Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

lots of malware - from spam to "third hands


  • Please log in to reply
4 replies to this topic

#1 drkknght0000

drkknght0000

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:48 AM

Posted 02 March 2009 - 01:17 AM

my problem starts out similarly to this thread: http://www.bleepingcomputer.com/forums/t/202658/malware-took-over-my-wallpaper/

i turned my PC on one day to a cacophony of errors; not the least of which was an altered desktop background image that said "WARNING Dangerous Spyware Many Viruses were found on your computer such as: Trojan Horse, Pass Capture, etc. Your personal information can fall into the 'third hands'. Please check up the computer with a special software. Thank."

in addition, a command-prompt-like window with lost-hatch-like hieroglyphics scrolling through (it was running just like a typical command prompt that scrolled very quickly with new text, except the text was all the super special characters, like smiley faces, down arrows, angle brackets, diamonds, spades, hearts, e's with accents, etc).

on random, i'd also get errors saying a program crashed, but the program would be something random like 487.exe, or 399.exe.

and, just for kicks, the traditional "IE popup" stuff would happen, where even if IE was closed (i run firefox, anyway), i'd get an IE popup for a spam site, like shopica.com, thefreedictionary.com, or findstuff.com

ANYway... reading through many of the threads here, i disabled spambot and ran malwarebytes anti-malware, the latest version. i did a quick test, found some stuff, removed, adn rebooted, as the program requested. here is the log from that:

Malwarebytes' Anti-Malware 1.34
Database version: 1814
Windows 5.1.2600 Service Pack 3

3/2/2009 12:56:19 AM
mbam-log-2009-03-02 (00-56-19).txt

Scan type: Quick Scan
Objects scanned: 75822
Time elapsed: 6 minute(s), 21 second(s)

Memory Processes Infected: 4
Memory Modules Infected: 2
Registry Keys Infected: 26
Registry Values Infected: 4
Registry Data Items Infected: 12
Folders Infected: 0
Files Infected: 52

Memory Processes Infected:
C:\WINDOWS\system32\ntdll64.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\afisicx.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\mabidwe.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\frmwrk32.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\Utisoxe.dll (Trojan.BHO) -> Delete on reboot.
C:\WINDOWS\xccdf16_090131a.dll (Spyware.OnlineGames) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{c5af42a3-94f3-42bd-f634-3604832c897d} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5bf49a2-94f3-42bd-f434-3604812c8955} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kpdamdnq (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\kpdamdnq (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kpdamdnq (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\seneka (Trojan.TDSS) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\seneka (Trojan.TDSS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seneka (Trojan.TDSS) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\afisicx (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\afisicx (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\afisicx (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mabidwe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\mabidwe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mabidwe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdss.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EKRN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GUARD.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MCSHIELD.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xcommsvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\defaultlib (Spyware.Passwords) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\unesox (Trojan.BHO) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\xccinit (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Framework Windows (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\txtfile\shell\open\command\ (Hijack.Notepad) -> Bad: ("C:\WINDOWS\system32\nxtepad.exe" "%1") Good: (notepad.exe %1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Utisoxe.dll (Trojan.BHO) -> Delete on reboot.
C:\WINDOWS\system32\msrstart.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gwsh3b8iefd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efcCtrQi.dll.vir (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\senekaeyodsmsa.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\senekajnepsitq.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\nxtepad.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awttRIXo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\w.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Drivers\gjpxyfuq.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\senekasvifimlk.sys (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\vlcj.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\wjfrks.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rob\Local Settings\Temp\xpre.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rob\Local Settings\Temp\prun.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rob\Local Settings\Temp\B757.tmp (Backdoor.KeyStart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rob\Local Settings\Temp\27229.exe (Worm.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BNA.tmp (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Rob\Local Settings\Temporary Internet Files\Content.IE5\KPS1NQ3T\mmjjwjxt[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rob\Local Settings\Temporary Internet Files\Content.IE5\MI4CIIC2\725f[1].exe (Backdoor.KeyStart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rob\Local Settings\Temporary Internet Files\Content.IE5\QLEA5RP2\725f[1].exe (Backdoor.KeyStart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rob\Local Settings\Temporary Internet Files\Content.IE5\QLEA5RP2\ccsuper2[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rob\Local Settings\Temporary Internet Files\Content.IE5\QLEA5RP2\ebbxlllly[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ntdll64.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hguest.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\afisicx.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mabidwe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\inf\xccefb090131.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\umtcdtw.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tpszxyd.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\inf\rundll33.exe (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\xccdf16_090131a.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\xccdf32_090131a.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system\xccef090131.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\inf\xccdfb16_090131.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\warning.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ahtn.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\frmwrk32.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\Administrator\Local Settings\Temp\mousehook.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rob\Local Settings\Temp\mousehook.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\senekacfjwxdkp.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekadnwrxgxu.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekaxgpoaygy.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\218.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\234.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\421.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\687.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\seneka.sys (Trojan.Agent) -> Quarantined and deleted successfully.



after rebooting, i am not in the midst of performing a full scan with malwarebytes anit-malware. ill report back here with the log when that is finished, but please let me know if you see anything in the meantime!

thanks,
rob

BC AdBot (Login to Remove)

 


#2 drkknght0000

drkknght0000
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:48 AM

Posted 02 March 2009 - 01:30 AM

oh, one more error type to add to the list,before i forget...

i get a lot of "SVCHOST.EXE - application error"s, that look like this:

the instruction at "xxxxx" referenced memory at "yyyyy". The memory could not be "written"

click on OK to terminate this program
Click on CANCEL to debut this program

#3 drkknght0000

drkknght0000
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:48 AM

Posted 02 March 2009 - 03:13 AM

ok, just completed a full scan with malwarebyte's anti-malware. took about 2.5 hours, then told me to reboot. here's the logfile it produced:

