tvethiopia

5 Posts

April 26th, 2009 05:00

mcafee non-functional, restart issues, boaxxe, sasser?

so basically i have no idea what's going on. i had an issue that i think involved a sasser worm that was not allowing my computer to restart properly. it may have been partially resolved but i think something is still lurking. now mcafee security center will not open and insists i restart to put its updates into effect, but the last time i did that it was an hour before i could get windows to function, so now i'm wary. i've also been having problems with boaxxe for a while, mcafee is awful and couldn't fix it. also, before all the restart troubles, i was getting a lot of advertising popups suddenly. the popups have stopped now, but i don't know if that information is helpful. oh, and internet explorer has so many issues with popups and things i just don't use it anymore and for a while i was just blocking its access to the internet because apparently i do not like to face my problems head on. i am at a total loss and i am throwing myself at your mercy. please save me computer geniuses, you kings among men (or women)!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:28:09 AM, on 4/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
c:\PROGRA~1\mcafee\msc\mcupdui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kate\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/apps/vso/en-us/vso10/default.asp?affid=105-17&dtag=b2j8q71&langid=1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {38e5075c-0721-4a8a-bd69-b3bba51d4fc9} - C:\WINDOWS\system32\pivehiso.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {77EF4E2D-46DA-48FF-B881-7289439AAE51} - C:\WINDOWS\system32\commdl.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [gukelagufa] Rundll32.exe "C:\WINDOWS\system32\jupayobu.dll",s
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [gukelagufa] Rundll32.exe "C:\WINDOWS\system32\jupayobu.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [gukelagufa] Rundll32.exe "C:\WINDOWS\system32\jupayobu.dll",s (User 'NETWORK SERVICE')
O4 - Global Startup: Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5096/mcfscan.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\wirahahe.dll c:\windows\system32\hilavabi.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
O23 - Service: McAfee Application Installer Cleanup (0300701240737835) (0300701240737835mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\030070~1.EXE
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\nrbenffy.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O24 - Desktop Component 0: (no name) - http://www.mrps.org/images/admnstr5.jpg
O24 - Desktop Component 1: (no name) - http://art.newcity.com/wp-content/uploads/2008/12/tracey-emin-love-me.jpg
O24 - Desktop Component 10: (no name) - http://www.myth.com/mythhtmlsite/illum_wizard_jpgs/Europa72.jpg
O24 - Desktop Component 11: (no name) - http://drawings.feanne.com/a6-moonshellsinvade.jpg
O24 - Desktop Component 12: (no name) - http://www.piratestripes.net/scalora/images/lal.jpg
O24 - Desktop Component 13: (no name) - http://www.piratestripes.net/scalora/images/flow.jpg
O24 - Desktop Component 14: (no name) - http://cdn.digitalcity.com/kol/cakewall2.gif
O24 - Desktop Component 15: (no name) - http://tlc.discovery.com/tv/la-ink/wallpaper/gallery/wallpaper5_1280.jpg
O24 - Desktop Component 16: (no name) - http://www.michaelshowalter.net/blog/wp-content/uploads/2008/02/DOODLENAPBIRDSEYE.jpg
O24 - Desktop Component 17: (no name) - http://www.ezthemes.com/previews/s/scaloraglitterpix.jpg
O24 - Desktop Component 18: (no name) - http://www.mylalaland.com/hello/cabaret.jpg
O24 - Desktop Component 19: (no name) - http://drawings.feanne.com/a6-moonshell.jpg
O24 - Desktop Component 2: (no name) - http://farm4.static.flickr.com/3130/2584004790_44eae2955e.jpg
O24 - Desktop Component 20: (no name) - http://drawings.feanne.com/a5-peacockqueen.jpg
O24 - Desktop Component 21: (no name) - http://www.damedarcy.com/dashboard/gallerydata/images/00000047.jpg
O24 - Desktop Component 22: (no name) - http://farm1.static.flickr.com/55/159243116_fba154d114.jpg
O24 - Desktop Component 23: (no name) - C:\Documents and Settings\Kate\Desktop\wind.JPG
O24 - Desktop Component 24: (no name) - http://www.damedarcy.com/dashboard/gallerydata/images/00000057.jpg
O24 - Desktop Component 25: (no name) - http://www.hasselblad.com/media/9b835c80-8aa7-4556-8579-8f0d3702ca3b-Suza_Scalora_4_460.jpg
O24 - Desktop Component 27: (no name) - http://farm3.static.flickr.com/2294/2095446425_8d716fdc4b.jpg?v=1197146383
O24 - Desktop Component 28: (no name) - C:\Documents and Settings\Kate\Desktop\john
O24 - Desktop Component 3: (no name) - http://www.mediabistro.com/unbeige/original/tracey%20emin.jpg
O24 - Desktop Component 4: (no name) - http://antwrp.gsfc.nasa.gov/apod/image/0808/moongames_lavederN080717_9416.jpg
O24 - Desktop Component 5: (no name) - http://www.piratestripes.net/scalora/images/water.jpg
O24 - Desktop Component 6: (no name) - http://drawings.feanne.com/a4-bornaunicorn.jpg
O24 - Desktop Component 7: (no name) - http://drawings.feanne.com/a1-tweentwohilltops.jpg
O24 - Desktop Component 8: (no name) - http://777lleeheflin.org/thoth/highpriestessxvt.jpg
O24 - Desktop Component 9: (no name) - http://www.myth.com/mythhtmlsite/illum_wizard_jpgs/Mazra72.jpg

