Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware/Virus


  • This topic is locked This topic is locked
16 replies to this topic

#1 reesa9

reesa9

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Batchelor, NT, Australia
  • Local time:12:54 PM

Posted 13 July 2009 - 03:56 AM

G'day there

My friend has given me her laptop to tidy up, only to find there's some virus that resets all settings, and I can't even install windows updates.

Here's the log, hope you can help :thumbup2:

Cheers


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:40:48 PM, on 7/13/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://buy.drweb.com/register
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Startup Manager Scanner] C:\Program Files\Startup Mechanic\StartupMonitor.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O21 - SSODL: EI0FFBAB - {3AC44CCF-09B6-025D-310A-270B1B1C681C} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

--
End of file - 6352 bytes

BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:04:24 AM

Posted 23 July 2009 - 10:31 AM

Hello and welcome to Bleeping Computer.

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:
  • Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
  • Copy and paste all logs requested in you reply, Do not attach them unless asked too.
  • If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  • Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
  • If I do not hear back from you within 5 days of my last post, then this topic will be closed.

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • MBAM log
  • log.txt
  • info.txt
Thanks

unite.jpg


#3 reesa9

reesa9
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Batchelor, NT, Australia
  • Local time:12:54 PM

Posted 24 July 2009 - 07:04 AM

Many thanks for your help...logs are below.


Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 2

24/07/2009 9:55:59 PM
mbam-log-2009-07-24 (21-55-59).txt

Scan type: Full Scan (C:\|)
Objects scanned: 169068
Time elapsed: 43 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{fa088fd3-f597-4394-9d67-2f8fdd475742}\RP433\A0068611.sys (Trojan.Downloader) -> Quarantined and deleted successfully.




info.txt logfile of random's system information tool 1.06 2009-07-24 22:01:24

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A8325E66-E1C8-43C1-AA6A-F99C024A8C96}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A8325E66-E1C8-43C1-AA6A-F99C024A8C96}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Reader 6.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
Agere Systems AC'97 Modem-->agrsmdel
avast! Antivirus-->rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
Battery miser-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E55C8F84-160B-41FA-9D41-6210801C0C24}\setup.exe"
Canon MP Navigator EX 2.0-->"C:\Program Files\Canon\MP Navigator EX 2.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 2.0\uninst.ini
Canon MP480 series MP Drivers-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP480_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP480_series /L0x0009
Canon Utilities Easy-PhotoPrint EX-->C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
Canon Utilities My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.EXE" -l0x9 /remove
e-tax 2008-->C:\Documents and Settings\LOZZA\My Documents\cat\etax2008\e-tax 2008_uninstall.exe
e-tax 2009-->MsiExec.exe /X{0A8C7880-F199-4807-ABD4-6E695B71A3D7}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB929120)-->"C:\WINDOWS\$NtUninstallKB929120$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Photo & Imaging 3.1-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 3.0-->"C:\Program Files\HP\Digital Imaging\{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update-->MsiExec.exe /X{CC0A24CB-87C9-4F1C-A1F2-F87D8D4DDCAF}
HP Unload DLL Patch-->MsiExec.exe /X{595D0DE8-C38A-4432-B851-47DECC1A99BD}
InCD EasyWrite Reader-->C:\WINDOWS\unmrw.exe /UNINSTALL
InCD-->C:\WINDOWS\NuNInst.exe /UNINSTALL
Inkjet Printer/Scanner Extended Survey Program-->C:\Program Files\Canon\IJPLM\SETUP.EXE -R
Intel® Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
Intel® Sebring API -->MsiExec.exe /I{67D7BC74-E8DF-4811-9B41-6023A8C9BB3F}
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
IP Operator-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15EC1872-FEAC-4FF6-B2ED-B686BBE183D1}\Setup.exe"
iPod for Windows 2006-03-23-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} /l1033
iTunes-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{59C4F14F-7590-45FC-BE9F-A67AB3590709} /l1033
LG GILJABI-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{89D79952-BF83-4240-B58F-CC45A854AD42}\SETUP.EXE"
LiveUpdate BVRP Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -l0x9
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Memories Disc Creator 2.0-->MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft AntiSpyware-->MsiExec.exe /I{536F7C74-844B-4683-B0C5-EA39E19A6FE3}
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
mobile PhoneTools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}\setup.exe" -l0x9
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
OLYMPUS Master 2-->MsiExec.exe /X{45FCADDB-0B29-457E-83A1-D245C62A716C}
OLYMPUS muvee theaterPack-->MsiExec.exe /X{B3282FB8-874B-4054-8356-9EB391A826F9}
On Screen Display-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BBC0BD8-4974-43A7-A614-B0E006025077}\Setup.exe"
Optus Wireless Broadband-->C:\Program Files\Optus Wireless Broadband\uninst.exe
overland-->MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB883939)-->"C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893066)-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899588)-->"C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB903235)-->"C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931768)-->"C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933566)-->"C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Spyware Doctor 3.8-->"C:\Program Files\Spyware Doctor\unins000.exe"
Startup Mechanic 2.7-->C:\Program Files\Startup Mechanic\uninst.exe
Super DVD Ripper v1.90-->C:\PROGRA~1\SDVDRI~1\UNWISE.EXE C:\PROGRA~1\SDVDRI~1\INSTALL.LOG
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
tammin ScreenSaver-->C:\WINDOWS\tammin.scr /U
Texas Instruments PCIxx20 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{82F2B953-70A4-4DD5-8B7C-4F0ACFDD1E40} /l1033
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB896727)-->"C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update for Windows XP (KB946627)-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB893086-->"C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe

======Security center information======

AV: avast! antivirus 4.7.827 [VPS 0625-7]

======System event log======

Computer Name: LAUREN
Event Code: 51
Message: An error was detected on device \Device\Harddisk0\D during a paging operation.

Record Number: 19644793
Source Name: Disk
Time Written: 20090713211923.000000+600
Event Type: warning
User:

Computer Name: LAUREN
Event Code: 51
Message: An error was detected on device \Device\Harddisk0\D during a paging operation.

Record Number: 19644792
Source Name: Disk
Time Written: 20090713211923.000000+600
Event Type: warning
User:

Computer Name: LAUREN
Event Code: 51
Message: An error was detected on device \Device\Harddisk0\D during a paging operation.

Record Number: 19644791
Source Name: Disk
Time Written: 20090713211923.000000+600
Event Type: warning
User:

Computer Name: LAUREN
Event Code: 51
Message: An error was detected on device \Device\Harddisk0\D during a paging operation.

Record Number: 19644790
Source Name: Disk
Time Written: 20090713211923.000000+600
Event Type: warning
User:

Computer Name: LAUREN
Event Code: 51
Message: An error was detected on device \Device\Harddisk0\D during a paging operation.

Record Number: 19644789
Source Name: Disk
Time Written: 20090713211923.000000+600
Event Type: warning
User:

=====Application event log=====

Computer Name: LAUREN
Event Code: 1517
Message: Windows saved user LAUREN\LOZZA registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 8127
Source Name: Userenv
Time Written: 20070524162857.000000+600
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: LAUREN
Event Code: 1002
Message: Hanging application swdoctor.exe, version 4.0.0.2602, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 8126
Source Name: Application Hang
Time Written: 20070524162756.000000+600
Event Type: error
User:

Computer Name: LAUREN
Event Code: 1517
Message: Windows saved user LAUREN\LOZZA registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 8115
Source Name: Userenv
Time Written: 20070522163144.000000+600
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: LAUREN
Event Code: 1517
Message: Windows saved user LAUREN\LOZZA registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 8109
Source Name: Userenv
Time Written: 20070521213823.000000+600
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: LAUREN
Event Code: 1517
Message: Windows saved user LAUREN\LOZZA registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 8103
Source Name: Userenv
Time Written: 20070520104541.000000+600
Event Type: warning
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: LAUREN
Event Code: 528
Message: Successful Logon:

User Name: LOCAL SERVICE

Domain: NT AUTHORITY

Logon ID: (0x0,0x3E5)

Logon Type: 5

Logon Process: Advapi

Authentication Package: Negotiate

Workstation Name:

Logon GUID: {00000000-0000-0000-0000-000000000000}

Record Number: 75531
Source Name: Security
Time Written: 20090703083352.000000+600
Event Type: audit success
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: LAUREN
Event Code: 515
Message: A trusted logon process has registered with the Local Security Authority.
This logon process will be trusted to submit logon requests.




Logon Process Name: Secondary Logon Service

Record Number: 75530
Source Name: Security
Time Written: 20090703083352.000000+600
Event Type: audit success
User: NT AUTHORITY\SYSTEM

Computer Name: LAUREN
Event Code: 540
Message: Successful Network Logon:

User Name:

Domain:

Logon ID: (0x0,0x199E5)

Logon Type: 3

Logon Process: NtLmSsp

Authentication Package: NTLM

Workstation Name:

Logon GUID: {00000000-0000-0000-0000-000000000000}

Record Number: 75529
Source Name: Security
Time Written: 20090703083352.000000+600
Event Type: audit success
User: NT AUTHORITY\ANONYMOUS LOGON

Computer Name: LAUREN
Event Code: 615
Message: IPSec Services: IPSec Services has started successfully.



Record Number: 75528
Source Name: Security
Time Written: 20090703083352.000000+600
Event Type: audit success
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: LAUREN
Event Code: 615
Message: IPSec Services: IPSec Services failed to get the complete list of network interfaces on the machine. This can be a potential security hazard to the machine since some of the network interfaces may not get the protection as desired by the applied IPSec filters. Please run IPSec monitor snap-in to further diagnose the problem.



Record Number: 75527
Source Name: Security
Time Written: 20090703083352.000000+600
Event Type: audit failure
User: NT AUTHORITY\NETWORK SERVICE

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 9 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=0905
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"VERSION"=3.1.0
"SESSIONID"=1184275444687htx6060.cce.hp.com1bb7be:113bc50bacf:996
"COLLECTIONID"=COL7458
"ITEMID"=ps-22563-2
"UPDATEDIR"=C:\DOCUME~1\LOZZA\LOCALS~1\Temp\radD0BE1.tmp
"TOOLPATH"=/C:\Program%20Files\HP\HP%20Software%20Update\install.htm
"HMSERVER"=https://wwss1proa.cce.hp.com/wuss/servlet/WUSSServlet
"SWUTVER"=1.0.18.20030625
"OSVER"=winXPH
"LANG"=3081
"TIMEOUT"=0
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------



Logfile of random's system information tool 1.06 (written by random/random)
Run by LOZZA at 2009-07-24 22:01:12
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 17 GB (50%) free of 35 GB
Total RAM: 238 MB (19% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:01:18 PM, on 24/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Startup Mechanic\StartupMonitor.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\LOZZA\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\LOZZA.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Startup Manager Scanner] C:\Program Files\Startup Mechanic\StartupMonitor.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows Guard] waumgrd.exe
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O21 - SSODL: EI0FFBAB - {3AC44CCF-09B6-025D-310A-270B1B1C681C} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

--
End of file - 7523 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Critical Battery Alarm Program.job
C:\WINDOWS\tasks\Low Battery Alarm Program.job
C:\WINDOWS\tasks\WebReg 20050501104824.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}]
PCTools Site Guard - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll [2008-02-24 825528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-20 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-06-30 669168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B56A7D7D-6927-48C8-A975-17DF180C71AC}]
PCTools Browser Monitor - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll [2008-02-24 850104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-23 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-20 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2003-10-02 118784]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2003-09-12 110592]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2003-09-12 618496]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2003-03-31 88267]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-12-08 32768]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe [2004-03-04 1294446]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd.exe [2003-06-25 49152]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
"Startup Manager Scanner"=C:\Program Files\Startup Mechanic\StartupMonitor.exe [2004-09-06 86016]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2006-04-28 102448]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2008-03-11 689488]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2008-03-04 1848648]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-14 1694208]
"Windows Guard"=waumgrd.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-10-02 319488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
EI0FFBAB - {3AC44CCF-09B6-025D-310A-270B1B1C681C}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}"=C:\Program Files\Microsoft AntiSpyware\shellextension.dll [2005-06-15 101080]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Windows\system32\mshta.exe"="C:\Windows\system32\mshta.exe:*:Disabled:Microsoft ® HTML Application host"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-07-24 22:01:12 ----D---- C:\rsit
2009-07-13 18:39:24 ----A---- C:\WINDOWS\ntbtlog.txt
2009-07-13 18:34:06 ----D---- C:\Program Files\Trend Micro
2009-07-13 17:00:32 ----D---- C:\Documents and Settings\LOZZA\Application Data\Malwarebytes
2009-07-13 16:58:58 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-13 16:58:57 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-12 18:59:55 ----D---- C:\Program Files\Panda Security
2009-07-12 14:46:45 ----A---- C:\WINDOWS\OEWABLog.txt
2009-07-12 14:31:46 ----D---- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-12 14:31:45 ----D---- C:\Program Files\iTunes
2009-07-12 14:28:01 ----D---- C:\Program Files\Bonjour
2009-07-12 14:24:03 ----D---- C:\Program Files\QuickTime
2009-07-12 14:18:03 ----D---- C:\Program Files\Apple Software Update
2009-07-12 14:17:20 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-07-12 14:16:03 ----D---- C:\Program Files\Common Files\Apple
2009-07-12 14:15:52 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-07-12 12:29:33 ----D---- C:\Program Files\AusLogics Disk Defrag
2009-07-11 18:05:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-11 14:14:29 ----D---- C:\Program Files\CCleaner
2009-07-01 08:21:25 ----D---- C:\etax2009
2009-06-27 07:30:47 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #2.txt
2009-06-26 18:41:55 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt
2009-06-26 18:28:19 ----D---- C:\Program Files\Optus Wireless Broadband

