Jump to content

Recommended Posts

I really appreciate that you guys are here.

I have a serious infection. I can't use IE, firefox, and I loaded safari and can't use that either. I just rebuilt this system and would hate to have to do it again. I cannot get to any site that could help me. I have spent several hours on this and gotten nowhere.

I can't run malewarebytes pandaactive scan, eset online, spybot search and destroy, or anything else that may be useful. I can run hijackthis and am attaching the log.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:07:17 AM, on 12/24/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Kaiser\VPN Client\cvpnd.exe

C:\Program Files\Norton Ghost\Agent\VProSvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe

C:\Program Files\Norton Ghost\Agent\VProTray.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\System32\svchost.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [uVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe

O4 - HKLM\..\Run: [sansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan

O4 - Global Startup: Kaiser VPN Client.lnk = C:\Program Files\Kaiser\VPN Client\ipsecdialer.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab

O16 - DPF: {D00E9550-440D-4EF8-BFCE-174300890C05} (DMList Class) - http://www.gomusic.ru/cabs/xdownloader.cab

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Kaiser\VPN Client\cvpnd.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--

End of file - 4185 bytes

Thanks for looking at this

Ray

Link to post
Share on other sites

Hi there.

Download ComboFix from one of the locations below, and save it to your Desktop.

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Link to post
Share on other sites

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Link to post
Share on other sites

here they are:

Logfile of random's system information tool 1.05 (written by random/random)

Run by Ray at 2008-12-24 13:01:29

Microsoft Windows XP Professional Service Pack 2

System drive C: has 26 GB (53%) free of 50 GB

Total RAM: 1023 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:01:36 PM, on 12/24/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Kaiser\VPN Client\cvpnd.exe

C:\Program Files\Norton Ghost\Agent\VProSvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe

C:\Program Files\Norton Ghost\Agent\VProTray.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Documents and Settings\Ray\Desktop\RSIT.exe

C:\Program Files\Trend Micro\HijackThis\Ray.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [uVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe

O4 - HKLM\..\Run: [sansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan

O4 - Global Startup: Kaiser VPN Client.lnk = C:\Program Files\Kaiser\VPN Client\ipsecdialer.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab

O16 - DPF: {D00E9550-440D-4EF8-BFCE-174300890C05} (DMList Class) - http://www.gomusic.ru/cabs/xdownloader.cab

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Kaiser\VPN Client\cvpnd.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--

End of file - 4215 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-04-19 7700480]

"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-10-09 981904]

"UVS10 Preload"=C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe [2006-03-06 36864]

"SansaDispatch"=C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe [2007-10-22 75584]

"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]

"nwiz"=nwiz.exe /install []

"NVMixerTray"=C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe []

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-04-19 86016]

"Norton Ghost 12.0"=C:\Program Files\Norton Ghost\Agent\VProTray.exe [2008-05-07 2037088]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"HijackThis startup scan"=C:\Program Files\Trend Micro\HijackThis\HijackThis.exe [2008-12-21 396288]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Kaiser VPN Client.lnk - C:\Program Files\Kaiser\VPN Client\ipsecdialer.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2008-12-24 13:01:29 ----D---- C:\rsit

2008-12-22 21:50:20 ----D---- C:\Program Files\Safari

2008-12-22 21:05:17 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2008-12-22 21:05:17 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-12-21 17:28:27 ----D---- C:\Program Files\Trend Micro

2008-12-21 16:39:21 ----D---- C:\Program Files\Windows Live Safety Center

2008-12-21 15:18:24 ----D---- C:\Program Files\DVDFab 5

2008-12-20 09:57:06 ----D---- C:\WINDOWS\system32\IOSUBSYS

2008-12-19 06:12:21 ----SHD---- C:\WINDOWS\system32\twain_32

2008-12-18 03:00:40 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$

2008-12-14 11:59:32 ----D---- C:\Program Files\Visioneer OneTouch

2008-12-12 03:21:14 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$

2008-12-12 03:21:10 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$

2008-12-12 03:20:49 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$

2008-12-12 03:00:36 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$

2008-12-12 03:00:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$

2008-12-07 06:56:08 ----D---- C:\Program Files\Common Files\Apple

2008-12-07 06:56:02 ----D---- C:\Program Files\QuickTime

2008-12-07 06:55:42 ----D---- C:\Program Files\Apple Software Update

2008-12-07 06:55:42 ----D---- C:\Documents and Settings\All Users\Application Data\Apple

2008-12-06 15:08:22 ----A---- C:\WINDOWS\system32\RtlCPAPI.dll

2008-12-06 15:08:22 ----A---- C:\WINDOWS\system32\ChCfg.exe

2008-12-06 15:08:22 ----A---- C:\WINDOWS\soundman.exe

2008-12-06 15:08:21 ----A---- C:\WINDOWS\system32\RTLCPL.exe

2008-12-06 15:06:04 ----D---- C:\Program Files\Realtek Sound Manager

2008-12-06 15:06:03 ----D---- C:\Program Files\AvRack

2008-12-06 15:06:03 ----A---- C:\WINDOWS\avrack.ini

2008-12-06 15:05:58 ----D---- C:\Program Files\Realtek AC97

2008-12-06 15:05:51 ----A---- C:\WINDOWS\alcupd.exe

2008-12-06 15:05:51 ----A---- C:\WINDOWS\alcrmv.exe

2008-12-06 05:29:36 ----D---- C:\WINDOWS\system32\appmgmt

2008-11-28 16:41:57 ----A---- C:\WINDOWS\RtlRack.ini

======List of files/folders modified in the last 1 months======

2008-12-24 13:01:36 ----D---- C:\WINDOWS\Prefetch

2008-12-24 13:00:41 ----D---- C:\WINDOWS\Internet Logs

2008-12-24 10:58:49 ----D---- C:\Program Files\Mozilla Firefox

2008-12-24 10:48:43 ----D---- C:\WINDOWS\Temp

2008-12-24 10:06:49 ----A---- C:\WINDOWS\setuplog.txt

2008-12-24 10:06:44 ----A---- C:\WINDOWS\system32\wpa.bak

2008-12-23 00:32:20 ----A---- C:\WINDOWS\SchedLgU.Txt

2008-12-23 00:18:22 ----D---- C:\WINDOWS\system32\CatRoot2

2008-12-23 00:09:45 ----SHD---- C:\System Volume Information

2008-12-23 00:09:45 ----D---- C:\WINDOWS\system32\Restore

2008-12-23 00:09:38 ----SH---- C:\boot.ini

2008-12-23 00:09:38 ----A---- C:\WINDOWS\win.ini

2008-12-23 00:09:38 ----A---- C:\WINDOWS\system.ini

2008-12-22 23:57:50 ----D---- C:\WINDOWS\pss

2008-12-22 21:50:38 ----D---- C:\Documents and Settings\Ray\Application Data\Apple Computer

2008-12-22 21:50:27 ----SHD---- C:\WINDOWS\Installer

2008-12-22 21:50:20 ----RD---- C:\Program Files

2008-12-22 21:50:20 ----D---- C:\WINDOWS\WinSxS

2008-12-22 21:34:45 ----RSHDC---- C:\WINDOWS\system32\dllcache

2008-12-22 21:34:40 ----D---- C:\WINDOWS\system32

2008-12-22 21:05:20 ----D---- C:\WINDOWS\system32\drivers

2008-12-21 17:27:14 ----D---- C:\WINDOWS

2008-12-21 16:39:25 ----HD---- C:\WINDOWS\inf

2008-12-21 16:39:22 ----SD---- C:\WINDOWS\Downloaded Program Files

2008-12-21 15:27:40 ----D---- C:\Documents and Settings\Ray\Application Data\Vso

2008-12-20 12:44:22 ----A---- C:\rollback.ini

2008-12-20 10:48:20 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

2008-12-20 10:15:13 ----A---- C:\DTSHDSpOut.txt

2008-12-20 09:54:06 ----D---- C:\Program Files\Google

2008-12-18 03:06:11 ----D---- C:\WINDOWS\Minidump

2008-12-18 03:00:34 ----HD---- C:\WINDOWS\$hf_mig$

2008-12-12 09:33:23 ----A---- C:\WINDOWS\system32\mshtml.dll

2008-12-12 03:21:17 ----A---- C:\WINDOWS\imsins.BAK

2008-12-12 03:20:55 ----D---- C:\Program Files\Internet Explorer

2008-12-11 22:29:01 ----D---- C:\WINDOWS\system32\CatRoot

2008-12-09 15:24:38 ----A---- C:\WINDOWS\system32\MRT.exe

2008-12-07 06:56:08 ----D---- C:\Program Files\Common Files

2008-12-07 06:56:00 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-12-07 06:55:46 ----SD---- C:\WINDOWS\Tasks