Malwarebytes' Anti-Malware 1.34
Database version: 1814
Windows 5.1.2600 Service Pack 3

3/2/2009 3:02:01 AM
mbam-log-2009-03-02 (03-02-01).txt

Scan type: Full Scan (C:\|)
Objects scanned: 239721
Time elapsed: 2 hour(s), 2 minute(s), 32 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 7
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
C:\WINDOWS\Temp\BN8.tmp (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\frmwrk32.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Framework Windows (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Temp\BN8.tmp (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\ntdll64.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\senekatbhkesfk.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\warning.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ahtn.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\frmwrk32.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\drivers\468.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\671.exe (Rootkit.Agent) -> Quarantined and deleted successfully.

upon restart, the desktop was no longer hack-looking, however, i immediately got a few popups that programs like "984.exe" had encountered a problem, and the lost-scroll-command-prompt was back (which refers to file: dgqlqe.exe)

so whats next oh security gurus? :thumbsup:

#4 drkknght0000

drkknght0000
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:48 AM

Posted 02 March 2009 - 11:09 AM

(and btw, i am making all of these posts from a second computer - trying to use the messed up one as little as possible, in case that helps!)

#5 drkknght0000

drkknght0000
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:48 AM

Posted 02 March 2009 - 04:19 PM

ok, i also ran a hijack this scan in the meantime:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:17:09 PM, on 3/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\sopidkc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM6\aim6.exe
C:\Documents and Settings\Rob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\TEMP\BN6.tmp
C:\WINDOWS\system32\frmwrk32.exe
C:\WINDOWS\system32\drivers\484.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\frmwrk32.exe
C:\Program Files\Dell\QuickSet\QSUI.exe
C:\Program Files\Trend Micro\HijackThis\hcheck.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3070920
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3070920
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdkyd.exe] C:\WINDOWS\system32\kdkyd.exe
O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Rob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [vzpqmoysqm58hs2etdofy0s6] C:\DOCUME~1\Rob\LOCALS~1\Temp\so4p8mf2.exe
O4 - HKCU\..\Run: [vnaqs7eb19qpruxoj2sgwtdc5isk] C:\DOCUME~1\Rob\LOCALS~1\Temp\gphyum5j95.exe
O4 - HKCU\..\Run: [Rob] C:\Documents and Settings\Rob\Rob.exe /i
O4 - HKCU\..\Run: [ism1effv3860wf1mdsyshauh9pwit1bo2] C:\DOCUME~1\Rob\LOCALS~1\Temp\dgqlqe.exe
O4 - HKCU\..\Run: [gljnudmq7wisy8cmb1miamwsrmsd] C:\DOCUME~1\Rob\LOCALS~1\Temp\c5fd4sr.exe
