C:\WINDOWS\system32\svchost.exe (1568) ______ C:\WINDOWS\system32\svchost.exe (1700) ______ C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (1848) ______ C:\WINDOWS\system32\spoolsv.exe (1060) ______ C:\WINDOWS\system32\svchost.exe (820) ______ C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (888) ______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (1396) ______ C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (1460) ______ C:\Program Files\Bonjour\mDNSResponder.exe (1612) ______ C:\WINDOWS\system32\cisvc.exe (1656) ______ C:\WINDOWS\system32\CTsvcCDA.EXE (604) ______ C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe (664) ______ C:\Program Files\Java\jre6\bin\jqs.exe (688) ______ C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (728) ______ C:\Program Files\Google\Update\GoogleUpdate.exe (760) ______ C:\WINDOWS\system32\HPZipm12.exe (772) ______ C:\Program Files\Dell Support Center\bin\sprtsvc.exe (1864) ______ C:\WINDOWS\system32\svchost.exe (1920) ______ C:\WINDOWS\system32\MsPMSPSv.exe (1968) ______ C:\WINDOWS\System32\alg.exe (3124) ______ C:\WINDOWS\Explorer.EXE (3500) ______ C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (2860) ______ C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (2876) ______ C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (2900) ______ C:\WINDOWS\system32\dla\tfswctrl.exe (2912) ______ C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (2920) ______ C:\Program Files\Qurb\QSP-3.0.311.7\QOELoader.exe (2928) ______ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (2940) ______ C:\Program Files\Broadcom\BACS\BacsTray.exe (2948) ______ C:\Program Files\Dell Support Center\bin\sprtcmd.exe (2992) ______ C:\Program Files\Windows Defender\MSASCui.exe (3020) ______ C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe (3028) ______ C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (3032) ______ C:\Program Files\iTunes\iTunesHelper.exe (3052) ______ C:\Program Files\Java\jre6\bin\jusched.exe (3060) ______ C:\Program Files\DellSupport\DSAgnt.exe (3756) ______ C:\Program Files\Messenger\msmsgs.exe (1664) ______ C:\WINDOWS\System32\svchost.exe (2148) ______ C:\WINDOWS\system32\ctfmon.exe (1676) ______ C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (1420) ______ C:\Program Files\iPod\bin\iPodService.exe (1336) ______ C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (168) ______ C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (364) ______ C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (2988) ______ C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe (2380) ______ C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (1344) ______ C:\Program Files\WinZip\WZQKPICK.EXE (2492) ______ C:\Program Files\Internet Explorer\iexplore.exe (748) ______ C:\Program Files\Internet Explorer\iexplore.exe (2820) ______ C:\Documents and Settings\Chuck\Desktop\Rooter.exe (1048) . ----------------------\\ Device\Harddisk0\ \Device\Harddisk0 [Sectors : 63 x 512 Bytes] . \Device\Harddisk0\Partition1 (Start_Offset:32256 \| Length:49319424) \Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:49351680 \| Length:75804180480) \Device\Harddisk0\Partition3 (Start_Offset:75853532160 \| Length:4137315840) . ----------------------\\ Scheduled Tasks . C:\WINDOWS\Tasks\AppleSoftwareUpdate.job C:\WINDOWS\Tasks\DESKTOP.INI C:\WINDOWS\Tasks\GoogleUpdateTaskMachine.job C:\WINDOWS\Tasks\MP Scheduled Scan.job C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Chuck.job C:\WINDOWS\Tasks\SA.DAT C:\WINDOWS\Tasks\User_Feed_Synchronization-{086F4E41-4B7F-4D3C-8C76-346DEDB09CC2}.job C:\WINDOWS\Tasks\User_Feed_Synchronization-{7C0A0691-A429-4DE7-9529-FD46EBE3E96F}.job . ----------------------\\ Registry . . ----------------------\\ Files & Folders . C:\DOCUME~1\Chuck\Favorites\Ebay Auctions\Steinbach - Magic Of Nutcracker Reference Book - eBay (item 250359622524 end time Jan-25-09 140550 PST).url ==> Cracks & Keygens <== . ----------------------\\ Scan completed at 15:43.33 . C:\Rooter$\Rooter_1.txt - (26/06/2009 \| 15:43.33).c OTL logfile created on: 06/26/09 15:48:09 - Run 1 OTL by OldTimer - Version 3.0.5.3 Folder = C:\Documents and Settings\Chuck\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: MM/dd/yy 2.00 Gb Total Physical Memory \| 2.00 Gb Available Physical Memory \| 100.00% Memory free 4.00 Gb Paging File \| 4.00 Gb Available in Paging File \| 100.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 70.60 Gb Total Space \| 42.07 Gb Free Space \| 59.59% Space Free \| Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: CHUCK-LYNN Current User Name: Chuck Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.) PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) PRC - C:\WINDOWS\System32\CTsvcCDA.EXE (Creative Technology Ltd) PRC - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe (Intel Corporation) PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation) PRC - C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.) PRC - C:\WINDOWS\System32\HPZipm12.exe (HP) PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) PRC - C:\WINDOWS\System32\MsPMSPSv.exe (Microsoft Corporation) PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation) PRC - C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation) PRC - C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) PRC - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.) PRC - C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions) PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) PRC - C:\Program Files\Qurb\QSP-3.0.311.7\QOELoader.exe (Qurb, Inc.) PRC - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard) PRC - C:\Program Files\Broadcom\BACS\BacsTray.exe (Broadcom Corporation) PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe (Intel Corporation) PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.) PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) PRC - C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.) PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) PRC - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation) PRC - C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe (Hewlett-Packard Co.) PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.) PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.) PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Documents and Settings\Chuck\Desktop\OTL.exe (OldTimer Tools) ========== Win32 Services (SafeList) ========== SRV - (AdobeActiveFileMonitor7.0 [Auto \| Running]) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (Apple Mobile Device [Auto \| Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (aspnet_state [On_Demand \| Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation) SRV - (Ati HotKey Poller [Auto \| Running]) -- C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.) SRV - (ATI Smart [Auto \| Stopped]) -- C:\WINDOWS\System32\ati2sgag.exe () SRV - (Automatic LiveUpdate Scheduler [Auto \| Running]) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) SRV - (Bonjour Service [Auto \| Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) SRV - (ccEvtMgr [Auto \| Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccSetMgr [Auto \| Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (clr_optimization_v2.0.50727_32 [On_Demand \| Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (CLTNetCnService [Auto \| Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (comHost [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation) SRV - (Creative Service for CDROM Access [Auto \| Running]) -- C:\WINDOWS\System32\CTsvcCDA.EXE (Creative Technology Ltd) SRV - (DSBrokerService [On_Demand \| Stopped]) -- C:\Program Files\DellSupport\brkrsvc.exe () SRV - (FLEXnet Licensing Service [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (FontCache3.0.0.0 [On_Demand \| Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) SRV - (gupdate1c9f210d4c28a4c [Auto \| Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.) SRV - (helpsvc [Auto \| Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) SRV - (IAANTMon [Auto \| Running]) -- C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe (Intel Corporation) SRV - (IDriverT [On_Demand \| Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (idsvc [Unknown \| Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation) SRV - (InstallShield Licensing Service [On_Demand \| Stopped]) -- C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe (Macrovision ) SRV - (iPod Service [On_Demand \| Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) SRV - (JavaQuickStarterService [Auto \| Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (LiveUpdate [On_Demand \| Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation) SRV - (LiveUpdate Notice [Auto \| Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (MDM [Auto \| Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation) SRV - (NetTcpPortSharing [Disabled \| Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation) SRV - (Pml Driver HPZ12 [Auto \| Running]) -- C:\WINDOWS\System32\HPZipm12.exe (HP) SRV - (sprtsvc_dellsupportcenter [Auto \| Running]) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) SRV - (Symantec Core LC [On_Demand \| Stopped]) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe () SRV - (WinDefend [Auto \| Running]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) SRV - (WMDM PMSP Service [Auto \| Running]) -- C:\WINDOWS\System32\MsPMSPSv.exe (Microsoft Corporation) SRV - (WMPNetworkSvc [On_Demand \| Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (AliIde [Boot \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (amdagp [Boot \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (asc [Boot \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550 [Boot \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (ati2mtag [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.) DRV - (b57w2k [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\b57xp32.sys (Broadcom Corporation) DRV - (BCMNTIO [Auto \| Running]) -- C:\Program Files\CheckIt\Diagnostics\BCMNTIO.SYS () DRV - (bvrp_pci [On_Demand \| Stopped]) -- C:\WINDOWS\System32\drivers\bvrp_pci.sys () DRV - (CmdIde [Boot \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (COH_Mon [On_Demand \| Stopped]) -- C:\WINDOWS\System32\Drivers\COH_Mon.sys (Symantec Corporation) DRV - (CO_Mon [Auto \| Running]) -- C:\WINDOWS\System32\drivers\CO_Mon.sys (Symantec Corporation) DRV - (ctsfm2k [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys (Creative Technology Ltd) DRV - (dac2w2k [Boot \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (drvmcdb [Boot \| Running]) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions) DRV - (drvnddm [Auto \| Running]) -- C:\WINDOWS\System32\drivers\drvnddm.sys (Sonic Solutions) DRV - (DSproct [On_Demand \| Running]) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.) DRV - (dsunidrv [Auto \| Running]) -- C:\WINDOWS\System32\DRIVERS\dsunidrv.sys (Gteko Ltd.) DRV - (E100B [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation) DRV - (eeCtrl [System \| Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv [On_Demand \| Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (GEARAspiWDM [On_Demand \| Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (GoProto [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\goprot51.sys (Gteko Ltd.) DRV - (HPZid412 [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP) DRV - (HPZipr12 [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP) DRV - (HPZius12 [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP) DRV - (iaStor [Boot \| Running]) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation) DRV - (IntelC51 [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\IntelC51.sys (Intel Corporation) DRV - (IntelC52 [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\IntelC52.sys (Intel Corporation) DRV - (IntelC53 [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\IntelC53.sys (Intel Corporation) DRV - (MAPMEM [Auto \| Running]) -- C:\Program Files\CheckIt\Diagnostics\MAPMEM.SYS () DRV - (MCSTRM [Auto \| Running]) -- C:\WINDOWS\System32\drivers\mcstrm.sys (RealNetworks, Inc.) DRV - (MODEMCSA [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys (Microsoft Corporation) DRV - (mohfilt [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\mohfilt.sys (Intel Corporation) DRV - (mraid35x [Boot \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (NAVENG [On_Demand \| Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090626.016\NAVENG.SYS (Symantec Corporation) DRV - (NAVEX15 [On_Demand \| Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090626.016\NAVEX15.SYS (Symantec Corporation) DRV - (nv [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation) DRV - (omci [System \| Running]) -- C:\WINDOWS\System32\DRIVERS\omci.sys (Dell Computer Corporation) DRV - (ossrv [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\ctoss2k.sys (Creative Technology Ltd.) DRV - (P17 [On_Demand \| Running]) -- C:\WINDOWS\System32\drivers\P17.sys (Creative Technology Ltd.) DRV - (PfModNT [Auto \| Running]) -- C:\WINDOWS\System32\drivers\PfModNT.sys (Creative Technology Ltd.) DRV - (Ptilink [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.) DRV - (PxHelp20 [Boot \| Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (ql1080 [Boot \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql12160 [Boot \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1280 [Boot \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (SDDMI2 [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DDMI2.sys (Gteko Ltd.) DRV - (Secdrv [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (sisagp [Boot \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (Sparrow [Boot \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (SPBBCDrv [System \| Running]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation) DRV - (SRTSP [On_Demand \| Running]) -- C:\WINDOWS\System32\Drivers\SRTSP.SYS (Symantec Corporation) DRV - (SRTSPL [On_Demand \| Stopped]) -- C:\WINDOWS\System32\Drivers\SRTSPL.SYS (Symantec Corporation) DRV - (SRTSPX [System \| Running]) -- C:\WINDOWS\System32\Drivers\SRTSPX.SYS (Symantec Corporation) DRV - (sscdbhk5 [System \| Running]) -- C:\WINDOWS\System32\drivers\sscdbhk5.sys (Sonic Solutions) DRV - (ssrtln [System \| Running]) -- C:\WINDOWS\System32\drivers\ssrtln.sys (Sonic Solutions) DRV - (symc810 [Boot \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (symc8xx [Boot \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (SYMDNS [On_Demand \| Running]) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation) DRV - (SymEvent [On_Demand \| Running]) -- C:\WINDOWS\System32\Drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (SYMFW [On_Demand \| Running]) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation) DRV - (SYMIDS [On_Demand \| Running]) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation) DRV - (SYMIDSCO [On_Demand \| Running]) -- C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20090618.001\SymIDSco.sys (Symantec Corporation) DRV - (SymIM [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys (Symantec Corporation) DRV - (SymIMMP [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys (Symantec Corporation) DRV - (symlcbrd [Auto \| Running]) -- C:\WINDOWS\System32\drivers\symlcbrd.sys (Symantec Corporation) DRV - (SYMNDIS [On_Demand \| Running]) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation) DRV - (SYMREDRV [On_Demand \| Running]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation) DRV - (SYMTDI [System \| Running]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation) DRV - (sym_hi [Boot \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (sym_u3 [Boot \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (Sparrow [Boot \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (SPBBCDrv [System \| Running]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation) DRV - (SRTSP [On_Demand \| Running]) -- C:\WINDOWS\System32\Drivers\SRTSP.SYS (Symantec Corporation) DRV - (SRTSPL [On_Demand \| Stopped]) -- C:\WINDOWS\System32\Drivers\SRTSPL.SYS (Symantec Corporation) DRV - (SRTSPX [System \| Running]) -- C:\WINDOWS\System32\Drivers\SRTSPX.SYS (Symantec Corporation) DRV - (sscdbhk5 [System \| Running]) -- C:\WINDOWS\System32\drivers\sscdbhk5.sys (Sonic Solutions) DRV - (ssrtln [System \| Running]) -- C:\WINDOWS\System32\drivers\ssrtln.sys (Sonic Solutions) DRV - (symc810 [Boot \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (symc8xx [Boot \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (SYMDNS [On_Demand \| Running]) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation) DRV - (SymEvent [On_Demand \| Running]) -- C:\WINDOWS\System32\Drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (SYMFW [On_Demand \| Running]) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation) DRV - (SYMIDS [On_Demand \| Running]) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation) DRV - (SYMIDSCO [On_Demand \| Running]) -- C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20090618.001\SymIDSco.sys (Symantec Corporation) DRV - (SymIM [On_Demand \| Stopped]) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys (Symantec Corporation) DRV - (SymIMMP [On_Demand \| Running]) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys (Symantec Corporation) DRV - (symlcbrd [Auto \| Running]) -- C:\WINDOWS\System32\drivers\symlcbrd.sys (Symantec Corporation) DRV - (SYMNDIS [On_Demand \| Running]) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation) DRV - (SYMREDRV [On_Demand \| Running]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation) DRV - (SYMTDI [System \| Running]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation) DRV - (sym_hi [Boot \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (sym_u3 [Boot \| Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://q13.trb.