2008-12-06 15:05:51 ----HD---- C:\Program Files\InstallShield Installation Information

2008-11-28 20:01:23 ----A---- C:\WINDOWS\OEWABLog.txt

2008-11-28 19:59:02 ----D---- C:\Documents and Settings

2008-11-25 05:34:17 ----D---- C:\WINDOWS\Help

2008-11-25 05:12:37 ----D---- C:\Program Files\DivX

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BIOS;BIOS; \??\C:\WINDOWS\system32\drivers\BIOS.sys []

R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2008-09-18 148496]

R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-10-09 353680]

R2 CVPNDRV;Kaiser IPsec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRV.sys []

R2 v2imount;Symantec V2i Mount Driver; C:\WINDOWS\system32\DRIVERS\v2imount.sys [2007-03-28 37864]

R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]

R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2002-01-09 128380]

R3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2001-08-17 40704]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-05-07 15464]

R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]

R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-04-19 3988384]

R3 nvax;Service for NVIDIA® nForce Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2005-04-12 53376]

R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-06-01 34944]

R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-06-01 13184]

R3 nvnforce;Service for NVIDIA® nForce Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2005-04-12 414464]

R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-08-24 47360]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]

R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]

R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]

R3 WISTechVIDCAP;Plextor ConvertX M402U A/V Capture; C:\WINDOWS\system32\drivers\Xstream.sys [2004-11-26 122368]

S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-03 48128]

S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-03 38912]

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]

S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-03 51328]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]

S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]

S3 sonypvs1;Sony Digital Imaging Video2; C:\WINDOWS\system32\DRIVERS\sonypvs1.sys []

S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]

S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-03 78464]

S3 VProEventMonitor;Symantec Event Monitor Driver; C:\WINDOWS\system32\DRIVERS\vproeventmonitor.sys [2007-07-31 14072]

S3 WimFltr;WimFltr; C:\WINDOWS\system32\DRIVERS\wimfltr.sys [2007-03-28 128104]

S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S3 XLoader;PLEXTOR EZ-USB FX2 FIRMWARE LOADER (XLoader.sys); C:\WINDOWS\System32\Drivers\XLoader.sys [2004-11-26 13696]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-12 554352]

R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Kaiser\VPN Client\cvpnd.exe [2002-09-03 1282112]

R2 Norton Ghost;Norton Ghost; C:\Program Files\Norton Ghost\Agent\VProSvc.exe [2008-05-07 3425632]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-04-19 159810]

R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2005-01-31 49152]

R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]

R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-10-09 2405776]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-03 136120]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]

S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.05 2008-12-24 13:01:37

======Uninstall list======

Sansa Media Converter-->"C:\Program Files\InstallShield Installation Information\{FC053571-8507-44E4-8B6D-AACEAB8CA57C}\setup.exe" --u:{FC053571-8507-44E4-8B6D-AACEAB8CA57C}

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC

DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER

DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER

DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN

DVDFab (Platinum/Gold/HD Decrypter) (Non-CSS Version) 5.2.2.0-->"C:\Program Files\DVDFab 5\unins000.exe"

DVDFab Gold 3.1.5.0-->"C:\Program Files\DVDFab Gold 3\unins000.exe"

HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall

Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

MediaMonkey 3.0-->"C:\Program Files\MediaMonkey\unins000.exe"

Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

Norton Ghost-->MsiExec.exe /I{B0255743-165B-4BD5-8DA8-37DFB9930012}

NVIDIA Drivers-->C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI

OneTouch Version 3.0-->C:\PROGRA~1\VISION~1\UNWISE.EXE C:\PROGRA~1\VISION~1\INSTALL.LOG

Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"

QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}

Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly

Safari-->MsiExec.exe /X{582D2A53-F426-4C5E-A2E6-43C1AB36B907}

Sansa Updater-->C:\Program Files\InstallShield Installation Information\{E2D7E05E-C8C7-45F4-8D89-D6696075E0B7}\setup.exe -runfromtemp -l0x0009 -removeonly

Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"

Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"

Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"

Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"

Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"

Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"

Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"

Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"

Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"

Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"

Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"

Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"

Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"

Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"

Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"

Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"

Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"

Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"

Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"

Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"

Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"

Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"

Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"

Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"

Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"

Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"

Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf

Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"

Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"

Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"

Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"

Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"

Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"

Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"

Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"

Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"

Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"

Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"

Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"

Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"

Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"

Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"

Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"

Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"

Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"

Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"

Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"

Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"

Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"

Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"

Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"

Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"

Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"

Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"

Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"

Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"

Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"

Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"

Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"

SmartSound Quicktracks Plugin-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}

Ulead VideoStudio 10-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E188D820-1218-4E28-8BCA-91134C3664C2}\setup.exe" -l0x9

Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"

Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"

Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"

Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"

Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"

Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"

Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"

Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"

Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"

Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"

Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"

Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"

Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"

Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"

VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}

VirtualDub Filter Pack 1.1-->"C:\Program Files\VD Filter Pack\unins000.exe"

VPN Client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5624C000-B109-11D4-9DB4-00E0290FCAC5}\setup.exe" -l0x9 VpnUninstall

Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"

Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe

Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe

Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe

Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe

Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe

Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe

Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"

Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe

X-Downloader-->RunDll32.exe SETUPAPI.DLL,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\XDownloader.inf

ZoneAlarm Anti-virus-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

=====HijackThis Backups=====

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

======Security center information======

AV: ZoneAlarm Anti-virus Antivirus

FW: ZoneAlarm Anti-virus Firewall

System event log

Computer Name: BLUESMAN

Event Code: 7036

Message: The LiveUpdate service entered the running state.

Record Number: 11131

Source Name: Service Control Manager

Time Written: 20081207073259.000000-480

Event Type: information

User:

Computer Name: BLUESMAN

Event Code: 7035

Message: The LiveUpdate service was successfully sent a start control.

Record Number: 11130

Source Name: Service Control Manager

Time Written: 20081207073259.000000-480

Event Type: information

User: NT AUTHORITY\SYSTEM

Computer Name: BLUESMAN

Event Code: 51

Message: An error was detected on device \Device\Harddisk2\D during a paging operation.

Record Number: 11129

Source Name: Disk

Time Written: 20081207065505.000000-480

Event Type: warning

User:

Computer Name: BLUESMAN

Event Code: 7036

Message: The Windows Installer service entered the running state.

Record Number: 11128

Source Name: Service Control Manager

Time Written: 20081207065504.000000-480

Event Type: information

User:

Computer Name: BLUESMAN

Event Code: 7035

Message: The Windows Installer service was successfully sent a start control.

Record Number: 11127

Source Name: Service Control Manager

Time Written: 20081207065504.000000-480

Event Type: information

User: NT AUTHORITY\SYSTEM

Application event log

Computer Name: BLUESMAN

Event Code: 101

Message: Information Level: error

Failed launching Automatic LiveUpdate: err:0x5; Access is denied.

Record Number: 8972

Source Name: Automatic LiveUpdate Scheduler

Time Written: 20081217144011.000000-480

Event Type: error

User: NT AUTHORITY\SYSTEM

Computer Name: BLUESMAN

Event Code: 101

Message: Information Level: error

Initialization of the COM subsystem failed. Error code: 0x80070005

Record Number: 8971

Source Name: Automatic LiveUpdate Scheduler

Time Written: 20081217143711.000000-480

Event Type: error

User: NT AUTHORITY\SYSTEM

Computer Name: BLUESMAN

Event Code: 101

Message: Information Level: success

Rolling back the schedule; execution will occur at approximately 2:37 PM.

Record Number: 8970

Source Name: Automatic LiveUpdate Scheduler

Time Written: 20081217143211.000000-480

Event Type: information

User: NT AUTHORITY\SYSTEM

Computer Name: BLUESMAN

Event Code: 101

Message: Information Level: error

Failed launching Automatic LiveUpdate: err:0x5; Access is denied.