======List of files/folders modified in the last 1 months======

2009-07-24 22:01:07 ----D---- C:\WINDOWS\Prefetch
2009-07-24 21:59:53 ----D---- C:\Windows
2009-07-24 21:59:49 ----D---- C:\WINDOWS\Temp
2009-07-24 21:59:39 ----SHD---- C:\WINDOWS\Installer
2009-07-24 21:59:39 ----SHD---- C:\Config.Msi
2009-07-24 21:58:25 ----D---- C:\WINDOWS\system32\drivers
2009-07-24 21:58:25 ----D---- C:\WINDOWS\system32
2009-07-24 21:46:07 ----A---- C:\WINDOWS\dirsaver.ini
2009-07-13 21:21:37 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-07-13 18:42:41 ----D---- C:\WINDOWS\security
2009-07-13 18:34:06 ----RD---- C:\Program Files
2009-07-13 18:26:50 ----D---- C:\Program Files\Spyware Doctor
2009-07-12 18:59:55 ----HD---- C:\WINDOWS\inf
2009-07-12 18:56:27 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-12 18:56:23 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-12 18:37:01 ----D---- C:\WINDOWS\Minidump
2009-07-12 14:32:11 ----D---- C:\Program Files\iPod
2009-07-12 14:23:52 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-07-12 14:18:42 ----SD---- C:\WINDOWS\Tasks
2009-07-12 14:16:56 ----D---- C:\WINDOWS\WinSxS
2009-07-12 14:16:03 ----D---- C:\Program Files\Common Files
2009-07-12 13:50:53 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-12 12:38:44 ----D---- C:\WINDOWS\system32\wbem
2009-07-12 11:26:21 ----D---- C:\Program Files\eBay
2009-07-11 18:04:22 ----RHD---- C:\$VAULT$.AVG
2009-07-11 14:18:35 ----D---- C:\etax2007
2009-07-11 14:18:28 ----D---- C:\etax2006
2009-07-11 14:17:47 ----D---- C:\etax2005
2009-07-11 14:17:38 ----D---- C:\etax2004
2009-07-11 14:15:15 ----D---- C:\WINDOWS\Debug
2009-07-11 14:15:15 ----D---- C:\Program Files\Microsoft AntiSpyware
2009-07-11 14:15:13 ----SHD---- C:\RECYCLER
2009-07-11 14:09:55 ----D---- C:\Documents and Settings
2009-07-01 07:43:40 ----D---- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2009-06-27 07:29:08 ----A---- C:\WINDOWS\ModemLog_Agere Systems AC'97 Modem.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2006-04-28 24304]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-07-31 43672]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2006-04-28 36176]
R1 ikhfile;File Security Kernel Anti-Spyware Driver; \??\C:\WINDOWS\system32\drivers\ikhfile.sys []
R1 ikhlayer;Kernel Anti-Spyware Driver; \??\C:\WINDOWS\system32\drivers\ikhlayer.sys []
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2004-03-04 27664]
R1 incdrm;InCD EasyWrite Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2003-12-30 28080]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2006-04-28 87424]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.2.1.0; C:\WINDOWS\System32\DRIVERS\mdc8021x.sys [2004-04-03 14037]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\drivers\PfModNT.sys []
R2 s24trans;WLAN Transport; C:\WINDOWS\System32\DRIVERS\s24trans.sys [2003-06-21 10970]
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-10-08 120830]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-10-08 98842]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2003-03-31 1170464]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 EL90XBC;3Com 3C90X-BC Family PCI EtherLink Adapter; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2003-09-14 77463]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2008-10-17 101376]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-10-08 93979]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-10-31 593408]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\System32\DRIVERS\SynTP.sys [2003-09-12 270320]
R3 tifm;tifm; C:\WINDOWS\system32\drivers\tifm.sys [2004-03-01 66816]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 w70n51;Intel® PRO/Wireless 7100 Adapter Driver; C:\WINDOWS\System32\DRIVERS\w70n51.sys [2003-05-02 2379776]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2004-03-04 99568]
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2006-04-28 16352]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2003-08-11 51056]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2003-08-11 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2003-08-11 21488]
S3 lgsnd_filter;lgsnd_filter; C:\WINDOWS\system32\drivers\lgsnd_filter.sys [2003-12-11 7040]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 w22n51;Intel® PRO/Wireless 2200 Adapter Driver; C:\WINDOWS\System32\DRIVERS\w22n51.sys [2004-03-08 1657344]
S4 mchInjDrv;mchInjDrv; \??\C:\WINDOWS\TEMP\mc25.tmp []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2006-04-28 53248]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTSvcCDA.EXE [1999-12-13 44032]
R2 IJPLMSVC;Inkjet Printer/Scanner Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2008-01-22 103808]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2004-03-04 876656]
R2 RegSrvc;RegSrvc; C:\WINDOWS\System32\RegSrvc.exe [2003-06-21 122880]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\WINDOWS\System32\S24EvMon.exe [2003-06-21 303171]
R2 SDhelper;PC Tools Spyware Doctor; C:\Program Files\Spyware Doctor\sdhelp.exe [2008-02-24 895088]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-06-26 53520]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2006-04-28 102448]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2006-04-28 245808]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2006-04-28 364592]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-23 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-06-05 541992]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2003-08-11 65795]

-----------------EOF-----------------

#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:04:24 AM

Posted 24 July 2009 - 10:32 AM

Hi reesa9,

I don't see to much to worry about there just some leftovers which we will clean up, but lets do another check to make sure
their is nothing else hiding in there.


We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs, as this process may crash your computer.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Double click on Gmer to run it.
  • Allow the gmer.sys driver to load if asked.
  • You may see a rootkit warning window, If you do, click No.
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.

Edited by syler, 24 July 2009 - 10:33 AM.

unite.jpg


#5 reesa9

reesa9
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Batchelor, NT, Australia
  • Local time:12:54 PM

Posted 24 July 2009 - 11:19 PM

Cheers.

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-25 14:14:45
Windows 5.1.2600 Service Pack 2


---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\TEMP\mc25.tmp The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\wdfmgr.exe[108] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wdfmgr.exe[108] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\wdfmgr.exe[108] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\wdfmgr.exe[108] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\wdfmgr.exe[108] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\Explorer.EXE[192] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[192] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\Explorer.EXE[192] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\Explorer.EXE[192] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\Explorer.EXE[192] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\msiexec.exe[260] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\msiexec.exe[260] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\msiexec.exe[260] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\msiexec.exe[260] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\msiexec.exe[260] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\msiexec.exe[260] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D
.text C:\Program Files\Bonjour\mDNSResponder.exe[412] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[412] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Bonjour\mDNSResponder.exe[412] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[412] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[412] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[424] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\CTSvcCDA.EXE[424] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\CTSvcCDA.EXE[424] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[424] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[424] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[480] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[480] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[480] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[480] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[480] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\RegSrvc.exe[520] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\RegSrvc.exe[520] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\RegSrvc.exe[520] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\RegSrvc.exe[520] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\RegSrvc.exe[520] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\svchost.exe[624] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[624] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[624] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[624] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\svchost.exe[624] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\csrss.exe[700] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[700] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\csrss.exe[700] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\csrss.exe[700] KERNEL32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\csrss.exe[700] KERNEL32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\winlogon.exe[724] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[724] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\winlogon.exe[724] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\winlogon.exe[724] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\winlogon.exe[724] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\services.exe[768] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[768] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\services.exe[768] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\services.exe[768] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\services.exe[768] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\lsass.exe[780] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[780] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\lsass.exe[780] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\lsass.exe[780] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\lsass.exe[780] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1040] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1040] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1040] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1040] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1040] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\S24EvMon.exe[1176] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\S24EvMon.exe[1176] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\S24EvMon.exe[1176] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\S24EvMon.exe[1176] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\S24EvMon.exe[1176] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\svchost.exe[1224] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1224] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1300] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1300] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\MsPMSPSv.exe[1300] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1300] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1300] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1300] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D
.text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[1312] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[1312] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\svchost.exe[1312] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\spoolsv.exe[1552] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1552] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\spoolsv.exe[1552] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\spoolsv.exe[1552] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1552] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1656] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1656] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1656] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1656] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1656] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1696] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1696] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1696] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1696] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1696] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\alg.exe[1772] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[1772] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\alg.exe[1772] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\alg.exe[1772] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\alg.exe[1772] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\alg.exe[1772] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D
.text C:\WINDOWS\System32\hkcmd.exe[1864] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\hkcmd.exe[1864] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\hkcmd.exe[1864] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\hkcmd.exe[1864] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\hkcmd.exe[1864] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\hkcmd.exe[1864] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1952] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1952] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1952] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1952] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1952] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1952] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1968] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1968] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1968] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1968] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1968] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1968] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D
.text C:\WINDOWS\AGRSMMSG.exe[1988] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\AGRSMMSG.exe[1988] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\AGRSMMSG.exe[1988] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\AGRSMMSG.exe[1988] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\AGRSMMSG.exe[1988] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\AGRSMMSG.exe[1988] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2052] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2052] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2052] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2052] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2052] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2052] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D
.text C:\Program Files\Ahead\InCD\InCD.exe[2120] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Ahead\InCD\InCD.exe[2120] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Ahead\InCD\InCD.exe[2120] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Ahead\InCD\InCD.exe[2120] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Ahead\InCD\InCD.exe[2120] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Ahead\InCD\InCD.exe[2120] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D
.text C:\Program Files\HP\HP Software Update\HPWuSchd.exe[2152] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\HP Software Update\HPWuSchd.exe[2152] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\HP\HP Software Update\HPWuSchd.exe[2152] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd.exe[2152] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd.exe[2152] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd.exe[2152] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2160] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2160] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2160] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2160] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2160] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2160] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D
.text C:\Program Files\Startup Mechanic\StartupMonitor.exe[2176] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Startup Mechanic\StartupMonitor.exe[2176] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Startup Mechanic\StartupMonitor.exe[2176] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Startup Mechanic\StartupMonitor.exe[2176] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Startup Mechanic\StartupMonitor.exe[2176] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Startup Mechanic\StartupMonitor.exe[2176] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D
.text C:\WINDOWS\system32\wuauclt.exe[2728] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wuauclt.exe[2728] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\wuauclt.exe[2728] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\wuauclt.exe[2728] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\wuauclt.exe[2728] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\wuauclt.exe[2728] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D
.text C:\WINDOWS\system32\wuauclt.exe[2892] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wuauclt.exe[2892] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\wuauclt.exe[2892] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\wuauclt.exe[2892] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\wuauclt.exe[2892] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\wuauclt.exe[2892] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D
.text E:\8p6mwmnp.exe[3856] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text E:\8p6mwmnp.exe[3856] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text E:\8p6mwmnp.exe[3856] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text E:\8p6mwmnp.exe[3856] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text E:\8p6mwmnp.exe[3856] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text E:\8p6mwmnp.exe[3856] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Spyware Doctor\sdhelp.exe[564] @ C:\WINDOWS\system32\user32.dll [KERNEL32.dll!CreateThread] [0042B398] C:\Program Files\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd)
IAT C:\Program Files\Spyware Doctor\sdhelp.exe[564] @ C:\WINDOWS\system32\advapi32.dll [KERNEL32.dll!CreateThread] [0042B398] C:\Program Files\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd)
IAT C:\Program Files\Spyware Doctor\sdhelp.exe[564] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [0042B398] C:\Program Files\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd)
IAT C:\Program Files\Spyware Doctor\sdhelp.exe[564] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] [0042B398] C:\Program Files\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd)
IAT C:\Program Files\Spyware Doctor\sdhelp.exe[564] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [0042B398] C:\Program Files\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd)
IAT C:\Program Files\Spyware Doctor\sdhelp.exe[564] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!CreateThread] [0042B398] C:\Program Files\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd)
IAT C:\Program Files\Spyware Doctor\sdhelp.exe[564] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [0042B398] C:\Program Files\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd)
IAT C:\Program Files\Spyware Doctor\sdhelp.exe[564] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] [0042B398] C:\Program Files\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd)
IAT C:\Program Files\Spyware Doctor\sdhelp.exe[564] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] [0042B398] C:\Program Files\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs ikhfile.sys (PCTools Research Pty Ltd.)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat ikhfile.sys (PCTools Research Pty Ltd.)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings@User Agent Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1@Flags 219
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2@CurrentLevel 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2@1001 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2@1004 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2@1201 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2@1406 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2@1407 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2@1607 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2@1800 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2@1804 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2@1805 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2@1A00 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2@1A04 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2@1A05 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2@1C00 196608
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2@1E05 196608
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2@1206 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@CurrentLevel 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@1407 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@1607 0
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\WINDOWS\system32\SHELL32.dll,-9216 My Computer
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\WINDOWS\notepad.exe Notepad
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\WINDOWS\system32\SHELL32.dll,-9319 Printers and Faxes
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-12693 Favorites
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\WINDOWS\Explorer.EXE Windows Explorer
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@explorer.exe,-7024 Internet
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\Program Files\Internet Explorer\iexplore.exe,-702 Internet Explorer
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@explorer.exe,-7025 E-mail
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22069 WordPad
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\WINDOWS\inf\unregmp2.exe,-4 Windows Media Player
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@explorer.exe,-7023 &Run...
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@explorer.exe,-7020 &Search
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@explorer.exe,-7021 &Help and Support
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-21790 My Music
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-21779 My Pictures
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\WINDOWS\system32\SHELL32.dll,-9227 My Documents
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\WINDOWS\system32\netshell.dll,-1200 Network Connections
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\WINDOWS\system32\SHELL32.dll,-8964 Recycle Bin
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shdoclc.dll,-880 Internet Explorer
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@xpsp1res.dll,-11001 Internet Explorer
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@xpsp1res.dll,-11004 Outlook Express
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\WINDOWS\system32\rcbdyctl.dll,-152 Remote Assistance
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22017 Address Book
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22022 Command Prompt
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22051 Notepad
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\WINDOWS\system32\tourstart.exe,-1 Tour Windows XP
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22041 Magnifier
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22048 Narrator
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22052 On-Screen Keyboard
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22065 Utility Manager
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\WINDOWS\system32\xpsp1res.dll,-10077 Set Program Access and Defaults
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22019 Calculator
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22054 Paint
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\WINDOWS\System32\sti_ci.dll,-11 Scanner and Camera Wizard
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\PROGRA~1\MOVIEM~1\wmmres.dll,-61424 Windows Movie Maker
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22016 Accessibility Wizard
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22031 HyperTerminal
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\WINDOWS\System32\mstsc.exe,-4000 Remote Desktop Connection
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22061 Sound Recorder
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22021 Character Map
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22026 Disk Cleanup
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22027 Disk Defragmenter
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\WINDOWS\system32\usmt\migwiz.exe,-202 Files and Settings Transfer Wizard
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22063 System Information
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\WINDOWS\system32\restore\rstrui.exe,-2048 System Restore
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\WINDOWS\System32\comres.dll,-661 Component Services
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22023 Computer Management
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22025 Data Sources (ODBC)


Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22029 Event Viewer
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22055 Performance
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22059 Services
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22030 FreeCell
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\WINDOWS\system32\mshearts.exe,-413 Hearts
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\PROGRA~1\MSNGAM~1\Windows\bckgres.dll,-1212 Internet Backgammon
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\PROGRA~1\MSNGAM~1\Windows\chkrres.dll,-1212 Internet Checkers
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\PROGRA~1\MSNGAM~1\Windows\hrtzres.dll,-1212 Internet Hearts
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\PROGRA~1\MSNGAM~1\Windows\rvseres.dll,-1212 Internet Reversi
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\PROGRA~1\MSNGAM~1\Windows\shvlres.dll,-1212 Internet Spades
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22045 Minesweeper
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22057 Pinball
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22060 Solitaire
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\WINDOWS\system32\spider.exe,-56 Spider Solitaire
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-21761 Accessories
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-21787 Startup
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-21772 Entertainment
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-21760 Accessibility
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22062 Synchronize
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\WINDOWS\system32\compatUI.dll,-115 Program Compatibility Wizard
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22067 Windows Explorer
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22075 Windows Catalog
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-21762 Administrative Tools
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-21773 Games
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-21768 Communications
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-21788 System Tools
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\WINDOWS\system32\netshell.dll,-1010 New Connection Wizard
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\WINDOWS\system32\hnetwiz.dll,-3085 Network Setup Wizard
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22066 Volume Control
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\WINDOWS\system32\oobe\msoobe.exe,-2000 Activate Windows
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22058 Scheduled Tasks
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\Program Files\Battery miser\batterymiser.exe Battery miser
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\Program Files\Internet Explorer\iexplore.exe Internet Explorer
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\Program Files\SpyBlocs\SpyBlocs.exe SpyBlocs
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shdoclc.dll,-881 Finds and displays information and Web sites on the Internet
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shdoclc.dll,-10241 Open &Home Page
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\WINDOWS\system32\NOTEPAD.EXE Notepad
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\Program Files\Common Files\Symantec Shared\ccApp.exe Symantec Common Client User Session
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\Program Files\Common Files\GMT\GMT.exe GAIN Application
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-12704 Internet P&roperties
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-12706 Read &e-mail
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\Program Files\Outlook Express\msimn.exe Outlook Express
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\WINDOWS\system32\SHELL32.dll,-9217 My Network Places
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-21785 Shared Documents
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\WINDOWS\system32\notepad.exe,-469 Text Document
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\PROGRA~1\Ahead\nero\nero.exe Nero Burning ROM
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\Program Files\Windows NT\Accessories\WORDPAD.EXE WordPad
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@%SystemRoot%\inf\unregmp2.exe,-155 Plays your digital media including music, videos, CDs, DVDs, and Internet Radio.
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\Program Files\Windows Media Player\wmplayer.exe Windows Media Player
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\PROGRA~1\QUICKT~1\QuickTimePlayer.exe QuickTime Player
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@"C:\Program Files\Windows NT\Accessories\WORDPAD.EXE",-209 Wordpad Document