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/02/17 19:43:22 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/01/04 11:14:20 \| 00,000,000 \| ---D \| M] O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation) O4 - HKLM..\Run: [bacstray] C:\Program Files\Broadcom\BACS\BacsTray.exe (Broadcom Corporation) O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions) O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( ) O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.) O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [MimBoot] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mimboot.exe (Musicmatch, Inc.) O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton 360\osCheck.exe (Symantec Corporation) O4 - HKLM..\Run: [QOELOADER] C:\Program Files\Qurb\QSP-3.0.311.7\QOELoader.exe (Qurb, Inc.) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Synchronization Manager] C:\WINDOWS\System32\mobsync.exe (Microsoft Corporation) O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [DellSupport] File not found O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKCU..\Run: [EasyLinkAdvisor] File not found O4 - HKCU..\Run: [Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe File not found O4 - HKCU..\Run: [HijackThis startup scan] File not found O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation) O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites) O15 - HKLM\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: microsoft.com ([.update] http in Trusted sites) O15 - HKCU\..Trusted Domains: microsoft.com ([download.windowsupdate] http in Trusted sites) O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites) O15 - HKCU\..Trusted Domains: microsoft.com ([wer] http in Trusted sites) O15 - HKCU\..Trusted Domains: microsoft.com ([www.update] http in Trusted sites) O15 - HKCU\..Trusted Domains: microsoft.com ([www.update] https in Trusted sites) O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites) O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} http://www.symantec.com/techsupp/activedata/nprdtinf.cab (AxProdInfoCtl Class) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab (DLM Control) O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab (EPUImageControl Class) O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1210951203531 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan) O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine) O16 - DPF: {CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/01/13 13:59:06 \| 00,000,619 \| ---- \| M] () - C:\autoAlbum.log -- [ NTFS ] O32 - AutoRun File - [2004/08/10 11:04:08 \| 00,000,000 \| ---- \| M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: () - File not found ========== Files/Folders - Created Within 30 Days ========== [2009/06/26 15:45:49 \| 00,513,536 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\Chuck\Desktop\OTL.exe [2009/06/26 15:44:57 \| 00,033,792 \| ---- \| C] () -- C:\Documents and Settings\Chuck\My Documents\Rooter Log.doc [2009/06/26 15:43:23 \| 00,000,000 \| ---D \| C] -- C:\Rooter$ [2009/06/26 15:41:47 \| 00,173,119 \| ---- \| C] (Eric_71) -- C:\Documents and Settings\Chuck\Desktop\Rooter.exe [2009/06/26 15:34:01 \| 00,083,968 \| ---- \| C] () -- C:\Documents and Settings\Chuck\My Documents\Malwarebytes Log.doc [2009/06/26 15:17:00 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Chuck\Application Data\Malwarebytes [2009/06/26 15:16:57 \| 00,000,696 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/06/26 15:16:54 \| 00,038,160 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/06/26 15:16:53 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/06/26 15:16:52 \| 00,019,096 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/06/26 15:16:52 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/06/26 11:18:44 \| 00,001,734 \| ---- \| C] () -- C:\Documents and Settings\Chuck\Desktop\HijackThis.lnk [2009/06/26 11:18:44 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Trend Micro [2009/06/26 09:50:44 \| 00,059,353 \| ---- \| C] () -- C:\Documents and Settings\Chuck\Desktop\AutoIDCards.pdf [2009/06/21 13:46:47 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Chuck\Desktop\backups [2009/06/20 18:39:23 \| 00,001,836 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk [2009/06/20 18:37:26 \| 00,000,880 \| ---- \| C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job [2009/06/20 18:37:05 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Google [2009/06/18 01:09:17 \| 02,823,586 \| ---- \| C] () -- C:\Documents and Settings\Chuck\Desktop\THECORRECTWAYTOANSWERTHEDOOR.wmv [2009/06/14 10:07:25 \| 01,127,767 \| ---- \| C] () -- C:\malpki.wmv [2009/06/11 07:37:25 \| 00,246,272 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll [2009/06/11 07:37:25 \| 00,012,800 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll [2009/06/10 11:39:32 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Chuck\My Documents\Nikon Transfer [2009/06/08 09:40:04 \| 00,002,137 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2009/06/08 09:39:45 \| 00,000,000 \| ---D \| C] -- C:\Program Files\iPod [2009/06/08 09:39:41 \| 00,000,000 \| ---D \| C] -- C:\Program Files\iTunes [2009/06/08 09:39:41 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2009/06/08 09:39:21 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Bonjour [2009/06/08 09:38:49 \| 00,001,604 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk [2009/06/08 09:37:20 \| 00,000,284 \| ---- \| C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/06/08 09:37:19 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Chuck\Local Settings\Application Data\Apple [2009/06/08 09:37:16 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Apple Software Update [2009/06/08 09:36:41 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Common Files\Apple [2009/06/08 09:36:40 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Apple [2009/06/08 09:35:31 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Chuck\Local Settings\Application Data\Apple Computer [2009/06/06 10:36:35 \| 00,001,578 \| ---- \| C] () -- C:\Documents and Settings\Chuck\Desktop\LimeWire 5.1.3.lnk [2009/06/06 10:30:24 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Chuck\My Documents\LimeWire [2009/06/06 10:29:13 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Chuck\Application Data\LimeWire [2009/06/06 10:28:56 \| 00,000,000 \| ---D \| C] -- C:\Program Files\LimeWire [2009/06/06 09:36:37 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Chuck\My Documents\Incomplete [2009/06/05 08:14:28 \| 00,000,420 \| -H-- \| C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{086F4E41-4B7F-4D3C-8C76-346DEDB09CC2}.job [2009/06/05 08:02:13 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\ie8updates [2009/06/05 08:01:42 \| 00,102,912 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll [2009/06/05 08:00:36 \| 00,000,000 \| -H-D \| C] -- C:\WINDOWS\ie8 [2008/06/07 13:36:15 \| 00,000,002 \| ---- \| C] () -- C:\WINDOWS\msoffice.ini [2007/07/10 18:11:50 \| 00,000,118 \| ---- \| C] () -- C:\WINDOWS\System32\MRT.INI [2007/06/09 08:51:43 \| 00,044,544 \| ---- \| C] () -- C:\WINDOWS\System32\gif89.dll [2007/06/09 08:49:31 \| 00,000,563 \| ---- \| C] () -- C:\WINDOWS\SIERRA.INI [2006/10/27 21:34:31 \| 00,000,430 \| ---- \| C] () -- C:\WINDOWS\dssar.ini [2006/07/13 17:08:51 \| 00,004,272 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys [2006/04/28 18:16:06 \| 00,000,023 \| ---- \| C] () -- C:\WINDOWS\BlendSettings.ini [2006/04/18 16:07:34 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\hpqEmlSz.INI [2006/04/10 16:43:08 \| 00,000,206 \| ---- \| C] () -- C:\WINDOWS\HPGdiPlus.ini [2005/07/10 13:37:34 \| 00,000,044 \| ---- \| C] () -- C:\WINDOWS\liveup.ini [2005/06/26 10:23:15 \| 00,001,541 \| ---- \| C] () -- C:\WINDOWS\cdPlayer.ini [2005/06/12 10:06:18 \| 00,000,041 \| ---- \| C] () -- C:\WINDOWS\loc2.INI [2005/06/12 10:06:13 \| 00,000,041 \| ---- \| C] () -- C:\WINDOWS\FindServ.INI [2005/06/10 00:25:00 \| 00,000,376 \| ---- \| C] () -- C:\WINDOWS\ODBC.INI [2005/06/05 08:58:21 \| 00,000,061 \| ---- \| C] () -- C:\WINDOWS\smscfg.ini [2005/06/05 08:50:21 \| 00,000,138 \| ---- \| C] () -- C:\WINDOWS\wininit.ini [2005/06/05 08:41:58 \| 00,000,231 \| ---- \| C] () -- C:\WINDOWS\AC3API.INI [2005/06/05 08:41:50 \| 00,003,278 \| ---- \| C] () -- C:\WINDOWS\System32\LudaP17.ini [2005/06/05 08:41:50 \| 00,000,029 \| ---- \| C] () -- C:\WINDOWS\System32\ctzapxx.ini [2005/06/05 08:41:45 \| 00,000,072 \| ---- \| C] () -- C:\WINDOWS\SBWIN.INI [2005/06/05 08:16:58 \| 00,000,367 \| ---- \| C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005/01/28 06:08:34 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\System32\px.ini [2004/08/10 11:13:12 \| 00,000,780 \| ---- \| C] () -- C:\WINDOWS\ORUN32.INI [2004/08/10 11:04:08 \| 00,000,751 \| ---- \| C] () -- C:\WINDOWS\WIN.INI [2004/08/10 10:57:52 \| 00,000,227 \| ---- \| C] () -- C:\WINDOWS\SYSTEM.INI [2004/08/04 03:00:00 \| 00,001,793 \| ---- \| C] () -- C:\WINDOWS\System32\FXSPERF.INI [1979/12/31 22:00:00 \| 00,065,536 \| ---- \| C] ( ) -- C:\WINDOWS\System32\A3d.dll [1979/12/31 22:00:00 \| 00,060,928 \| ---- \| C] () -- C:\WINDOWS\System32\P17.dll [1979/12/31 22:00:00 \| 00,053,248 \| ---- \| C] () -- C:\WINDOWS\System32\P17CPI.dll ========== Files - Modified Within 30 Days ========== [2009/06/26 15:50:00 \| 00,000,422 \| -H-- \| M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7C0A0691-A429-4DE7-9529-FD46EBE3E96F}.job [2009/06/26 15:45:58 \| 00,513,536 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Chuck\Desktop\OTL.exe [2009/06/26 15:44:57 \| 00,033,792 \| ---- \| M] () -- C:\Documents and Settings\Chuck\My Documents\Rooter Log.doc [2009/06/26 15:41:48 \| 00,173,119 \| ---- \| M] (Eric_71) -- C:\Documents and Settings\Chuck\Desktop\Rooter.exe [2009/06/26 15:38:56 \| 00,000,330 \| -H-- \| M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2009/06/26 15:37:20 \| 00,000,880 \| ---- \| M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job [2009/06/26 15:35:57 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\tasks\SA.DAT [2009/06/26 15:35:47 \| 00,002,048 \| --S- \| M] () -- C:\WINDOWS\BOOTSTAT.DAT [2009/06/26 15:34:01 \| 00,083,968 \| ---- \| M] () -- C:\Documents and Settings\Chuck\My Documents\Malwarebytes Log.doc [2009/06/26 15:16:57 \| 00,000,696 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/06/26 15:06:41 \| 00,000,734 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\ETC\hosts [2009/06/26 12:57:32 \| 00,000,420 \| -H-- \| M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{086F4E41-4B7F-4D3C-8C76-346DEDB09CC2}.job [2009/06/26 11:18:44 \| 00,001,734 \| ---- \| M] () -- C:\Documents and Settings\Chuck\Desktop\HijackThis.lnk [2009/06/26 09:50:44 \| 00,059,353 \| ---- \| M] () -- C:\Documents and Settings\Chuck\Desktop\AutoIDCards.pdf [2009/06/26 09:50:44 \| 00,000,026 \| ---- \| M] () -- C:\WINDOWS\Zone.Identifier [2009/06/26 09:30:22 \| 00,002,385 \| ---- \| M] () -- C:\Documents and Settings\Chuck\Desktop\Microsoft Office PowerPoint Viewer 2007.lnk [2009/06/22 20:59:12 \| 00,025,088 \| ---- \| M] () -- C:\Documents and Settings\Chuck\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/06/22 20:00:00 \| 00,000,622 \| ---- \| M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Chuck.job [2009/06/21 01:25:40 \| 00,000,751 \| ---- \| M] () -- C:\WINDOWS\WIN.INI [2009/06/21 01:25:40 \| 00,000,227 \| ---- \| M] () -- C:\WINDOWS\SYSTEM.INI [2009/06/21 01:25:40 \| 00,000,211 \| RHS- \| M] () -- C:\BOOT.INI [2009/06/20 18:39:23 \| 00,001,836 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk [2009/06/18 16:23:16 \| 00,000,020 \| -H-- \| M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT [2009/06/18 11:27:01 \| 00,000,284 \| ---- \| M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/06/18 01:09:17 \| 02,823,586 \| ---- \| M] () -- C:\Documents and Settings\Chuck\Desktop\THECORRECTWAYTOANSWERTHEDOOR.wmv [2009/06/17 11:27:56 \| 00,038,160 \| ---- \| M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/06/17 11:27:44 \| 00,019,096 \| ---- \| M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/06/16 15:55:32 \| 00,002,137 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2009/06/14 10:07:25 \| 01,127,767 \| ---- \| M] () -- C:\malpki.wmv [2009/06/12 17:26:19 \| 00,002,307 \| ---- \| M] () -- C:\Documents and Settings\Chuck\Desktop\Microsoft Excel.lnk [2009/06/12 03:10:55 \| 00,402,328 \| ---- \| M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009/06/12 03:02:37 \| 00,001,374 \| ---- \| M] () -- C:\WINDOWS\imsins.BAK [2009/06/08 09:38:49 \| 00,001,604 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk [2009/06/06 10:36:35 \| 00,001,578 \| ---- \| M] () -- C:\Documents and Settings\Chuck\Desktop\LimeWire 5.1.3.lnk [2009/06/01 09:51:12 \| 23,635,392 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [2009/05/31 16:12:20 \| 00,002,206 \| ---- \| M] () -- C:\WINDOWS\System32\WPA.DBL ========== LOP Check ========== [2009/06/26 15:16:53 \| 00,000,000 \| RH-D \| M] -- C:\Documents and Settings\All Users\Application Data [2008/10/06 15:17:14 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} [2009/06/08 09:39:59 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2008/02/26 00:18:48 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Dell [2008/12/27 20:45:37 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp [2008/12/27 23:34:10 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\espionServerData [2008/12/27 23:29:34 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet [2005/06/05 08:48:54 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Intuit [2008/12/27 20:45:37 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Logs [2008/03/28 00:15:31 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9 [2008/12/27 20:46:24 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Nikon [2005/06/10 00:34:35 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS [2007/03/18 12:06:59 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\SadMan Software [2005/06/05 08:15:56 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\SBSI [2008/06/16 08:30:01 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan [2007/12/02 15:41:15 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft [2008/10/17 04:53:38 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2008/12/27 20:45:37 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15 [2009/06/26 15:31:07 \| 00,000,000 \| -H-D \| M] -- C:\Documents and Settings\Chuck\Application Data [2008/08/16 17:43:32 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Chuck\Application Data\CyberLink [2008/12/27 23:24:49 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Chuck\Application Data\Download Manager [2008/03/28 00:20:02 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Chuck\Application Data\Eyeblaster [2008/04/02 17:53:06 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Chuck\Application Data\GameHouse [2008/04/20 14:49:25 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Chuck\Application Data\JLC's Software [2005/06/14 22:02:30 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Chuck\Application Data\Leadertech [2009/06/19 09:04:49 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Chuck\Application Data\LimeWire [2006/08/07 22:00:58 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Chuck\Application Data\Musicmatch [2008/12/27 20:48:19 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Chuck\Application Data\Nikon [2008/08/09 14:58:27 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Chuck\Application Data\Snood [2006/06/08 11:46:52 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Chuck\Application Data\Walgreens [2009/06/18 11:27:01 \| 00,000,284 \| ---- \| M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job [2004/08/04 03:00:00 \| 00,000,065 \| RH-- \| M] () -- C:\WINDOWS\Tasks\DESKTOP.INI [2009/06/26 15:37:20 \| 00,000,880 \| ---- \| M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachine.job [2009/06/26 15:38:56 \| 00,000,330 \| -H-- \| M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job [2009/06/22 20:00:00 \| 00,000,622 \| ---- \| M] () -- C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Chuck.job [2009/06/26 15:35:57 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\Tasks\SA.DAT [2009/06/26 12:57:32 \| 00,000,420 \| -H-- \| M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{086F4E41-4B7F-4D3C-8C76-346DEDB09CC2}.job [2009/06/26 15:50:00 \| 00,000,422 \| -H-- \| M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{7C0A0691-A429-4DE7-9529-FD46EBE3E96F}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CAAA7DD7 < End of report >