O4 - HKCU\..\Run: [yrot72yfvlm325] C:\DOCUME~1\Rob\LOCALS~1\Temp\zrehb3pmf8k.exe
O4 - HKCU\..\Run: [nwj6xkq69nite94a1glp81yayxfj8o7] C:\DOCUME~1\Rob\LOCALS~1\Temp\a5zn0p.exe
O4 - HKCU\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\Rob\LOCALS~1\Temp\winlognn.exe
O4 - HKCU\..\Run: [wp6wly0ho2ta4lyngrzhvobs36r7wohw2cb3ytmpmsnnq555] C:\DOCUME~1\Rob\LOCALS~1\Temp\ad0siim.exe
O4 - HKCU\..\Run: [daffxmg17pcd7a6bitwp77qx8rtgy] C:\DOCUME~1\Rob\LOCALS~1\Temp\igl15gnhobg.exe
O4 - HKCU\..\Run: [hg67hti6ztcvb53ecgp1eikk15xz32jjd18lxjpu1gs5zbdu] C:\DOCUME~1\Rob\LOCALS~1\Temp\rjf7e7wd6xu0.exe
O4 - HKCU\..\Run: [bld507lhe9tvggojhidf44wqznh67vw098llxw] C:\DOCUME~1\Rob\LOCALS~1\Temp\fmvxpv8.exe
O4 - HKCU\..\Run: [fll0z7mjr8q14q06ofakka8wu9whntbds8ty] C:\DOCUME~1\Rob\LOCALS~1\Temp\frehft.exe
O4 - HKCU\..\Run: [a3jq3pz54jb8tlxsucfjim6wnthifcwdj98ehvm7jzfd9] C:\DOCUME~1\Rob\LOCALS~1\Temp\qae0l3f.exe
O4 - HKCU\..\Run: [g1ycm7a6d918j2uvsnoa4dqufembqu] C:\DOCUME~1\Rob\LOCALS~1\Temp\h57j0xbxzv7.exe
O4 - HKCU\..\Run: [y79k896p95] C:\DOCUME~1\Rob\LOCALS~1\Temp\nvwxq5o1xdco.exe
O4 - HKCU\..\Run: [utex74o9xv636wd4tbths70brtv] C:\DOCUME~1\Rob\LOCALS~1\Temp\uu3i90idw8.exe
O4 - HKCU\..\Run: [levqcck3e551h9412xqlhkzi3iz7nmhd] C:\DOCUME~1\Rob\LOCALS~1\Temp\emy3oajvyd.exe
O4 - HKCU\..\Run: [eb70eatjxlm9x] C:\DOCUME~1\Rob\LOCALS~1\Temp\jz8xwpcus8.exe
O4 - HKCU\..\Run: [axssruixxmwi] C:\DOCUME~1\Rob\LOCALS~1\Temp\mpebmx8yqq7.exe
O4 - HKCU\..\Run: [utimgz836] C:\DOCUME~1\Rob\LOCALS~1\Temp\laxdyhckwqqvb.exe
O4 - HKCU\..\Run: [v6l2rr6k5i6xw0isqxfkydu0zy3qv19p7l] C:\DOCUME~1\Rob\LOCALS~1\Temp\elsfeks0zxk6u.exe
O4 - HKCU\..\Run: [yl9w7aho9caxwh7236mvrj1m1lprnfzrrendujnispj68pn98s] C:\DOCUME~1\Rob\LOCALS~1\Temp\h0zz0z.exe
O4 - HKCU\..\Run: [erfy6ouizodxw6p72k] C:\DOCUME~1\Rob\LOCALS~1\Temp\sjii69n.exe
O4 - HKCU\..\Run: [bjeiox632rrrny6vepdiwekvhdiwq8h4avw3na92xmhpe1] C:\DOCUME~1\Rob\LOCALS~1\Temp\dli1tjtw.exe
O4 - HKCU\..\Run: [h2nonuzl93qwqavmje9v4] C:\DOCUME~1\Rob\LOCALS~1\Temp\zl4a5x2pqq7b.exe
O4 - HKCU\..\Run: [cttbaf8pqfxbor0g901jg55t] C:\DOCUME~1\Rob\LOCALS~1\Temp\mkrsgyybbazd.exe
O4 - HKCU\..\Run: [mgxo8n55u8pnzrvtigy9nry7] C:\DOCUME~1\Rob\LOCALS~1\Temp\awmes5h47.exe
O4 - HKCU\..\Run: [nh35zldcztjajkrsbmjxhvlbn4kk3gp7vbf06jfc5rleeu7zxd] C:\DOCUME~1\Rob\LOCALS~1\Temp\secihrd9.exe
O4 - HKCU\..\Run: [gztid57xc0h] C:\DOCUME~1\Rob\LOCALS~1\Temp\kajjg0de.exe
O4 - HKCU\..\Run: [lu16r5gd93617eo9rfnyhi24] C:\DOCUME~1\Rob\LOCALS~1\Temp\dgv1n1y2c.exe
O4 - HKCU\..\Run: [xkagspvalefvegmk] C:\DOCUME~1\Rob\LOCALS~1\Temp\p903r6sr5y7.exe
O4 - HKCU\..\Run: [kclyz5qbhduxj3emiugutr5j1r7jlan7pw9j5d0bmuddgmsw] C:\DOCUME~1\Rob\LOCALS~1\Temp\b6ksqn8l.exe
O4 - HKCU\..\Run: [bfxno9gzi6b5o3gt2] C:\DOCUME~1\Rob\LOCALS~1\Temp\rjs8y6rnrdjz.exe
O4 - HKCU\..\Run: [xbf6nfiwm0d1] C:\DOCUME~1\Rob\LOCALS~1\Temp\iwwymsrv9.exe
O4 - HKCU\..\Run: [do845fyr9rg344v5484najh7oag] C:\DOCUME~1\Rob\LOCALS~1\Temp\m5o6n2ez88hek.exe
O4 - HKCU\..\Run: [dmu3z3fhp1jim29j9sth02m9jownth1ky] C:\DOCUME~1\Rob\LOCALS~1\Temp\v94xubtezwy6b.exe
O4 - HKCU\..\Run: [tecr1w93m60c41pt455] C:\DOCUME~1\Rob\LOCALS~1\Temp\wf6i0pzkc.exe