--
End of file - 13964 bytes

Responses(9)

bamajim

10.4K Posts

April 26th, 2009 18:00

tvethiopia

Please download Combofix and save to your desktop:

Note: It is important that it is saved directly to your desktop
Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the contents of the C:\ComboFix.txt into your next reply.
Note: Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.

bamajim

10.4K Posts

April 26th, 2009 19:00

tvethiopia

Disable McAfee long enough to download and run Combofix.

If you are unable to do so we will do it another way

tvethiopia

5 Posts

April 26th, 2009 19:00

i tried to download combofix and it said it could not be saved due to an unknown error. then mcafee said that it had blocked the generic!artemis trojan. further suggestions?

tvethiopia

5 Posts

April 26th, 2009 20:00

sorry, i can't access mcafee to disable it. alternatives?

bamajim

10.4K Posts

April 28th, 2009 09:00

tvethiopia

Let's do this

1. Go HERE and download File Lister.

Save it to your Desktop
Rt Click ->> Extract all ->> And extract it to your Desktop
Additional help on extracting zip files can be found HERE
Open the File Lister Folder.
Note: Leave the FileLister.vbe file in the folder and run it from there.
Rt Click FileLister.vbe ->>Select Open Then Open to confirm.
As the program runs, it will appear that nothing is happening.
When the program is fnished it will produce a log for you C:\Files.txt

Copy and paste the contents of that log in your reply.

tvethiopia

5 Posts

May 2nd, 2009 21:00

ok, changes to the situation: mcafee is normal again, so i was able to bypass it and download combofix, but when i tried to run it i got a message saying it was corrupted in some way and it was not safe to run. so i tried going the file lister route and that worked. also, i have a new off and on problem where my internet connection says it is fine but nothing will actually connect to the internet. it comes and goes seemingly randomly. anyway, on to the log:

+++++++++++++++++++++++++++++++++
+ File Lister Version 1.1.0                       +
+                                                                    +
+ By bamajim / SpywareHammer.com +
+++++++++++++++++++++++++++++++++

Report ran on --->>> 5/2/2009 10:56:51 PM

====== Running Processes ======

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\WScript.exe

====== BHO's ======

BHO: (NO NAME) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

BHO: (NO NAME) - {38e5075c-0721-4a8a-bd69-b3bba51d4fc9} - C:\WINDOWS\system32\pivehiso.dll

BHO: (NO NAME) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

BHO: (NO NAME) - {77EF4E2D-46DA-48FF-B881-7289439AAE51} - C:\WINDOWS\system32\commdl.dll

BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll

BHO: (NO NAME) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

====== HKLM\~\Run Keys ======

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

[PCMService] = "C:\Program Files\Dell\Media Experience\PCMService.exe"
[Dell Wireless Manager UI] = C:\WINDOWS\system32\WLTRAY
[Dell QuickSet] = C:\Program Files\Dell\QuickSet\quickset.exe
[SynTPLpr] = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[SynTPEnh] = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[SunJavaUpdateSched] = "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
[Dell Photo AIO Printer 922] = "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
[igfxtray] = C:\WINDOWS\system32\igfxtray.exe
[igfxhkcmd] = C:\WINDOWS\system32\hkcmd.exe
[igfxpers] = C:\WINDOWS\system32\igfxpers.exe
[DLBTCATS] = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
[mcagent_exe] = "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
[{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] = C:\Program Files\Google\Gmail Notifier\gnotify.exe
[TkBellExe] = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[MP10_EnsureFileVer] = C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
[QuickTime Task] = "C:\Program Files\QuickTime\QTTask.exe" -atboottime
[iTunesHelper] = "C:\Program Files\iTunes\iTunesHelper.exe"
[LogitechCommunicationsManager] = "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
[LogitechQuickCamRibbon] = "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
[gukelagufa] = Rundll32.exe "C:\WINDOWS\system32\jupayobu.dll",s