Record Number: 8969

Source Name: Automatic LiveUpdate Scheduler

Time Written: 20081217143211.000000-480

Event Type: error

User: NT AUTHORITY\SYSTEM

Computer Name: BLUESMAN

Event Code: 101

Message: Information Level: error

Initialization of the COM subsystem failed. Error code: 0x80070005

Record Number: 8968

Source Name: Automatic LiveUpdate Scheduler

Time Written: 20081217142911.000000-480

Event Type: error

User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\QuickTime\QTSystem\

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 55 Stepping 2, AuthenticAMD

"PROCESSOR_REVISION"=3702

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"tvdumpflags"=8

"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip

"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

Link to post
Share on other sites

Please download the OTMoveIt3 by OldTimer.

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :filesC:\WINDOWS\system32\twext.exe


  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Link to post
Share on other sites

interesting, I suspected that program, so I renamed it a few days ago to twext.exe.old

I also renamed twext.dll to twext.dll.old

Please advise

========== FILES ==========

File/Folder c:\windows\system32\twext.exe not found.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12242008_131728

Link to post
Share on other sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:38:27 PM, on 12/24/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Kaiser\VPN Client\cvpnd.exe

C:\Program Files\Norton Ghost\Agent\VProSvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe

C:\Program Files\Norton Ghost\Agent\VProTray.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [uVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe

O4 - HKLM\..\Run: [sansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan

O4 - Global Startup: Kaiser VPN Client.lnk = C:\Program Files\Kaiser\VPN Client\ipsecdialer.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab

O16 - DPF: {D00E9550-440D-4EF8-BFCE-174300890C05} (DMList Class) - http://www.gomusic.ru/cabs/xdownloader.cab

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Kaiser\VPN Client\cvpnd.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--

End of file - 4108 bytes

Link to post
Share on other sites

Please download the following scanning tool. GMER

  • Open the zip file and copy the file
    gmer.exe
    to your Desktop.
  • Double click on
    gmer.exe
    and run it.

  • It may take a minute to load and become available.

  • Do not make any changes. Click on the
    SCAN
    button and DO NOT use the computer while it's scanning.

  • Once the scan is done click on the
    SAVE
    button and browse to your Desktop and save the file as
    GMER.LOG

  • Zip up the
    GMER.LOG
    file and save it as
    gmerlog.zip
    and attach it to your reply post.

  • DO NOT
    directly post this log into a reply. You
    MUST
    attach it as a
    .ZIP
    file.

  • Click OK and quit the GMER program.

http://windowshelp.microsoft.com/windows/en-us/help/7050d809-c761-43d4-aae7-587550cd341a1033.mspx' rel="external nofollow">
Link to post
Share on other sites

Please download the OTMoveIt3 by OldTimer.

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :filesC:\WINDOWS\system32\twext.exe.oldC:\WINDOWS\system32\twext.dll.old


  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Link to post
Share on other sites

Once you've done that, then do this:

download OTScanIt2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.

  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt2 folder and double-click on OTScanIt2.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • Click the Scan All Users checkbox on the toolbar.
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Close Notepad (saving the change if necessry).

Use the Add Reply button and Attach the scan back here (do not copy/paste it as it will be too big to fit into the post). It will be located in the OTScanIt2 folder and named OTScanIt.txt.

I will review it when it comes in.

Link to post
Share on other sites

Once you've done that, then do this:

download OTScanIt2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.

  • Close ALL OTHER PROGRAMS.

  • Open the OTScanIt2 folder and double-click on OTScanIt2.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).

  • Click the Scan All Users checkbox on the toolbar.

  • Do not change any other settings.

  • Now click the Run Scan button on the toolbar.

  • Let it run unhindered until it finishes.

  • When the scan is complete Notepad will open with the report file loaded in it.

  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

  • Close Notepad (saving the change if necessry).

Use the Add Reply button and Attach the scan back here (do not copy/paste it as it will be too big to fit into the post). It will be located in the OTScanIt2 folder and named OTScanIt.txt.

I will review it when it comes in.

Link to post
Share on other sites

Sorry, didn't see the attachment. :P

Paste this into the fix box:

[Kill Explorer][Registry - Safe List]< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> YN -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> YN -> HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htmYN -> HKEY_CURRENT_USER\: SearchURL\\"provider" -> gogl< Internet Explorer Settings [HKEY_USERS\S-1-5-21-507921405-308236825-725345543-1003\] > -> YN -> HKEY_USERS\S-1-5-21-507921405-308236825-725345543-1003\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htmYN -> HKEY_USERS\S-1-5-21-507921405-308236825-725345543-1003\: SearchURL\\"provider" -> gogl< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunYN -> "NVMixerTray" -> %ProgramFiles%\NVIDIA Corporation\NvMixer\NVMixerTray.exe ["C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"]< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunYN -> "HijackThis startup scan" -> [C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan]< Run [HKEY_USERS\S-1-5-21-507921405-308236825-725345543-1003\] > -> HKEY_USERS\S-1-5-21-507921405-308236825-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\RunYN -> "HijackThis startup scan" -> [C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan]< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\YN -> CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.]< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-507921405-308236825-725345543-1003\] > -> HKEY_USERS\S-1-5-21-507921405-308236825-725345543-1003\Software\Microsoft\Internet Explorer\Extensions\YN -> CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.]< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInitYY -> C:\WINDOWS\system32\twext.exe -> %SystemRoot%\system32\twext.exe< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon[Files/Folders - Created Within 30 Days]NY -> 9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmpNY -> gmer.exe -> %UserProfile%\Desktop\gmer.exeNY -> _OTMoveIt -> %SystemDrive%\_OTMoveItNY -> OTMoveIt3.exe -> %UserProfile%\Desktop\OTMoveIt3.exeNY -> rsit -> %SystemDrive%\rsitNY -> RSIT.exe -> %UserProfile%\Desktop\RSIT.exeNY -> fixit.com -> %UserProfile%\Desktop\fixit.com[Files/Folders - Modified Within 30 Days]NY -> 9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmpNY -> 5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmpNY -> 221 C:\Documents and Settings\Ray\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Ray\Local Settings\Temp\*.tmpNY -> 3 C:\Documents and Settings\Ray\Local Settings\Temp\082408170320\*.tmp files -> C:\Documents and Settings\Ray\Local Settings\Temp\082408170320\*.tmpNY -> 3 C:\Documents and Settings\Ray\Local Settings\Temp\111608124923\*.tmp files -> C:\Documents and Settings\Ray\Local Settings\Temp\111608124923\*.tmpNY -> 3 C:\Documents and Settings\Ray\Local Settings\Temp\112408221614\*.tmp files -> C:\Documents and Settings\Ray\Local Settings\Temp\112408221614\*.tmpNY -> 221 C:\Documents and Settings\Ray\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Ray\Local Settings\Temp\*.tmpNY -> 70 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmpNY -> 70 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmpNY -> 70 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmpNY -> Perflib_Perfdata_7f4.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_7f4.datNY -> Perflib_Perfdata_9cc.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_9cc.datNY -> Perflib_Perfdata_4a0.dat -> %SystemRoot%\Temp\Perflib_Perfdata_4a0.datNY -> SA.DAT -> %SystemRoot%\tasks\SA.DATNY -> Perflib_Perfdata_ba0.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_ba0.datNY -> Perflib_Perfdata_c38.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_c38.datNY -> Perflib_Perfdata_3e4.dat -> %SystemRoot%\Temp\Perflib_Perfdata_3e4.datNY -> RSIT.exe -> %UserProfile%\Desktop\RSIT.exeNY -> fixit.com -> %UserProfile%\Desktop\fixit.comNY -> Perflib_Perfdata_8b8.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_8b8.datNY -> Perflib_Perfdata_3f0.dat -> %SystemRoot%\Temp\Perflib_Perfdata_3f0.datNY -> Perflib_Perfdata_8fc.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_8fc.datNY -> Perflib_Perfdata_3c0.dat -> %SystemRoot%\Temp\Perflib_Perfdata_3c0.datNY -> Perflib_Perfdata_2fc.dat -> %SystemRoot%\Temp\Perflib_Perfdata_2fc.datNY -> Perflib_Perfdata_86c.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_86c.datNY -> System.dll -> %SystemRoot%\Temp\nso44.tmp\System.dllNY -> NSIS_Picasa.dll -> %SystemRoot%\Temp\nso44.tmp\NSIS_Picasa.dllNY -> Perflib_Perfdata_2dc.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_2dc.datNY -> Perflib_Perfdata_260.dat -> %SystemRoot%\Temp\Perflib_Perfdata_260.datNY -> Perflib_Perfdata_81c.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_81c.datNY -> index.dat -> %SystemRoot%\Temp\Temporary Internet Files\Content.IE5\index.datNY -> index.dat -> %SystemRoot%\Temp\History\History.IE5\index.datNY -> index.dat -> %SystemRoot%\Temp\Cookies\index.datNY -> Perflib_Perfdata_b88.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_b88.datNY -> Perflib_Perfdata_250.dat -> %SystemRoot%\Temp\Perflib_Perfdata_250.datNY -> Perflib_Perfdata_6fc.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_6fc.datNY -> Perflib_Perfdata_9d8.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_9d8.datNY -> Perflib_Perfdata_24c.dat -> %SystemRoot%\Temp\Perflib_Perfdata_24c.datNY -> Perflib_Perfdata_6e0.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_6e0.datNY -> Perflib_Perfdata_300.dat -> %SystemRoot%\Temp\Perflib_Perfdata_300.datNY -> Perflib_Perfdata_26c.dat -> %SystemRoot%\Temp\Perflib_Perfdata_26c.datNY -> vsxml.dll -> %UserProfile%\Local Settings\Temp\112408221614\vsxml.dllNY -> vsxml.dll -> %UserProfile%\Local Settings\Temp\111608124923\vsxml.dllNY -> Perflib_Perfdata_120.dat -> %SystemRoot%\Temp\Perflib_Perfdata_120.datNY -> Perflib_Perfdata_154.dat -> %SystemRoot%\Temp\Perflib_Perfdata_154.datNY -> Perflib_Perfdata_228.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_228.datNY -> Perflib_Perfdata_704.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_704.datNY -> Perflib_Perfdata_1b8.dat -> %SystemRoot%\Temp\Perflib_Perfdata_1b8.datNY -> Perflib_Perfdata_614.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_614.datNY -> Perflib_Perfdata_164.dat -> %SystemRoot%\Temp\Perflib_Perfdata_164.datNY -> _Setup.dll -> %UserProfile%\Local Settings\Temp\isp4.tmp\_Setup.dllNY -> setup.exe -> %UserProfile%\Local Settings\Temp\bye49.tmp\Disk1\setup.exeNY -> _Setup.dll -> %UserProfile%\Local Settings\Temp\isp47.tmp\_Setup.dllNY -> dotnetfx.exe -> %UserProfile%\Local Settings\Temp\VSDE.tmp\dotnetfx\dotnetfx.exeNY -> bootstrap.exe -> %UserProfile%\Local Settings\Temp\VSDE.tmp\bootstrap.exeNY -> dotnetchk.exe -> %UserProfile%\Local Settings\Temp\VSDE.tmp\dotnetfx\dotnetchk.exeNY -> _Setup.dll -> %UserProfile%\Local Settings\Temp\isp27.tmp\_Setup.dllNY -> _Setup.dll -> %UserProfile%\Local Settings\Temp\isp1E.tmp\_Setup.dllNY -> NSIS_Picasa.dll -> %UserProfile%\Local Settings\Temp\nsg8E.tmp\NSIS_Picasa.dllNY -> vsutil.dll -> %UserProfile%\Local Settings\Temp\082408170320\vsutil.dllNY -> vsinit.dll -> %UserProfile%\Local Settings\Temp\082408170320\vsinit.dllNY -> vsavpro.dll -> %UserProfile%\Local Settings\Temp\082408170320\vsavpro.dllNY -> vsdb.dll -> %UserProfile%\Local Settings\Temp\082408170320\vsdb.dllNY -> vsdata.dll -> %UserProfile%\Local Settings\Temp\082408170320\vsdata.dllNY -> fbl.dll -> %UserProfile%\Local Settings\Temp\082408170320\fbl.dllNY -> featuremap.dll -> %UserProfile%\Local Settings\Temp\082408170320\featuremap.dllNY -> SoundMan.exe -> %UserProfile%\Local Settings\Temp\pftB~tmp\WDM\SoundMan.exeNY -> SoundMan.exe -> %UserProfile%\Local Settings\Temp\pft8~tmp\WDM\SoundMan.exeNY -> RTLCPL.exe -> %UserProfile%\Local Settings\Temp\pftB~tmp\WDM\RTLCPL.exeNY -> RtlCPAPI.dll -> %UserProfile%\Local Settings\Temp\pftB~tmp\WDM\RtlCPAPI.dllNY -> RtlCPAPI.dll -> %UserProfile%\Local Settings\Temp\pft8~tmp\WDM\RtlCPAPI.dllNY -> ChCfg.exe -> %UserProfile%\Local Settings\Temp\pftB~tmp\WDM\ChCfg.exeNY -> ChCfg.exe -> %UserProfile%\Local Settings\Temp\pft8~tmp\WDM\ChCfg.exeNY -> ChCfg.exe -> %UserProfile%\Local Settings\Temp\pftB~tmp\ChCfg.exeNY -> ChCfg.exe -> %UserProfile%\Local Settings\Temp\pft8~tmp\ChCfg.exeNY -> alcrmv.exe -> %UserProfile%\Local Settings\Temp\pftB~tmp\WDM\alcrmv.exeNY -> alcrmv.exe -> %UserProfile%\Local Settings\Temp\pft8~tmp\WDM\alcrmv.exeNY -> alcrmv64.exe -> %UserProfile%\Local Settings\Temp\pftB~tmp\WDM\alcrmv64.exeNY -> alcrmv64.exe -> %UserProfile%\Local Settings\Temp\pft8~tmp\WDM\alcrmv64.exeNY -> alcrmv64.exe -> %UserProfile%\Local Settings\Temp\pftB~tmp\alcrmv64.exeNY -> alcrmv64.exe -> %UserProfile%\Local Settings\Temp\pft8~tmp\alcrmv64.exeNY -> alcrmv.exe -> %UserProfile%\Local Settings\Temp\pftB~tmp\alcrmv.exeNY -> alcrmv.exe -> %UserProfile%\Local Settings\Temp\pft8~tmp\alcrmv.exeNY -> AlcUpd64.exe -> %UserProfile%\Local Settings\Temp\pftB~tmp\AlcUpd64.exeNY -> AlcUpd64.exe -> %UserProfile%\Local Settings\Temp\pft8~tmp\AlcUpd64.exeNY -> alcupd.exe -> %UserProfile%\Local Settings\Temp\pftB~tmp\alcupd.exeNY -> alcupd.exe -> %UserProfile%\Local Settings\Temp\pft8~tmp\alcupd.exeNY -> CPLUtl64.exe -> %UserProfile%\Local Settings\Temp\pftB~tmp\WDM\CPLUtl64.exeNY -> CPLUtl64.exe -> %UserProfile%\Local Settings\Temp\pft8~tmp\WDM\CPLUtl64.exeNY -> setup.exe -> %UserProfile%\Local Settings\Temp\pftB~tmp\setup.exeNY -> setup.exe -> %UserProfile%\Local Settings\Temp\pft8~tmp\setup.exeNY -> nvudisp.exe -> %UserProfile%\Local Settings\Temp\WZSE0.TMP\nvudisp.exeNY -> setup.exe -> %UserProfile%\Local Settings\Temp\WZSE0.TMP\setup.exeNY -> alcrmv.exe -> %SystemRoot%\Temp\alcrmv.exeNY -> soundman.exe -> %SystemRoot%\Temp\soundman.exeNY -> RTLCPL.exe -> %SystemRoot%\Temp\RTLCPL.exeNY -> alcupd.exe -> %SystemRoot%\Temp\alcupd.exeNY -> ChCfg.exe -> %SystemRoot%\Temp\ChCfg.exeNY -> RtlCPAPI.dll -> %SystemRoot%\Temp\RtlCPAPI.dllNY -> setup_wm.exe -> %UserProfile%\Local Settings\Temp\setup_wm.exeNY -> newdev.dll -> %SystemRoot%\Temp\newdev.dllNY -> alcrmv9x.exe -> %UserProfile%\Local Settings\Temp\pftB~tmp\alcrmv9x.exeNY -> alcrmv9x.exe -> %UserProfile%\Local Settings\Temp\pft8~tmp\alcrmv9x.exeNY -> alcchkid.exe -> %UserProfile%\Local Settings\Temp\pftB~tmp\alcchkid.exeNY -> alcchkid.exe -> %UserProfile%\Local Settings\Temp\pft8~tmp\alcchkid.exeNY -> ALCXDEV.EXE -> %UserProfile%\Local Settings\Temp\pftB~tmp\ALCXDEV.EXENY -> ALCXDEV.EXE -> %UserProfile%\Local Settings\Temp\pft8~tmp\ALCXDEV.EXENY -> GETDXVER.EXE -> %UserProfile%\Local Settings\Temp\pftB~tmp\GETDXVER.EXENY -> GETDXVER.EXE -> %UserProfile%\Local Settings\Temp\pft8~tmp\GETDXVER.EXENY -> SetCDfmt.exe -> %UserProfile%\Local Settings\Temp\pftB~tmp\SetCDfmt.exeNY -> SetCDfmt.exe -> %UserProfile%\Local Settings\Temp\pft8~tmp\SetCDfmt.exe[Purity][Empty Temp Folders][start Explorer]

Then run the fix and post the log it produces afterwards.