O4 - HKCU\..\Run: [mdjrhja4jvucle] C:\DOCUME~1\Rob\LOCALS~1\Temp\nnf88cn8k.exe
O4 - HKCU\..\Run: [nmtsjik2wwo2hmup7q6zbq995iwy0v2zuf53eoe] C:\DOCUME~1\Rob\LOCALS~1\Temp\xkcdw3a4.exe
O4 - HKCU\..\Run: [o1szivcknqwcf3e3w5vtcy5] C:\DOCUME~1\Rob\LOCALS~1\Temp\au7g2jalf3v0.exe
O4 - HKCU\..\Run: [kgk2hjv7fj602dkg] C:\DOCUME~1\Rob\LOCALS~1\Temp\ks1svo79cx6u0.exe
O4 - HKCU\..\Run: [ozmjwypghkxtdb50236233qh] C:\DOCUME~1\Rob\LOCALS~1\Temp\r3wdy1.exe
O4 - HKCU\..\Run: [iyom1dld8tpmkn425xz2hll0mb9oxfzlbx] C:\DOCUME~1\Rob\LOCALS~1\Temp\qdo3vff.exe
O4 - HKCU\..\Run: [hm25v7cb2] C:\DOCUME~1\Rob\LOCALS~1\Temp\mtv58h7ins4a.exe
O4 - HKCU\..\Run: [jcdy3fg2nzdwv7yz9duq9086vqun2w89ydn9yn4bxig] C:\DOCUME~1\Rob\LOCALS~1\Temp\szyufve.exe
O4 - HKCU\..\Run: [gv7h67d9a0c] C:\DOCUME~1\Rob\LOCALS~1\Temp\exme235e.exe
O4 - HKCU\..\Run: [iydud5wozd9bj5kv9] C:\DOCUME~1\Rob\LOCALS~1\Temp\sg5x8u77r.exe
O4 - HKCU\..\Run: [ipp6ngxykscwctj7xddd6exlc35wm30wd10bc9f28697a] C:\DOCUME~1\Rob\LOCALS~1\Temp\o1oz1ebtx6x.exe
O4 - HKCU\..\Run: [xs65ty9448wc] C:\DOCUME~1\Rob\LOCALS~1\Temp\jc9nwg.exe
O4 - HKCU\..\Run: [v1nv7g4geygg9r3z3ky4j3npocznyu8k2cdhwy1tq9hsfgjx] C:\DOCUME~1\Rob\LOCALS~1\Temp\rcgqvp2j2.exe
O4 - HKCU\..\Run: [efvmpkbrmkifoqe1jp2ethkqy9qruo77lg1] C:\DOCUME~1\Rob\LOCALS~1\Temp\nsns8a.exe
O4 - HKCU\..\Run: [xakq0z5s123mhik2458jmdy] C:\DOCUME~1\Rob\LOCALS~1\Temp\eaa25uz7zv.exe
O4 - HKCU\..\Run: [gfmd5ph767nuwn8if6ao2qbsakwoznfkqk8n] C:\DOCUME~1\Rob\LOCALS~1\Temp\zvqtpcct4.exe
O4 - HKCU\..\Run: [vb8fs7ac9y7vfpi1tha] C:\DOCUME~1\Rob\LOCALS~1\Temp\db4y16iga.exe
O4 - HKCU\..\Run: [fybsxkj3ku] C:\DOCUME~1\Rob\LOCALS~1\Temp\fuukzmfml2tu.exe
O4 - HKCU\..\Run: [xyiy2tdzgwes84tfvbvrsa24013eyes0waylzskq] C:\DOCUME~1\Rob\LOCALS~1\Temp\twx2o27i.exe
O4 - HKCU\..\Run: [borebid6fm5duv7sml7jisntfc6plm92pyf5gxfjhgcqga2k] C:\DOCUME~1\Rob\LOCALS~1\Temp\mq509m.exe
O4 - HKCU\..\Run: [xd4japdm2n6a] C:\DOCUME~1\Rob\LOCALS~1\Temp\ayxq0q.exe
O4 - HKCU\..\Run: [e8w3qcr487] C:\DOCUME~1\Rob\LOCALS~1\Temp\k7zvpiv0.exe
O4 - HKCU\..\Run: [qjlg51k89] C:\DOCUME~1\Rob\LOCALS~1\Temp\zpwj7mkze.exe
O4 - HKCU\..\Run: [jynch64s0dgiap3d8yokcpe2a94bs71yf54nfy] C:\DOCUME~1\Rob\LOCALS~1\Temp\fo0tywnscb3h.exe
O4 - HKCU\..\Run: [br5ol0n1m2m87x7o8i] C:\DOCUME~1\Rob\LOCALS~1\Temp\mnqvhr04sn.exe
O4 - HKCU\..\Run: [jtw41n78drqe7cigqavnu183l45fajc2u3jnp0rba] C:\DOCUME~1\Rob\LOCALS~1\Temp\qhlg34iho74.exe
O4 - HKCU\..\Run: [jw38n8rers0qhs95emud] C:\DOCUME~1\Rob\LOCALS~1\Temp\aqnlswtp7b2ik.exe
O4 - HKCU\..\Run: [h77nkqenqpgc76kcyqr] C:\DOCUME~1\Rob\LOCALS~1\Temp\smu5r13gq5ebl.exe
O4 - HKCU\..\Run: [ri3hnffsi6upk99k03071u7l3] C:\DOCUME~1\Rob\LOCALS~1\Temp\wgt1y0.exe
O4 - HKCU\..\Run: [gzcey3gahn6midnwv5c7wrkkvg8wlsj5e] C:\DOCUME~1\Rob\LOCALS~1\Temp\h4rt95.exe
O4 - HKCU\..\Run: [auxpingqakljsmjz1tvshi6bop73mi] C:\DOCUME~1\Rob\LOCALS~1\Temp\snacwwu.exe
O4 - HKCU\..\Run: [lh96enlnof9fat77n3ba5bqpq4w75u7] C:\DOCUME~1\Rob\LOCALS~1\Temp\x2el9sw96cosz.exe
O4 - HKCU\..\Run: [y9m1ueubiktevolnf] C:\DOCUME~1\Rob\LOCALS~1\Temp\c1v1u5tf.exe
O4 - HKCU\..\Run: [zx2889vn5h35kd4kgk5c] C:\DOCUME~1\Rob\LOCALS~1\Temp\cbq4jlawnizc.exe