====== HKCU\~\Run Keys ======

[Aim6] = HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Aim6
[Picasa Media Detector] = C:\Program Files\Picasa2\PicasaMediaDetector.exe
[MSMSGS] = "C:\Program Files\Messenger\msmsgs.exe" /background
[Messenger (Yahoo!)] = "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

====== DNS Info (List may be empty) ======

HKEY_LOCAL_MACHINE\CCS\~\{1B59AD1E-0964-461F-B2D3-FFFFF8621887}\ NameServer=
HKEY_LOCAL_MACHINE\CCS\~\{4FC1B4CB-C9F6-4A67-8633-8690294B2F10}\ NameServer=
HKEY_LOCAL_MACHINE\CCS\~\{70202C66-F73D-42F0-8E2D-55E8C114369D}\ NameServer=
HKEY_LOCAL_MACHINE\CCS\~\{717B2870-7FE2-42F1-B13F-A532EC272D14}\ NameServer=

HKEY_LOCAL_MACHINE\CS001\~\{1B59AD1E-0964-461F-B2D3-FFFFF8621887}\ NameServer=
HKEY_LOCAL_MACHINE\CS001\~\{4FC1B4CB-C9F6-4A67-8633-8690294B2F10}\ NameServer=
HKEY_LOCAL_MACHINE\CS001\~\{70202C66-F73D-42F0-8E2D-55E8C114369D}\ NameServer=
HKEY_LOCAL_MACHINE\CS001\~\{717B2870-7FE2-42F1-B13F-A532EC272D14}\ NameServer=

HKEY_LOCAL_MACHINE\CS002\~\{1B59AD1E-0964-461F-B2D3-FFFFF8621887}\ NameServer=
HKEY_LOCAL_MACHINE\CS002\~\{4FC1B4CB-C9F6-4A67-8633-8690294B2F10}\ NameServer=
HKEY_LOCAL_MACHINE\CS002\~\{70202C66-F73D-42F0-8E2D-55E8C114369D}\ NameServer=
HKEY_LOCAL_MACHINE\CS002\~\{717B2870-7FE2-42F1-B13F-A532EC272D14}\ NameServer=

HKEY_LOCAL_MACHINE\CS003\~\{1B59AD1E-0964-461F-B2D3-FFFFF8621887}\ NameServer=
HKEY_LOCAL_MACHINE\CS003\~\{4FC1B4CB-C9F6-4A67-8633-8690294B2F10}\ NameServer=
HKEY_LOCAL_MACHINE\CS003\~\{70202C66-F73D-42F0-8E2D-55E8C114369D}\ NameServer=
HKEY_LOCAL_MACHINE\CS003\~\{717B2870-7FE2-42F1-B13F-A532EC272D14}\ NameServer=