Link to post
Share on other sites

[Kill Explorer]

[Registry - Safe List]

< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > ->

YN -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm

< Internet Explorer Settings [HKEY_CURRENT_USER\] > ->

YN -> HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm

YN -> HKEY_CURRENT_USER\: SearchURL\\"provider" -> gogl

< Internet Explorer Settings [HKEY_USERS\S-1-5-21-507921405-308236825-725345543-1003\] > ->

YN -> HKEY_USERS\S-1-5-21-507921405-308236825-725345543-1003\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm

YN -> HKEY_USERS\S-1-5-21-507921405-308236825-725345543-1003\: SearchURL\\"provider" -> gogl

< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

YN -> "NVMixerTray" -> %ProgramFiles%\NVIDIA Corporation\NvMixer\NVMixerTray.exe ["C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"]

< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

YN -> "HijackThis startup scan" -> [C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan]

< Run [HKEY_USERS\S-1-5-21-507921405-308236825-725345543-1003\] > -> HKEY_USERS\S-1-5-21-507921405-308236825-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

YN -> "HijackThis startup scan" -> [C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan]

< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\

YN -> CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.]

< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-507921405-308236825-725345543-1003\] > -> HKEY_USERS\S-1-5-21-507921405-308236825-725345543-1003\Software\Microsoft\Internet Explorer\Extensions\

YN -> CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.]

< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit

YY -> C:\WINDOWS\system32\twext.exe -> %SystemRoot%\system32\twext.exe

< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

[Files/Folders - Created Within 30 Days]

NY -> 9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp

NY -> gmer.exe -> %UserProfile%\Desktop\gmer.exe

NY -> _OTMoveIt -> %SystemDrive%\_OTMoveIt

NY -> OTMoveIt3.exe -> %UserProfile%\Desktop\OTMoveIt3.exe

NY -> rsit -> %SystemDrive%\rsit

NY -> RSIT.exe -> %UserProfile%\Desktop\RSIT.exe

NY -> fixit.com -> %UserProfile%\Desktop\fixit.com

[Files/Folders - Modified Within 30 Days]

NY -> 9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp

NY -> 5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp

NY -> 221 C:\Documents and Settings\Ray\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Ray\Local Settings\Temp\*.tmp

NY -> 3 C:\Documents and Settings\Ray\Local Settings\Temp\082408170320\*.tmp files -> C:\Documents and Settings\Ray\Local Settings\Temp\082408170320\*.tmp

NY -> 3 C:\Documents and Settings\Ray\Local Settings\Temp\111608124923\*.tmp files -> C:\Documents and Settings\Ray\Local Settings\Temp\111608124923\*.tmp

NY -> 3 C:\Documents and Settings\Ray\Local Settings\Temp\112408221614\*.tmp files -> C:\Documents and Settings\Ray\Local Settings\Temp\112408221614\*.tmp

NY -> 221 C:\Documents and Settings\Ray\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Ray\Local Settings\Temp\*.tmp

NY -> 70 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp

NY -> 70 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp

NY -> 70 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp

NY -> Perflib_Perfdata_7f4.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_7f4.dat

NY -> Perflib_Perfdata_9cc.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_9cc.dat

NY -> Perflib_Perfdata_4a0.dat -> %SystemRoot%\Temp\Perflib_Perfdata_4a0.dat

NY -> SA.DAT -> %SystemRoot%\tasks\SA.DAT

NY -> Perflib_Perfdata_ba0.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_ba0.dat

NY -> Perflib_Perfdata_c38.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_c38.dat

NY -> Perflib_Perfdata_3e4.dat -> %SystemRoot%\Temp\Perflib_Perfdata_3e4.dat

NY -> RSIT.exe -> %UserProfile%\Desktop\RSIT.exe

NY -> fixit.com -> %UserProfile%\Desktop\fixit.com

NY -> Perflib_Perfdata_8b8.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_8b8.dat

NY -> Perflib_Perfdata_3f0.dat -> %SystemRoot%\Temp\Perflib_Perfdata_3f0.dat

NY -> Perflib_Perfdata_8fc.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_8fc.dat

NY -> Perflib_Perfdata_3c0.dat -> %SystemRoot%\Temp\Perflib_Perfdata_3c0.dat

NY -> Perflib_Perfdata_2fc.dat -> %SystemRoot%\Temp\Perflib_Perfdata_2fc.dat

NY -> Perflib_Perfdata_86c.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_86c.dat

NY -> System.dll -> %SystemRoot%\Temp\nso44.tmp\System.dll

NY -> NSIS_Picasa.dll -> %SystemRoot%\Temp\nso44.tmp\NSIS_Picasa.dll

NY -> Perflib_Perfdata_2dc.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_2dc.dat

NY -> Perflib_Perfdata_260.dat -> %SystemRoot%\Temp\Perflib_Perfdata_260.dat

NY -> Perflib_Perfdata_81c.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_81c.dat

NY -> index.dat -> %SystemRoot%\Temp\Temporary Internet Files\Content.IE5\index.dat

NY -> index.dat -> %SystemRoot%\Temp\History\History.IE5\index.dat

NY -> index.dat -> %SystemRoot%\Temp\Cookies\index.dat

NY -> Perflib_Perfdata_b88.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_b88.dat

NY -> Perflib_Perfdata_250.dat -> %SystemRoot%\Temp\Perflib_Perfdata_250.dat

NY -> Perflib_Perfdata_6fc.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_6fc.dat

NY -> Perflib_Perfdata_9d8.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_9d8.dat

NY -> Perflib_Perfdata_24c.dat -> %SystemRoot%\Temp\Perflib_Perfdata_24c.dat

NY -> Perflib_Perfdata_6e0.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_6e0.dat

NY -> Perflib_Perfdata_300.dat -> %SystemRoot%\Temp\Perflib_Perfdata_300.dat

NY -> Perflib_Perfdata_26c.dat -> %SystemRoot%\Temp\Perflib_Perfdata_26c.dat

NY -> vsxml.dll -> %UserProfile%\Local Settings\Temp\112408221614\vsxml.dll

NY -> vsxml.dll -> %UserProfile%\Local Settings\Temp\111608124923\vsxml.dll

NY -> Perflib_Perfdata_120.dat -> %SystemRoot%\Temp\Perflib_Perfdata_120.dat

NY -> Perflib_Perfdata_154.dat -> %SystemRoot%\Temp\Perflib_Perfdata_154.dat

NY -> Perflib_Perfdata_228.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_228.dat

NY -> Perflib_Perfdata_704.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_704.dat

NY -> Perflib_Perfdata_1b8.dat -> %SystemRoot%\Temp\Perflib_Perfdata_1b8.dat

NY -> Perflib_Perfdata_614.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_614.dat

NY -> Perflib_Perfdata_164.dat -> %SystemRoot%\Temp\Perflib_Perfdata_164.dat

NY -> _Setup.dll -> %UserProfile%\Local Settings\Temp\isp4.tmp\_Setup.dll

NY -> setup.exe -> %UserProfile%\Local Settings\Temp\bye49.tmp\Disk1\setup.exe

NY -> _Setup.dll -> %UserProfile%\Local Settings\Temp\isp47.tmp\_Setup.dll

NY -> dotnetfx.exe -> %UserProfile%\Local Settings\Temp\VSDE.tmp\dotnetfx\dotnetfx.exe