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\Cars_Collector-Cars_W0QQfclZ1QQfromZ1883QQfsooZ1QQfsopZ3QQlopgZ3QQsacatZ101893QQsocmdZListingItemList[1].htm 123609 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\Cars_Collector-Cars_W0QQfclZ1QQfromZ1883QQfsooZ1QQfsopZ3QQlopgZ4QQsacatZ101893QQsocmdZListingItemList[1].htm 126163 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CATM49PA.au%2F&ad_type=text&cc=100&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=600&u_his=1&u_java=true 1643 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CAVTHAWN.au%2F&cc=100&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=600&u_his=2&u_java=true 1951 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\track[2].htm 12868 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\transhist_withdrawal[1].gif 362 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\trans_pixel[1].gif 44 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\trans_pixel[2].gif 44 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\9logo[1].gif 2151 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\a273_2[1].jpg 8596 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\a3_1_b[1].jpg 18166 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\a3_2[1].jpg 6957 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\a679a67df52a633a55c29a02ee0cb07d[1].jpg 6028 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\aami[1].gif 2669 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\about_me_off[1].jpg 7465 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\acnielsen[1].js 692 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\77089944398080_0[1].jpg 1545 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\77089957308080_0[1].jpg 1725 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\77089987018080_0[1].jpg 1406 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\77090009548080_0[1].jpg 1489 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\77092487848080_0[1].jpg 1603 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\77092527088080_0[1].jpg 1469 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\77094123108080_0[1].jpg 1603 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\86dc_2[1].jpg 8906 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\896257as[1].jpg 3927 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\8ffc_0[1].jpg 2905 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\8f_2[1].jpg 11904 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\9036_1_t[1].jpg 2297 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CAK5YN4X.gif 34 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CAL0W3LT 88 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CALWKNHH.swf 8664 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\cal_back[1].gif 71 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CAM3GXUR.au%2F&cc=100&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=600&u_his=5&u_java=true 1047 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CAMHGB0B.swf 17532 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CAMJQ7M1.jpg 2210 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CAOXCLYX.htm&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=660&u_his=10&u_java=true 8790 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\cap_bot[1].gif 492 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CAQBSXCH.au%2F&ad_type=text&cc=100&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=600&u_his=2&u_java=true 1020 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\carecredit2[1].gif 2214 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CARE_logo[1].gif 4755 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\carfaxlogo[1].jpg 10156 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\keywords;kw=john+deere+clothing+and+accessories;tn=1;list=all;sz=468x60;ord=1151829199709;[1].htm 368 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\keywords;kw=victa+mower;dcopt=ist;tcat=11700;items=83;sz=440x198;tile=5;ord=1177202530819;[1].htm 310 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\kit-warm[1].gif 796 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\labeltrick[1].js 7300 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\layout_r3_c4[1].gif 117 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\left1bkgd_historical[1].gif 58 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\left1_seasonsautumn[1].gif 1534 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\leftLine_16x3[1].gif 45 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\left_main[1].php 823 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\left_main[2].php 847 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\left_main[3].php 1094 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\left_main[4].php 823 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\b-select-dn[1].gif 1240 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\b927_2[1].jpg 8189 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\back-on[1].gif 1932 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\banner_anim[1].gif 77966 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\base_e4793au[1].js 12706 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\bb[1].jpg 19626 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\bc9e_0[1].jpg 2028 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\bc_0[1].jpg 3037 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\chestnut1[1].gif 7989 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\cj017x14t337[1].js 24555 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\clear[1].gif 49 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\client[1].js 1525 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\cntr_low[1].gif 253 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\compact_tile[1].gif 43 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\comp_info[1].htm 21863 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\comp_info[2].htm 21745 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\comp_info[3].htm 45359 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\comp_info[4].htm 11514 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\comp_info[5].htm 21078 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\comp_info[6].htm 40251 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\comp_info[7].htm 22282 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\comp_info[8].htm 18419 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\eBayISAPI[14].htm 57861 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\eBayISAPI[1].htm 2619 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\eBayISAPI[2].htm 17570 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\eBayISAPI[6].htm 15196 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\img_arrow_indicator_right[1].gif 56 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\img_bullet2[1].gif 57 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\img_logo_jq_new[1].gif 815 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\img_Nokia9300Handset_thumb[1].gif 2598 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\index[1].css 75 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\index[1].htm 0 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\index[1].php 328 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\index[2].htm 323589 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\index[4].htm 15663 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\index_10[1].gif 1215 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\59798673408080_0[1].jpg 2768 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\keywords;kw=early+holden;tn=1;list=all;sz=468x60;ord=1152401535422;[1].htm 368 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\keywords;kw=fj+holden;cat=1;dcopt=ist;tcat=417;items=15;sz=0x0;tile=5;ord=1174101441979;[1].htm 387 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\keywords;kw=fj+holden;tn=1;list=all;sz=468x60;ord=1151402223090;[1].htm 3205 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\keywords;kw=fj+holden;tn=1;list=all;sz=468x60;ord=1162679751893;[1].htm 384 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\keywords;kw=ford+pickup;tn=1;list=all;sz=468x60;ord=1151401463478;[1].htm 3188 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\keywords;kw=fx+holden;tn=1;list=all;sz=468x60;ord=1151400953935;[1].htm 3208 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\keywords;kw=fx+holden;tn=1;list=all;sz=468x60;ord=1151703136133;[1].htm 2659 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\f6_2[1].jpg 6924 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\FadeRow[1].jpg 293 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\family[1].gif 1031 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\featurefootercorner_yellow[1].gif 270 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\fi1T[1].gif 6449 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\Figurines[1].htm 10536 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\flag_13[1].gif 327 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\footer[2].htm 5200 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\footer_position_e5071us[2].js 22 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\98_1_b[1].jpg 21106 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\98_2[1].jpg 8105 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\98_2[2].jpg 9383 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\pointer[1].gif 53 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\pointer[2].gif 55 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\portable-breath-tester_W0QQbsZSearchQQcatrefZC6QQcoactionZcompareQQcoentrypageZsearchQQcopagenumZ1QQfromZR10QQfsooZ1QQfsopZ1QQftrtZ1QQftrvZ1QQga10244Z10425QQ[1].htm 55487 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\poweredByLogo_112x22[1].gif 914 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\prdtimg_n6235[1].jpg 5005 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\PrevNext[1].jpg 2330 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\prev_arrow[1].gif 311 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\printIcon[1].gif 84 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\print_dynamic_120106[1].js 4327 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\product_14[1].gif 562 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\prod_parking[1].gif 425 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CA6F01MB.au%2F&ad_type=text&cc=100&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=600&u_his=3&u_java=true 991 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CA6F4X6R.au%2F&ad_type=text&cc=100&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=600&u_his=3&u_java=true 1726 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CA6PGH9K.au%2F&ad_type=text&cc=100&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=600&u_his=1&u_java=true 1748 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CA76BAQG.au%2F&ad_type=text&cc=100&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=600&u_his=3&u_java=true 1738 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CA94OJPX.gif 34 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CA9K295F.swf 11704 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CA9RZ5KC.au%2F&ad_type=text&cc=100&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=600&u_his=4&u_java=true 1682 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\cabbagepatchkids[1].htm 3688 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\answers_tb[1].gif 378 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\apm_nav[1].gif 2148 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\areaTitleDeployment_e4611au[2].css 1096 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\ariat[1].htm 63652 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\arrow-brown[1].gif 63 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\assoc_page[1].htm 12173 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\Auautoinc_top[1].jpg 33962 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\Auto-Restorers-Paradise_New-Old-Stock-Scarce-Items_W0QQcolZ4QQdirZ1QQfsubZ18QQftidZ2QQtZkm[1].htm 52699 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\sbr_left[1].jpg 311 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\sbr_pdfdownload[1].jpg 7406 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\sbtnbk[1].gif 146 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\searchbox_utils_e4651au[2].js 690 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\searchthiswebsite[1].gif 562 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\search[1].htm 94840 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\search[1].js 1239 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\search[2].htm 19951 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\search[3].htm 21992 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\search[4].htm 21695 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\search[5].htm 21811 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\search_e4991au[1].css 46526 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\contact_off[1].jpg 7569 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\container_e4991au[2].js 5021 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\content_bg[1].gif 2690 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\countdown[1].htm 769 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\cross[1].gif 570 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CSRefinePostCode.ascx[1].js 2094 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\cs_menu[1].js 35744 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\cvl[1].gif 1101 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\D098302B47B932957710341BBC2641[1].jpg 2353 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\d1b160f95d943b9ee443daed713cf146[1].jpg 5130 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\d3ff1418e22dea3ef44154d0daa24cfa[1].jpg 6490 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\holden_eh_t[1].jpg 4709 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\keywords;kw=holden+48+215;tn=1;list=all;sz=468x60;ord=1162679456048;[1].htm 384 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\myebaybidding;dcopt=ist;pos=1;sz=150x36;tile=1;ord=1152352801401;[1].htm 421 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\small_button[1].gif 719 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\sonyglobal[1].gif 750 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\space[1].gif 43 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\spanish[1].gif 342 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\spfooter_bg1[1].gif 159 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\sponsor-pandawbaby[1].jpg 4617 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\sponsor_links[1].xml 984 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\spulsestyle[1].css 14795 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\ssPagename_e4651au[2].js 270 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\StdBanner[2].js 10727 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\mt[1].png 14477 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\mt[2].png 28616 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\mt[3].png 12780 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\ttl_lifeislocal[1].gif 1154 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\type[1].htm 77140 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\59798685928080_0[1].jpg 2744 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\island[1].gif 9078 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\Itemid,89[1].htm 67615 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\item_multi_pic_body_e5071us[2].js 45420 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\itinerary[1].js 1193 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\ItoftheWeek_Q207-PopesCar-275x75[1].gif 12502 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\keithurban[1].htm 5776 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\l_cameron%20rigby%202007[1].jpg 4396 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\l_SEABL-Colour-Logo-very-smal[1].jpg 2140 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\map_05[1].gif 2059 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\map_06[1].gif 992 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\mazda6-mps-th2[1].jpg 7885 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\cars;cat=9800;cat=29690;cat=101893;tn=1;list=all;sz=234x60;ord=1151794293194;[1].htm 1273 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\cars;cat=9800;cat=29690;cat=101893;tn=1;list=all;sz=468x60;ord=1151794835594;[1].htm 368 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\myinfo[1].css 4286 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\my_ebay_summary_body_e5032au[2].js 51554 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\nav7-visitorinfo[1].gif 3579 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\nava_blue_contactus[1].gif 467 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\navBul_selected[1].gif 46 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\new50_468x60[1].swf 26260 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\ninemsn.com[1].htm 58694 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\IE7-WindowsXP-x86-enu[1].exe 25993 bytes executable
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\iframebody_e4651au[2].js 38666 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\image_gg[1].gif 2984 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\image_hd[1].gif 3418 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\img9Dots_10x12[1].gif 61 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\imgCentre_bg[1].gif 287 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\imgFePowered_88x33[1].gif 2579 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\imgGiftVoucher[1].jpg 2710 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\imgPromo_OOL[1].jpg 2231 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\imgStrLogoParts[1].gif 3172 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\imgStrsLftGrey01_9x9[1].gif 846 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\70436766248080_0[1].jpg 2890 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\hdr1bkgd_collectcars[1].gif 80 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\hdrnav_belts[1].gif 276 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\hdr_oursuggestions[1].gif 546 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\hd_bookHere[1].gif 653 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\hd_buying_online[1].gif 595 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\header-bottom[1].gif 676 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\header[1].css 5147 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\hero[1].jpg 30841 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\HF_v3_B_Rides[1].jpg 5006 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\hgrad[1].gif 1455 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\myebaysummary;dcopt=ist;pos=1;sz=150x36;tile=1;ord=1152348750806;[1].htm 395 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\myebaysummary;dcopt=ist;pos=1;sz=150x36;tile=1;ord=1155200594265;[1].htm 377 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\myebaysummary;tile=1;dcopt=ist;pos=1;sz=150x36;ord=1125209850920;[1].htm 410 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CAEN8Z4D.au%2F&ad_type=text&cc=100&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=600&u_his=3&u_java=true 1726 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CAGX6JKF.au%2F&ad_type=text&cc=100&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=600&u_his=20&u_java=true 1669 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CAHODSXP.cgi&cc=100&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=600&u_his=10&u_java=true 1814 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CAI0C1Z8.au%2F&ad_type=text&cc=100&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=600&u_his=2&u_java=true 1782 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CAIBC52F.au%2F&cc=100&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=600&u_his=3&u_java=true 1853 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CAISVZR4.au%2F&cc=100&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=600&u_his=2&u_java=true 2030 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CAJMYL7N.jpg 8223 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CAJY87J1.gif 63 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\box_147_bg[1].gif 172 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\box_footer_bg[1].gif 304 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\BRA019_HP_header_01[1].gif 11567 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\btn_bg[1].gif 283 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\btn_searcharrow[1].gif 122 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\btn_search_autoguide[1].gif 535 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\bub_column_left[1].png 205 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\bub_header_m[1].png 799 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\bullet_gray[1].htm 2146 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\adimage[1].gif 4187 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\adimage[2].gif 0 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\adright[1].gif 151 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\ads[1].js 5670 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\advanced_search[1].htm 10952 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\ag[1].swf 10478 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\airports[1].js 2064 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\alternateBanner[1].js 843 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\animpics[1].swf 8900 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\page_bg[2].gif 89 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\PALKids[1].jpg 3366 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\panel_bg[1].png 2946 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\th_aug_2005_002[1].jpg 3249 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\th_A_dash_3[1].jpg 3395 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\th_Hyundai_Elantra1[1].jpg 3487 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\th_IMGP3195[1].jpg 2926 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\th_side_200sx[1].jpg 3521 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\tigerisland[1].jpg 12541 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\tile_tab0[1].gif 149 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\tipping_comp[1].jpg 4842 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\title_block_sea_world_bottom[1].gif 705 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\tm1-ver1[1].gif 18580 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\toc[1].htm 4979 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\menstab[1].jpg 16272 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\menu_cases[1].gif 419 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\MiddleColumn[1].css 2690 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\mid_3a[1].jpg 341 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\MNP[1].css 2355 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\monogram[1].gif 1144 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\msdefault[2].css 11815 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\msft[2].gif 834 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\msn_b[2].gif 1867 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\mstoolbar[1].htm 6584 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CAYR8DYL.htm 8876 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\ca_0[2].jpg 2660 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CCAfairfax_100x29_20.7.06[1].gif 840 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\cd59_2[1].jpg 9035 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\central_left[1].gif 1007 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\ebaysup_e5092au[1].js 17062 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\ebay[1].css 1094 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\ec_0[1].jpg 2879 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\ej2global_e4631au[2].js 294 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\errorArrow_8x12[1].gif 119 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\error[1].gif 582 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\exit_recovery_iframe_e4651au[2].js 228 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\f0_1[1].jpg 28334 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\t[1].gif 43 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\t_005[1].jpg 2622 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\t_007[1].jpg 5542 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\gcThreatAuditScanData[2].gcz 894626 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\ADAYER-CLASSIC-KIT-CAR-MOULDS-AUSSIE-PHANTOM-ROLS-STYLE_W0QQitemZ150011270991QQihZ005QQcategoryZ2030QQrdZ1QQcmdZViewItem[1].htm 62095 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CAK3RJQC.jpg 2732 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\cars;cat=9800;cat=29690;cat=101893;tn=1;list=all;sz=468x60;ord=1153007976452;[1].htm 694 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CAWD89WL.au%2F&cc=100&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=600&u_his=2&u_java=true 1861 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CAYENDR3.au%2F&ad_type=text&cc=100&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=600&u_java=true 1690 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\rmwilliams1[1].gif 10876 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\round_info[1].htm 42755 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\round_info[2].htm 40913 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\round_info[3].htm 43863 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\round_info[6].htm 55205 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\round_info[7].htm 53848 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\sale[2].htm 23172 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\d7a4_1[1].jpg 22105 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\d9a8_0[1].jpg 2771 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\dancefloor_386x96[1].gif 6509 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\dartRichMedia_1_03[1].js 799 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\default;dcopt=ist;sz=275x300;tile=1;ord=1141032545816;[1].htm 4559 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\default[2].aspx 16067 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\send_to_a_friend[1].gif 834 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\sep_x_dgray[1].gif 79 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\sex_W0QQbsZSearchQQcatrefZC6QQcoactionZcompareQQcoentrypageZsearchQQcopagenumZ1QQfclZ3QQfhlcZ1QQfposZ3355QQfromZR10QQfrppZ50QQfsooZ1QQfsopZ1QQftrtZ1QQftrvZ1Q[1].htm 109453 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\sfg_lb[1].gif 101 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\SFG_WigglesWorld[1].gif 4910 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\shade_br[1].gif 152 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\ford-focus-xr5-th2[1].jpg 6658 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\forum[1].htm 19012 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\forum[2].htm 25749 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\forum[3].htm 40371 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\forum[4].htm 33356 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\forum[5].htm 23163 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\forum[6].htm 58027 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\forum[7].htm 74442 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\forum[8].htm 24725 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\forum[9].htm 25308 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\fsmenu[1].js 10136 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\functions[1].js 15409 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\FX-AND-FJ-HOLDEN-LOCKABLE-STEEERING-COLUMN-RARE-AS_W0QQitemZ150030245753QQihZ005QQcategoryZ32058QQrdZ1QQcmdZViewItem[1].htm 44570 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\bikepics-44488-200[1].jpg 8725 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\blank[1].gif 807 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\blue_11[1].gif 676 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\bnewsletters_off[1].gif 1773 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\book-warm[1].gif 963 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\booking_compact_tabs_bg[1].gif 9545 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\prototype[1].js 47649 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\ps_results_listing_header_bg[1].gif 142 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\pv_enquiry[1].gif 1131 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\pv_small_button_ov[1].gif 722 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\pv_top_slice[1].gif 96 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\ql[1].css 2014 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\racing4_728x90_aus[1].gif 23561 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\raiders[1].gif 1743 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\read_body[1].php 4677 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\read_body[2].php 3685 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\betbar_L[1].gif 175 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\be_2[1].jpg 8009 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\bgcolor[1].gif 151 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\bg_login[1].gif 13421 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\bg_main[1].jpg 33870 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\bg_new[1].gif 573 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\bg_ninnbar_tab[1].gif 138 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\bg_ninnbar_tab_top[1].gif 43 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\biggrin[1].gif 244 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\bigv_4[1].jpg 7662 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\homecooking[1].gif 3580 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\homepage;category=homepage;price=;make=;model=;state=;kw=;visitednew=;sz=120x600;ord=579421[2] 2614 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\homepage[1].css 7712 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\homepage_off[1].gif 2701 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\Homepage__DESKTOP[1].js 3445 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\grad[1].gif 338 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\grad[2].gif 338 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\GTracking[1].js 4882 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\h4[1].gif 1231 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\hclubsites[1].gif 715 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\ebaybase_e4571au[1].js 61570 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\ebaybase_e4951au[1].js 64791 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\ebaybase_e5011au[1].js 66036 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\ebayfooter_e5054au[1].js 34924 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\pagebkg_red[1].jpg 11456 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\progress_line[1].gif 45 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\results[3].htm 14041 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\search_x[1].gif 125 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\stmts-hot[1].gif 889 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\th_7646_1[1].jpg 1800 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\student.uq.edu[1].htm 262414 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\StylesPublic[1].css 2079 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\styleTopNav[1].css 9688 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\style[1].css 3190 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\style[2].css 11060 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\subheader-funstuff-section1[1].jpg 4155 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\syi3_16x16[1].gif 129 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\syi4_16x16[1].gif 125 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\s[2].aspx 16535 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\s[2].gif 49 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\s[4].aspx 16535 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\redbook[1].gif 725 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\reflect2[1].gif 810 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\register[1].htm 1553 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\relocate=;sz=468x60;ord=93413593[1].htm 3845 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\remote_support[1].jpg 1734 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\repoffline[1].gif 556 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\repoffline[2].gif 556 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\reponline[1].gif 556 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\results2body_e4671au[1].js 93920 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\results2body_e4711au[1].js 121198 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\results[1].aspx 4417 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\results[27].htm 13637 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\results[2].htm 13562 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\button-links-over[1].gif 2050 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\button-techiestuff[1].gif 3172 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\button1up[1].png 1235 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\button_continue[1].png 544 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\but_balmin[1].gif 77 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\but_formreset[1].gif 473 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\but_joinnow[1].gif 675 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\wap[1].gif 69 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\webmail[1].htm 327 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\webmail[2].htm 327 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\webmail[3].htm 327 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\whitelist[1].zip 6325 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\wwos2[1].gif 927 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\ygma[2].css 978 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\__Footwear_womens-western-boots_W0QQ_nkwZwomensQ20westernQ20bootsQQtrZrisQQruZhttpQ3aQ2fQ2fsearchQ2eebayQ2ecomQ3a80Q2fsearchQ2fsearchQ2edllQ3fsofocusQ3dunkno[1].htm 55004 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\but_results_2[1].gif 138 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\but_winplace[1].gif 1192 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CA0II30Q.htm 48965 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CA0X6D12.swf 15085 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CA3AADV7.gif 34 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CA43YF9O.au%2F&ad_type=text&cc=100&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=600&u_java=true 1799 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CA4X45IP.au%2F&cc=100&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=600&u_his=2&u_java=true 1686 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CAX7R54K.au%2F&cc=100&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=600&u_his=3&u_java=true 1867 bytes

---- EOF - GMER 1.0.15 ----

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:04:24 AM

Posted 25 July 2009 - 11:51 AM

Hi,

Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished with fixing your computer (I will make it clear when we are), you can uninstall ERUNT through Add/Remove Programs. The backups will be stored at C:\WINDOWS\erdnt, and will not be deleted when ERUNT is uninstalled.

Next

We need to execute an OTM script
  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :Services
    mchInjDrv
    :Reg
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Windows Guard"=-
    :Commands
    [EmptyTemp]
    [Reboot]
  • Push the large Posted Image button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Next

Please run a BitDefender Online Scan
  • Click on the Start Scanner button.
  • Check I Agree to agree to the EULA, then click start here.
  • Allow the ActiveX control to install when prompted.
  • Click Start scan to begin scanning.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop as results.txt and post it in your next reply.
Next

You don't have the latest service pack for windows, The service packs patch security vulnerabilities found in windows. You should
keep these upto date to keep you protected against malware, that can take advantage of these security vulnerabilities to attack
your system.The latest service pack is SP3, Click on Start >> All programs >> Windows update then select Express
and allow it to install all updates including SP3.
Note: If it prompts you to install an ActiveX control allow it to install it.

Then please post back with the Bitdefender report and a new Hijackthis log.

Thanks

unite.jpg


#7 reesa9

reesa9
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Batchelor, NT, Australia
  • Local time:12:54 PM

Posted 26 July 2009 - 03:29 AM

I have run all the scans, logs are below. The only issue I had was it wont install SP3. It always comes up that it failed.

All processes killed
========== SERVICES/DRIVERS ==========
Service\Driver mchInjDrv not found.
Service\Driver key mchInjDrv deleted successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Guard deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: BEN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
->Temp folder emptied: 66252 bytes
->Temporary Internet Files folder emptied: 16786 bytes

User: LOZZA
->Temp folder emptied: 11865164 bytes
->Temporary Internet Files folder emptied: 5118127 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: ROBERT
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: YVONNE
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2161017 bytes
%systemroot%\System32 .tmp files removed: 832930654 bytes
Windows Temp folder emptied: 664 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 812.71 mb


OTM by OldTimer - Version 3.0.0.5 log created on 07262009_144707

Files moved on Reboot...