SpySentinel View Member Profile	Jun 28 2009, 02:49 PM Post #4
Trusted Group: Malware Team Posts: 554 Joined: 26-January 08 From: The United States Member No.: 76,329 Operating System: Windows XP SP2	You are using peer-to-peer programs, specifically LimeWire. These are what we call an optional removal. However, anytime you are running any type of peer-to-peer application, you are more prone to infection by malware, and this is probably how you became infected in the first place. The choice to remove them is entirely up to you, but I would strongly recommend that you do. If you do not want to, please at least refrain from using any peer-to-peer programs for the remainder of my fix. Step #1 Download and scan with SUPERAntiSpyware Free for Home Users Double-click SUPERAntiSpyware.exe and use the default settings for installation. An icon will be created on your desktop. Double-click that icon to launch the program. If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.) Under "Configuration and Preferences", click the Preferences button. Click the Scanning Control tab. Under Scanner Options make sure the following are checked (leave all others unchecked): Close browsers before scanning. Scan for tracking cookies. Terminate memory threats before quarantining. Click the "Close" button to leave the control center screen. Back on the main screen, under "Scan for Harmful Software" click Scan your computer. On the left, make sure you check C:\Fixed Drive. On the right, under "Complete Scan", choose Perform Complete Scan. Click "Next" to start the scan. Please be patient while it scans your computer. After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK". Make sure everything has a checkmark next to it and click "Next". A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu. If asked if you want to reboot, click "Yes". To retrieve the removal information after reboot, launch SUPERAntispyware again. o Click Preferences, then click the Statistics/Logs tab. o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor. o Please copy and paste the Scan Log results in your next reply. Click Close to exit the program. Step #2 Go to Kaspersky website and perform an online antivirus scan. Read through the requirements and privacy statement and click on Accept button. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run. When the downloads have finished, click on Settings. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs Archives Mail databases Click on My Computer under Scan. Once the scan is complete, it will display the results. Click on View Scan Report. You will see a list of infected items there. Click on Save Report As.... Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