====== Folders and Files from "%\" and "%\Windows" Created Last 60 Days ======

5/2/2009 10:44:43 PM    0    C:\Qoobox
5/2/2009 10:44:43 PM    0    C:\Qoobox\Quarantine
5/2/2009 10:44:43 PM    0    C:\Qoobox\Quarantine\Registry_backups
5/2/2009 10:43:14 PM    201    32    C:\Bug.txt
5/2/2009 10:56:51 PM    2806    32    C:\Files.txt
4/25/2009 10:18:59 PM    378544979    C:\WINDOWS\$NtServicePackUninstall$
4/25/2009 10:18:59 PM    2597917    C:\WINDOWS\$NtServicePackUninstall$\spuninst
4/25/2009 10:49:59 PM    2324524    C:\WINDOWS\$NtUninstallKB923561$
4/25/2009 10:49:59 PM    623093    C:\WINDOWS\$NtUninstallKB923561$\spuninst
4/16/2009 3:02:39 AM    2321934    C:\WINDOWS\$NtUninstallKB923561_0$
4/16/2009 3:02:39 AM    631072    C:\WINDOWS\$NtUninstallKB923561_0$\spuninst
4/25/2009 10:50:31 PM    633315    C:\WINDOWS\$NtUninstallKB938464$
4/25/2009 10:50:31 PM    621010    C:\WINDOWS\$NtUninstallKB938464$\spuninst
4/26/2009 3:02:21 AM    621857    C:\WINDOWS\$NtUninstallKB938464-v2$
4/26/2009 3:02:21 AM    621857    C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst
4/25/2009 10:50:41 PM    716778    C:\WINDOWS\$NtUninstallKB946648$
4/25/2009 10:50:41 PM    621403    C:\WINDOWS\$NtUninstallKB946648$\spuninst
4/25/2009 10:50:57 PM    4381161    C:\WINDOWS\$NtUninstallKB950759$
4/25/2009 10:50:57 PM    622026    C:\WINDOWS\$NtUninstallKB950759$\spuninst
4/25/2009 10:51:34 PM    836810    C:\WINDOWS\$NtUninstallKB950762$
4/25/2009 10:51:34 PM    621755    C:\WINDOWS\$NtUninstallKB950762$\spuninst
4/25/2009 10:51:45 PM    880356    C:\WINDOWS\$NtUninstallKB950974$
4/25/2009 10:51:45 PM    621653    C:\WINDOWS\$NtUninstallKB950974$\spuninst
4/25/2009 10:51:59 PM    1325838    C:\WINDOWS\$NtUninstallKB951066$
4/25/2009 10:51:59 PM    621695    C:\WINDOWS\$NtUninstallKB951066$\spuninst
4/25/2009 10:52:16 PM    907546    C:\WINDOWS\$NtUninstallKB951376$
4/25/2009 10:52:16 PM    622091    C:\WINDOWS\$NtUninstallKB951376$\spuninst
4/25/2009 10:52:30 PM    906837    C:\WINDOWS\$NtUninstallKB951376-v2$
4/25/2009 10:52:30 PM    622278    C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst
4/25/2009 10:52:43 PM    1922304    C:\WINDOWS\$NtUninstallKB951698$
4/25/2009 10:52:43 PM    621681    C:\WINDOWS\$NtUninstallKB951698$\spuninst
4/25/2009 10:52:55 PM    1760415    C:\WINDOWS\$NtUninstallKB951748$
4/25/2009 10:52:55 PM    623294    C:\WINDOWS\$NtUninstallKB951748$\spuninst
4/27/2009 3:02:25 AM    2446933    C:\WINDOWS\$NtUninstallKB951978$
4/27/2009 3:02:25 AM    628309    C:\WINDOWS\$NtUninstallKB951978$\spuninst
4/25/2009 10:53:25 PM    2405707    C:\WINDOWS\$NtUninstallKB952004$
4/25/2009 10:53:25 PM    623400    C:\WINDOWS\$NtUninstallKB952004$\spuninst
4/16/2009 3:05:25 AM    2393904    C:\WINDOWS\$NtUninstallKB952004_0$
4/16/2009 3:05:25 AM    633136    C:\WINDOWS\$NtUninstallKB952004_0$\spuninst
4/25/2009 10:53:49 PM    966091    C:\WINDOWS\$NtUninstallKB952287$
4/25/2009 10:53:49 PM    621884    C:\WINDOWS\$NtUninstallKB952287$\spuninst
4/25/2009 10:54:08 PM    707833    C:\WINDOWS\$NtUninstallKB952954$
4/25/2009 10:54:08 PM    621674    C:\WINDOWS\$NtUninstallKB952954$\spuninst
4/25/2009 10:54:29 PM    10235296    C:\WINDOWS\$NtUninstallKB953838$