O4 - HKCU\..\Run: [aldc2ggjtrkqsoiv8btriuonqa0cvsm0zdp5784ihy5tno] C:\DOCUME~1\Rob\LOCALS~1\Temp\u7x5z91n6cbm.exe
O4 - HKCU\..\Run: [xovdc6opp5ihcwiuxr8kcnuo1ku8svm1l8mnfjxt05b0d1ch7l] C:\DOCUME~1\Rob\LOCALS~1\Temp\fq48fif.exe
O4 - HKCU\..\Run: [tiiu01hkfw] C:\DOCUME~1\Rob\LOCALS~1\Temp\xruc44.exe
O4 - HKCU\..\Run: [wp1hwoldff0up18] C:\DOCUME~1\Rob\LOCALS~1\Temp\qe6bu9m.exe
O4 - HKCU\..\Run: [ku6khmeznbubz0pvnt7etj8ycbtbjjmoc0lqfal0] C:\DOCUME~1\Rob\LOCALS~1\Temp\a61w9j4.exe
O4 - HKCU\..\Run: [gcc5knsnulcot5f4jnqi71i4jhcnr0m1m180z9g69ijof9r] C:\DOCUME~1\Rob\LOCALS~1\Temp\lu3i5au.exe
O4 - HKCU\..\Run: [pdb1zd0fdr0d9yvgtfvq6dlq4ysvc6un3xn773houu] C:\DOCUME~1\Rob\LOCALS~1\Temp\sjf0i671d.exe
O4 - HKCU\..\Run: [saa3fgvteml2zs541x8p71u29x8] C:\DOCUME~1\Rob\LOCALS~1\Temp\axmj8hxrndgrc.exe
O4 - HKCU\..\Run: [fdz9n56bkvu1] C:\DOCUME~1\Rob\LOCALS~1\Temp\ziml1i1.exe
O4 - HKCU\..\Run: [ox0vvktfeqav9dqjhlrrmrsy2687agjtv7il6sfbpcg6tv] C:\DOCUME~1\Rob\LOCALS~1\Temp\ynluixfrbj1.exe
O4 - HKCU\..\Run: [tm82l05ab2xsy0n88s] C:\DOCUME~1\Rob\LOCALS~1\Temp\qauix0zad.exe
O4 - HKCU\..\Run: [p59uo40n3mi4kfhgww44zxhp0xuu47] C:\DOCUME~1\Rob\LOCALS~1\Temp\ay37r736r7o9.exe
O4 - HKCU\..\Run: [cer4k0zpojwbq2tqvsy4u] C:\DOCUME~1\Rob\LOCALS~1\Temp\a85uq5wyrq.exe
O4 - HKCU\..\Run: [ybqc5n03ff32] C:\DOCUME~1\Rob\LOCALS~1\Temp\rqs4np.exe
O4 - HKCU\..\Run: [mg44v53r5] C:\DOCUME~1\Rob\LOCALS~1\Temp\n6z6jatmok9.exe
O4 - HKCU\..\Run: [shis2ylnz5xpdprjdkejhkxkv3sglkr] C:\DOCUME~1\Rob\LOCALS~1\Temp\yu19fi0trlf.exe
O4 - HKCU\..\Run: [gsnyfkahfky3ati5g63yyjcjumgfl3fvij0ls4yjk73kcb] C:\DOCUME~1\Rob\LOCALS~1\Temp\azay3yld2xgaj.exe
O4 - HKCU\..\Run: [r018xi40i02] C:\DOCUME~1\Rob\LOCALS~1\Temp\iih1j7gh.exe
O4 - HKCU\..\Run: [lxshhpj5badvb87az6otqirvx] C:\DOCUME~1\Rob\LOCALS~1\Temp\swep7ym.exe
O4 - HKCU\..\Run: [s049m7k0eh10] C:\DOCUME~1\Rob\LOCALS~1\Temp\ltsbdi.exe
O4 - HKCU\..\Run: [jm73gz0n5m9ilt5suc6a7fc50175757l7lpsobfd2] C:\DOCUME~1\Rob\LOCALS~1\Temp\gzuwi7ockp.exe
O4 - HKCU\..\Run: [fyrr7q8mfnvye4yz25s3wyldgumq2b9wzabjra2wn0mcve] C:\DOCUME~1\Rob\LOCALS~1\Temp\cf1yvoq.exe
O4 - HKCU\..\Run: [wlt5yn8odfd0ivfebs8p7xvy9me0o0e41a88] C:\DOCUME~1\Rob\LOCALS~1\Temp\gqwjh18q.exe
O4 - HKCU\..\Run: [suadii2i0crcmt598] C:\DOCUME~1\Rob\LOCALS~1\Temp\fla5g1.exe
O4 - HKCU\..\Run: [gw0axu13jr7n32z4w] C:\DOCUME~1\Rob\LOCALS~1\Temp\b6t7s2gy.exe
O4 - HKCU\..\Run: [c0udxmfvbolew234422fe4fr7dkw8jbg1tgwnpowadjhj] C:\DOCUME~1\Rob\LOCALS~1\Temp\qzyo6t224m.exe
O4 - HKCU\..\Run: [gajuhr2x6ft0l95ll] C:\DOCUME~1\Rob\LOCALS~1\Temp\bbcaijl.exe
O4 - HKCU\..\Run: [pput79ew2ejf] C:\DOCUME~1\Rob\LOCALS~1\Temp\a6qw006figbjb.exe
O4 - HKCU\..\Run: [cspjrn7625nauevqrj6ymhm6] C:\DOCUME~1\Rob\LOCALS~1\Temp\pzvders.exe
O4 - HKCU\..\Run: [nndo9jiv1evwvs8ptujzqzaaeaify3uq4geoinzmi2q2u6yh83] C:\DOCUME~1\Rob\LOCALS~1\Temp\mujdhsggt5.exe
O4 - HKCU\..\Run: [co2o6nwdb2irqve3ss37yla8vljjgqwvex71] C:\DOCUME~1\Rob\LOCALS~1\Temp\jej2nji.exe
O4 - HKCU\..\Run: [zak0m29nypt] C:\DOCUME~1\Rob\LOCALS~1\Temp\qn47vbc62.exe