YellowSVT View Member Profile	Jun 30 2009, 12:56 AM Post #5
New Member Group: Authentic Member Posts: 14 Joined: 26-June 09 Member No.: 86,434 Operating System: Windows XP	You didn't say if you wanted a copy of the Kaspersky Scan log, so I copied it and pasted it after this log. Just a heads up I haven't had any more Pop Ups since the first series of your fix. SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 06/29/2009 at 08:22 PM Application Version : 4.26.1006 Core Rules Database Version : 3962 Trace Rules Database Version: 1903 Scan type : Complete Scan Total Scan Time : 01:36:02 Memory items scanned : 841 Memory threats detected : 0 Registry items scanned : 7499 Registry threats detected : 1 File items scanned : 148449 File threats detected : 745 Trojan.Unclassified/Promo2 HKU\S-1-5-21-541687984-1388870375-391472852-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{57071861-57F2-4272-A519-6F599CADD6FD} C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SECTASKMAN\2AB.TMP.Q_32381001_Q Adware.Tracking Cookie C:\Documents and Settings\Chuck\Cookies\chuck@www.deepdiscount[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@e-2dj6wfkycmajwcq.stats.esomniture[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@tracking.foxnews[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@adfarm1.adition[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@chitika[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@revsci[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@server.iad.liveperson[10].txt C:\Documents and Settings\Chuck\Cookies\chuck@sexy-nerd[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@affiliate.a4dtracker[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@lfstmedia[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@www.googleadservices[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@homeclick[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@directhomediscount[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@ads.townhall[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@www.googleadservices[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@advertising[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@specificmedia[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@collective-media[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@e-2dj6wgkigpcpcko.stats.esomniture[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@e-2dj6wjlyahdzgfo.stats.esomniture[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@adwarealert2009[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@e-2dj6wjl4kicjelo.stats.esomniture[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@media6degrees[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@adinterax[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@sales.liveperson[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@a1.interclick[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@server.iad.liveperson[3].txt C:\Documents and Settings\Chuck\Cookies\chuck@CAU6ZA0A.txt C:\Documents and Settings\Chuck\Cookies\chuck@doubleclick[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@www.sexy-nerd[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@stats.crossmediaservices[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@e-2dj6wmlounczako.stats.esomniture[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@e-2dj6wjnygjc5wao.stats.esomniture[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@oddcast[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@tdstats[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@e-2dj6wfkoenc5mep.stats.esomniture[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@dealtime[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@reliableplant.advertserve[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@e-2dj6wfloanc5igo.stats.esomniture[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@adserver.avalonsunsplash[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@ads.lucidmedia[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@e-2dj6wjlyehazkhq.stats.esomniture[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@e-2dj6wjkycgazcdq.stats.esomniture[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@media.mtvnservices[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@imrworldwide[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@e-2dj6wjkowod5gco.stats.esomniture[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@e-2dj6wcl4wpczmbp.stats.esomniture[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@e-2dj6wjliqncjwdo.stats.esomniture[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@deepdiscount[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@www.googleadservices[4].txt C:\Documents and Settings\Chuck\Cookies\chuck@www.socialtrack[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@interclick[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@CA9S7C10.txt C:\Documents and Settings\Chuck\Cookies\chuck@www.homeclick[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@e-2dj6wjmygkc5sep.stats.esomniture[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@e-2dj6wjl4cmdzakq.stats.esomniture[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@stats.paypal[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@CAD48T9T.txt C:\Documents and Settings\Chuck\Cookies\chuck@emailfinder[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@acronymfinder[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@www.machinefinder[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@sales.liveperson[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@e-2dj6wjmyepd5ckp.stats.esomniture[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@CA9YVFD2.txt C:\Documents and Settings\Chuck\Cookies\chuck@e-2dj6wjliqlcpwhp.stats.esomniture[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@crossmediaservices[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@donerus.112.2o7[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@e-2dj6wjliciajwbp.stats.esomniture[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@tribalfusion[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@e-2dj6wjk4qmajaco.stats.esomniture[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@adwarealert[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@e-2dj6wfkoakczibp.stats.esomniture[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@stopzilla[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@adlegend[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@track.bestbuy[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@e-2dj6wmkisiczmeq.stats.esomniture[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@e-2dj6wjkyskc5ogo.stats.esomniture[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@fastclick[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@e-2dj6whmysnczmep.stats.esomniture[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@ad.yieldmanager[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@e-2dj6wgkikoazgbo.stats.esomniture[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@server.iad.liveperson[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@thefind[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@clickarrows[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@adserv.brandaffinity[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@e-2dj6wml4wmdzwdp.stats.esomniture[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@e-2dj6wmloqldjilo.stats.esomniture[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@ads.funadvice[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@e-2dj6wdlyqhd5seo.stats.esomniture[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@ad.allvoices[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@sales.liveperson[3].txt C:\Documents and Settings\Chuck\Cookies\chuck@ads.pointroll[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@e-2dj6wfkyakajglp.stats.esomniture[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@CAXFCCNZ.txt C:\Documents and Settings\Chuck\Cookies\chuck@e-2dj6wnkywkcpgcp.stats.esomniture[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@tacoda[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@www.backcountry[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@www.googleadservices[11].txt C:\Documents and Settings\Chuck\Cookies\chuck@backcountry[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@server.iad.liveperson[6].txt C:\Documents and Settings\Chuck\Cookies\chuck@onlinetraffictracker[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@ads.lucidmedia[3].txt C:\Documents and Settings\Chuck\Cookies\chuck@www.path-track[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@www.googleadservices[10].txt C:\Documents and Settings\Chuck\Cookies\chuck@CA0D0EVQ.txt C:\Documents and Settings\Chuck\Cookies\chuck@CAUIA03T.txt C:\Documents and Settings\Chuck\Cookies\chuck@www.tracklead[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@CA1YMEKE.txt C:\Documents and Settings\Chuck\Cookies\chuck@top-country-songs[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@CAJJ083X.txt C:\Documents and Settings\Chuck\Cookies\chuck@mediaplex[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@e-2dj6wjnyolcpegp.stats.esomniture[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@sitestat.mayoclinic[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@server.iad.liveperson[4].txt C:\Documents and Settings\Chuck\Cookies\chuck@invitemedia[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@www.googleadservices[6].txt C:\Documents and Settings\Chuck\Cookies\chuck@www.epitrack[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@edge.ru4[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@tracking.gajmp[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@www.onpointmedia[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@CA5Q9E4R.txt C:\Documents and Settings\Chuck\Cookies\chuck@trafficdashboard[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@www.googleadservices[3].txt C:\Documents and Settings\Chuck\Cookies\chuck@trafficmp[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@www.googleadservices[5].txt C:\Documents and Settings\Chuck\Cookies\chuck@ehg-crain.hitbox[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@whatacountry[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@at.atwola[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@dmtracker[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@www.belstat[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@adserve.internetgiveawaygroup[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@CA5XKTU0.txt C:\Documents and Settings\Chuck\Cookies\chuck@care2.112.2o7[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@e-2dj6wjl4ulczwhp.stats.esomniture[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@server.iad.liveperson[9].txt C:\Documents and Settings\Chuck\Cookies\chuck@www.googleadservices[9].txt C:\Documents and Settings\Chuck\Cookies\chuck@adbureau.traffic[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@e-2dj6wgmiepczggp.stats.esomniture[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@e-2dj6wjkyulajibo.stats.esomniture[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@countrystartpage[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@ext-us.bestofmedia[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@hornymatches[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@adserve.brandgivewaycentre[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@affiliates.commissionaccount[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@CAGRVQSD.txt C:\Documents and Settings\Chuck\Cookies\chuck@CA23DGK1.txt C:\Documents and Settings\Chuck\Cookies\chuck@labsafetysupply.122.2o7[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@realmedia[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@insightexpressai[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@www.stopzilla[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@ad.zanox[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@healthadvert[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@e-2dj6whkyuncjako.stats.esomniture[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@bs.serving-sys[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@clickz.lonelycheatingwives[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@apmebf[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@overture[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@CA7U2EHH.txt C:\Documents and Settings\Chuck\Cookies\chuck@server.iad.liveperson[7].txt C:\Documents and Settings\Chuck\Cookies\chuck@CAOFNB7I.txt C:\Documents and Settings\Chuck\Cookies\chuck@e-2dj6wjkyehdzoap.stats.esomniture[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@clickthrough.kanoodle[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@CA5NI3EG.txt C:\Documents and Settings\Chuck\Cookies\chuck@tracking.dsmmadvantage[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@sales.liveperson[4].txt C:\Documents and Settings\Chuck\Cookies\chuck@switch.adprotracker[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@CAWDLDTJ.txt C:\Documents and Settings\Chuck\Cookies\chuck@e-2dj6wjny-1jajmb.stats.esomniture[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@e-2dj6wfkiqodzabp.stats.esomniture[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@e-2dj6whkyehczako.stats.esomniture[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@CAW0H0N0.txt C:\Documents and Settings\Chuck\Cookies\chuck@hitbox[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@lynxtrack[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@ads.bridgetrack[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@yieldmanager[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@e-2dj6wfkiqjdjefp.stats.esomniture[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@www.collegeflagsandbanners[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@server.iad.liveperson[11].txt C:\Documents and Settings\Chuck\Cookies\chuck@www.mynortonaccount[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@CA6Y3T5D.txt C:\Documents and Settings\Chuck\Cookies\chuck@questionmarket[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@e-2dj6wfmiegcpwap.stats.esomniture[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@server.iad.liveperson[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@tripod[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@www.googleadservices[7].txt C:\Documents and Settings\Chuck\Cookies\chuck@adtrackz[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@adbrite[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@test.coremetrics[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@bizrate[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@serving-sys[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@server.iad.liveperson[5].txt C:\Documents and Settings\Chuck\Cookies\chuck@zedo[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@intermundomedia[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@ads.widgetbucks[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@statse.webtrendslive[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@e-2dj6wjlicpcpicp.stats.esomniture[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@CAT0Q1U8.txt C:\Documents and Settings\Chuck\Cookies\chuck@e-2dj6wjk4sndpokp.stats.esomniture[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@CAQBWFYX.txt C:\Documents and Settings\Chuck\Cookies\chuck@sales.liveperson[7].txt C:\Documents and Settings\Chuck\Cookies\chuck@247realmedia[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@CARBVZ8P.txt C:\Documents and Settings\Chuck\Cookies\chuck@casalemedia[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@myroitracking[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@e-2dj6wjnyomczoko.stats.esomniture[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@ehg-players.hitbox[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@track.tester-rewards[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@ads.bleepingcomputer[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@linksynergy[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@homesteadtechnologies.122.2o7[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@e-2dj6wfkywndjalp.stats.esomniture[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@surfaccuracy[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@atdmt[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@burstnet[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@CAVQ70GZ.txt C:\Documents and Settings\Chuck\Cookies\chuck@statcounter[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@serving.adsrevenue.clicksor[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@CAKFOCI0.txt C:\Documents and Settings\Chuck\Cookies\chuck@www.googleadservices[8].txt C:\Documents and Settings\Chuck\Cookies\chuck@CAVYB0OR.txt C:\Documents and Settings\Chuck\Cookies\chuck@specificclick[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@2o7[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@CA2EINHR.txt C:\Documents and Settings\Chuck\Cookies\chuck@CAD0M1T0.txt C:\Documents and Settings\Chuck\Cookies\chuck@e-2dj6wfliwkdzghq.stats.esomniture[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@CAY5IG3N.txt C:\Documents and Settings\Chuck\Cookies\chuck@sales.liveperson[6].txt C:\Documents and Settings\Chuck\Cookies\chuck@marinermarketing.112.2o7[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@www.rmllctrack[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@e-2dj6wfliqodzkfo.stats.esomniture[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@paypal.112.2o7[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@5886.01.clickshield[1].txt C:\Documents and Settings\Chuck\Cookies\chuck@nextag[2].txt C:\Documents and Settings\Chuck\Cookies\chuck@CA7OV1L6.txt C:\Documents and Settings\Chuck\Cookies\chuck@CAQ3B52O.txt C:\Documents and Settings\Chuck\Cookies\chuck@kontera[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@1-click[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@2o7[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@a.findarticles[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@a1.interclick[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@accounts.key[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@ad.admarketplace[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@ad.associatedcontent[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@ad.yieldmanager[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@adbrite[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@adfarm1.adition[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@adinterax[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@adlegend[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@admarketplace[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@ads.adap[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@ads.associatedcontent[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@ads.cartoonnetwork[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@ads.cnn[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@ads.contactmusic[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@ads.costumesinc[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@ads.foodbuzz[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@ads.gamesbannernet[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@ads.lucidmedia[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@ads.mail[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@ads.mediageeks[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@ads.mediamayhemcorp[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@ads.missingmethod[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@ads.ogdenpubs[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@ads.pointroll[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@ads.pureads[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@ads.restaurantica[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@ads.shopthescene[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@ads.smallworldlabs[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@ads.touregypt[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@ads.webtender[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@ads.widgetbucks[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@adservices.google[10].txt C:\Documents and Settings\Lynn\Cookies\lynn@adservices.google[11].txt C:\Documents and Settings\Lynn\Cookies\lynn@adservices.google[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@adservices.google[3].txt C:\Documents and Settings\Lynn\Cookies\lynn@adservices.google[4].txt C:\Documents and Settings\Lynn\Cookies\lynn@adservices.google[6].txt C:\Documents and Settings\Lynn\Cookies\lynn@adservices.google[7].txt C:\Documents and Settings\Lynn\Cookies\lynn@adservices.google[8].txt C:\Documents and Settings\Lynn\Cookies\lynn@adservices.google[9].txt C:\Documents and Settings\Lynn\Cookies\lynn@adultadworld[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@advert.travlang[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@adverticum[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@advertising[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@aff.primaryads[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@affiliate.immstracker[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@aj.petfinder[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@analytics.intrepidstats[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@apmebf[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@app.insightgrit[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@app.validclick[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@arbitrack[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@at.atwola[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@atdmt[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@banner.joylandcasino[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@barcodediscount[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@bizrate[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@bs.serving-sys[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@burstbeacon[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@burstnet[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@california-discounthotels[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@cardfinder.capitalone[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@casalemedia[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@cf-db01.clickfacts[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@chitika[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@cioinsight[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@click.websitegear[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@clickbooth[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@clickshift[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@client.roiadtracker[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@collective-media[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@content.yieldmanager[3].txt C:\Documents and Settings\Lynn\Cookies\lynn@cookscountry[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@coolsavings[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@count.rbc[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@count.trackula[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@countryliving[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@countrywide[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@crackle[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@creditscoresexposed[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@curiouscountrycreations[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@dc.tremormedia[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@dealtime[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@deepdiscountpondsupply[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@dev2.clickfacts[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@discountcooking[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@discountpetdrugs[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@discountphotogifts[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@discountyarnsale[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@doubleclick[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@dr.findlinks[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@dynamicsitestats[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wakoaldjibp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wakoumcpghp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6waliwoajsdp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6waloemdjahq.stats.esomniture[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6walyogazkco.stats.esomniture[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wbk4cod5wco.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wbk4okdzsbp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wbkiokdjmgo.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wbl4ohajkcp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wblieiczweo.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wblyejdpkho.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wckikoc5odo.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wclikod5cko.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wcmyajazwaq.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wcmysgc5kao.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wdk4gjdzoep.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wdkyaocjmeo.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wdkykjdjkfp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wdliqpazcfp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wdlygncjsep.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wdmywidjcbo.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wfk4ajcjsgo.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wfk4chcjsco.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wfk4egazkep.stats.esomniture[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wfk4eodzcdo.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wfk4kgc5oko.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wfk4kmazabo.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wfk4qldzkdq.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wfk4qmcpahp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wfk4uhczwdp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wfk4umc5scq.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wfk4wod5gao.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wfk4wpdzedo.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wfkiaicjako.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wfkiopc5cco.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wfkiqkc5ehq.stats.esomniture[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wfkisiajebo.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wfkiuocjafq.stats.esomniture[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wfkiwjc5khp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wfkiwkc5cco.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wfkoajazwfo.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wfkoalc5mkp.stats.esomniture[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wfkoskc5gaq.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wfkoskcziaq.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wfkosmcjkgo.stats.esomniture[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wfkoukczeco.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wfkyaldjeko.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wfkyaodpofp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wfkycodjgho.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wfkyeld5mfq.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wfkyomajelp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wfkyqjdpelq.stats.esomniture[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wfkyumczkbo.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wfkyupd5whp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wfkywiazwap.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wfkywmd5olq.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wfl4eiazeeq.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wfl4elajidq.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wfl4giczafp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wfl4kpdjclp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wfliajc5wbp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wflieidzwgo.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wfliendpcco.stats.esomniture[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wfligjazgbp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wflikpczidq.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wflioldzmco.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wflioncpodp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wfliskdjaap.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wfliujajglp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wfloaidjelp.stats.esomniture[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wfloapcjwlp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wfloekd5abp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wflokgdpadp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wflowgazogq.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wfmikmcpscp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wfmiohdpkbp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wfmiqiajklp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wfmishdjgkq.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wfmisjazkap.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wfmiugd5kcp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wfmyojczkbq.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wfmysgczwlo.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wfmyugdzeeo.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wgk4qpc5aao.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wgk4shdzekq.stats.esomniture[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wgk4wkczkcq.stats.esomniture[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wgkiagcpklp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wgkighdpmgo.stats.esomniture[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wgkikmajafo.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wgkoejazkcp.stats.esomniture[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wgkokgaziaq.stats.esomniture[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wgkosmdzsbq.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wgkyeoczwho.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wgkyqkcpogp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wgkyqnajefq.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wgl4kncpgfp.stats.esomniture[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wglyghcjkcq.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wglygoazelo.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wgmygldpweq.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wgmyqmdzofp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6whkiegdpmgo.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6whkienczsgp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6whkyggczkcp.stats.esomniture[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6whkywocjwko.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6whl4emdzgdq.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjk4chd5sdp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjk4cjdzmdq.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjk4clc5ifq.stats.esomniture[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjk4cndjcco.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjk4ekcpgbp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjk4epazabo.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjk4ghazcgq.stats.esomniture[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjk4qnczgfo.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjk4siczgbo.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjkocodjgho.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjkoejc5eao.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjkokgczslq.stats.esomniture[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjkokldzwgp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjkokodzeeq.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjkokpczklp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjkokpdjscp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjkoqpdpwkp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjkoshajwgq.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjkospcjsao.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjkospdzkhq.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjkowjazeap.stats.esomniture[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjkyaod5cko.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjkycoczaao.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjkyekdpido.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjkyelcpaep.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjkyepcpedo.stats.esomniture[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjkyggdzkho.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjkyghdpkgp.stats.esomniture[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjkygkcpifo.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjkygkdjmgo.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjkygndzskq.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjkygpcpaaq.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjkyqjazabo.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjkyqpcjikq.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjkyshcjgho.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjkyskajgfo.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjkyskc5olp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjkysmcpkfq.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjkysoc5odo.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjl4coajolo.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjl4ekdpggp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjl4emcjmeo.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjl4gjczmho.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjl4gncjcbp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjl4gpdjeho.stats.esomniture[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjl4qiazsco.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjl4qnajwao.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjl4sgcjcep.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjl4sncjgkq.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjl4uoczkap.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjl4wlcjodp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjlicjajikp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjlicncjsfo.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjliemcpwhp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjlikkdpkap.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjlisgdpceq.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjlisicjalo.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjlisid5sko.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjliskdjabp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjloaidpofp.stats.esomniture[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjloamdjsfo.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjloanajgcp.stats.esomniture[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjlocjajkeo.stats.esomniture[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjlocmc5oao.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjlocmdzsgp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjlokkd5whq.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjloomdpefp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjlowkc5keo.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjlowlczgbo.stats.esomniture[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjlyanczgeq.stats.esomniture[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjlycidzigp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjlyclcjkeo.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjlyepcjshp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjlyghc5ago.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjlyqiczkdq.stats.esomniture[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjlyupajicp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjmiagd5ocq.stats.esomniture[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjmiwoczkhq.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjmycgd5eap.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjmyehcjwkp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjmyejc5who.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjmygmdzokp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjmykgc5clo.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjmykoc5gkq.stats.esomniture[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjmykpcpeep.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjmyqoajmfo.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjmysjajogq.stats.esomniture[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjmysjd5ako.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjmysldjcdp.stats.esomniture[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjmyulcjelo.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjny-1gcpgk.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjny-1gdpcd.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjny-1jcpwd.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjny-1jd5gg.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjny-1kazsd.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjny-1ldzak.stats.esomniture[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjny-1ocjkb.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjny-1scpcc.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjny-1sd5wa.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjnyakazocp.stats.esomniture[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjnyanajmdo.stats.esomniture[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjnycicjskp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjnycnajmhp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjnycod5ago.stats.esomniture[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjnyelazoeq.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjnyemc5ikp.stats.esomniture[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjnyghdpwdq.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjnygjcpcfp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjnygmcjggp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjnygpdzchq.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjnyogd5whq.stats.esomniture[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjnyogdjmbp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjnyold5geo.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjnyomcpklq.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjnyomdpggq.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjnyooc5sho.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjnyooczmhp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjnyopczmgp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjnyqgcpmeo.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjnyqhdzwbp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjnyqjcjsko.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjnyqjdjcbq.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjnyqnczmcp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjnyshajogo.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjnyshcpaco.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjnysic5kbo.stats.esomniture[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjnysiczkeo.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjnysmc5saq.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjnyugdzebq.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjnyuhdjmgp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjnyujczagp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjnyukcpegp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjnyulcpsdp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjnyuodzckp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjnywgazkfo.stats.esomniture[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjnywhcjwlp.stats.esomniture[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjnywkdjmfp.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@e-2dj6wjnywlajgeo.stats.esomniture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@eas.apm.emediate[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@easy-hit-counters[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@ecnext.advertserve[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@elitedeals[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@euroclick[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@eyewonder[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@ez-tracks[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@fastclick[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@fcstats.bcentral[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@find.intelius[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@find.myrecipes[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@find.myrecipes[3].txt C:\Documents and Settings\Lynn\Cookies\lynn@findarticles[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@findlaw[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@findlegalforms[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@findtape[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@findvacationrentals[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@findwallunits[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@fishermansexpress[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@focalex[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@fs10.fusestats[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@furniturefind[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@go.globaladsales[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@googleadservices[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@hellasmultimedia[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@homeclick[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@hotels-and-discounts[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@icc.intellisrv[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@imrworldwide[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@incentaclick[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@indexstats[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@insightexpressai[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@interclick[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@intermundomedia[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@jumps.ez-tracks[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@kanoodle[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@kontera[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@lewiscountywa[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@m1.webstats4u[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@media.legacy[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@media.medhelp[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@media.mtvnservices[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@media.sensis.com[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@media3.sitebrand[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@media4.sitebrand[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@media6degrees[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@mediaonenetwork[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@mediaplex[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@microsoftmachinetranslation.112.2o7[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@my.countrywide[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@nandomedia[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@onlinediscountmart[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@optimost[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@overture[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@partner2profit[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@pathfinder[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@petfinder[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@pinkdiscount[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@pluckit.demandmedia[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@pt.crossmediaservices[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@public.findlaw[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@qnsr[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@questionmarket[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@redorbit[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@regalinteractive[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@revsci[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@richmedia.yahoo[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@roiservice[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@sales.liveperson[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@sales.liveperson[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@sales.liveperson[3].txt C:\Documents and Settings\Lynn\Cookies\lynn@sales.liveperson[5].txt C:\Documents and Settings\Lynn\Cookies\lynn@sav.coolsavings[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@server.cpmstar[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@server.iad.liveperson[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@server.iad.liveperson[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@server.iad.liveperson[4].txt C:\Documents and Settings\Lynn\Cookies\lynn@server.iad.liveperson[5].txt C:\Documents and Settings\Lynn\Cookies\lynn@server.iad.liveperson[6].txt C:\Documents and Settings\Lynn\Cookies\lynn@server.iad.liveperson[7].txt C:\Documents and Settings\Lynn\Cookies\lynn@server.iad.liveperson[8].txt C:\Documents and Settings\Lynn\Cookies\lynn@server.iad.liveperson[9].txt C:\Documents and Settings\Lynn\Cookies\lynn@serving-sys[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@serw.clicksor[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@silo.thefind[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@sitestat.mayoclinic[3].txt C:\Documents and Settings\Lynn\Cookies\lynn@skicountryantiques[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@smileycentral[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@sources.sourcetool[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@specificclick[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@specificmedia[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@srvr1.leadtracks[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@statcounter[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@stats.bradyinternational[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@stats.cmarket[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@stats01.pointshop[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@statsadv.dada[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@statse.webtrendslive[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@statse.webtrendslive[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@t0.counter43[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@tacoda[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@thefind[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@ticketsnow[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@track.bestbuy[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@tracker.espsoftware[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@tracking.foundry42[3].txt C:\Documents and Settings\Lynn\Cookies\lynn@tracking.foxnews[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@tracking.homeportfolio[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@tracking.rangeonlinemedia[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@tracking.veille-referencement[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@tracking[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@traffic.eintown[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@trafficdashboard[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@trafficmp[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@travel.hotels-and-discounts[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@tribalfusion[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@uclick[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@v7.stats.load[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@vhost.oddcast[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@wandascountryhomeinspirational[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@websponsors[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@www.abcmedianet[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@www.advertisingbay[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@www.burstbeacon[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@www.burstnet[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@www.cioinsight[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@www.clickmanage[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@www.coolsavings[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@www.countrydoor[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@www.countryliving[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@www.countrywide[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@www.creditscoresexposed[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@www.dealtime.co[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@www.directnetadvertising[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@www.discountcooking[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@www.discountcooking[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@www.discountcupboard[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@www.discountpetdrugs[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@www.discountyarnsale[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@www.ecoretrack[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@www.ez-tracks[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@www.findarticles[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@www.findgift[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@www.findlaw[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@www.findtape[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@www.findvacationrentals[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@www.googleadservices[10].txt C:\Documents and Settings\Lynn\Cookies\lynn@www.googleadservices[11].txt C:\Documents and Settings\Lynn\Cookies\lynn@www.googleadservices[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@www.googleadservices[3].txt C:\Documents and Settings\Lynn\Cookies\lynn@www.googleadservices[4].txt C:\Documents and Settings\Lynn\Cookies\lynn@www.googleadservices[5].txt C:\Documents and Settings\Lynn\Cookies\lynn@www.googleadservices[6].txt C:\Documents and Settings\Lynn\Cookies\lynn@www.googleadservices[7].txt C:\Documents and Settings\Lynn\Cookies\lynn@www.googleadservices[8].txt C:\Documents and Settings\Lynn\Cookies\lynn@www.googleadservices[9].txt C:\Documents and Settings\Lynn\Cookies\lynn@www.homeclick[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@www.homeclick[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@www.iadserving[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@www.incentaclick[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@www.matracking[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@www.piercecountywa[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@www.ppctracking[1].txt C:\Documents and Settings\Lynn\Cookies\lynn@www.skicountryantiques[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@www.socialtrack[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@www.ticketsnow[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@www100.homeclick[2].txt C:\Documents and Settings\Lynn\Cookies\lynn@www3.addfreestats[1].txt Adware.Agent/Gen-Bogus C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\BACKUPS\BACKUP-20090626-150641-814.DLL -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0 REPORT Monday, June 29, 2009 Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Program database last update: Tuesday, June 30, 2009 03:38:35 Records in database: 2403678 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ Scan statistics: Files scanned: 151726 Threat name: 1 Infected objects: 1 Suspicious objects: 0 Duration of the scan: 02:20:36 File name / Threat name / Threats count C:\Documents and Settings\Chuck\Application Data\Sun\Java\Deployment\cache\6.0\43\65cc22eb-37d04f46 Infected: Trojan-Downloader.Java.OpenStream.ac 1 The selected area was scanned.