NY -> bootstrap.exe -> %UserProfile%\Local Settings\Temp\VSDE.tmp\bootstrap.exe

NY -> dotnetchk.exe -> %UserProfile%\Local Settings\Temp\VSDE.tmp\dotnetfx\dotnetchk.exe

NY -> _Setup.dll -> %UserProfile%\Local Settings\Temp\isp27.tmp\_Setup.dll

NY -> _Setup.dll -> %UserProfile%\Local Settings\Temp\isp1E.tmp\_Setup.dll

NY -> NSIS_Picasa.dll -> %UserProfile%\Local Settings\Temp\nsg8E.tmp\NSIS_Picasa.dll

NY -> vsutil.dll -> %UserProfile%\Local Settings\Temp\082408170320\vsutil.dll

NY -> vsinit.dll -> %UserProfile%\Local Settings\Temp\082408170320\vsinit.dll

NY -> vsavpro.dll -> %UserProfile%\Local Settings\Temp\082408170320\vsavpro.dll

NY -> vsdb.dll -> %UserProfile%\Local Settings\Temp\082408170320\vsdb.dll

NY -> vsdata.dll -> %UserProfile%\Local Settings\Temp\082408170320\vsdata.dll

NY -> fbl.dll -> %UserProfile%\Local Settings\Temp\082408170320\fbl.dll

NY -> featuremap.dll -> %UserProfile%\Local Settings\Temp\082408170320\featuremap.dll

NY -> SoundMan.exe -> %UserProfile%\Local Settings\Temp\pftB~tmp\WDM\SoundMan.exe

NY -> SoundMan.exe -> %UserProfile%\Local Settings\Temp\pft8~tmp\WDM\SoundMan.exe

NY -> RTLCPL.exe -> %UserProfile%\Local Settings\Temp\pftB~tmp\WDM\RTLCPL.exe

NY -> RtlCPAPI.dll -> %UserProfile%\Local Settings\Temp\pftB~tmp\WDM\RtlCPAPI.dll

NY -> RtlCPAPI.dll -> %UserProfile%\Local Settings\Temp\pft8~tmp\WDM\RtlCPAPI.dll

NY -> ChCfg.exe -> %UserProfile%\Local Settings\Temp\pftB~tmp\WDM\ChCfg.exe

NY -> ChCfg.exe -> %UserProfile%\Local Settings\Temp\pft8~tmp\WDM\ChCfg.exe

NY -> ChCfg.exe -> %UserProfile%\Local Settings\Temp\pftB~tmp\ChCfg.exe

NY -> ChCfg.exe -> %UserProfile%\Local Settings\Temp\pft8~tmp\ChCfg.exe

NY -> alcrmv.exe -> %UserProfile%\Local Settings\Temp\pftB~tmp\WDM\alcrmv.exe

NY -> alcrmv.exe -> %UserProfile%\Local Settings\Temp\pft8~tmp\WDM\alcrmv.exe

NY -> alcrmv64.exe -> %UserProfile%\Local Settings\Temp\pftB~tmp\WDM\alcrmv64.exe

NY -> alcrmv64.exe -> %UserProfile%\Local Settings\Temp\pft8~tmp\WDM\alcrmv64.exe

NY -> alcrmv64.exe -> %UserProfile%\Local Settings\Temp\pftB~tmp\alcrmv64.exe

NY -> alcrmv64.exe -> %UserProfile%\Local Settings\Temp\pft8~tmp\alcrmv64.exe

NY -> alcrmv.exe -> %UserProfile%\Local Settings\Temp\pftB~tmp\alcrmv.exe

NY -> alcrmv.exe -> %UserProfile%\Local Settings\Temp\pft8~tmp\alcrmv.exe

NY -> AlcUpd64.exe -> %UserProfile%\Local Settings\Temp\pftB~tmp\AlcUpd64.exe

NY -> AlcUpd64.exe -> %UserProfile%\Local Settings\Temp\pft8~tmp\AlcUpd64.exe

NY -> alcupd.exe -> %UserProfile%\Local Settings\Temp\pftB~tmp\alcupd.exe

NY -> alcupd.exe -> %UserProfile%\Local Settings\Temp\pft8~tmp\alcupd.exe

NY -> CPLUtl64.exe -> %UserProfile%\Local Settings\Temp\pftB~tmp\WDM\CPLUtl64.exe

NY -> CPLUtl64.exe -> %UserProfile%\Local Settings\Temp\pft8~tmp\WDM\CPLUtl64.exe

NY -> setup.exe -> %UserProfile%\Local Settings\Temp\pftB~tmp\setup.exe

NY -> setup.exe -> %UserProfile%\Local Settings\Temp\pft8~tmp\setup.exe

NY -> nvudisp.exe -> %UserProfile%\Local Settings\Temp\WZSE0.TMP\nvudisp.exe

NY -> setup.exe -> %UserProfile%\Local Settings\Temp\WZSE0.TMP\setup.exe

NY -> alcrmv.exe -> %SystemRoot%\Temp\alcrmv.exe

NY -> soundman.exe -> %SystemRoot%\Temp\soundman.exe

NY -> RTLCPL.exe -> %SystemRoot%\Temp\RTLCPL.exe

NY -> alcupd.exe -> %SystemRoot%\Temp\alcupd.exe

NY -> ChCfg.exe -> %SystemRoot%\Temp\ChCfg.exe

NY -> RtlCPAPI.dll -> %SystemRoot%\Temp\RtlCPAPI.dll

NY -> setup_wm.exe -> %UserProfile%\Local Settings\Temp\setup_wm.exe

NY -> newdev.dll -> %SystemRoot%\Temp\newdev.dll

NY -> alcrmv9x.exe -> %UserProfile%\Local Settings\Temp\pftB~tmp\alcrmv9x.exe

NY -> alcrmv9x.exe -> %UserProfile%\Local Settings\Temp\pft8~tmp\alcrmv9x.exe

NY -> alcchkid.exe -> %UserProfile%\Local Settings\Temp\pftB~tmp\alcchkid.exe

NY -> alcchkid.exe -> %UserProfile%\Local Settings\Temp\pft8~tmp\alcchkid.exe

NY -> ALCXDEV.EXE -> %UserProfile%\Local Settings\Temp\pftB~tmp\ALCXDEV.EXE

NY -> ALCXDEV.EXE -> %UserProfile%\Local Settings\Temp\pft8~tmp\ALCXDEV.EXE

NY -> GETDXVER.EXE -> %UserProfile%\Local Settings\Temp\pftB~tmp\GETDXVER.EXE

NY -> GETDXVER.EXE -> %UserProfile%\Local Settings\Temp\pft8~tmp\GETDXVER.EXE

NY -> SetCDfmt.exe -> %UserProfile%\Local Settings\Temp\pftB~tmp\SetCDfmt.exe

NY -> SetCDfmt.exe -> %UserProfile%\Local Settings\Temp\pft8~tmp\SetCDfmt.exe

[Purity]

[Empty Temp Folders]

[start Explorer]

Link to post
Share on other sites

Sorry, Don't know how that happend :P

Process Explorer.EXE killed successfully!

[Registry - Safe List]

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page deleted successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page deleted successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL\\provider deleted successfully.

Registry key HKEY_USERS\1-5-21-507921405-308236825-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main not found.

Registry key HKEY_USERS\1-5-21-507921405-308236825-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\SearchURL not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NVMixerTray deleted successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\HijackThis startup scan deleted successfully.

Registry value HKEY_USERS\S-1-5-21-507921405-308236825-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\HijackThis startup scan not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\ not found.

Registry value HKEY_USERS\S-1-5-21-507921405-308236825-725345543-1003\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\twext.exe deleted successfully.

File C:\WINDOWS\system32\twext.exe not found.

[Files/Folders - Created Within 30 Days]

C:\Documents and Settings\Ray\Desktop\gmer.exe moved successfully.

C:\_OTMoveIt\MovedFiles\12242008_210504\windows\system32 folder moved successfully.

C:\_OTMoveIt\MovedFiles\12242008_210504\windows folder moved successfully.

C:\_OTMoveIt\MovedFiles\12242008_210504 folder moved successfully.

C:\_OTMoveIt\MovedFiles\12242008_210414 folder moved successfully.

C:\_OTMoveIt\MovedFiles\12242008_131728 folder moved successfully.

C:\_OTMoveIt\MovedFiles folder moved successfully.

C:\_OTMoveIt folder moved successfully.

C:\Documents and Settings\Ray\Desktop\OTMoveIt3.exe moved successfully.