4/25/2009 10:54:29 PM    623101    C:\WINDOWS\$NtUninstallKB953838$\spuninst
4/25/2009 10:55:41 PM    2480068    C:\WINDOWS\$NtUninstallKB954211$
4/25/2009 10:55:41 PM    621707    C:\WINDOWS\$NtUninstallKB954211$\spuninst
4/25/2009 10:55:53 PM    879288    C:\WINDOWS\$NtUninstallKB954600$
4/25/2009 10:55:53 PM    621762    C:\WINDOWS\$NtUninstallKB954600$\spuninst
4/25/2009 10:56:08 PM    1741129    C:\WINDOWS\$NtUninstallKB955069$
4/25/2009 10:56:08 PM    621754    C:\WINDOWS\$NtUninstallKB955069$\spuninst
4/25/2009 10:56:32 PM    12354999    C:\WINDOWS\$NtUninstallKB956390$
4/25/2009 10:56:32 PM    623124    C:\WINDOWS\$NtUninstallKB956390$\spuninst
4/25/2009 10:57:04 PM    8918161    C:\WINDOWS\$NtUninstallKB956572$
4/25/2009 10:57:04 PM    627334    C:\WINDOWS\$NtUninstallKB956572$\spuninst
4/16/2009 3:06:03 AM    13027323    C:\WINDOWS\$NtUninstallKB956572_0$
4/16/2009 3:06:03 AM    642299    C:\WINDOWS\$NtUninstallKB956572_0$\spuninst
4/25/2009 10:57:27 PM    917062    C:\WINDOWS\$NtUninstallKB956802$
4/25/2009 10:57:28 PM    621678    C:\WINDOWS\$NtUninstallKB956802$\spuninst
4/25/2009 10:57:42 PM    772731    C:\WINDOWS\$NtUninstallKB956803$
4/25/2009 10:57:42 PM    621804    C:\WINDOWS\$NtUninstallKB956803$\spuninst
4/25/2009 10:58:05 PM    638151    C:\WINDOWS\$NtUninstallKB956841$
4/25/2009 10:58:05 PM    621052    C:\WINDOWS\$NtUninstallKB956841$\spuninst
4/25/2009 10:58:16 PM    969013    C:\WINDOWS\$NtUninstallKB957095$
4/25/2009 10:58:16 PM    621734    C:\WINDOWS\$NtUninstallKB957095$\spuninst
4/25/2009 10:58:31 PM    1088857    C:\WINDOWS\$NtUninstallKB957097$
4/25/2009 10:58:31 PM    622081    C:\WINDOWS\$NtUninstallKB957097$\spuninst
4/25/2009 10:58:47 PM    12353792    C:\WINDOWS\$NtUninstallKB958215$
4/25/2009 10:58:47 PM    623124    C:\WINDOWS\$NtUninstallKB958215$\spuninst
4/25/2009 10:59:06 PM    969303    C:\WINDOWS\$NtUninstallKB958644$
4/25/2009 10:59:06 PM    621695    C:\WINDOWS\$NtUninstallKB958644$\spuninst
4/25/2009 10:59:20 PM    965828    C:\WINDOWS\$NtUninstallKB958687$
4/25/2009 10:59:20 PM    621804    C:\WINDOWS\$NtUninstallKB958687$\spuninst
4/25/2009 10:59:33 PM    2478691    C:\WINDOWS\$NtUninstallKB958690$
4/25/2009 10:59:33 PM    621780    C:\WINDOWS\$NtUninstallKB958690$\spuninst
3/11/2009 3:02:07 AM    2474489    C:\WINDOWS\$NtUninstallKB958690_0$
3/11/2009 3:02:07 AM    628473    C:\WINDOWS\$NtUninstallKB958690_0$\spuninst
4/25/2009 10:59:48 PM    1679842    C:\WINDOWS\$NtUninstallKB959426$
4/25/2009 10:59:48 PM    622214    C:\WINDOWS\$NtUninstallKB959426$\spuninst
4/16/2009 3:11:43 AM    1670289    C:\WINDOWS\$NtUninstallKB959426_0$
4/16/2009 3:11:43 AM    629905    C:\WINDOWS\$NtUninstallKB959426_0$\spuninst
4/25/2009 11:00:00 PM    776305    C:\WINDOWS\$NtUninstallKB960225$
4/25/2009 11:00:00 PM    621721    C:\WINDOWS\$NtUninstallKB960225$\spuninst
3/11/2009 3:02:42 AM    773448    C:\WINDOWS\$NtUninstallKB960225_0$
3/11/2009 3:02:42 AM    628552    C:\WINDOWS\$NtUninstallKB960225_0$\spuninst
4/25/2009 11:00:14 PM    6767798    C:\WINDOWS\$NtUninstallKB960714$
4/25/2009 11:00:14 PM    621790    C:\WINDOWS\$NtUninstallKB960714$\spuninst