SpySentinel View Member Profile	Jul 1 2009, 07:48 PM Post #6
Trusted Group: Malware Team Posts: 554 Joined: 26-January 08 From: The United States Member No.: 76,329 Operating System: Windows XP SP2	Hi YellowSVT, Glad to hear your popups are gone Please see HERE to clear your Java Cache Step #1 Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems Upgrading Java: Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 14. Click the "Download" button to the right. Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.". Click on Continue. Click on the link to download Windows Offline Installation (jre-6u14-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager.. Close any programs you may have running - especially your web browser. Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java version. Reboot your computer once all Java components are removed. Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u14-windows-i586.exe and select "Run as an Administrator.") Step #2 Launch Malwarebytes' Anti-Malware If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. Step #3 Download random's system information tool (RSIT) by random/random from here and save it to your desktop. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

YellowSVT View Member Profile	Jul 2 2009, 11:37 AM Post #7
New Member Group: Authentic Member Posts: 14 Joined: 26-June 09 Member No.: 86,434 Operating System: Windows XP	Here are the Scan Logs you requested. Malwarebytes' Anti-Malware 1.38 Database version: 2340 Windows 5.1.2600 Service Pack 3 07/02/09 10:24:52 mbam-log-2009-07-02 (10-24-52).txt Scan type: Quick Scan Objects scanned: 105671 Time elapsed: 8 minute(s), 51 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) info.txt logfile of random's system information tool 1.06 2009-07-02 10:28:06 ======Uninstall list====== -->"C:\Program Files\Creative\Sound Blaster Live! 24-bit\Program\Ctzapxx.EXE" /X /U /S -->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks\|RealPlayer\|6.0 -->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6} -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629} -->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe -->MsiExec.exe /I{F543B12A-13F5-487E-9314-F7D25E1BBE3E} -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC0DD8AE-3DC0-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC0DD8AE-3DC0-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B} Adobe Photoshop Elements 7.0-->msiexec /i {CB6075D9-F912-40AE-BEA6-E590DA24F16B} Adobe Photoshop.com Inspiration Browser-->msiexec /qb /x {AFBBF30D-ADA9-4313-464E-14458B6BE034} Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002} Adobe® Photoshop® Album Starter Edition 3.0.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9618743-1A5C-461E-91C4-E013A3D70F3C}\Setup.exe" -l0x9 Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61} AdwareAlert-->MsiExec.exe /X{5FFDB0D7-AE81-443D-814F-2C83EDD8C21D} AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C} AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B} Apple Mobile Device Support-->MsiExec.exe /I{659B48CD-0608-4ED5-94C0-0B6C87114F10} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} ArcSoft Panorama Maker 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D45E8C45-B601-4A80-AFD8-E16338744DE1}\Setup.exe" -l0x9 ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean Backup-->MsiExec.exe /I{24DF7221-644B-4C3A-A478-459502D40522} Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B} Broadcom Advanced Control Suite 2-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2E086814-7392-4E0F-ADB8-54A81E47406C} /l1033 ccCommon-->MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118} CheckIt Diagnostics-->C:\PROGRA~1\CheckIt\DIAGNO~1\UNWISE.EXE C:\PROGRA~1\CheckIt\DIAGNO~1\INSTALL.LOG Convert-->MsiExec.exe /X{23970E31-948B-466E-8376-1224D32FDF0C} Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\setup.exe" -l0x9 /remove Cricket Power Sniper-->C:\Program Files\Cricket Power Sniper\cjUnintstall.exe Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe" Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76} Dell Media Experience-->MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B} Dell Picture Studio v3.0-->MsiExec.exe /I{AF06CAE4-C134-44B1-B699-14FBDB63BD37} Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1} DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D} DMX Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE8913B7-B2C4-48BE-8A26-84390FF4F231}\setup.exe" -l0x9 -L0x9 /SMAINT ExpertGPS-->"C:\Program Files\ExpertGPS\unins000.exe" GdiplusUpgrade-->MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5} GearDrvs-->MsiExec.exe /I{206FD69B-F9FE-4164-81BD-D52552BC9C23} GearDrvs-->MsiExec.exe /I{CB84F0F2-927B-458D-9DC5-87832E3DC653} Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe" HP Extended Capabilities 4.7-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat HP Image Zone 4.7-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC} HP PSC & OfficeJet 4.7-->"C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F} Image Resizer Powertoy for Windows XP-->MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29} Intel Application Accelerator-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}\Setup.exe" -l0409 -INTELUNINST Intel® 537EP V9x DF PCI Modem-->rundll32 IntelCci.dll,iSMUninstallation "Intel® 537EP V9x DF PCI Modem" Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395} iTunes-->MsiExec.exe /I{CC5702D7-86E2-45A8-99D7-E8B976ADCC56} Jasc Paint Shop Photo Album 5-->MsiExec.exe /I{4192EAC0-6B36-4723-B216-D0E86E7757AC} Jasc Paint Shop Pro Studio, Dell Editon-->MsiExec.exe /I{78C496B9-5A6B-4692-8C2E-AFFFC34E4961} Java™ 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF} Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} LimeWire 5.1.3-->"C:\Program Files\LimeWire\uninstall.exe" Linksys EasyLink Advisor 1.5 (1010)-->rundll32 C:\PROGRA~1\LINKSY~1\AUInst.dll,ExUninstall LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate" LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206} Macromedia Flash Player-->MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c} Magellan POI File Editor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{104A059B-CD20-4632-A8F6-D8C80E14782D}\Setup.exe" -l0x9 Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" MasterCook 6: Deluxe Edition-->C:\WINDOWS\IsUninst.exe -f"C:\SIERRA\MasterCook 6\Uninst.isu" -c"C:\SIERRA\MasterCook 6\uninst32.DLL" Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE} Microsoft Office XP Media Content-->MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9} Microsoft Office XP Small Business-->MsiExec.exe /I{91130409-6000-11D3-8CFE-0050048383C9} Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7} Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B} Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Modem Event Monitor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9 Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel Modem On Hold-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} Musicmatch® Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst Nikon Message Center-->MsiExec.exe /X{D2FCC1AE-6311-47C5-8130-C6C66D77DD71} Nikon Transfer-->MsiExec.exe /X{E9757890-7EC5-46C8-99AB-B00F07B6525C} Norton 360 (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_2_0_0_242\Setup.exe" /X Norton 360 HTMLHelp-->MsiExec.exe /I{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8} Norton 360-->MsiExec.exe /I{21829177-4DED-4209-AD08-490B3AC9C01A} Norton 360-->MsiExec.exe /I{2D617065-1C52-4240-B5BC-C0AE12157777} Norton Confidential Core-->MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2} OLYMPUS CAMEDIA Master 4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{30BB4D60-81DB-11D5-BB77-00400536ABAC}\Setup.exe" CAMEDIA Master 4.03 overland-->MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC} Photo Click-->MsiExec.exe /I{6E179C77-7335-458D-9537-4F4EAC0181ED} PhotoshopdotcomInspirationBrowser-->MsiExec.exe /I{AFBBF30D-ADA9-4313-464E-14458B6BE034} PowerDVD 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall QuickBooks Simple Start Special Edition-->msiexec.exe /I {F543B12A-13F5-487E-9314-F7D25E1BBE3E} UNIQUE_NAME="atomlimited" QBFULLNAME="QuickBooks Simple Start Special Edition" ADDREMOVE=1 QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68} Qurb-->"C:\Program Files\Qurb\QSP-3.0.311.7\Q-Update.exe" /u RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks\|RealPlayer\|6.0 Security Task Manager 1.7f-->C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager" Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe" Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe" Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe" Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe" Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Snood 4-->"C:\Program Files\Snood 4\unins000.exe" Snood Deluxe-->MsiExec.exe /I{7C594459-6829-420D-A773-041F64CBC330} Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6} Sonic MyDVD LE-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29} Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629} Sound Blaster Live! 24-bit-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB481CC-F57C-4397-81A0-DADD22257047}\setup.exe" -l0x9 SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56} Super Collapse! from GameHouse-->C:\PROGRA~1\GAMEHO~1\Collapse\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\Collapse\INSTALL.LOG Super Collapse! II-->C:\PROGRA~1\GAMEHO~1\COLLAP~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\COLLAP~1\INSTALL.LOG SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} Symantec Real Time Storage Protection Component-->MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A} Symantec Technical Support Controls-->MsiExec.exe /I{45690715-80A6-4445-B61D-ADEC5888E8CD} Symantec Technical Support Web Controls-->MsiExec.exe /X{DDC63227-BA06-4855-B002-BDB49E9F677E} Topo USA 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{50F81341-82CC-458C-A66D-ADC42D25D727}\setup.exe" -l0x9 NoMode Update for Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe" Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" WebExcellenceAdviceTool-->C:\Program Files\WebExcellenceAdviceTool\uninstall.exe uninstall=webexcellenceadvicetool Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401} Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe" Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89} Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows Vista Upgrade Advisor-->MsiExec.exe /I{8F3CF9E1-D738-4C2B-8193-F45AC8B0EC7C} Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall WordPerfect Office 12-->MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48} =====HijackThis Backups===== O1 - Hosts: 64.124.166.37 www.kazzalite.com [2009-06-26] O1 - Hosts: 64.124.166.37 www.klite.com [2009-06-26] O1 - Hosts: 64.124.166.37 www.kaazalite.com [2009-06-26] O1 - Hosts: 64.124.166.37 klite.com [2009-06-26] O1 - Hosts: 64.124.166.37 k-lite.com [2009-06-26] O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Etomi\Plugins\RazaWebHook.dll/3000 [2009-06-26] O1 - Hosts: 64.124.166.37 kaazalite.com [2009-06-26] O1 - Hosts: 64.124.166.37 kazaalite.com [2009-06-26] O2 - BHO: WebExcellenceAdviceTool - {CD1A4F51-6371-6621-312A-B4CD3941F6DE} - C:\Program Files\WebExcellenceAdviceTool\WebExcellenceAdviceTool.dll [2009-06-26] O1 - Hosts: 64.124.166.37 www.kazalite.com [2009-06-26] O1 - Hosts: 64.124.166.37 kazalite.com [2009-06-26] O1 - Hosts: 64.124.166.37 www.k-lite.com [2009-06-26] ======Security center information====== AV: Norton 360 FW: Norton 360 ======System event log====== Computer Name: CHUCK-LYNN Event Code: 1003 Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0013203C826F. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. Record Number: 12448 Source Name: Dhcp Time Written: 20090622194832.000000-420 Event Type: warning User: Computer Name: CHUCK-LYNN Event Code: 1003 Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0013203C826F. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. Record Number: 12434 Source Name: Dhcp Time Written: 20090622062949.000000-420 Event Type: warning User: Computer Name: CHUCK-LYNN Event Code: 240 Message: A request to suspend power was denied by winlogon.exe. Record Number: 12378 Source Name: Win32k Time Written: 20090621075328.000000-420 Event Type: warning User: Computer Name: CHUCK-LYNN Event Code: 1003 Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0013203C826F. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. Record Number: 12032 Source Name: Dhcp Time Written: 20090618063903.000000-420 Event Type: warning User: Computer Name: CHUCK-LYNN Event Code: 36 Message: The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized. Record Number: 11946 Source Name: W32Time Time Written: 20090617055823.000000-420 Event Type: warning User: =====Application event log===== Computer Name: CHUCK-LYNN Event Code: 2570 Message: Adobe Active File Monitor Service has Started. Record Number: 169 Source Name: Adobe Active File Monitor 7.0 Time Written: 20090614101700.000000-420 Event Type: User: Computer Name: CHUCK-LYNN Event Code: 1517 Message: Windows saved user CHUCK-LYNN\Chuck registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. Record Number: 157 Source Name: Userenv Time Written: 20090614101451.000000-420 Event Type: warning User: NT AUTHORITY\SYSTEM Computer Name: CHUCK-LYNN Event Code: 1524 Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use. Record Number: 156 Source Name: Userenv Time Written: 20090614101448.000000-420 Event Type: warning User: CHUCK-LYNN\Chuck Computer Name: CHUCK-LYNN Event Code: 4356 Message: The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{6295DF2D-35EE-11D1-8707-00C04FD93327}. CoGetObject returned HRESULT 8000401A. Record Number: 19 Source Name: EventSystem Time Written: 20090612031208.000000-420 Event Type: warning User: Computer Name: CHUCK-LYNN Event Code: 2570 Message: Adobe Active File Monitor Service has Started. Record Number: 7 Source Name: Adobe Active File Monitor 7.0 Time Written: 20090612031129.000000-420 Event Type: User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel "PROCESSOR_REVISION"=0403 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\ "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip -----------------EOF-----------------