O4 - HKCU\..\Run: [vi0jcc3o9t2l9uysyxibheqynnhax2vqfebtiou445d] C:\DOCUME~1\Rob\LOCALS~1\Temp\kk547s36.exe
O4 - HKCU\..\Run: [qfjdps8rv4ii] C:\DOCUME~1\Rob\LOCALS~1\Temp\b7bhutdpgvj.exe
O4 - HKCU\..\Run: [rfejlubs8vj457s4vk1eaxsta] C:\DOCUME~1\Rob\LOCALS~1\Temp\jb4xeomyx17.exe
O4 - HKCU\..\Run: [rpmt67ba355] C:\DOCUME~1\Rob\LOCALS~1\Temp\mqbh03yijdja.exe
O4 - HKCU\..\Run: [cvqv7e4lat01e5le5p6es] C:\DOCUME~1\Rob\LOCALS~1\Temp\hxasajgi72.exe
O4 - HKCU\..\Run: [m4f21n6b8rrsf] C:\DOCUME~1\Rob\LOCALS~1\Temp\ei38o44yl.exe
O4 - HKCU\..\Run: [ckkoul5y3l1zxztnmutyzh6h4swn] C:\DOCUME~1\Rob\LOCALS~1\Temp\of0dteau.exe
O4 - HKCU\..\Run: [aue53a9crl] C:\DOCUME~1\Rob\LOCALS~1\Temp\kc7fpg2dj80pl.exe
O4 - HKCU\..\Run: [yev7ebikf6fptq5ku6j1rq882ylrtgfsebaigiz96pdxea8n1] C:\DOCUME~1\Rob\LOCALS~1\Temp\h7vf9hqa.exe
O4 - HKCU\..\Run: [hwnj5lsr2yr1v] C:\DOCUME~1\Rob\LOCALS~1\Temp\km2zvwjuc.exe
O4 - HKCU\..\Run: [qwcm6rb6n2o74y2ay8x566i3smqowzxb] C:\DOCUME~1\Rob\LOCALS~1\Temp\c9iq3hw7l.exe
O4 - HKCU\..\Run: [tpyhwots7l0wygrmy07ieluoubajs5] C:\DOCUME~1\Rob\LOCALS~1\Temp\j368wcl5.exe
O4 - HKCU\..\Run: [f8acjykm336rl] C:\DOCUME~1\Rob\LOCALS~1\Temp\nsi998y0o3.exe
O4 - HKCU\..\Run: [egvkoyev13lbxq72t] C:\DOCUME~1\Rob\LOCALS~1\Temp\q7032wokxlp3y.exe
O4 - HKCU\..\Run: [x9bvpwo5jqro8mvft2uua] C:\DOCUME~1\Rob\LOCALS~1\Temp\ycp0rqi02sow.exe
O4 - HKCU\..\Run: [nzrdc9umdt25jha] C:\DOCUME~1\Rob\LOCALS~1\Temp\cpw1k47yi40.exe
O4 - HKCU\..\Run: [oulmybwpb] C:\DOCUME~1\Rob\LOCALS~1\Temp\jo333g1th.exe
O4 - HKCU\..\Run: [n2tbakkwlid50qugi16o7sly8trdvskyosoyxu6djruoa79y] C:\DOCUME~1\Rob\LOCALS~1\Temp\myy69w1aam61n.exe
O4 - HKCU\..\Run: [zjguzmcpgpa9bvs46iu0nbz9h6se1lmt2i1t6] C:\DOCUME~1\Rob\LOCALS~1\Temp\mp0a8ub2tmg.exe
O4 - HKCU\..\Run: [wrx7f88zxwanyneo6lrl] C:\DOCUME~1\Rob\LOCALS~1\Temp\pn7du94mfybs.exe
O4 - HKCU\..\Run: [k5ao1v0stfb5uy099gzl11925] C:\DOCUME~1\Rob\LOCALS~1\Temp\ec92ws3p1.exe
O4 - HKCU\..\Run: [s7nya0hx2gcy64evmpwx] C:\DOCUME~1\Rob\LOCALS~1\Temp\hm41cuclo5bfx.exe
O4 - HKCU\..\Run: [sey0kbz2yfcgh18ox095xf7nvs9ilw] C:\DOCUME~1\Rob\LOCALS~1\Temp\t34i6kaslnso.exe
O4 - HKCU\..\Run: [wg0pj95b8cyhi] C:\DOCUME~1\Rob\LOCALS~1\Temp\p5e46hmcq5ktf.exe
O4 - HKCU\..\Run: [ia5o0ig3jmnb2pvir4wlty9sdnp2k926v32vg0ew47dx8] C:\DOCUME~1\Rob\LOCALS~1\Temp\icna1h7n.exe
O4 - HKCU\..\Run: [axqr1w4ac40ooylvlnhzb8fz] C:\DOCUME~1\Rob\LOCALS~1\Temp\t0pdxpeu.exe
O4 - HKCU\..\Run: [wc2h2u6z7g2o3p9u5xt5t1qf05pf0kih3p5056q0hc] C:\DOCUME~1\Rob\LOCALS~1\Temp\zpyki20.exe
O4 - HKCU\..\Run: [o3pql21cled] C:\DOCUME~1\Rob\LOCALS~1\Temp\zztnoih6n1s.exe
O4 - HKCU\..\Run: [rz7o8u6gdlkjc1] C:\DOCUME~1\Rob\LOCALS~1\Temp\ceqr3f.exe
O4 - HKCU\..\Run: [pcpt181ddvmp7u7dy17pfam2fykrxp] C:\DOCUME~1\Rob\LOCALS~1\Temp\p7ij63vb.exe
O4 - HKCU\..\Run: [lbgdnrtvj5r75h68] C:\DOCUME~1\Rob\LOCALS~1\Temp\fzx2h1qepwv45.exe
O4 - HKCU\..\Run: [m9k2l0ou9zcpt247c7j3ilgvi0gqe7] C:\DOCUME~1\Rob\LOCALS~1\Temp\ym9k76.exe
O4 - HKCU\..\Run: [jkcndlzvqckmu8izfcdu39bwfl4] C:\DOCUME~1\Rob\LOCALS~1\Temp\xcb6qot.exe
O4 - HKCU\..\Run: [dkwdoa6ok744vs9eyqnx62mqlg8m3z4ncqer18nuhpb] C:\DOCUME~1\Rob\LOCALS~1\Temp\a1kdu1.exe