C:\rsit folder moved successfully.

C:\Documents and Settings\Ray\Desktop\RSIT.exe moved successfully.

C:\Documents and Settings\Ray\Desktop\fixit.com moved successfully.

[Files/Folders - Modified Within 30 Days]

C:\WINDOWS\NV1240368.TMP folder deleted successfully.

C:\WINDOWS\NV16921252.TMP folder deleted successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\7zS8.tmp folder deleted successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\bye49.tmp\Disk1\setupdir\040c folder deleted successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\bye49.tmp\Disk1\setupdir\0404 folder deleted successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\bye49.tmp\Disk1\setupdir\0011 folder deleted successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\bye49.tmp\Disk1\setupdir\0009 folder deleted successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\bye49.tmp\Disk1\setupdir\0007 folder deleted successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\bye49.tmp\Disk1\setupdir folder deleted successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\bye49.tmp\Disk1 folder deleted successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\bye49.tmp folder deleted successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\Div4.tmp folder deleted successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\isp1E.tmp folder deleted successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\isp27.tmp folder deleted successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\isp4.tmp folder deleted successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\isp47.tmp folder deleted successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\iss1.tmp folder deleted successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\iss6.tmp folder deleted successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\nsg8E.tmp folder deleted successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\VSDE.tmp\dotnetfx folder deleted successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\VSDE.tmp folder deleted successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\WZSE0.TMP folder deleted successfully.

File delete failed. C:\Documents and Settings\Ray\Local Settings\Temp\~DF7DFF.tmp scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Ray\Local Settings\Temp\~DFD345.tmp scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Ray\Local Settings\Temp\~DFD353.tmp scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Ray\Local Settings\Temp\~DF7DFF.tmp scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Ray\Local Settings\Temp\~DFD345.tmp scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Ray\Local Settings\Temp\~DFD353.tmp scheduled to be deleted on reboot.

C:\WINDOWS\Temp\nso44.tmp folder deleted successfully.

File delete failed. C:\WINDOWS\Temp\ZLT017c3.TMP scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\Temp\ scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\Temp\ scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\Temp\ZLT017c3.TMP scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\Temp\ scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\Temp\ scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\Temp\ZLT017c3.TMP scheduled to be deleted on reboot.

File C:\Documents and Settings\Ray\Local Settings\Temp\Perflib_Perfdata_7f4.dat not found!

File move failed. C:\Documents and Settings\Ray\Local Settings\Temp\Perflib_Perfdata_9cc.dat scheduled to be moved on reboot.

File move failed. C:\WINDOWS\Temp\Perflib_Perfdata_4a0.dat scheduled to be moved on reboot.

C:\WINDOWS\tasks\SA.DAT moved successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\Perflib_Perfdata_ba0.dat moved successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\Perflib_Perfdata_c38.dat moved successfully.

File move failed. C:\WINDOWS\Temp\Perflib_Perfdata_3e4.dat scheduled to be moved on reboot.

File C:\Documents and Settings\Ray\Desktop\RSIT.exe not found!

File C:\Documents and Settings\Ray\Desktop\fixit.com not found!

C:\Documents and Settings\Ray\Local Settings\Temp\Perflib_Perfdata_8b8.dat moved successfully.

File move failed. C:\WINDOWS\Temp\Perflib_Perfdata_3f0.dat scheduled to be moved on reboot.

C:\Documents and Settings\Ray\Local Settings\Temp\Perflib_Perfdata_8fc.dat moved successfully.

File move failed. C:\WINDOWS\Temp\Perflib_Perfdata_3c0.dat scheduled to be moved on reboot.

File move failed. C:\WINDOWS\Temp\Perflib_Perfdata_2fc.dat scheduled to be moved on reboot.

C:\Documents and Settings\Ray\Local Settings\Temp\Perflib_Perfdata_86c.dat moved successfully.

File C:\WINDOWS\Temp\nso44.tmp\System.dll not found!

File C:\WINDOWS\Temp\nso44.tmp\NSIS_Picasa.dll not found!

C:\Documents and Settings\Ray\Local Settings\Temp\Perflib_Perfdata_2dc.dat moved successfully.

File move failed. C:\WINDOWS\Temp\Perflib_Perfdata_260.dat scheduled to be moved on reboot.

C:\Documents and Settings\Ray\Local Settings\Temp\Perflib_Perfdata_81c.dat moved successfully.

File move failed. C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

File move failed. C:\WINDOWS\Temp\History\History.IE5\index.dat scheduled to be moved on reboot.

File move failed. C:\WINDOWS\Temp\Cookies\index.dat scheduled to be moved on reboot.

C:\Documents and Settings\Ray\Local Settings\Temp\Perflib_Perfdata_b88.dat moved successfully.

File move failed. C:\WINDOWS\Temp\Perflib_Perfdata_250.dat scheduled to be moved on reboot.

C:\Documents and Settings\Ray\Local Settings\Temp\Perflib_Perfdata_6fc.dat moved successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\Perflib_Perfdata_9d8.dat moved successfully.

File move failed. C:\WINDOWS\Temp\Perflib_Perfdata_24c.dat scheduled to be moved on reboot.

C:\Documents and Settings\Ray\Local Settings\Temp\Perflib_Perfdata_6e0.dat moved successfully.

File move failed. C:\WINDOWS\Temp\Perflib_Perfdata_300.dat scheduled to be moved on reboot.

File move failed. C:\WINDOWS\Temp\Perflib_Perfdata_26c.dat scheduled to be moved on reboot.

C:\Documents and Settings\Ray\Local Settings\Temp\112408221614\vsxml.dll moved successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\111608124923\vsxml.dll moved successfully.

File move failed. C:\WINDOWS\Temp\Perflib_Perfdata_120.dat scheduled to be moved on reboot.

File move failed. C:\WINDOWS\Temp\Perflib_Perfdata_154.dat scheduled to be moved on reboot.

C:\Documents and Settings\Ray\Local Settings\Temp\Perflib_Perfdata_228.dat moved successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\Perflib_Perfdata_704.dat moved successfully.

File move failed. C:\WINDOWS\Temp\Perflib_Perfdata_1b8.dat scheduled to be moved on reboot.

C:\Documents and Settings\Ray\Local Settings\Temp\Perflib_Perfdata_614.dat moved successfully.

File move failed. C:\WINDOWS\Temp\Perflib_Perfdata_164.dat scheduled to be moved on reboot.

File C:\Documents and Settings\Ray\Local Settings\Temp\isp4.tmp\_Setup.dll not found!

File C:\Documents and Settings\Ray\Local Settings\Temp\bye49.tmp\Disk1\setup.exe not found!

File C:\Documents and Settings\Ray\Local Settings\Temp\isp47.tmp\_Setup.dll not found!

File C:\Documents and Settings\Ray\Local Settings\Temp\VSDE.tmp\dotnetfx\dotnetfx.exe not found!

File C:\Documents and Settings\Ray\Local Settings\Temp\VSDE.tmp\bootstrap.exe not found!

File C:\Documents and Settings\Ray\Local Settings\Temp\VSDE.tmp\dotnetfx\dotnetchk.exe not found!

File C:\Documents and Settings\Ray\Local Settings\Temp\isp27.tmp\_Setup.dll not found!

File C:\Documents and Settings\Ray\Local Settings\Temp\isp1E.tmp\_Setup.dll not found!

File C:\Documents and Settings\Ray\Local Settings\Temp\nsg8E.tmp\NSIS_Picasa.dll not found!