YellowSVT View Member Profile	Jul 2 2009, 12:30 PM Post #8
New Member Group: Authentic Member Posts: 14 Joined: 26-June 09 Member No.: 86,434 Operating System: Windows XP	Just a quick follow up. The computer is working great, seems faster, but a couple of programs have vanished into the ether. AdWare Alert and Evidence Eliminator, both programs I paid for, so I am wondering can I download them again or are they a problem. Evidence Eliminator I haven't used in months and maybe won't again. My Brother was in a little trouble with our evil Government and we decided to use it, because he emailed me often during this time. He had them confiscate his computer once, found nothing but did not issue any apologies, of course. Adware Alert was just renewed for two years, but I'm not sure it's worth a dayam. This post has been edited by YellowSVT: Jul 2 2009, 12:34 PM

SpySentinel View Member Profile	Jul 2 2009, 05:03 PM Post #9
Trusted Group: Malware Team Posts: 554 Joined: 26-January 08 From: The United States Member No.: 76,329 Operating System: Windows XP SP2	Hi YellowSVT, You seem to have forgotten to include the log.txt. Please check to see if it's located here: C:\rsit If it is please include the contents of the file in your next post. Your log is still showing some signs of you having old version of Java on your computer. We need to remove your old version of Java. To do this please do the following: For Windows XP Users Click Start Go to Control Panel Go to Add/Remove Programs Find and click Remove for the following (if present): Java™ 6 Update 2 Java™ 6 Update 3 Java™ 6 Update 5 Java™ 6 Update 7 ================================================ Please make sure you include the contents of the log.txt file. If you can't find it on your computer than please do a new RSIT scan. Adware Alert is a rogue antispyware program so you should not install it again. As for Evidence Eliminator, I would leave that go as well.