Registry entries deleted on Reboot...
************************************************************************************************
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-25 14:14:45
Windows 5.1.2600 Service Pack 2


---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\TEMP\mc25.tmp The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\wdfmgr.exe[108] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wdfmgr.exe[108] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\wdfmgr.exe[108] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\wdfmgr.exe[108] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\wdfmgr.exe[108] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\Explorer.EXE[192] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[192] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\Explorer.EXE[192] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\Explorer.EXE[192] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\Explorer.EXE[192] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\msiexec.exe[260] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\msiexec.exe[260] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\msiexec.exe[260] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\msiexec.exe[260] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\msiexec.exe[260] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\msiexec.exe[260] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D
.text C:\Program Files\Bonjour\mDNSResponder.exe[412] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[412] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Bonjour\mDNSResponder.exe[412] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[412] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[412] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[424] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\CTSvcCDA.EXE[424] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\CTSvcCDA.EXE[424] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[424] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\CTSvcCDA.EXE[424] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[480] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[480] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[480] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[480] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[480] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\RegSrvc.exe[520] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\RegSrvc.exe[520] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\RegSrvc.exe[520] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\RegSrvc.exe[520] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\RegSrvc.exe[520] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\svchost.exe[624] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[624] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[624] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[624] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\svchost.exe[624] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\csrss.exe[700] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[700] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\csrss.exe[700] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\csrss.exe[700] KERNEL32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\csrss.exe[700] KERNEL32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\winlogon.exe[724] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[724] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\winlogon.exe[724] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\winlogon.exe[724] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\winlogon.exe[724] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\services.exe[768] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[768] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\services.exe[768] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\services.exe[768] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\services.exe[768] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\lsass.exe[780] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[780] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\lsass.exe[780] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\lsass.exe[780] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\lsass.exe[780] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1040] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1040] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1040] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1040] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1040] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\S24EvMon.exe[1176] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\S24EvMon.exe[1176] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\S24EvMon.exe[1176] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\S24EvMon.exe[1176] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\S24EvMon.exe[1176] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\svchost.exe[1224] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1224] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1300] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1300] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\MsPMSPSv.exe[1300] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1300] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1300] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1300] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D
.text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1312] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[1312] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[1312] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\svchost.exe[1312] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\spoolsv.exe[1552] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1552] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\spoolsv.exe[1552] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\spoolsv.exe[1552] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1552] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1656] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1656] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1656] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1656] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1656] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1696] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1696] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1696] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1696] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1696] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\alg.exe[1772] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[1772] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\alg.exe[1772] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\alg.exe[1772] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\alg.exe[1772] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\alg.exe[1772] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D
.text C:\WINDOWS\System32\hkcmd.exe[1864] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\hkcmd.exe[1864] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\hkcmd.exe[1864] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\hkcmd.exe[1864] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\hkcmd.exe[1864] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\hkcmd.exe[1864] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1952] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1952] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1952] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1952] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1952] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1952] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1968] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1968] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1968] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1968] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1968] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1968] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D
.text C:\WINDOWS\AGRSMMSG.exe[1988] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\AGRSMMSG.exe[1988] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\AGRSMMSG.exe[1988] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\AGRSMMSG.exe[1988] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\AGRSMMSG.exe[1988] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\AGRSMMSG.exe[1988] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2052] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2052] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2052] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2052] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2052] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2052] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D
.text C:\Program Files\Ahead\InCD\InCD.exe[2120] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Ahead\InCD\InCD.exe[2120] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Ahead\InCD\InCD.exe[2120] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Ahead\InCD\InCD.exe[2120] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Ahead\InCD\InCD.exe[2120] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Ahead\InCD\InCD.exe[2120] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D
.text C:\Program Files\HP\HP Software Update\HPWuSchd.exe[2152] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\HP Software Update\HPWuSchd.exe[2152] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\HP\HP Software Update\HPWuSchd.exe[2152] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd.exe[2152] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd.exe[2152] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd.exe[2152] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2160] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2160] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2160] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2160] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2160] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2160] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D
.text C:\Program Files\Startup Mechanic\StartupMonitor.exe[2176] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Startup Mechanic\StartupMonitor.exe[2176] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Startup Mechanic\StartupMonitor.exe[2176] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Startup Mechanic\StartupMonitor.exe[2176] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Startup Mechanic\StartupMonitor.exe[2176] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\Program Files\Startup Mechanic\StartupMonitor.exe[2176] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D
.text C:\WINDOWS\system32\wuauclt.exe[2728] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wuauclt.exe[2728] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\wuauclt.exe[2728] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\wuauclt.exe[2728] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\wuauclt.exe[2728] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\wuauclt.exe[2728] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D
.text C:\WINDOWS\system32\wuauclt.exe[2892] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wuauclt.exe[2892] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\wuauclt.exe[2892] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\wuauclt.exe[2892] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\wuauclt.exe[2892] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\wuauclt.exe[2892] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D
.text E:\8p6mwmnp.exe[3856] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text E:\8p6mwmnp.exe[3856] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text E:\8p6mwmnp.exe[3856] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text E:\8p6mwmnp.exe[3856] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0A0F5A
.text E:\8p6mwmnp.exe[3856] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F040F5A
.text E:\8p6mwmnp.exe[3856] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 5F00003D

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Spyware Doctor\sdhelp.exe[564] @ C:\WINDOWS\system32\user32.dll [KERNEL32.dll!CreateThread] [0042B398] C:\Program Files\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd)
IAT C:\Program Files\Spyware Doctor\sdhelp.exe[564] @ C:\WINDOWS\system32\advapi32.dll [KERNEL32.dll!CreateThread] [0042B398] C:\Program Files\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd)
IAT C:\Program Files\Spyware Doctor\sdhelp.exe[564] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [0042B398] C:\Program Files\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd)
IAT C:\Program Files\Spyware Doctor\sdhelp.exe[564] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] [0042B398] C:\Program Files\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd)
IAT C:\Program Files\Spyware Doctor\sdhelp.exe[564] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [0042B398] C:\Program Files\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd)
IAT C:\Program Files\Spyware Doctor\sdhelp.exe[564] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!CreateThread] [0042B398] C:\Program Files\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd)
IAT C:\Program Files\Spyware Doctor\sdhelp.exe[564] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [0042B398] C:\Program Files\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd)
IAT C:\Program Files\Spyware Doctor\sdhelp.exe[564] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] [0042B398] C:\Program Files\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd)
IAT C:\Program Files\Spyware Doctor\sdhelp.exe[564] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] [0042B398] C:\Program Files\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs ikhfile.sys (PCTools Research Pty Ltd.)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat ikhfile.sys (PCTools Research Pty Ltd.)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings@User Agent Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1@Flags 219
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2@CurrentLevel 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2@1001 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2@1004 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2@1201 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2@1406 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2@1407 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2@1607 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2@1800 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2@1804 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2@1805 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2@1A00 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2@1A04 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2@1A05 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2@1C00 196608
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2@1E05 196608
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2@1206 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@CurrentLevel 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@1407 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3@1607 0
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\WINDOWS\system32\SHELL32.dll,-9216 My Computer
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\WINDOWS\notepad.exe Notepad
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\WINDOWS\system32\SHELL32.dll,-9319 Printers and Faxes
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-12693 Favorites
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\WINDOWS\Explorer.EXE Windows Explorer
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@explorer.exe,-7024 Internet
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\Program Files\Internet Explorer\iexplore.exe,-702 Internet Explorer
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@explorer.exe,-7025 E-mail
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22069 WordPad
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\WINDOWS\inf\unregmp2.exe,-4 Windows Media Player
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@explorer.exe,-7023 &Run...
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@explorer.exe,-7020 &Search
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@explorer.exe,-7021 &Help and Support
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-21790 My Music
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-21779 My Pictures
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\WINDOWS\system32\SHELL32.dll,-9227 My Documents
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\WINDOWS\system32\netshell.dll,-1200 Network Connections
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\WINDOWS\system32\SHELL32.dll,-8964 Recycle Bin
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shdoclc.dll,-880 Internet Explorer
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@xpsp1res.dll,-11001 Internet Explorer
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@xpsp1res.dll,-11004 Outlook Express
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\WINDOWS\system32\rcbdyctl.dll,-152 Remote Assistance
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22017 Address Book
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22022 Command Prompt
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22051 Notepad
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\WINDOWS\system32\tourstart.exe,-1 Tour Windows XP
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22041 Magnifier
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22048 Narrator
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22052 On-Screen Keyboard
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22065 Utility Manager
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\WINDOWS\system32\xpsp1res.dll,-10077 Set Program Access and Defaults
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22019 Calculator
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22054 Paint
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\WINDOWS\System32\sti_ci.dll,-11 Scanner and Camera Wizard
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\PROGRA~1\MOVIEM~1\wmmres.dll,-61424 Windows Movie Maker
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22016 Accessibility Wizard
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22031 HyperTerminal
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\WINDOWS\System32\mstsc.exe,-4000 Remote Desktop Connection
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22061 Sound Recorder
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22021 Character Map
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22026 Disk Cleanup
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22027 Disk Defragmenter
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\WINDOWS\system32\usmt\migwiz.exe,-202 Files and Settings Transfer Wizard
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22063 System Information
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\WINDOWS\system32\restore\rstrui.exe,-2048 System Restore
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\WINDOWS\System32\comres.dll,-661 Component Services
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22023 Computer Management
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22025 Data Sources (ODBC)
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22029 Event Viewer
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22055 Performance
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22059 Services
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22030 FreeCell
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\WINDOWS\system32\mshearts.exe,-413 Hearts
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\PROGRA~1\MSNGAM~1\Windows\bckgres.dll,-1212 Internet Backgammon
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\PROGRA~1\MSNGAM~1\Windows\chkrres.dll,-1212 Internet Checkers
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\PROGRA~1\MSNGAM~1\Windows\hrtzres.dll,-1212 Internet Hearts
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\PROGRA~1\MSNGAM~1\Windows\rvseres.dll,-1212 Internet Reversi
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\PROGRA~1\MSNGAM~1\Windows\shvlres.dll,-1212 Internet Spades
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22045 Minesweeper
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22057 Pinball
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22060 Solitaire
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\WINDOWS\system32\spider.exe,-56 Spider Solitaire
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-21761 Accessories
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-21787 Startup
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-21772 Entertainment
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-21760 Accessibility
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22062 Synchronize
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\WINDOWS\system32\compatUI.dll,-115 Program Compatibility Wizard
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22067 Windows Explorer
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22075 Windows Catalog
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-21762 Administrative Tools
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-21773 Games
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-21768 Communications
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-21788 System Tools
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\WINDOWS\system32\netshell.dll,-1010 New Connection Wizard
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\WINDOWS\system32\hnetwiz.dll,-3085 Network Setup Wizard
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22066 Volume Control
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\WINDOWS\system32\oobe\msoobe.exe,-2000 Activate Windows
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-22058 Scheduled Tasks
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\Program Files\Battery miser\batterymiser.exe Battery miser
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\Program Files\Internet Explorer\iexplore.exe Internet Explorer
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\Program Files\SpyBlocs\SpyBlocs.exe SpyBlocs
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shdoclc.dll,-881 Finds and displays information and Web sites on the Internet
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shdoclc.dll,-10241 Open &Home Page
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\WINDOWS\system32\NOTEPAD.EXE Notepad
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\Program Files\Common Files\Symantec Shared\ccApp.exe Symantec Common Client User Session
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\Program Files\Common Files\GMT\GMT.exe GAIN Application
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-12704 Internet P&roperties
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-12706 Read &e-mail
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\Program Files\Outlook Express\msimn.exe Outlook Express
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\WINDOWS\system32\SHELL32.dll,-9217 My Network Places
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@shell32.dll,-21785 Shared Documents
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@C:\WINDOWS\system32\notepad.exe,-469 Text Document
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\PROGRA~1\Ahead\nero\nero.exe Nero Burning ROM
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\Program Files\Windows NT\Accessories\WORDPAD.EXE WordPad
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@%SystemRoot%\inf\unregmp2.exe,-155 Plays your digital media including music, videos, CDs, DVDs, and Internet Radio.
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\Program Files\Windows Media Player\wmplayer.exe Windows Media Player
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\PROGRA~1\QUICKT~1\QuickTimePlayer.exe QuickTime Player
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@@"C:\Program Files\Windows NT\Accessories\WORDPAD.EXE",-209 Wordpad Document

---- Files - GMER 1.0.15 ----

#8 reesa9

reesa9
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Batchelor, NT, Australia
  • Local time:12:54 PM