4/25/2009 11:00:33 PM    986192    C:\WINDOWS\$NtUninstallKB960803$
4/25/2009 11:00:33 PM    621688    C:\WINDOWS\$NtUninstallKB960803$\spuninst
4/16/2009 3:05:02 AM    979876    C:\WINDOWS\$NtUninstallKB960803_0$
4/16/2009 3:05:02 AM    628644    C:\WINDOWS\$NtUninstallKB960803_0$\spuninst
4/25/2009 11:00:50 PM    1920146    C:\WINDOWS\$NtUninstallKB961373$
4/25/2009 11:00:50 PM    621754    C:\WINDOWS\$NtUninstallKB961373$\spuninst
4/16/2009 3:11:16 AM    1916442    C:\WINDOWS\$NtUninstallKB961373_0$
4/16/2009 3:11:16 AM    628762    C:\WINDOWS\$NtUninstallKB961373_0$\spuninst
4/25/2009 11:01:05 PM    12808918    C:\WINDOWS\$NtUninstallKB963027$
4/25/2009 11:01:05 PM    623842    C:\WINDOWS\$NtUninstallKB963027$\spuninst
4/16/2009 3:03:57 AM    12494649    C:\WINDOWS\$NtUninstallKB963027_0$
4/16/2009 3:03:57 AM    644409    C:\WINDOWS\$NtUninstallKB963027_0$\spuninst
4/25/2009 11:01:28 PM    9093548    C:\WINDOWS\$NtUninstallKB967715$
4/25/2009 11:01:28 PM    621670    C:\WINDOWS\$NtUninstallKB967715$\spuninst
4/25/2009 10:18:51 PM    112    C:\WINDOWS\EHome
4/25/2009 10:40:37 PM    46127    C:\WINDOWS\l2schemas
4/25/2009 10:29:42 PM    593564    C:\WINDOWS\network diagnostic
4/25/2009 11:12:25 PM    5375260    C:\WINDOWS\Prefetch
4/26/2009 6:24:39 AM    867    C:\WINDOWS\pss
4/25/2009 10:34:58 PM    487419747    C:\WINDOWS\ServicePackFiles
4/25/2009 10:34:58 PM    484430705    C:\WINDOWS\ServicePackFiles\i386
4/25/2009 10:40:19 PM    49218301    C:\WINDOWS\ServicePackFiles\i386\lang
4/25/2009 10:41:45 PM    2989042    C:\WINDOWS\ServicePackFiles\ServicePackCache
4/25/2009 10:41:45 PM    2989042    C:\WINDOWS\ServicePackFiles\ServicePackCache\i386
4/24/2009 1:27:26 AM    2399    32    C:\WINDOWS\IE4 Error Log.txt
4/16/2009 3:01:15 AM    215970    32    C:\WINDOWS\KB923561.log
4/26/2009 3:00:48 AM    4209    32    C:\WINDOWS\KB938464-v2.log
4/26/2009 4:41:40 PM    52377    32    C:\WINDOWS\KB951978.log
4/15/2009 7:41:46 PM    226908    32    C:\WINDOWS\KB952004.log
4/16/2009 3:05:40 AM    233371    32    C:\WINDOWS\KB956572.log
3/10/2009 7:11:56 PM    216669    32    C:\WINDOWS\KB958690.log
4/15/2009 7:42:30 PM    230753    32    C:\WINDOWS\KB959426.log
3/10/2009 7:12:43 PM    216404    32    C:\WINDOWS\KB960225.log
4/15/2009 7:41:33 PM    224772    32    C:\WINDOWS\KB960803.log
4/15/2009 7:42:20 PM    227679    32    C:\WINDOWS\KB961373.log
4/15/2009 7:40:24 PM    230602    32    C:\WINDOWS\KB963027.log
3/4/2009 11:27:52 AM    6346    32    C:\WINDOWS\ModemLog_LGE CDMA USB Modem #2.txt
4/25/2009 11:13:51 PM    187    32    C:\WINDOWS\spupdsvc.log.1.log
4/25/2009 10:40:35 PM    409088    C:\WINDOWS\system32\bits
4/25/2009 10:40:36 PM    76288    C:\WINDOWS\system32\en
4/25/2009 10:40:42 PM    139264    C:\WINDOWS\system32\en-us
4/25/2009 10:40:39 PM    83456    C:\WINDOWS\system32\scripting
4/25/2009 12:18:42 PM    2098    6    C:\WINDOWS\system32\miduzige.exe
4/25/2009 12:18:42 PM    2098    6    C:\WINDOWS\system32\rejemufa.dll
4/25/2009 12:18:58 PM    2098    6    C:\WINDOWS\system32\sivugejo.dll
4/25/2009 11:13:09 PM    255    32    C:\WINDOWS\system32\spupdwxp.log
4/15/2009 7:39:58 PM    2560    0    C:\WINDOWS\system32\xpsp4res.dll