YellowSVT View Member Profile	Jul 3 2009, 01:21 PM Post #10
New Member Group: Authentic Member Posts: 14 Joined: 26-June 09 Member No.: 86,434 Operating System: Windows XP	I removed the Java 6 updates as instructed, that was a misunderstanding on my part, the only Java I see now is Java 6 update 14. Sorry about the rsit Log , I thought I had included it. I have attached it to this. Thanks for the info on Adware Alert I had no idea they were a problem and I don't need Evidence Eliminator now anyway. info.txt logfile of random's system information tool 1.06 2009-07-02 10:28:06 ======Uninstall list====== -->"C:\Program Files\Creative\Sound Blaster Live! 24-bit\Program\Ctzapxx.EXE" /X /U /S -->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks\|RealPlayer\|6.0 -->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6} -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629} -->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe -->MsiExec.exe /I{F543B12A-13F5-487E-9314-F7D25E1BBE3E} -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC0DD8AE-3DC0-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC0DD8AE-3DC0-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B} Adobe Photoshop Elements 7.0-->msiexec /i {CB6075D9-F912-40AE-BEA6-E590DA24F16B} Adobe Photoshop.com Inspiration Browser-->msiexec /qb /x {AFBBF30D-ADA9-4313-464E-14458B6BE034} Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002} Adobe® Photoshop® Album Starter Edition 3.0.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9618743-1A5C-461E-91C4-E013A3D70F3C}\Setup.exe" -l0x9 Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61} AdwareAlert-->MsiExec.exe /X{5FFDB0D7-AE81-443D-814F-2C83EDD8C21D} AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C} AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B} Apple Mobile Device Support-->MsiExec.exe /I{659B48CD-0608-4ED5-94C0-0B6C87114F10} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} ArcSoft Panorama Maker 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D45E8C45-B601-4A80-AFD8-E16338744DE1}\Setup.exe" -l0x9 ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean Backup-->MsiExec.exe /I{24DF7221-644B-4C3A-A478-459502D40522} Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B} Broadcom Advanced Control Suite 2-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2E086814-7392-4E0F-ADB8-54A81E47406C} /l1033 ccCommon-->MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118} CheckIt Diagnostics-->C:\PROGRA~1\CheckIt\DIAGNO~1\UNWISE.EXE C:\PROGRA~1\CheckIt\DIAGNO~1\INSTALL.LOG Convert-->MsiExec.exe /X{23970E31-948B-466E-8376-1224D32FDF0C} Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\setup.exe" -l0x9 /remove Cricket Power Sniper-->C:\Program Files\Cricket Power Sniper\cjUnintstall.exe Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe" Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76} Dell Media Experience-->MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B} Dell Picture Studio v3.0-->MsiExec.exe /I{AF06CAE4-C134-44B1-B699-14FBDB63BD37} Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1} DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D} DMX Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE8913B7-B2C4-48BE-8A26-84390FF4F231}\setup.exe" -l0x9 -L0x9 /SMAINT ExpertGPS-->"C:\Program Files\ExpertGPS\unins000.exe" GdiplusUpgrade-->MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5} GearDrvs-->MsiExec.exe /I{206FD69B-F9FE-4164-81BD-D52552BC9C23} GearDrvs-->MsiExec.exe /I{CB84F0F2-927B-458D-9DC5-87832E3DC653} Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe" HP Extended Capabilities 4.7-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat HP Image Zone 4.7-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC} HP PSC & OfficeJet 4.7-->"C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F} Image Resizer Powertoy for Windows XP-->MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29} Intel Application Accelerator-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}\Setup.exe" -l0409 -INTELUNINST Intel® 537EP V9x DF PCI Modem-->rundll32 IntelCci.dll,iSMUninstallation "Intel® 537EP V9x DF PCI Modem" Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395} iTunes-->MsiExec.exe /I{CC5702D7-86E2-45A8-99D7-E8B976ADCC56} Jasc Paint Shop Photo Album 5-->MsiExec.exe /I{4192EAC0-6B36-4723-B216-D0E86E7757AC} Jasc Paint Shop Pro Studio, Dell Editon-->MsiExec.exe /I{78C496B9-5A6B-4692-8C2E-AFFFC34E4961} Java™ 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF} Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} LimeWire 5.1.3-->"C:\Program Files\LimeWire\uninstall.exe" Linksys EasyLink Advisor 1.5 (1010)-->rundll32 C:\PROGRA~1\LINKSY~1\AUInst.dll,ExUninstall LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate" LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206} Macromedia Flash Player-->MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c} Magellan POI File Editor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{104A059B-CD20-4632-A8F6-D8C80E14782D}\Setup.exe" -l0x9 Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" MasterCook 6: Deluxe Edition-->C:\WINDOWS\IsUninst.exe -f"C:\SIERRA\MasterCook 6\Uninst.isu" -c"C:\SIERRA\MasterCook 6\uninst32.DLL" Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE} Microsoft Office XP Media Content-->MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9} Microsoft Office XP Small Business-->MsiExec.exe /I{91130409-6000-11D3-8CFE-0050048383C9} Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7} Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B} Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Modem Event Monitor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9 Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel Modem On Hold-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} Musicmatch® Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst Nikon Message Center-->MsiExec.exe /X{D2FCC1AE-6311-47C5-8130-C6C66D77DD71} Nikon Transfer-->MsiExec.exe /X{E9757890-7EC5-46C8-99AB-B00F07B6525C} Norton 360 (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_2_0_0_242\Setup.exe" /X Norton 360 HTMLHelp-->MsiExec.exe /I{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8} Norton 360-->MsiExec.exe /I{21829177-4DED-4209-AD08-490B3AC9C01A} Norton 360-->MsiExec.exe /I{2D617065-1C52-4240-B5BC-C0AE12157777} Norton Confidential Core-->MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2} OLYMPUS CAMEDIA Master 4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{30BB4D60-81DB-11D5-BB77-00400536ABAC}\Setup.exe" CAMEDIA Master 4.03 overland-->MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC} Photo Click-->MsiExec.exe /I{6E179C77-7335-458D-9537-4F4EAC0181ED} PhotoshopdotcomInspirationBrowser-->MsiExec.exe /I{AFBBF30D-ADA9-4313-464E-14458B6BE034} PowerDVD 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall QuickBooks Simple Start Special Edition-->msiexec.exe /I {F543B12A-13F5-487E-9314-F7D25E1BBE3E} UNIQUE_NAME="atomlimited" QBFULLNAME="QuickBooks Simple Start Special Edition" ADDREMOVE=1 QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68} Qurb-->"C:\Program Files\Qurb\QSP-3.0.311.7\Q-Update.exe" /u RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks\|RealPlayer\|6.0 Security Task Manager 1.7f-->C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager" Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe" Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe" Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe" Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe" Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Snood 4-->"C:\Program Files\Snood 4\unins000.exe" Snood Deluxe-->MsiExec.exe /I{7C594459-6829-420D-A773-041F64CBC330} Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6} Sonic MyDVD LE-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29} Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629} Sound Blaster Live! 24-bit-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB481CC-F57C-4397-81A0-DADD22257047}\setup.exe" -l0x9 SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56} Super Collapse! from GameHouse-->C:\PROGRA~1\GAMEHO~1\Collapse\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\Collapse\INSTALL.LOG Super Collapse! II-->C:\PROGRA~1\GAMEHO~1\COLLAP~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\COLLAP~1\INSTALL.LOG SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} Symantec Real Time Storage Protection Component-->MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A} Symantec Technical Support Controls-->MsiExec.exe /I{45690715-80A6-4445-B61D-ADEC5888E8CD} Symantec Technical Support Web Controls-->MsiExec.exe /X{DDC63227-BA06-4855-B002-BDB49E9F677E} Topo USA 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{50F81341-82CC-458C-A66D-ADC42D25D727}\setup.exe" -l0x9 NoMode Update for Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe" Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" WebExcellenceAdviceTool-->C:\Program Files\WebExcellenceAdviceTool\uninstall.exe uninstall=webexcellenceadvicetool Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401} Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe" Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89} Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows Vista Upgrade Advisor-->MsiExec.exe /I{8F3CF9E1-D738-4C2B-8193-F45AC8B0EC7C} Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall WordPerfect Office 12-->MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48} =====HijackThis Backups===== O1 - Hosts: 64.124.166.37 www.kazzalite.com [2009-06-26] O1 - Hosts: 64.124.166.37 www.klite.com [2009-06-26] O1 - Hosts: 64.124.166.37 www.kaazalite.com [2009-06-26] O1 - Hosts: 64.124.166.37 klite.com [2009-06-26] O1 - Hosts: 64.124.166.37 k-lite.com [2009-06-26] O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Etomi\Plugins\RazaWebHook.dll/3000 [2009-06-26] O1 - Hosts: 64.124.166.37 kaazalite.com [2009-06-26] O1 - Hosts: 64.124.166.37 kazaalite.com [2009-06-26] O2 - BHO: WebExcellenceAdviceTool - {CD1A4F51-6371-6621-312A-B4CD3941F6DE} - C:\Program Files\WebExcellenceAdviceTool\WebExcellenceAdviceTool.dll [2009-06-26] O1 - Hosts: 64.124.166.37 www.kazalite.com [2009-06-26] O1 - Hosts: 64.124.166.37 kazalite.com [2009-06-26] O1 - Hosts: 64.124.166.37 www.k-lite.com [2009-06-26] ======Security center information====== AV: Norton 360 FW: Norton 360 ======System event log====== Computer Name: CHUCK-LYNN Event Code: 1003 Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0013203C826F. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. Record Number: 12448 Source Name: Dhcp Time Written: 20090622194832.000000-420 Event Type: warning User: Computer Name: CHUCK-LYNN Event Code: 1003 Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0013203C826F. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. Record Number: 12434 Source Name: Dhcp Time Written: 20090622062949.000000-420 Event Type: warning User: Computer Name: CHUCK-LYNN Event Code: 240 Message: A request to suspend power was denied by winlogon.exe. Record Number: 12378 Source Name: Win32k Time Written: 20090621075328.000000-420 Event Type: warning User: Computer Name: CHUCK-LYNN Event Code: 1003 Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0013203C826F. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. Record Number: 12032 Source Name: Dhcp Time Written: 20090618063903.000000-420 Event Type: warning User: Computer Name: CHUCK-LYNN Event Code: 36 Message: The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized. Record Number: 11946 Source Name: W32Time Time Written: 20090617055823.000000-420 Event Type: warning User: =====Application event log===== Computer Name: CHUCK-LYNN Event Code: 2570 Message: Adobe Active File Monitor Service has Started. Record Number: 169 Source Name: Adobe Active File Monitor 7.0 Time Written: 20090614101700.000000-420 Event Type: User: Computer Name: CHUCK-LYNN Event Code: 1517 Message: Windows saved user CHUCK-LYNN\Chuck registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. Record Number: 157 Source Name: Userenv Time Written: 20090614101451.000000-420 Event Type: warning User: NT AUTHORITY\SYSTEM Computer Name: CHUCK-LYNN Event Code: 1524 Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use. Record Number: 156 Source Name: Userenv Time Written: 20090614101448.000000-420 Event Type: warning User: CHUCK-LYNN\Chuck Computer Name: CHUCK-LYNN Event Code: 4356 Message: The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{6295DF2D-35EE-11D1-8707-00C04FD93327}. CoGetObject returned HRESULT 8000401A. Record Number: 19 Source Name: EventSystem Time Written: 20090612031208.000000-420 Event Type: warning User: Computer Name: CHUCK-LYNN Event Code: 2570 Message: Adobe Active File Monitor Service has Started. Record Number: 7 Source Name: Adobe Active File Monitor 7.0 Time Written: 20090612031129.000000-420 Event Type: User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel "PROCESSOR_REVISION"=0403 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\ "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip -----------------EOF-----------------

SpySentinel View Member Profile	Jul 3 2009, 02:45 PM Post #11
Trusted Group: Malware Team Posts: 554 Joined: 26-January 08 From: The United States Member No.: 76,329 Operating System: Windows XP SP2	Hi YellowSVT, You are using peer-to-peer programs, specifically LimeWire. These are what we call an optional removal. However, anytime you are running any type of peer-to-peer application, you are more prone to infection by malware, and this is probably how you became infected in the first place. The choice to remove them is entirely up to you, but I would strongly recommend that you do. If you do not want to, please at least refrain from using any peer-to-peer programs for the remainder of my fix. Your Adobe Acrobat Reader is out of date. Older versions are vulnerable to attack. Please go to the link below to update. http://www.adobe.com/products/acrobat/readstep2.html Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present): AdwareAlert Java™ 6 Update 2 Java™ 6 Update 3 Java™ 6 Update 5 Java™ 6 Update 7 LimeWire 5.1.3 Please run RSIT again and post the log.