Posted 26 July 2009 - 03:30 AM

File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\Cars_Collector-Cars_W0QQfclZ1QQfromZ1883QQfsooZ1QQfsopZ3QQlopgZ3QQsacatZ101893QQsocmdZListingItemList[1].htm 123609 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\Cars_Collector-Cars_W0QQfclZ1QQfromZ1883QQfsooZ1QQfsopZ3QQlopgZ4QQsacatZ101893QQsocmdZListingItemList[1].htm 126163 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CATM49PA.au%2F&ad_type=text&cc=100&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=600&u_his=1&u_java=true 1643 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CAVTHAWN.au%2F&cc=100&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=600&u_his=2&u_java=true 1951 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\track[2].htm 12868 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\transhist_withdrawal[1].gif 362 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\trans_pixel[1].gif 44 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\trans_pixel[2].gif 44 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\9logo[1].gif 2151 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\a273_2[1].jpg 8596 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\a3_1_b[1].jpg 18166 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\a3_2[1].jpg 6957 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\a679a67df52a633a55c29a02ee0cb07d[1].jpg 6028 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\aami[1].gif 2669 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\about_me_off[1].jpg 7465 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\acnielsen[1].js 692 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\77089944398080_0[1].jpg 1545 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\77089957308080_0[1].jpg 1725 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\77089987018080_0[1].jpg 1406 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\77090009548080_0[1].jpg 1489 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\77092487848080_0[1].jpg 1603 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\77092527088080_0[1].jpg 1469 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\77094123108080_0[1].jpg 1603 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\86dc_2[1].jpg 8906 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\896257as[1].jpg 3927 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\8ffc_0[1].jpg 2905 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\8f_2[1].jpg 11904 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\9036_1_t[1].jpg 2297 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CAK5YN4X.gif 34 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CAL0W3LT 88 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CALWKNHH.swf 8664 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\cal_back[1].gif 71 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CAM3GXUR.au%2F&cc=100&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=600&u_his=5&u_java=true 1047 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CAMHGB0B.swf 17532 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CAMJQ7M1.jpg 2210 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CAOXCLYX.htm&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=660&u_his=10&u_java=true 8790 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\cap_bot[1].gif 492 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CAQBSXCH.au%2F&ad_type=text&cc=100&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=600&u_his=2&u_java=true 1020 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\carecredit2[1].gif 2214 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CARE_logo[1].gif 4755 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\carfaxlogo[1].jpg 10156 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\keywords;kw=john+deere+clothing+and+accessories;tn=1;list=all;sz=468x60;ord=1151829199709;[1].htm 368 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\keywords;kw=victa+mower;dcopt=ist;tcat=11700;items=83;sz=440x198;tile=5;ord=1177202530819;[1].htm 310 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\kit-warm[1].gif 796 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\labeltrick[1].js 7300 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\layout_r3_c4[1].gif 117 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\left1bkgd_historical[1].gif 58 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\left1_seasonsautumn[1].gif 1534 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\leftLine_16x3[1].gif 45 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\left_main[1].php 823 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\left_main[2].php 847 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\left_main[3].php 1094 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\left_main[4].php 823 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\b-select-dn[1].gif 1240 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\b927_2[1].jpg 8189 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\back-on[1].gif 1932 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\banner_anim[1].gif 77966 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\base_e4793au[1].js 12706 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\bb[1].jpg 19626 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\bc9e_0[1].jpg 2028 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\bc_0[1].jpg 3037 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\chestnut1[1].gif 7989 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\cj017x14t337[1].js 24555 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\clear[1].gif 49 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\client[1].js 1525 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\cntr_low[1].gif 253 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\compact_tile[1].gif 43 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\comp_info[1].htm 21863 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\comp_info[2].htm 21745 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\comp_info[3].htm 45359 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\comp_info[4].htm 11514 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\comp_info[5].htm 21078 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\comp_info[6].htm 40251 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\comp_info[7].htm 22282 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\comp_info[8].htm 18419 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\eBayISAPI[14].htm 57861 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\eBayISAPI[1].htm 2619 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\eBayISAPI[2].htm 17570 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\eBayISAPI[6].htm 15196 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\img_arrow_indicator_right[1].gif 56 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\img_bullet2[1].gif 57 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\img_logo_jq_new[1].gif 815 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\img_Nokia9300Handset_thumb[1].gif 2598 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\index[1].css 75 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\index[1].htm 0 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\index[1].php 328 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\index[2].htm 323589 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\index[4].htm 15663 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\index_10[1].gif 1215 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\59798673408080_0[1].jpg 2768 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\keywords;kw=early+holden;tn=1;list=all;sz=468x60;ord=1152401535422;[1].htm 368 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\keywords;kw=fj+holden;cat=1;dcopt=ist;tcat=417;items=15;sz=0x0;tile=5;ord=1174101441979;[1].htm 387 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\keywords;kw=fj+holden;tn=1;list=all;sz=468x60;ord=1151402223090;[1].htm 3205 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\keywords;kw=fj+holden;tn=1;list=all;sz=468x60;ord=1162679751893;[1].htm 384 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\keywords;kw=ford+pickup;tn=1;list=all;sz=468x60;ord=1151401463478;[1].htm 3188 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\keywords;kw=fx+holden;tn=1;list=all;sz=468x60;ord=1151400953935;[1].htm 3208 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\keywords;kw=fx+holden;tn=1;list=all;sz=468x60;ord=1151703136133;[1].htm 2659 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\f6_2[1].jpg 6924 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\FadeRow[1].jpg 293 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\family[1].gif 1031 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\featurefootercorner_yellow[1].gif 270 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\fi1T[1].gif 6449 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\Figurines[1].htm 10536 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\flag_13[1].gif 327 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\footer[2].htm 5200 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\footer_position_e5071us[2].js 22 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\98_1_b[1].jpg 21106 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\98_2[1].jpg 8105 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\98_2[2].jpg 9383 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\pointer[1].gif 53 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\pointer[2].gif 55 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\portable-breath-tester_W0QQbsZSearchQQcatrefZC6QQcoactionZcompareQQcoentrypageZsearchQQcopagenumZ1QQfromZR10QQfsooZ1QQfsopZ1QQftrtZ1QQftrvZ1QQga10244Z10425QQ[1].htm 55487 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\poweredByLogo_112x22[1].gif 914 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\prdtimg_n6235[1].jpg 5005 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\PrevNext[1].jpg 2330 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\prev_arrow[1].gif 311 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\printIcon[1].gif 84 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\print_dynamic_120106[1].js 4327 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\product_14[1].gif 562 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\prod_parking[1].gif 425 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CA6F01MB.au%2F&ad_type=text&cc=100&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=600&u_his=3&u_java=true 991 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CA6F4X6R.au%2F&ad_type=text&cc=100&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=600&u_his=3&u_java=true 1726 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CA6PGH9K.au%2F&ad_type=text&cc=100&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=600&u_his=1&u_java=true 1748 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CA76BAQG.au%2F&ad_type=text&cc=100&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=600&u_his=3&u_java=true 1738 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CA94OJPX.gif 34 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CA9K295F.swf 11704 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CA9RZ5KC.au%2F&ad_type=text&cc=100&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=600&u_his=4&u_java=true 1682 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\cabbagepatchkids[1].htm 3688 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\answers_tb[1].gif 378 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\apm_nav[1].gif 2148 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\areaTitleDeployment_e4611au[2].css 1096 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\ariat[1].htm 63652 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\arrow-brown[1].gif 63 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\assoc_page[1].htm 12173 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\Auautoinc_top[1].jpg 33962 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\Auto-Restorers-Paradise_New-Old-Stock-Scarce-Items_W0QQcolZ4QQdirZ1QQfsubZ18QQftidZ2QQtZkm[1].htm 52699 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\sbr_left[1].jpg 311 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\sbr_pdfdownload[1].jpg 7406 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\sbtnbk[1].gif 146 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\searchbox_utils_e4651au[2].js 690 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\searchthiswebsite[1].gif 562 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\search[1].htm 94840 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\search[1].js 1239 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\search[2].htm 19951 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\search[3].htm 21992 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\search[4].htm 21695 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\search[5].htm 21811 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\search_e4991au[1].css 46526 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\contact_off[1].jpg 7569 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\container_e4991au[2].js 5021 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\content_bg[1].gif 2690 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\countdown[1].htm 769 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\cross[1].gif 570 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CSRefinePostCode.ascx[1].js 2094 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\cs_menu[1].js 35744 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\cvl[1].gif 1101 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\D098302B47B932957710341BBC2641[1].jpg 2353 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\d1b160f95d943b9ee443daed713cf146[1].jpg 5130 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\d3ff1418e22dea3ef44154d0daa24cfa[1].jpg 6490 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\holden_eh_t[1].jpg 4709 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\keywords;kw=holden+48+215;tn=1;list=all;sz=468x60;ord=1162679456048;[1].htm 384 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\myebaybidding;dcopt=ist;pos=1;sz=150x36;tile=1;ord=1152352801401;[1].htm 421 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\small_button[1].gif 719 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\sonyglobal[1].gif 750 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\space[1].gif 43 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\spanish[1].gif 342 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\spfooter_bg1[1].gif 159 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\sponsor-pandawbaby[1].jpg 4617 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\sponsor_links[1].xml 984 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\spulsestyle[1].css 14795 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\ssPagename_e4651au[2].js 270 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\StdBanner[2].js 10727 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\mt[1].png 14477 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\mt[2].png 28616 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\mt[3].png 12780 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\ttl_lifeislocal[1].gif 1154 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\type[1].htm 77140 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\59798685928080_0[1].jpg 2744 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\island[1].gif 9078 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\Itemid,89[1].htm 67615 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\item_multi_pic_body_e5071us[2].js 45420 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\itinerary[1].js 1193 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\ItoftheWeek_Q207-PopesCar-275x75[1].gif 12502 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\keithurban[1].htm 5776 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\l_cameron%20rigby%202007[1].jpg 4396 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\l_SEABL-Colour-Logo-very-smal[1].jpg 2140 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\map_05[1].gif 2059 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\map_06[1].gif 992 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\mazda6-mps-th2[1].jpg 7885 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\cars;cat=9800;cat=29690;cat=101893;tn=1;list=all;sz=234x60;ord=1151794293194;[1].htm 1273 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\cars;cat=9800;cat=29690;cat=101893;tn=1;list=all;sz=468x60;ord=1151794835594;[1].htm 368 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\myinfo[1].css 4286 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\my_ebay_summary_body_e5032au[2].js 51554 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\nav7-visitorinfo[1].gif 3579 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\nava_blue_contactus[1].gif 467 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\navBul_selected[1].gif 46 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\new50_468x60[1].swf 26260 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\ninemsn.com[1].htm 58694 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\IE7-WindowsXP-x86-enu[1].exe 25993 bytes executable
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\iframebody_e4651au[2].js 38666 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\image_gg[1].gif 2984 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\image_hd[1].gif 3418 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\img9Dots_10x12[1].gif 61 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\imgCentre_bg[1].gif 287 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\imgFePowered_88x33[1].gif 2579 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\imgGiftVoucher[1].jpg 2710 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\imgPromo_OOL[1].jpg 2231 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\imgStrLogoParts[1].gif 3172 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\imgStrsLftGrey01_9x9[1].gif 846 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\70436766248080_0[1].jpg 2890 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\hdr1bkgd_collectcars[1].gif 80 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\hdrnav_belts[1].gif 276 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\hdr_oursuggestions[1].gif 546 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\hd_bookHere[1].gif 653 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\hd_buying_online[1].gif 595 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\header-bottom[1].gif 676 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\header[1].css 5147 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\hero[1].jpg 30841 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\HF_v3_B_Rides[1].jpg 5006 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\hgrad[1].gif 1455 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\myebaysummary;dcopt=ist;pos=1;sz=150x36;tile=1;ord=1152348750806;[1].htm 395 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\myebaysummary;dcopt=ist;pos=1;sz=150x36;tile=1;ord=1155200594265;[1].htm 377 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\myebaysummary;tile=1;dcopt=ist;pos=1;sz=150x36;ord=1125209850920;[1].htm 410 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CAEN8Z4D.au%2F&ad_type=text&cc=100&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=600&u_his=3&u_java=true 1726 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CAGX6JKF.au%2F&ad_type=text&cc=100&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=600&u_his=20&u_java=true 1669 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CAHODSXP.cgi&cc=100&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=600&u_his=10&u_java=true 1814 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CAI0C1Z8.au%2F&ad_type=text&cc=100&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=600&u_his=2&u_java=true 1782 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CAIBC52F.au%2F&cc=100&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=600&u_his=3&u_java=true 1853 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CAISVZR4.au%2F&cc=100&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=600&u_his=2&u_java=true 2030 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CAJMYL7N.jpg 8223 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CAJY87J1.gif 63 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\box_147_bg[1].gif 172 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\box_footer_bg[1].gif 304 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\BRA019_HP_header_01[1].gif 11567 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\btn_bg[1].gif 283 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\btn_searcharrow[1].gif 122 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\btn_search_autoguide[1].gif 535 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\bub_column_left[1].png 205 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\bub_header_m[1].png 799 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\bullet_gray[1].htm 2146 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\adimage[1].gif 4187 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\adimage[2].gif 0 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\adright[1].gif 151 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\ads[1].js 5670 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\advanced_search[1].htm 10952 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\ag[1].swf 10478 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\airports[1].js 2064 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\alternateBanner[1].js 843 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\animpics[1].swf 8900 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\page_bg[2].gif 89 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\PALKids[1].jpg 3366 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\panel_bg[1].png 2946 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\th_aug_2005_002[1].jpg 3249 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\th_A_dash_3[1].jpg 3395 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\th_Hyundai_Elantra1[1].jpg 3487 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\th_IMGP3195[1].jpg 2926 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\th_side_200sx[1].jpg 3521 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\tigerisland[1].jpg 12541 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\tile_tab0[1].gif 149 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\tipping_comp[1].jpg 4842 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\title_block_sea_world_bottom[1].gif 705 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\tm1-ver1[1].gif 18580 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\toc[1].htm 4979 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\menstab[1].jpg 16272 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\menu_cases[1].gif 419 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\MiddleColumn[1].css 2690 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\mid_3a[1].jpg 341 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\MNP[1].css 2355 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\monogram[1].gif 1144 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\msdefault[2].css 11815 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\msft[2].gif 834 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\msn_b[2].gif 1867 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\mstoolbar[1].htm 6584 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CAYR8DYL.htm 8876 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\ca_0[2].jpg 2660 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CCAfairfax_100x29_20.7.06[1].gif 840 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\cd59_2[1].jpg 9035 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\central_left[1].gif 1007 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\ebaysup_e5092au[1].js 17062 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\ebay[1].css 1094 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\ec_0[1].jpg 2879 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\ej2global_e4631au[2].js 294 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\errorArrow_8x12[1].gif 119 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\error[1].gif 582 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\exit_recovery_iframe_e4651au[2].js 228 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\f0_1[1].jpg 28334 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\t[1].gif 43 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\t_005[1].jpg 2622 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\t_007[1].jpg 5542 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\gcThreatAuditScanData[2].gcz 894626 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\ADAYER-CLASSIC-KIT-CAR-MOULDS-AUSSIE-PHANTOM-ROLS-STYLE_W0QQitemZ150011270991QQihZ005QQcategoryZ2030QQrdZ1QQcmdZViewItem[1].htm 62095 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CAK3RJQC.jpg 2732 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\cars;cat=9800;cat=29690;cat=101893;tn=1;list=all;sz=468x60;ord=1153007976452;[1].htm 694 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CAWD89WL.au%2F&cc=100&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=600&u_his=2&u_java=true 1861 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CAYENDR3.au%2F&ad_type=text&cc=100&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=600&u_java=true 1690 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\rmwilliams1[1].gif 10876 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\round_info[1].htm 42755 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\round_info[2].htm 40913 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\round_info[3].htm 43863 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\round_info[6].htm 55205 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\round_info[7].htm 53848 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\sale[2].htm 23172 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\d7a4_1[1].jpg 22105 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\d9a8_0[1].jpg 2771 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\dancefloor_386x96[1].gif 6509 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\dartRichMedia_1_03[1].js 799 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\default;dcopt=ist;sz=275x300;tile=1;ord=1141032545816;[1].htm 4559 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\default[2].aspx 16067 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\send_to_a_friend[1].gif 834 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\sep_x_dgray[1].gif 79 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\sex_W0QQbsZSearchQQcatrefZC6QQcoactionZcompareQQcoentrypageZsearchQQcopagenumZ1QQfclZ3QQfhlcZ1QQfposZ3355QQfromZR10QQfrppZ50QQfsooZ1QQfsopZ1QQftrtZ1QQftrvZ1Q[1].htm 109453 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\sfg_lb[1].gif 101 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\SFG_WigglesWorld[1].gif 4910 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\shade_br[1].gif 152 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\ford-focus-xr5-th2[1].jpg 6658 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\forum[1].htm 19012 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\forum[2].htm 25749 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\forum[3].htm 40371 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\forum[4].htm 33356 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\forum[5].htm 23163 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\forum[6].htm 58027 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\forum[7].htm 74442 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\forum[8].htm 24725 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\forum[9].htm 25308 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\fsmenu[1].js 10136 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\functions[1].js 15409 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\FX-AND-FJ-HOLDEN-LOCKABLE-STEEERING-COLUMN-RARE-AS_W0QQitemZ150030245753QQihZ005QQcategoryZ32058QQrdZ1QQcmdZViewItem[1].htm 44570 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\bikepics-44488-200[1].jpg 8725 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\blank[1].gif 807 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\blue_11[1].gif 676 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\bnewsletters_off[1].gif 1773 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\book-warm[1].gif 963 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\booking_compact_tabs_bg[1].gif 9545 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\prototype[1].js 47649 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\ps_results_listing_header_bg[1].gif 142 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\pv_enquiry[1].gif 1131 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\pv_small_button_ov[1].gif 722 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\pv_top_slice[1].gif 96 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\ql[1].css 2014 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\racing4_728x90_aus[1].gif 23561 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\raiders[1].gif 1743 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\read_body[1].php 4677 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\read_body[2].php 3685 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\betbar_L[1].gif 175 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\be_2[1].jpg 8009 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\bgcolor[1].gif 151 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\bg_login[1].gif 13421 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\bg_main[1].jpg 33870 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\bg_new[1].gif 573 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\bg_ninnbar_tab[1].gif 138 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\bg_ninnbar_tab_top[1].gif 43 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\biggrin[1].gif 244 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\bigv_4[1].jpg 7662 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\homecooking[1].gif 3580 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\homepage;category=homepage;price=;make=;model=;state=;kw=;visitednew=;sz=120x600;ord=579421[2] 2614 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\homepage[1].css 7712 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\homepage_off[1].gif 2701 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\Homepage__DESKTOP[1].js 3445 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\grad[1].gif 338 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\grad[2].gif 338 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\GTracking[1].js 4882 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\h4[1].gif 1231 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\hclubsites[1].gif 715 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\ebaybase_e4571au[1].js 61570 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\ebaybase_e4951au[1].js 64791 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\ebaybase_e5011au[1].js 66036 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\ebayfooter_e5054au[1].js 34924 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\pagebkg_red[1].jpg 11456 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\progress_line[1].gif 45 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\results[3].htm 14041 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\search_x[1].gif 125 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\stmts-hot[1].gif 889 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\th_7646_1[1].jpg 1800 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\student.uq.edu[1].htm 262414 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\StylesPublic[1].css 2079 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\styleTopNav[1].css 9688 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\style[1].css 3190 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\style[2].css 11060 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\subheader-funstuff-section1[1].jpg 4155 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\syi3_16x16[1].gif 129 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\syi4_16x16[1].gif 125 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\s[2].aspx 16535 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\s[2].gif 49 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\s[4].aspx 16535 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\redbook[1].gif 725 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\reflect2[1].gif 810 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\register[1].htm 1553 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\relocate=;sz=468x60;ord=93413593[1].htm 3845 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\remote_support[1].jpg 1734 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\repoffline[1].gif 556 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\repoffline[2].gif 556 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\reponline[1].gif 556 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\results2body_e4671au[1].js 93920 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\results2body_e4711au[1].js 121198 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\results[1].aspx 4417 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\results[27].htm 13637 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\results[2].htm 13562 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\button-links-over[1].gif 2050 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\button-techiestuff[1].gif 3172 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\button1up[1].png 1235 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\button_continue[1].png 544 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\but_balmin[1].gif 77 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\but_formreset[1].gif 473 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\but_joinnow[1].gif 675 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\wap[1].gif 69 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\webmail[1].htm 327 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\webmail[2].htm 327 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\webmail[3].htm 327 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\whitelist[1].zip 6325 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\wwos2[1].gif 927 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\ygma[2].css 978 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\__Footwear_womens-western-boots_W0QQ_nkwZwomensQ20westernQ20bootsQQtrZrisQQruZhttpQ3aQ2fQ2fsearchQ2eebayQ2ecomQ3a80Q2fsearchQ2fsearchQ2edllQ3fsofocusQ3dunkno[1].htm 55004 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\but_results_2[1].gif 138 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\but_winplace[1].gif 1192 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CA0II30Q.htm 48965 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CA0X6D12.swf 15085 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CA3AADV7.gif 34 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CA43YF9O.au%2F&ad_type=text&cc=100&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=600&u_java=true 1799 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CA4X45IP.au%2F&cc=100&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=600&u_his=2&u_java=true 1686 bytes
File C:\Documents and Settings\LOZZA\Local Settings\Temporary Internet Files\Content.IE5\LS47DHG5\CAX7R54K.au%2F&cc=100&u_h=768&u_w=1024&u_ah=738&u_aw=1024&u_cd=32&u_tz=600&u_his=3&u_java=true 1867 bytes