O4 - HKCU\..\Run: [tvzg57loxhusvt] C:\DOCUME~1\Rob\LOCALS~1\Temp\t3azgkc8g9.exe
O4 - HKCU\..\Run: [yensq0lpmlfvm4] C:\DOCUME~1\Rob\LOCALS~1\Temp\zs261ey3l.exe
O4 - HKCU\..\Run: [fp8umyfol5xd1pqks6ha91i87gswcdx046lnhm] C:\DOCUME~1\Rob\LOCALS~1\Temp\zel9rv3h.exe
O4 - HKCU\..\Run: [mec3zh4f2rhdkfx2dk] C:\DOCUME~1\Rob\LOCALS~1\Temp\xiyfodyk.exe
O4 - HKCU\..\Run: [qaya8mgfy599s425tuvlbzoihavdosaasvrxhja1lcf6f8lmw3] C:\DOCUME~1\Rob\LOCALS~1\Temp\qkkj4xk6f.exe
O4 - HKCU\..\Run: [cstdqxa9wgigbxccisnt90r7d7ayvxvj] C:\DOCUME~1\Rob\LOCALS~1\Temp\fn3k74n.exe
O4 - HKCU\..\Run: [ahulnsq0myq5vco0s05] C:\DOCUME~1\Rob\LOCALS~1\Temp\ytw2eqyt.exe
O4 - HKCU\..\Run: [v1kufauyhq5v59p0e4pbur1h7nm0cz] C:\DOCUME~1\Rob\LOCALS~1\Temp\eihppl8duy223.exe
O4 - HKCU\..\Run: [jbytij62cjeq4wwc] C:\DOCUME~1\Rob\LOCALS~1\Temp\b3rm36ft8mq1.exe
O4 - HKCU\..\Run: [bem90y8nzkayrwtt51j67sw2mqne7g01wsdo0x4o14] C:\DOCUME~1\Rob\LOCALS~1\Temp\xoaowq.exe
O4 - HKCU\..\Run: [n12btwmba50oy2h7jr7du] C:\DOCUME~1\Rob\LOCALS~1\Temp\cj8rtvh3n.exe
O4 - HKCU\..\Run: [pp1id9u0gw653i56w8cds2295mjciec0k7j9agk] C:\DOCUME~1\Rob\LOCALS~1\Temp\twvntnh.exe
O4 - HKCU\..\Run: [cbomihb63ba5wcvgt7o91xmchvfrn] C:\DOCUME~1\Rob\LOCALS~1\Temp\iuji468.exe
O4 - HKCU\..\Run: [o5ifsr76esn22jyzq0ikqtbgv] C:\DOCUME~1\Rob\LOCALS~1\Temp\et00797kyb.exe
O4 - HKCU\..\Run: [q73uhi2ensxyvajf73mpmjps1g5qet3m8iyfi3qn] C:\DOCUME~1\Rob\LOCALS~1\Temp\gudd3lqas.exe
O4 - HKCU\..\Run: [wqmylzxns] C:\DOCUME~1\Rob\LOCALS~1\Temp\sjzya4dfhch.exe
O4 - HKCU\..\Run: [td4hez926vnm7i22o] C:\DOCUME~1\Rob\LOCALS~1\Temp\h5zidbg0e.exe
O4 - HKCU\..\Run: [sh9qg2qywi77xkp1x] C:\DOCUME~1\Rob\LOCALS~1\Temp\c3jxmprsljgyg.exe
O4 - HKCU\..\Run: [m1o13pn3vlurx368l6jsgde7qzi9mh8e1w49bx5rlfe6ouho6s] C:\DOCUME~1\Rob\LOCALS~1\Temp\wdujdhvo41bc.exe
O4 - HKCU\..\Run: [ivhuv1ohuqtz1aeds2guu5zohnrz6rgcgunwx0ekg] C:\DOCUME~1\Rob\LOCALS~1\Temp\b8smamt.exe
O4 - HKCU\..\Run: [fr47grbsp7d3j5bbge83vtxws6h31adf72omhha3270rxix] C:\DOCUME~1\Rob\LOCALS~1\Temp\azrfhic4ek.exe
O4 - HKCU\..\Run: [cl80e28y1jtx4] C:\DOCUME~1\Rob\LOCALS~1\Temp\kr9wm8fyut3.exe
O4 - HKCU\..\Run: [z13ut2uc82a] C:\DOCUME~1\Rob\LOCALS~1\Temp\qvsuw2lcxqty.exe
O4 - HKCU\..\Run: [xm5cqqqfvdpw2a5e2ywi43n7d8trs7ani7o5pu404] C:\DOCUME~1\Rob\LOCALS~1\Temp\rrgcd0a1y3ug.exe
O4 - HKCU\..\Run: [uee24hw2dsdf3ihknn1n66tgejo] C:\DOCUME~1\Rob\LOCALS~1\Temp\srmnjxg78l41.exe
O4 - HKCU\..\Run: [kyf51exbyba3dghdjqliu6v5kw] C:\DOCUME~1\Rob\LOCALS~1\Temp\p8t7cf.exe
O4 - HKCU\..\Run: [gzm2g6omxzk88222ttqi0iqszvaj2twlai6r] C:\DOCUME~1\Rob\LOCALS~1\Temp\z57ch6fe03ghn.exe
O4 - HKCU\..\Run: [falgtrpg0z6xteehcuhheopb3qk1w9xqod7ken] C:\DOCUME~1\Rob\LOCALS~1\Temp\zvcsbqyx7.exe
O4 - HKCU\..\Run: [ay03sj94lvvyylju3a2ev04i0ihu2b] C:\DOCUME~1\Rob\LOCALS~1\Temp\qsdpn7px.exe
O4 - HKCU\..\Run: [r3wn74182] C:\DOCUME~1\Rob\LOCALS~1\Temp\yryvmb7s5yg.exe
O4 - HKCU\..\Run: [qdjhexmusyg2tvh] C:\DOCUME~1\Rob\LOCALS~1\Temp\xjmlo7ig4bf.exe
O4 - HKCU\..\Run: [bedsmp1fi3noczbhrok1h55q] C:\DOCUME~1\Rob\LOCALS~1\Temp\zygeb2dbf67.exe
O4 - HKCU\..\Run: [hx9fnedfumegh4sv9kps2a2sa] C:\DOCUME~1\Rob\LOCALS~1\Temp\va1kmkap460.exe