YellowSVT View Member Profile	Jul 4 2009, 01:35 AM Post #12
New Member Group: Authentic Member Posts: 14 Joined: 26-June 09 Member No.: 86,434 Operating System: Windows XP	I'm a little confused, but here is the new rsit Log. As I said in the my last reply I removed the Java updates like you requested, the only thing I see is Java 6 update 14, is that the new Java that I downloaded? I did delete LimeWire, I haven't used it in several weeks so I don't think I got the popups from it, but you would know better than I would. I have used it on and off for over a year and had no troubles. I suppose all it would take is some asshole to put a virus in under a song title and when I download it, bingo the computer is infected. I'll miss it though, I got a lot of free music through it. Let me know what's next. Logfile of random's system information tool 1.06 (written by random/random) Run by Chuck at 2009-07-04 00:25:26 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 43 GB (59%) free of 72 GB Total RAM: 3326 MB (79% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:25:32, on 07/04/09 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Qurb\QSP-3.0.311.7\QOELoader.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Broadcom\BACS\BacsTray.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Outlook Express\msimn.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Chuck\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Chuck.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://q13.trb.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\Qurb\QSP-3.0.311.7\QOELoader.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [bacstray] C:\Program Files\Broadcom\BACS\\BacsTray.exe O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Chuck\Desktop\HijackThis.exe /startupscan O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup O4 - HKCU\..\Run: [Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe /m O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1 O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://download.windowsupdate.com O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/activedata/nprdtinf.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1210951203531 O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c9f210d4c28a4c) (gupdate1c9f210d4c28a4c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe -- End of file - 12645 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job C:\WINDOWS\tasks\MP Scheduled Scan.job C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Chuck.job C:\WINDOWS\tasks\User_Feed_Synchronization-{086F4E41-4B7F-4D3C-8C76-346DEDB09CC2}.job C:\WINDOWS\tasks\User_Feed_Synchronization-{7C0A0691-A429-4DE7-9529-FD46EBE3E96F}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll [2009-03-31 357744] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] Symantec Intrusion Prevention - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [2008-05-17 116088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-07-02 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-02 41368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-02 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Show Norton Toolbar - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [2009-03-31 357744] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "IntelMeM"=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [2003-09-03 221184] "CTSysVol"=C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe [2003-09-17 57344] "UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-10 90112] "DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-02-23 53248] "dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-05 127035] "ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920] "QOELOADER"=C:\Program Files\Qurb\QSP-3.0.311.7\QOELoader.exe [2005-06-10 6656] "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840] "bacstray"=C:\Program Files\Broadcom\BACS\\BacsTray.exe [2004-04-20 118784] "Synchronization Manager"=C:\WINDOWS\system32\mobsync.exe [2008-04-13 143360] "MimBoot"=C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe [2006-01-19 11776] "dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384] "DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064] "ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-10-17 51048] "osCheck"=C:\Program Files\Norton 360\osCheck.exe [2008-02-26 988512] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584] "IAAnotif"=C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe [2004-06-29 135168] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-05-30 292136] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-02 148888] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232] "DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064] "HijackThis startup scan"=C:\Documents and Settings\Chuck\Desktop\HijackThis.exe /startupscan [] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] "EasyLinkAdvisor"=C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe [2006-04-02 389120] "Evidence Eliminator"=C:\Program Files\Evidence Eliminator\ee.exe /m [] "updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472] "SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-06-23 1830128] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-07-13 339968] C:\Documents and Settings\All Users\Start Menu\Programs\Startup Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE Nikon Monitor.lnk - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"= scecli scecli [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "DisableTaskMgr"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoWindowsUpdate"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe::Enabled:LimeWire" "C:\Program Files\Joost\xulrunner\tvprunner.exe"="C:\Program Files\Joost\xulrunner\tvprunner.exe::Enabled:tvprunner" "C:\Program Files\Qurb\QSP-3.0.311.7\Q-Update.exe"="C:\Program Files\Qurb\QSP-3.0.311.7\Q-Update.exe::Enabled:Check for Updates" "C:\Program Files\Cricket Power Sniper\Cricketjr.exe"="C:\Program Files\Cricket Power Sniper\Cricketjr.exe::Enabled:Cricket Power Sniper" "C:\Program Files\HP\Diagnostic Assistant\bin\hprbevwr.exe"="C:\Program Files\HP\Diagnostic Assistant\bin\hprbevwr.exe::Enabled:HP Diagnostic Assistant" "C:\Program Files\CheckIt\Diagnostics\CheckIt.exe"="C:\Program Files\CheckIt\Diagnostics\CheckIt.exe::Enabled:CheckIt Diagnostics" "C:\Program Files\Norton 360\MAINSTUB.EXE"="C:\Program Files\Norton 360\MAINSTUB.EXE::Enabled:Norton 360" "C:\Program Files\WinZip\WINZIP32.EXE"="C:\Program Files\WinZip\WINZIP32.EXE::Enabled:WinZip 9.0 SR-1" "C:\Program Files\Creative\Sound Blaster Live! 24-bit\Diagnostics\diagnos3.exe"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Diagnostics\diagnos3.exe::Enabled:Creative Diagnostics" "C:\SIERRA\MasterCook 6\Program\Mastercook.exe"="C:\SIERRA\MasterCook 6\Program\Mastercook.exe::Enabled:MasterCook 6" "C:\Program Files\HP\HP Software Update\HPWUCli.exe"="C:\Program Files\HP\HP Software Update\HPWUCli.exe::Enabled:HP Update" "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe::Disabled:AOL" "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe::Disabled:AOL" "C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe::Disabled:AOL" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe::Enabled:Bonjour" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe::Enabled:iTunes" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe::Enabled:AOL" "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe::Enabled:AOL" "C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe::Enabled:AOL" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" ======File associations====== .ini - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1 .txt - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1 ======List of files/folders created in the last 1 months====== 2009-07-02 10:27:55 ----D---- C:\rsit 2009-07-02 10:14:25 ----A---- C:\WINDOWS\system32\javaws.exe 2009-07-02 10:14:25 ----A---- C:\WINDOWS\system32\javaw.exe 2009-07-02 10:14:25 ----A---- C:\WINDOWS\system32\java.exe 2009-06-29 18:41:57 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2009-06-29 18:41:50 ----D---- C:\Program Files\SUPERAntiSpyware 2009-06-29 18:41:50 ----D---- C:\Documents and Settings\Chuck\Application Data\SUPERAntiSpyware.com 2009-06-29 18:41:01 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2009-06-26 15:43:23 ----D---- C:\Rooter$ 2009-06-26 15:17:00 ----D---- C:\Documents and Settings\Chuck\Application Data\Malwarebytes 2009-06-26 15:16:53 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-06-26 15:16:52 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-06-26 11:18:44 ----D---- C:\Program Files\Trend Micro 2009-06-20 18:37:05 ----D---- C:\Program Files\Google 2009-06-12 03:02:34 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$ 2009-06-12 03:02:26 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$ 2009-06-12 03:00:41 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$ 2009-06-12 03:00:29 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$ 2009-06-08 09:39:45 ----D---- C:\Program Files\iPod 2009-06-08 09:39:41 ----D---- C:\Program Files\iTunes 2009-06-08 09:39:41 ----D---- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-06-08 09:39:21 ----D---- C:\Program Files\Bonjour 2009-06-08 09:37:16 ----D---- C:\Program Files\Apple Software Update 2009-06-08 09:37:11 ----A---- C:\WINDOWS\system32\usbaaplrc.dll 2009-06-08 09:36:41 ----D---- C:\Program Files\Common Files\Apple 2009-06-08 09:36:40 ----D---- C:\Documents and Settings\All Users\Application Data\Apple 2009-06-06 10:29:13 ----D---- C:\Documents and Settings\Chuck\Application Data\LimeWire 2009-06-05 08:02:13 ----D---- C:\WINDOWS\ie8updates 2009-06-05 08:00:36 ----HDC---- C:\WINDOWS\ie8 ======List of files/folders modified in the last 1 months====== 2009-07-04 00:25:25 ----D---- C:\WINDOWS\Prefetch 2009-07-04 00:25:01 ----RD---- C:\Program Files 2009-07-04 00:24:45 ----D---- C:\WINDOWS\Temp 2009-07-04 00:00:00 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-07-03 17:02:15 ----D---- C:\WINDOWS 2009-07-03 12:13:05 ----SHD---- C:\WINDOWS\Installer 2009-07-03 12:13:05 ----HD---- C:\Config.Msi 2009-07-03 12:11:32 ----D---- C:\Program Files\Java 2009-07-03 12:11:32 ----D---- C:\Program Files\Common Files 2009-07-03 12:11:24 ----D---- C:\WINDOWS\SYSTEM32 2009-07-03 11:44:24 ----SD---- C:\WINDOWS\Tasks 2009-07-03 11:41:40 ----D---- C:\WINDOWS\system32\CatRoot2 2009-07-03 11:41:38 ----A---- C:\WINDOWS\ModemLog_Intel® 537EP V9x DF PCI Modem.txt 2009-07-03 11:41:25 ----D---- C:\Program Files\Common Files\Symantec Shared 2009-07-02 14:54:45 ----D---- C:\WINDOWS\TWAIN_32 2009-07-02 11:47:10 ----D---- C:\WINDOWS\network diagnostic 2009-07-02 10:14:03 ----A---- C:\WINDOWS\system32\deploytk.dll 2009-06-26 15:35:27 ----D---- C:\WINDOWS\system32\DRIVERS 2009-06-24 17:49:58 ----D---- C:\Program Files\WON 2009-06-22 21:18:01 ----D---- C:\WINDOWS\system32\Macromed 2009-06-22 21:04:42 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-06-22 21:04:41 ----HD---- C:\WINDOWS\INF 2009-06-22 20:55:28 ----D---- C:\My Music 2009-06-21 01:25:40 ----RASH---- C:\BOOT.INI 2009-06-21 01:25:40 ----A---- C:\WINDOWS\WIN.INI 2009-06-21 01:25:40 ----A---- C:\WINDOWS\SYSTEM.INI 2009-06-20 18:39:49 ----D---- C:\Documents and Settings\Chuck\Application Data\Google 2009-06-19 16:00:53 ----D---- C:\Program Files\BookSmart 2009-06-12 03:10:51 ----D---- C:\Program Files\Internet Explorer 2009-06-12 03:03:00 ----RSHD---- C:\WINDOWS\system32\DLLCACHE 2009-06-12 03:02:40 ----HD---- C:\WINDOWS\$hf_mig$ 2009-06-12 03:02:37 ----A---- C:\WINDOWS\imsins.BAK 2009-06-10 14:09:48 ----D---- C:\Documents and Settings\Chuck\Application Data\Adobe 2009-06-08 09:40:15 ----D---- C:\Documents and Settings\Chuck\Application Data\Apple Computer 2009-06-08 09:39:59 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-06-08 09:39:41 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer 2009-06-08 09:39:06 ----D---- C:\Program Files\QuickTime 2009-06-06 10:37:45 ----D---- C:\Documents and Settings\Chuck\Application Data\Mozilla 2009-06-05 08:04:43 ----D---- C:\WINDOWS\system32\en-US 2009-06-05 08:04:43 ----D---- C:\WINDOWS\Media 2009-06-05 08:04:43 ----D---- C:\WINDOWS\Help ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352] R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592] R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-11-08 17217] R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [] R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [] R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [] R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2008-01-31 43696] R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627] R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545] R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2009-02-19 184496] R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032] R2 BCMNTIO;BCMNTIO; \??\C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [] R2 CO_Mon;CO_Mon; \??\C:\WINDOWS\system32\drivers\CO_Mon.sys [] R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480] R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376] R2 MAPMEM;MAPMEM; \??\C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [] R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2005-06-20 8413] R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys [] R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys [] R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-05 25883] R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-05 34843] R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-05 4123] R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-05 2239] R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-05 86586] R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-05 15227] R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-05 6363] R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-05 98714] R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-05 100603] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-02-09 1502208] R3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-05-29 186112] R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2003-09-22 130192] R3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [] R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400] R3 GoProto;GoProto Protocol Driver; C:\WINDOWS\system32\DRIVERS\goprot51.sys [2008-06-24 29184] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-12-14 51120] R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-14 16496] R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-14 21744] R3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2004-03-05 1233525] R3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2004-03-05 647929] R3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2004-06-15 61157] R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128] R3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2004-03-05 37048] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090703.023\NAVENG.SYS [] R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090703.023\NAVEX15.SYS [] R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2003-09-22 178672] R3 P17;Sound Blaster Live! 24-bit; C:\WINDOWS\system32\drivers\P17.sys [2004-06-09 840960] R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [] R3 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2008-01-31 279088] R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2009-02-19 13616] R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [] R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2009-02-19 96560] R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2009-02-19 38576] R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\ipsdefs\20090625.001\SymIDSCo.sys [] R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-02-19 31280] R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2009-02-19 37424] R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2009-02-19 22320] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys [2003-08-28 4272] S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys [] S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760] S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408] S3 SDDMI2;SDDMI2; \??\C:\WINDOWS\system32\DDMI2.sys [] S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2008-01-31 317616] S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-02-19 31280] S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-05-29 39424] S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-02-09 405504] R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-02-21 238968] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352] R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352] R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352] R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-13 44032] R2 IAANTMon;IAA Event Monitor; C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe [2004-06-29 73852] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-02 152984] R2 LiveUpdate Notice;LiveUpdate Notice; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352] R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728] R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968] R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592] R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520] R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-05-30 541992] R3 Symantec Core LC;Symantec Core LC; C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2008-05-17 1245064] S2 ATI Smart;ATI Smart; C:\WINDOWS\SYSTEM32\ati2sgag.exe [2006-02-09 520192] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776] S2 gupdate1c9f210d4c28a4c;Google Update Service (gupdate1c9f210d4c28a4c); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-20 133104] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 comHost;COM Host; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-08-22 55640] S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-12-27 651720] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 InstallShield Licensing Service;InstallShield Licensing Service; C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe [2005-06-18 72704] S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2008-08-04 3220856] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF-----------------

SpySentinel View Member Profile	Jul 6 2009, 07:53 PM Post #13
Trusted Group: Malware Team Posts: 554 Joined: 26-January 08 From: The United States Member No.: 76,329 Operating System: Windows XP SP2	Hi YellowSVT, Sorry for the delay/ Download Dr.Web CureIt to the desktop: ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe Doubleclick the drweb-cureit.exe file and Allow to run the express scan This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan. Once the short scan has finished, mark the drives that you want to scan. Select all drives. A red dot shows which drives have been chosen. Click the green arrow at the right, and the scan will start. Click 'Yes to all' if it asks if you want to cure/move the file. When the scan has finished, in the menu, click file and choose save report list Save the report to your desktop. The report will be called DrWeb.csv Close Dr.Web Cureit.

YellowSVT View Member Profile	Jul 7 2009, 12:33 AM Post #14
New Member Group: Authentic Member Posts: 14 Joined: 26-June 09 Member No.: 86,434 Operating System: Windows XP	Whew, finally I got it to work. You probably have read my message to you by now, if not, here's what is going on. I downloaded the Dr. Web Curelt as instructed and have tried twice to run it , each time my computer crashed complete with the blue screen, so I deleted Dr Web. Any ideas as to the problem? :pullhair

YellowSVT View Member Profile	Jul 7 2009, 12:36 AM Post #15
New Member Group: Authentic Member Posts: 14 Joined: 26-June 09 Member No.: 86,434 Operating System: Windows XP	Whew, I finally got this to let me reply. If you haven't read the message I sent, here is what's going on. I downloaded Dr Web Curelt as you instructed and tried to run it twice, both times my computer crashed complete with the blue screen. I deleted Dr Web. Any idea what is causing the problem?

« Next Oldest · Infections Removal · Next Newest »

2 Pages

1 2 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies	Topic Starter	Views	Last Action
Infections Removal [Resolved] spyware/ fake antivirus 12	29	83valentine	342	Today, 11:38 AM Last post by: ken545
Infections Removal [Resolved] laptop running slow	14	juibre	179	Today, 11:37 AM Last post by: ken545
Infections Removal [Resolved] Trojan Detected 12	20	toyotomi	372	Today, 11:16 AM Last post by: CatByte
Infections Removal How to remove 'TR/Crypt.XPACK.Gen [trojan]'	3	techmbr08	90	Today, 05:53 AM Last post by: LDTate