---- EOF - GMER 1.0.15 ----

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:48:41 PM, on 26/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\notepad.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Startup Mechanic\StartupMonitor.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Optus Wireless Broadband\Optus Wireless Broadband.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Startup Manager Scanner] C:\Program Files\Startup Mechanic\StartupMonitor.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows Guard] waumgrd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5E53500-B84C-4836-B250-961F44EA339D}: NameServer = 61.88.88.88 61.88.88.88
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O21 - SSODL: EI0FFBAB - {3AC44CCF-09B6-025D-310A-270B1B1C681C} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

--
End of file - 8337 bytes

#9 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:04:24 AM

Posted 26 July 2009 - 05:34 AM

Why did you repost the Gmer log? also did you do the scan with Bitdefender? Can you tell me if you no what the
following file is E:\8p6mwmnp.exe

We need to execute an OTM script
  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :Reg
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Windows Guard"=-
    :Files
    C:\WINDOWS\System32\waumgrd.exe
    :Commands
    [Reboot]
  • Push the large Posted Image button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Next

Download and Run FlashDisinfector
  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.

After you have done these steps try to update windows again, if it fails again let me no the exact message you get.

Then please post back here with the following:
  • OTM results
  • Bitdefender report
  • New Hijackthis log
Thanks

unite.jpg


#10 reesa9

reesa9
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Batchelor, NT, Australia
  • Local time:12:54 PM

Posted 26 July 2009 - 07:00 AM

I posted the wrong one sorry, I will post the bit defender one this time. That file is the GMER file that is on my flash drive that I used to transfer the program to this computer. The upgrade didn't work again, I attached a printscreen of the error I got if that helps.

========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Guard deleted successfully.
========== FILES ==========
File/Folder C:\WINDOWS\System32\waumgrd.exe not found.
========== COMMANDS ==========

OTM by OldTimer - Version 3.0.0.5 log created on 07262009_212402


BitDefender Online Scanner



Scan report generated at: Sun, Jul 26, 2009 - 17:29:34





Scan path: C:\Documents and Settings\BEN\My Documents;C:\Documents and Settings\LOZZA\My Documents;C:\Documents and Settings\ROBERT\My Documents;C:\Documents and Settings\YVONNE\My Documents;C:\Documents and Settings\All Users\Documents;C:\;D:\;E:\;F:\;G:\;







Statistics

Time
01:25:44

Files
166979

Folders
5744

Boot Sectors
0

Archives
7964

Packed Files
9512




Results

Identified Viruses
3

Infected Files
4

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
4




Engines Info

Virus Definitions
3849737

Engine build
AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)

Scan plugins
17

Archive plugins
45

Unpack plugins
7

E-mail plugins
6

System plugins
4




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\System Volume Information\_restore{FA088FD3-F597-4394-9D67-2F8FDD475742}\RP425\A0064512.dll
Infected with: Trojan.Spy.Qukart.S

C:\System Volume Information\_restore{FA088FD3-F597-4394-9D67-2F8FDD475742}\RP425\A0064512.dll
Deleted

C:\System Volume Information\_restore{FA088FD3-F597-4394-9D67-2F8FDD475742}\RP425\A0064513.exe
Infected with: Trojan.Spy.Qukart.O

C:\System Volume Information\_restore{FA088FD3-F597-4394-9D67-2F8FDD475742}\RP425\A0064513.exe
Deleted

C:\System Volume Information\_restore{FA088FD3-F597-4394-9D67-2F8FDD475742}\RP425\A0064514.dll
Infected with: Trojan.Spy.Qukart.S

C:\System Volume Information\_restore{FA088FD3-F597-4394-9D67-2F8FDD475742}\RP425\A0064514.dll
Deleted

C:\Windows\system32\TFTP3204
Infected with: Trojan.Generic.1764772

C:\Windows\system32\TFTP3204
Deleted
*********************************************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:58:33 PM, on 26/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Startup Mechanic\StartupMonitor.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Optus Wireless Broadband\Optus Wireless Broadband.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Startup Manager Scanner] C:\Program Files\Startup Mechanic\StartupMonitor.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows Guard] waumgrd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5E53500-B84C-4836-B250-961F44EA339D}: NameServer = 61.88.88.88 61.88.88.88
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O21 - SSODL: EI0FFBAB - {3AC44CCF-09B6-025D-310A-270B1B1C681C} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

--
End of file - 8280 bytes

Attached Files



#11 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:04:24 AM

Posted 26 July 2009 - 07:14 AM

That's strange that entry doesn't want to go, lets leave the updates for now and try something else, can you confirm that you ran
Flash_Disinfector on all your removable/flash drives?

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

unite.jpg


#12 reesa9

reesa9
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Batchelor, NT, Australia
  • Local time:12:54 PM

Posted 27 July 2009 - 03:25 AM

Hi

I ran the flash_disinfector software. As I am doing this for a friend I don't have her ipod, camera or mobile phone to plug in, which by according to the software on here are the only three things I can see she would plug into the laptop. If u want me to remove any of the software I can do that if it helps.

Whilst running combofix I got the error message that is attached as a pic file.


ComboFix 09-07-26.01 - LOZZA 27/07/2009 17:49.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.238.105 [GMT 10:00]
Running from: c:\documents and settings\LOZZA\Desktop\ComboFix.exe
AV: avast! antivirus 4.7.827 [VPS 0625-7] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1280894324-1831770036-1759419085-1003
c:\recycler\S-1-5-21-1826370354-1645979990-1558133286-1003
c:\recycler\S-1-5-21-3616082761-568935814-3439889344-1003
c:\recycler\S-1-5-21-73586283-1606980848-1343024091-1003
c:\windows\Installer\104368.msp
c:\windows\Installer\4cd707b.msi
c:\windows\Installer\a75500.msi
c:\windows\Installer\a75505.msi
c:\windows\Installer\a75736.msi
c:\windows\Installer\a7573b.msi
c:\windows\Installer\a757ba.msi
c:\windows\system\oeminfo.ini
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\_000011_.tmp.dll
c:\windows\system32\_000026_.tmp.dll

.
((((((((((((((((((((((((( Files Created from 2009-06-27 to 2009-07-27 )))))))))))))))))))))))))))))))
.