O4 - HKCU\..\Run: [qqvxmun2zh62s4yyv90jibk6f] C:\DOCUME~1\Rob\LOCALS~1\Temp\djd3wdoc4g.exe
O4 - HKCU\..\Run: [oyey545jf9fzic8wme] C:\DOCUME~1\Rob\LOCALS~1\Temp\o2wmjnq57uu.exe
O4 - HKCU\..\Run: [nlf2fsyah2bwtedn0wtmwpzxpldpskqrp5rwpcy2ph] C:\DOCUME~1\Rob\LOCALS~1\Temp\jeeh2kwj.exe
O4 - HKCU\..\Run: [bya8onzgm9upuwbjs92sn6ktonwo9soso2s] C:\DOCUME~1\Rob\LOCALS~1\Temp\t1x21e2y414.exe
O4 - HKCU\..\Run: [g984si5ngxixr3llvwt] C:\DOCUME~1\Rob\LOCALS~1\Temp\wc8tvpt7s.exe
O4 - HKCU\..\Run: [zq3zihhtc8cz1guiwyg0b5mwx23q8i788hj1ldoehv3x3wjeu] C:\DOCUME~1\Rob\LOCALS~1\Temp\ozh0asu.exe
O4 - HKCU\..\Run: [nwfl9rlg0tkubtv1cuib2l4vj1vunvbb486la3kg] C:\DOCUME~1\Rob\LOCALS~1\Temp\mtzmiu8c4zy.exe
O4 - HKCU\..\Run: [k1rheahsnnaof6vf8lb223d5x7] C:\DOCUME~1\Rob\LOCALS~1\Temp\qj4tdmkoy8w6.exe
O4 - HKCU\..\Run: [diz4quhuatohpenea3] C:\DOCUME~1\Rob\LOCALS~1\Temp\tyigsj6.exe
O4 - HKCU\..\Run: [fre86981zxp62iuuyarv6be] C:\DOCUME~1\Rob\LOCALS~1\Temp\h6anjnu.exe
O4 - HKCU\..\Run: [h9lu9czug7726t5s8ojqdvxd4kdkkrexuypw5tuq] C:\DOCUME~1\Rob\LOCALS~1\Temp\zjorsae9t.exe
O4 - HKCU\..\Run: [wcxoyoly2e2k2u] C:\DOCUME~1\Rob\LOCALS~1\Temp\b3bkv4.exe
O4 - HKCU\..\Run: [msv9o0zxff6] C:\DOCUME~1\Rob\LOCALS~1\Temp\tv3bjoa4eai.exe
O4 - HKCU\..\Run: [twzw3hr3707sv1j7nrhuhovteg0xeacqdp32ziays53ljk] C:\DOCUME~1\Rob\LOCALS~1\Temp\s5vkx202pm21.exe
O4 - HKCU\..\Run: [lmrvlsbxhjdqns6scl] C:\DOCUME~1\Rob\LOCALS~1\Temp\nxg8b4w.exe
O4 - HKCU\..\Run: [t28t4furimj3cnx6q2krz0] C:\DOCUME~1\Rob\LOCALS~1\Temp\bededskvgt6.exe
O4 - HKCU\..\Run: [enw4ao3q2izpfg4v6ycdaylqr1t77cp4dmwuk95nay5wdv] C:\DOCUME~1\Rob\LOCALS~1\Temp\db4e51pz3uhne.exe
O4 - HKCU\..\Run: [fgu53zwc8msggwsdm25nqxi8ryxojn80opz8ekoaxy4nmo1h] C:\DOCUME~1\Rob\LOCALS~1\Temp\h1nnu5kk.exe
O4 - HKCU\..\Run: [d312u183imylfzedj0wvhyle21ywdljlyzkamp] C:\DOCUME~1\Rob\LOCALS~1\Temp\zodbs8.exe
O4 - HKCU\..\Run: [vnrep0rcgz1k1oto1v2m605knklbp4fmckoesbnmlc48a] C:\DOCUME~1\Rob\LOCALS~1\Temp\f2epyftad8at.exe
O4 - HKCU\..\Run: [cpymh7j875cc4l3ct3f64dobv0vej9166p3m] C:\DOCUME~1\Rob\LOCALS~1\Temp\n1rlnots32.exe
O4 - HKCU\..\Run: [o09z0obypdcpem74k66csbhwc98xypnvk4g3lkgxvc] C:\DOCUME~1\Rob\LOCALS~1\Temp\rh5qzizf9r0.exe
O4 - HKCU\..\Run: [u1if27ezdh3t7w23g4tlnqqaobda75hojypaeeknpu] C:\DOCUME~1\Rob\LOCALS~1\Temp\tw9zxpml6.exe
O4 - Global Startup: xccstart.lnk = C:\WINDOWS\system\xccef090131.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\docume~1\rob\locals~1\temp\ntdll64.dll' missing
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - AppInit_DLLs: sfvlen.dll rbymmv.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c953eeeb8ec436) (gupdate1c953eeeb8ec436) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\services.exe (file missing)
O23 - Service: sopidkc Service (sopidkc) - Unknown owner - C:\WINDOWS\system32\sopidkc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: StumbleUponUpdateService - stumbleupon.com - C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 28718 bytes


(looks like toooons of temp folder stuff!)

Edited by drkknght0000, 02 March 2009 - 10:28 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users