====== Files under "\Administrator\Startup" Last 60 Days======

====== Files under "\All Users\Startup" Last 60 Days======

====== Files and Folders under "\Program Files" Last 60 Days======

4/22/2009 1:08:23 AM    27815471    C:\Program Files\MSECache
3/8/2009 12:44:25 AM    29372056    C:\Program Files\Yahoo!

====== Files under "\System32\Drivers" Last 60 Days======

====== Files Deleted under "%Temp%" ======

C:\DOCUME~1\Kate\LOCALS~1\Temp\0mg7D.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\1b5c_appcompat.txt
C:\DOCUME~1\Kate\LOCALS~1\Temp\1bs20B.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\1C212.dmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\1c35_appcompat.txt
C:\DOCUME~1\Kate\LOCALS~1\Temp\1C9A4.dmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\1f66_appcompat.txt
C:\DOCUME~1\Kate\LOCALS~1\Temp\1FDF2.dmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\22437.dmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\22466.dmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\29FEF.dmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\2E12E.dmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\309D5.dmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\325AA.dmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\3514D.dmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\35D44.dmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\36199.dmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\36E8A.dmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\3725_appcompat.txt
C:\DOCUME~1\Kate\LOCALS~1\Temp\38732.dmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\4 Squares_{70621C6C-D8DC-4E59-8F0B-9DED1E1A100F}.xml
C:\DOCUME~1\Kate\LOCALS~1\Temp\41e504c.msi
C:\DOCUME~1\Kate\LOCALS~1\Temp\4316_appcompat.txt
C:\DOCUME~1\Kate\LOCALS~1\Temp\4wj54D.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\50's Movie Reel_{0C31C3E1-7E15-4BE7-9854-AD96B7FA2AE7}.xml
C:\DOCUME~1\Kate\LOCALS~1\Temp\5173_appcompat.txt
C:\DOCUME~1\Kate\LOCALS~1\Temp\585571.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\5a51_appcompat.txt
C:\DOCUME~1\Kate\LOCALS~1\Temp\5fb4_appcompat.txt
C:\DOCUME~1\Kate\LOCALS~1\Temp\5OXcdQD8.htm.part
C:\DOCUME~1\Kate\LOCALS~1\Temp\5up636.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\620a_appcompat.txt
C:\DOCUME~1\Kate\LOCALS~1\Temp\656b_appcompat.txt
C:\DOCUME~1\Kate\LOCALS~1\Temp\671a_appcompat.txt
C:\DOCUME~1\Kate\LOCALS~1\Temp\6d48_appcompat.txt
C:\DOCUME~1\Kate\LOCALS~1\Temp\7352_appcompat.txt
C:\DOCUME~1\Kate\LOCALS~1\Temp\7a40_appcompat.txt
C:\DOCUME~1\Kate\LOCALS~1\Temp\7e75_appcompat.txt
C:\DOCUME~1\Kate\LOCALS~1\Temp\80's Music Video_{417F9037-0213-43C4-86BA-979C9E809CAC}.xml
C:\DOCUME~1\Kate\LOCALS~1\Temp\80ce_appcompat.txt
C:\DOCUME~1\Kate\LOCALS~1\Temp\81f8_appcompat.txt
C:\DOCUME~1\Kate\LOCALS~1\Temp\8279_appcompat.txt
C:\DOCUME~1\Kate\LOCALS~1\Temp\87k96.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\8ca2_appcompat.txt
C:\DOCUME~1\Kate\LOCALS~1\Temp\8cd8_appcompat.txt
C:\DOCUME~1\Kate\LOCALS~1\Temp\8cf6_appcompat.txt
C:\DOCUME~1\Kate\LOCALS~1\Temp\8d2d_appcompat.txt
C:\DOCUME~1\Kate\LOCALS~1\Temp\8g1322.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\8n0209.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\8uj5CA.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\9gy80C.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\9ry20.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\a3c_appcompat.txt
C:\DOCUME~1\Kate\LOCALS~1\Temp\a717_appcompat.txt
C:\DOCUME~1\Kate\LOCALS~1\Temp\a8f7_appcompat.txt
C:\DOCUME~1\Kate\LOCALS~1\Temp\AAX1186.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\abm13F4.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\abmC78.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\abmDC8.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\adaf_appcompat.txt
C:\DOCUME~1\Kate\LOCALS~1\Temp\Alien_{C614E398-5BF5-4703-B19C-9D302288098A}.xml
C:\DOCUME~1\Kate\LOCALS~1\Temp\alm.log
C:\DOCUME~1\Kate\LOCALS~1\Temp\amt.log
C:\DOCUME~1\Kate\LOCALS~1\Temp\appdata.xml
C:\DOCUME~1\Kate\LOCALS~1\Temp\army2009.bmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\Arrow_through_head_{A00FE4B0-05E2-494F-B845-2D1ED9C42158}.xml
C:\DOCUME~1\Kate\LOCALS~1\Temp\b16b_appcompat.txt
C:\DOCUME~1\Kate\LOCALS~1\Temp\b2e4_appcompat.txt