C:\Documents and Settings\Ray\Local Settings\Temp\082408170320\vsutil.dll moved successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\082408170320\vsinit.dll moved successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\082408170320\vsavpro.dll moved successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\082408170320\vsdb.dll moved successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\082408170320\vsdata.dll moved successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\082408170320\fbl.dll moved successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\082408170320\featuremap.dll moved successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\pftB~tmp\WDM\SoundMan.exe moved successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\pft8~tmp\WDM\SoundMan.exe moved successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\pftB~tmp\WDM\RTLCPL.exe moved successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\pftB~tmp\WDM\RtlCPAPI.dll moved successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\pft8~tmp\WDM\RtlCPAPI.dll moved successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\pftB~tmp\WDM\ChCfg.exe moved successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\pft8~tmp\WDM\ChCfg.exe moved successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\pftB~tmp\ChCfg.exe moved successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\pft8~tmp\ChCfg.exe moved successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\pftB~tmp\WDM\alcrmv.exe moved successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\pft8~tmp\WDM\alcrmv.exe moved successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\pftB~tmp\WDM\alcrmv64.exe moved successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\pft8~tmp\WDM\alcrmv64.exe moved successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\pftB~tmp\alcrmv64.exe moved successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\pft8~tmp\alcrmv64.exe moved successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\pftB~tmp\alcrmv.exe moved successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\pft8~tmp\alcrmv.exe moved successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\pftB~tmp\AlcUpd64.exe moved successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\pft8~tmp\AlcUpd64.exe moved successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\pftB~tmp\alcupd.exe moved successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\pft8~tmp\alcupd.exe moved successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\pftB~tmp\WDM\CPLUtl64.exe moved successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\pft8~tmp\WDM\CPLUtl64.exe moved successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\pftB~tmp\setup.exe moved successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\pft8~tmp\setup.exe moved successfully.

File C:\Documents and Settings\Ray\Local Settings\Temp\WZSE0.TMP\nvudisp.exe not found!

File C:\Documents and Settings\Ray\Local Settings\Temp\WZSE0.TMP\setup.exe not found!

File move failed. C:\WINDOWS\Temp\alcrmv.exe scheduled to be moved on reboot.

File move failed. C:\WINDOWS\Temp\soundman.exe scheduled to be moved on reboot.

File move failed. C:\WINDOWS\Temp\RTLCPL.exe scheduled to be moved on reboot.

File move failed. C:\WINDOWS\Temp\alcupd.exe scheduled to be moved on reboot.

File move failed. C:\WINDOWS\Temp\ChCfg.exe scheduled to be moved on reboot.

File move failed. C:\WINDOWS\Temp\RtlCPAPI.dll scheduled to be moved on reboot.

C:\Documents and Settings\Ray\Local Settings\Temp\setup_wm.exe moved successfully.

File move failed. C:\WINDOWS\Temp\newdev.dll scheduled to be moved on reboot.

C:\Documents and Settings\Ray\Local Settings\Temp\pftB~tmp\alcrmv9x.exe moved successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\pft8~tmp\alcrmv9x.exe moved successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\pftB~tmp\alcchkid.exe moved successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\pft8~tmp\alcchkid.exe moved successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\pftB~tmp\ALCXDEV.EXE moved successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\pft8~tmp\ALCXDEV.EXE moved successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\pftB~tmp\GETDXVER.EXE moved successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\pft8~tmp\GETDXVER.EXE moved successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\pftB~tmp\SetCDfmt.exe moved successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\pft8~tmp\SetCDfmt.exe moved successfully.

[Purity]

Purity scan complete.

[Empty Temp Folders]

File delete failed. C:\Documents and Settings\Ray\Local Settings\Temp\etilqs_2rAMVZF1lBbp3yjC4ZKk scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Ray\Local Settings\Temp\Perflib_Perfdata_9cc.dat scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Ray\Local Settings\Temp\~DF7DFF.tmp scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Ray\Local Settings\Temp\~DFD345.tmp scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Ray\Local Settings\Temp\~DFD353.tmp scheduled to be deleted on reboot.

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

Local Service Temporary Internet Files folder emptied.

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_4a0.dat scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\ZLT017c3.TMP scheduled to be deleted on reboot.

Windows Temp folder emptied.

File delete failed. C:\Documents and Settings\Ray\Local Settings\Application Data\Mozilla\Firefox\Profiles\s5nmffeg.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Ray\Local Settings\Application Data\Mozilla\Firefox\Profiles\s5nmffeg.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Ray\Local Settings\Application Data\Mozilla\Firefox\Profiles\s5nmffeg.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Ray\Local Settings\Application Data\Mozilla\Firefox\Profiles\s5nmffeg.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Ray\Local Settings\Application Data\Mozilla\Firefox\Profiles\s5nmffeg.default\urlclassifier3.sqlite scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Ray\Local Settings\Application Data\Mozilla\Firefox\Profiles\s5nmffeg.default\XUL.mfl scheduled to be deleted on reboot.

FireFox cache emptied.

RecycleBin -> emptied.

Explorer started successfully

< End of fix log >

OTScanIt2 by OldTimer - Version 1.0.4.0 fix logfile created on 12272008_031710

Files moved on Reboot...

C:\Documents and Settings\Ray\Local Settings\Temp\~DF7DFF.tmp moved successfully.

C:\Documents and Settings\Ray\Local Settings\Temp\~DFD345.tmp moved successfully.

File C:\Documents and Settings\Ray\Local Settings\Temp\~DFD353.tmp not found!

File C:\WINDOWS\Temp\ZLT017c3.TMP not found!

Folder move failed. C:\WINDOWS\Temp\\Temporary Internet Files scheduled to be moved on reboot.

Folder move failed. C:\WINDOWS\Temp\\History scheduled to be moved on reboot.

Folder move failed. C:\WINDOWS\Temp\\Cookies scheduled to be moved on reboot.

Folder move failed. C:\WINDOWS\Temp\ scheduled to be moved on reboot.

File C:\Documents and Settings\Ray\Local Settings\Temp\Perflib_Perfdata_9cc.dat not found!

File C:\WINDOWS\Temp\Perflib_Perfdata_4a0.dat not found!

File C:\WINDOWS\Temp\Perflib_Perfdata_3e4.dat not found!

File C:\WINDOWS\Temp\Perflib_Perfdata_3f0.dat not found!

File C:\WINDOWS\Temp\Perflib_Perfdata_3c0.dat not found!

File C:\WINDOWS\Temp\Perflib_Perfdata_2fc.dat not found!

File C:\WINDOWS\Temp\Perflib_Perfdata_260.dat not found!

File move failed. C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

File move failed. C:\WINDOWS\Temp\History\History.IE5\index.dat scheduled to be moved on reboot.

C:\WINDOWS\Temp\Cookies\index.dat moved successfully.

File C:\WINDOWS\Temp\Perflib_Perfdata_250.dat not found!

File C:\WINDOWS\Temp\Perflib_Perfdata_24c.dat not found!

File C:\WINDOWS\Temp\Perflib_Perfdata_300.dat not found!

File C:\WINDOWS\Temp\Perflib_Perfdata_26c.dat not found!

File C:\WINDOWS\Temp\Perflib_Perfdata_120.dat not found!

File C:\WINDOWS\Temp\Perflib_Perfdata_154.dat not found!

File C:\WINDOWS\Temp\Perflib_Perfdata_1b8.dat not found!

File C:\WINDOWS\Temp\Perflib_Perfdata_164.dat not found!

File C:\WINDOWS\Temp\alcrmv.exe not found!

File C:\WINDOWS\Temp\soundman.exe not found!

File C:\WINDOWS\Temp\RTLCPL.exe not found!

File C:\WINDOWS\Temp\alcupd.exe not found!

File C:\WINDOWS\Temp\ChCfg.exe not found!

File C:\WINDOWS\Temp\RtlCPAPI.dll not found!

File C:\WINDOWS\Temp\newdev.dll not found!

File C:\Documents and Settings\Ray\Local Settings\Temp\etilqs_2rAMVZF1lBbp3yjC4ZKk not found!

File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

C:\Documents and Settings\Ray\Local Settings\Application Data\Mozilla\Firefox\Profiles\s5nmffeg.default\Cache\_CACHE_001_ moved successfully.

C:\Documents and Settings\Ray\Local Settings\Application Data\Mozilla\Firefox\Profiles\s5nmffeg.default\Cache\_CACHE_002_ moved successfully.

C:\Documents and Settings\Ray\Local Settings\Application Data\Mozilla\Firefox\Profiles\s5nmffeg.default\Cache\_CACHE_003_ moved successfully.

C:\Documents and Settings\Ray\Local Settings\Application Data\Mozilla\Firefox\Profiles\s5nmffeg.default\Cache\_CACHE_MAP_ moved successfully.

C:\Documents and Settings\Ray\Local Settings\Application Data\Mozilla\Firefox\Profiles\s5nmffeg.default\urlclassifier3.sqlite moved successfully.

C:\Documents and Settings\Ray\Local Settings\Application Data\Mozilla\Firefox\Profiles\s5nmffeg.default\XUL.mfl moved successfully.

Registry entries deleted on Reboot...

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.