2009-07-26 03:21 . 2009-07-26 03:22 -------- d-----w- c:\program files\ERUNT
2009-07-24 12:01 . 2009-07-24 12:01 -------- d-----w- C:\rsit
2009-07-13 08:34 . 2009-07-13 08:34 -------- d-----w- c:\program files\Trend Micro
2009-07-13 07:00 . 2009-07-13 07:00 -------- d-----w- c:\documents and settings\LOZZA\Application Data\Malwarebytes
2009-07-13 06:59 . 2009-07-13 03:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 06:58 . 2009-07-13 06:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-13 06:58 . 2009-07-13 03:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-13 06:58 . 2009-07-24 10:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-12 09:00 . 2008-06-19 07:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-07-12 08:59 . 2009-07-12 08:59 -------- d-----w- c:\program files\Panda Security
2009-07-12 04:31 . 2009-07-12 04:32 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-12 04:31 . 2009-07-13 06:59 -------- d-----w- c:\program files\iTunes
2009-07-12 04:28 . 2009-07-12 04:28 -------- d-----w- c:\program files\Bonjour
2009-07-12 04:24 . 2009-07-12 04:26 -------- d-----w- c:\program files\QuickTime
2009-07-12 04:18 . 2009-07-12 04:18 -------- d-----w- c:\documents and settings\LOZZA\Local Settings\Application Data\Apple
2009-07-12 04:18 . 2009-07-12 04:18 -------- d-----w- c:\program files\Apple Software Update
2009-07-12 04:17 . 2009-07-12 04:33 -------- dc----w- c:\windows\system32\DRVSTORE
2009-07-12 04:16 . 2009-07-12 04:32 -------- d-----w- c:\program files\Common Files\Apple
2009-07-12 04:15 . 2009-07-12 04:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-12 02:29 . 2009-07-12 02:30 -------- d-----w- c:\program files\AusLogics Disk Defrag
2009-07-11 04:17 . 2009-07-11 04:17 175834 ----a-w- c:\documents and settings\All Users\cc_20090711_1416.reg
2009-07-11 04:14 . 2009-07-11 04:14 -------- d-----w- c:\program files\CCleaner
2009-07-11 04:11 . 2009-07-11 04:11 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb
2009-06-30 22:21 . 2009-07-10 08:46 -------- d-----w- C:\etax2009

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-27 07:27 . 2008-02-24 06:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-13 08:26 . 2006-04-28 09:09 -------- d-----w- c:\program files\Spyware Doctor
2009-07-12 04:32 . 2006-06-24 23:00 -------- d-----w- c:\program files\iPod
2009-07-12 04:23 . 2006-06-24 23:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-12 01:26 . 2005-05-01 05:15 -------- d-----w- c:\program files\eBay
2009-07-11 04:15 . 2005-05-20 23:55 -------- d-----w- c:\program files\Microsoft AntiSpyware
2009-06-30 21:43 . 2008-12-27 22:29 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2009-06-26 08:41 . 2009-06-26 08:28 -------- d-----w- c:\program files\Optus Wireless Broadband
2009-06-05 03:57 . 2009-06-05 03:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-10-02 118784]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-09-12 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-09-12 618496]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2004-03-03 1294446]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"Startup Manager Scanner"="c:\program files\Startup Mechanic\StartupMonitor.exe" [2004-09-05 86016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2006-04-27 102448]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-03 1848648]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2003-03-31 88267]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"="c:\program files\Spyware Doctor\swdoctor.exe" [2008-02-24 2115728]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-7-7 233472]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Windows\\system32\\mshta.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [12/07/2009 7:00 PM 28544]
S0 ndisrd;ndisrd; [x]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder

2009-07-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 02:34]

2009-07-13 c:\windows\Tasks\WebReg 20050501104824.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2003-07-06 15:43]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Windows Guard - waumgrd.exe
SSODL-EI0FFBAB-{3AC44CCF-09B6-025D-310A-270B1B1C681C} - (no file)


.
------- Supplementary Scan -------
.
TCP: {B5E53500-B84C-4836-B250-961F44EA339D} = 61.88.88.88 61.88.88.88
.
.
------- File Associations -------
.
.

**************************************************************************

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-27 17:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc25.tmp"
.
Completion time: 2009-07-27 18:05
ComboFix-quarantined-files.txt 2009-07-27 08:05

Pre-Run: 18,482,868,224 bytes free
Post-Run: 18,433,515,520 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

144 --- E O F --- 2009-07-26 12:59

Attached Files



#13 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:04:24 AM

Posted 27 July 2009 - 04:24 PM

Hi reesa9,

Looks like erunt had a problem backing up, we already have a backup so it's no problem. Can you try to update again
then post a fresh Rsit log, If you still can't update just post the new Rsit log.

Thanks

unite.jpg


#14 reesa9

reesa9
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Batchelor, NT, Australia
  • Local time:12:54 PM

Posted 29 July 2009 - 03:05 AM

The update still didn't work. Everything is still resetting on reboots.

Logfile of random's system information tool 1.06 (written by random/random)
Run by LOZZA at 2009-07-29 18:02:40
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 18 GB (50%) free of 35 GB
Total RAM: 238 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:02:59 PM, on 29/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Startup Mechanic\StartupMonitor.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Optus Wireless Broadband\Optus Wireless Broadband.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\LOZZA\Desktop\RSIT.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\LOZZA.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Startup Manager Scanner] C:\Program Files\Startup Mechanic\StartupMonitor.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows Guard] waumgrd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5E53500-B84C-4836-B250-961F44EA339D}: NameServer = 61.88.88.88 61.88.88.88
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

--
End of file - 8208 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\WebReg 20050501104824.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}]
PCTools Site Guard - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll [2008-02-24 825528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-20 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-06-30 669168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B56A7D7D-6927-48C8-A975-17DF180C71AC}]
PCTools Browser Monitor - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll [2008-02-24 850104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-23 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-20 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2003-10-02 118784]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2003-09-12 110592]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2003-09-12 618496]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2003-03-31 88267]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-12-08 32768]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe [2004-03-04 1294446]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd.exe [2003-06-25 49152]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
"Startup Manager Scanner"=C:\Program Files\Startup Mechanic\StartupMonitor.exe [2004-09-06 86016]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2006-04-28 102448]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2008-03-11 689488]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2008-03-04 1848648]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-14 1694208]
"Windows Guard"=waumgrd.exe []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\LOZZA\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-10-02 319488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}"=C:\Program Files\Microsoft AntiSpyware\shellextension.dll [2005-06-15 101080]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Windows\system32\mshta.exe"="C:\Windows\system32\mshta.exe:*:Disabled:Microsoft ® HTML Application host"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-07-27 18:05:45 ----D---- C:\WINDOWS\temp
2009-07-27 18:05:32 ----A---- C:\ComboFix.txt
2009-07-27 17:47:51 ----A---- C:\Boot.bak
2009-07-27 17:47:40 ----RASHD---- C:\cmdcons
2009-07-27 17:38:52 ----A---- C:\WINDOWS\zip.exe
2009-07-27 17:38:52 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-07-27 17:38:52 ----A---- C:\WINDOWS\SWSC.exe
2009-07-27 17:38:52 ----A---- C:\WINDOWS\SWREG.exe
2009-07-27 17:38:52 ----A---- C:\WINDOWS\sed.exe
2009-07-27 17:38:52 ----A---- C:\WINDOWS\PEV.exe
2009-07-27 17:38:52 ----A---- C:\WINDOWS\NIRCMD.exe
2009-07-27 17:38:52 ----A---- C:\WINDOWS\grep.exe
2009-07-27 17:32:39 ----D---- C:\Qoobox
2009-07-26 21:33:50 ----RASHD---- C:\autorun.inf
2009-07-26 15:31:34 ----D---- C:\WINDOWS\BDOSCAN8
2009-07-26 14:47:07 ----D---- C:\_OTM
2009-07-26 13:24:45 ----D---- C:\WINDOWS\ERDNT
2009-07-26 13:21:58 ----D---- C:\Program Files\ERUNT
2009-07-24 22:01:12 ----D---- C:\rsit
2009-07-13 18:39:24 ----A---- C:\WINDOWS\ntbtlog.txt
2009-07-13 18:34:06 ----D---- C:\Program Files\Trend Micro
2009-07-13 17:00:32 ----D---- C:\Documents and Settings\LOZZA\Application Data\Malwarebytes
2009-07-13 16:58:58 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-13 16:58:57 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-12 18:59:55 ----D---- C:\Program Files\Panda Security
2009-07-12 14:46:45 ----A---- C:\WINDOWS\OEWABLog.txt
2009-07-12 14:31:46 ----D---- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-12 14:31:45 ----D---- C:\Program Files\iTunes
2009-07-12 14:28:01 ----D---- C:\Program Files\Bonjour
2009-07-12 14:24:03 ----D---- C:\Program Files\QuickTime
2009-07-12 14:18:03 ----D---- C:\Program Files\Apple Software Update
2009-07-12 14:17:20 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-07-12 14:16:03 ----D---- C:\Program Files\Common Files\Apple
2009-07-12 14:15:52 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-07-12 12:29:33 ----D---- C:\Program Files\AusLogics Disk Defrag
2009-07-11 18:05:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-11 14:14:29 ----D---- C:\Program Files\CCleaner
2009-07-01 08:21:25 ----D---- C:\etax2009

======List of files/folders modified in the last 1 months======

2009-07-29 18:02:42 ----D---- C:\WINDOWS\Prefetch
2009-07-29 18:01:27 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt
2009-07-29 17:51:32 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-07-29 17:38:17 ----A---- C:\WINDOWS\dirsaver.ini
2009-07-27 20:03:27 ----D---- C:\Windows
2009-07-27 20:03:16 ----SHD---- C:\WINDOWS\Installer
2009-07-27 20:03:16 ----SHD---- C:\Config.Msi
2009-07-27 18:05:50 ----D---- C:\WINDOWS\system32
2009-07-27 18:03:56 ----SD---- C:\WINDOWS\Tasks
2009-07-27 18:02:26 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-27 17:59:35 ----A---- C:\WINDOWS\system.ini
2009-07-27 17:57:54 ----D---- C:\WINDOWS\system
2009-07-27 17:55:53 ----D---- C:\WINDOWS\system32\drivers
2009-07-27 17:55:53 ----D---- C:\WINDOWS\AppPatch
2009-07-27 17:55:45 ----D---- C:\Program Files\Common Files
2009-07-27 17:49:34 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-27 17:47:51 ----RASH---- C:\boot.ini
2009-07-27 17:14:35 ----D---- C:\WINDOWS\Minidump
2009-07-26 20:00:58 ----D---- C:\WINDOWS\Debug
2009-07-26 17:39:38 ----HD---- C:\WINDOWS\inf
2009-07-26 15:31:40 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-26 13:21:58 ----RD---- C:\Program Files
2009-07-13 18:42:41 ----D---- C:\WINDOWS\security
2009-07-13 18:26:50 ----D---- C:\Program Files\Spyware Doctor
2009-07-12 14:32:11 ----D---- C:\Program Files\iPod
2009-07-12 14:23:52 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-07-12 14:16:56 ----D---- C:\WINDOWS\WinSxS
2009-07-12 12:38:44 ----D---- C:\WINDOWS\system32\wbem
2009-07-12 11:26:21 ----D---- C:\Program Files\eBay
2009-07-11 18:04:22 ----RHD---- C:\$VAULT$.AVG
2009-07-11 14:18:35 ----D---- C:\etax2007
2009-07-11 14:18:28 ----D---- C:\etax2006
2009-07-11 14:17:47 ----D---- C:\etax2005
2009-07-11 14:17:38 ----D---- C:\etax2004
2009-07-11 14:15:15 ----D---- C:\Program Files\Microsoft AntiSpyware
2009-07-11 14:09:55 ----D---- C:\Documents and Settings
2009-07-08 01:10:56 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-01 07:43:40 ----D---- C:\Documents and Settings\All Users\Application Data\CanonIJPLM

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2006-04-28 24304]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-07-31 43672]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2006-04-28 36176]
R1 ikhfile;File Security Kernel Anti-Spyware Driver; \??\C:\WINDOWS\system32\drivers\ikhfile.sys []
R1 ikhlayer;Kernel Anti-Spyware Driver; \??\C:\WINDOWS\system32\drivers\ikhlayer.sys []
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2004-03-04 27664]
R1 incdrm;InCD EasyWrite Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2003-12-30 28080]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2006-04-28 87424]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.2.1.0; C:\WINDOWS\System32\DRIVERS\mdc8021x.sys [2004-04-03 14037]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\drivers\PfModNT.sys []
R2 s24trans;WLAN Transport; C:\WINDOWS\System32\DRIVERS\s24trans.sys [2003-06-21 10970]
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-10-08 120830]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-10-08 98842]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2003-03-31 1170464]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 EL90XBC;3Com 3C90X-BC Family PCI EtherLink Adapter; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2003-09-14 77463]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2008-10-17 101376]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-10-08 93979]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-10-31 593408]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\System32\DRIVERS\SynTP.sys [2003-09-12 270320]
R3 tifm;tifm; C:\WINDOWS\system32\drivers\tifm.sys [2004-03-01 66816]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 w70n51;Intel® PRO/Wireless 7100 Adapter Driver; C:\WINDOWS\System32\DRIVERS\w70n51.sys [2003-05-02 2379776]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2004-03-04 99568]
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2006-04-28 16352]
S3 catchme;catchme; \??\C:\DOCUME~1\LOZZA\LOCALS~1\Temp\catchme.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2003-08-11 51056]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2003-08-11 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2003-08-11 21488]
S3 lgsnd_filter;lgsnd_filter; C:\WINDOWS\system32\drivers\lgsnd_filter.sys [2003-12-11 7040]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 w22n51;Intel® PRO/Wireless 2200 Adapter Driver; C:\WINDOWS\System32\DRIVERS\w22n51.sys [2004-03-08 1657344]
S4 mchInjDrv;mchInjDrv; \??\C:\WINDOWS\TEMP\mc25.tmp []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2006-04-28 53248]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTSvcCDA.EXE [1999-12-13 44032]
R2 IJPLMSVC;Inkjet Printer/Scanner Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2008-01-22 103808]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2004-03-04 876656]
R2 RegSrvc;RegSrvc; C:\WINDOWS\System32\RegSrvc.exe [2003-06-21 122880]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\WINDOWS\System32\S24EvMon.exe [2003-06-21 303171]
R2 SDhelper;PC Tools Spyware Doctor; C:\Program Files\Spyware Doctor\sdhelp.exe [2008-02-24 895088]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-06-26 53520]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2006-04-28 102448]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2006-04-28 245808]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2006-04-28 364592]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-23 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-06-05 541992]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2003-08-11 65795]

-----------------EOF-----------------

#15 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:04:24 AM

Posted 29 July 2009 - 06:38 PM

Hi reesa9,

Can you tell me if you no what the following scheduled jobs are for?

C:\WINDOWS\tasks\Critical Battery Alarm Program.job
C:\WINDOWS\tasks\Low Battery Alarm Program.job
C:\WINDOWS\tasks\WebReg 20050501104824.job

One or more of the identified infections is a backdoor trojan/Rootkit.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide you want to proceed with trying to clean your machine please follow these next steps.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\dirsaver.ini
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Guard"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Windows\system32\mshta.exe"=-
Driver::
ndisrd
mchInjDrv

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Next

Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.

Then please post back here with the following:
  • Combofix.txt
  • checkup.txt
  • New Hijackthis log
Thanks

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users