C:\DOCUME~1\Kate\LOCALS~1\Temp\b45477.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\b62d_appcompat.txt
C:\DOCUME~1\Kate\LOCALS~1\Temp\Baby_{00252816-D16C-48DE-99A5-766B63041185}.xml
C:\DOCUME~1\Kate\LOCALS~1\Temp\Blockhead_{2A680E6D-4617-499E-98AE-3F5B9CC21755}.xml
C:\DOCUME~1\Kate\LOCALS~1\Temp\bookmarklet.gif
C:\DOCUME~1\Kate\LOCALS~1\Temp\Bootstrap_log.txt
C:\DOCUME~1\Kate\LOCALS~1\Temp\Bulldog_{F4020873-CFEB-4F98-A84E-F248E89C0E23}.xml
C:\DOCUME~1\Kate\LOCALS~1\Temp\butterfinger2.bmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\c46el5t4.html
C:\DOCUME~1\Kate\LOCALS~1\Temp\callingapps.xml
C:\DOCUME~1\Kate\LOCALS~1\Temp\CAMSIC21.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\Cat_{9C7A29A3-BA63-4579-976D-4D3EE0CE7DFA}.xml
C:\DOCUME~1\Kate\LOCALS~1\Temp\Cat_{EBA2DCAA-3B82-4245-ADDD-9A86308EDCEF}.xml
C:\DOCUME~1\Kate\LOCALS~1\Temp\Chalk_{2DA6ED37-5751-49D9-A5AF-4351BABE130F}.xml
C:\DOCUME~1\Kate\LOCALS~1\Temp\chp321.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\cmd.execf
C:\DOCUME~1\Kate\LOCALS~1\Temp\control.xml
C:\DOCUME~1\Kate\LOCALS~1\Temp\Cotton Candy_{3BF23BA9-4B07-4660-AF05-CD3B45EDA2DB}.xml
C:\DOCUME~1\Kate\LOCALS~1\Temp\Crown_{4D5F0C5E-FCE4-4472-A434-D5FD3969FD64}.xml
C:\DOCUME~1\Kate\LOCALS~1\Temp\cxp80.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\d12_appcompat.txt
C:\DOCUME~1\Kate\LOCALS~1\Temp\d231_appcompat.txt
C:\DOCUME~1\Kate\LOCALS~1\Temp\d23F22.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\d57b_appcompat.txt
C:\DOCUME~1\Kate\LOCALS~1\Temp\dba2_appcompat.txt
C:\DOCUME~1\Kate\LOCALS~1\Temp\dcdb_appcompat.txt
C:\DOCUME~1\Kate\LOCALS~1\Temp\de71_appcompat.txt
C:\DOCUME~1\Kate\LOCALS~1\Temp\dentynefacetime.bmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\deu54F.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\dewvoltage.bmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\dietcoke.bmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\Dinosaur_{17F8B0B2-2ED7-4E38-809C-C42BC55111ED}.xml
C:\DOCUME~1\Kate\LOCALS~1\Temp\dm_logoe162c9d8
C:\DOCUME~1\Kate\LOCALS~1\Temp\dtb31F.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\eccc_appcompat.txt
C:\DOCUME~1\Kate\LOCALS~1\Temp\edh1F.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\EditTools.xml
C:\DOCUME~1\Kate\LOCALS~1\Temp\etilqs_7TQZ62s9nu3gv8n
C:\DOCUME~1\Kate\LOCALS~1\Temp\etilqs_Tm9piW5Tcffm8aQ-journal
C:\DOCUME~1\Kate\LOCALS~1\Temp\f3w16B.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\f6c_appcompat.txt
C:\DOCUME~1\Kate\LOCALS~1\Temp\f6f7C6.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\FAP76.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\fdaa_appcompat.txt
C:\DOCUME~1\Kate\LOCALS~1\Temp\fdm8A9.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\Fisheye_{394F17FB-B2D0-45B7-ADBE-B0E77246D89E}.xml
C:\DOCUME~1\Kate\LOCALS~1\Temp\FP_PL_MSI_INSTALLER.exe
C:\DOCUME~1\Kate\LOCALS~1\Temp\Goatee_{09161F3F-1EBD-4781-9EAE-6AB83A674E44}.xml
C:\DOCUME~1\Kate\LOCALS~1\Temp\gtf11F5.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\gupload.log
C:\DOCUME~1\Kate\LOCALS~1\Temp\h7720A.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\hisD0A.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\hondafit09.bmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\HowTo.xml
C:\DOCUME~1\Kate\LOCALS~1\Temp\hsz1E.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\I See A Ghost_{D5594FF7-6B1A-4AF3-8F21-D7A7F32ED6AD}.xml
C:\DOCUME~1\Kate\LOCALS~1\Temp\i0m21.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\ICA7CECC.log
C:\DOCUME~1\Kate\LOCALS~1\Temp\ICA7CECC.log.xml
C:\DOCUME~1\Kate\LOCALS~1\Temp\ICA9517C.log
C:\DOCUME~1\Kate\LOCALS~1\Temp\ICA9517C.log.xml
C:\DOCUME~1\Kate\LOCALS~1\Temp\image.bmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\IMT104F.xml
C:\DOCUME~1\Kate\LOCALS~1\Temp\IMT1050.xml
C:\DOCUME~1\Kate\LOCALS~1\Temp\IMT1051.xml
C:\DOCUME~1\Kate\LOCALS~1\Temp\IMT125F.xml
C:\DOCUME~1\Kate\LOCALS~1\Temp\IMT1260.xml
C:\DOCUME~1\Kate\LOCALS~1\Temp\IMT1261.xml
C:\DOCUME~1\Kate\LOCALS~1\Temp\IMT126C.xml
C:\DOCUME~1\Kate\LOCALS~1\Temp\IMT126D.xml
C:\DOCUME~1\Kate\LOCALS~1\Temp\IMT126E.xml
C:\DOCUME~1\Kate\LOCALS~1\Temp\IMT1270.xml
C:\DOCUME~1\Kate\LOCALS~1\Temp\IMT1271.xml
C:\DOCUME~1\Kate\LOCALS~1\Temp\IMT1272.xml
C:\DOCUME~1\Kate\LOCALS~1\Temp\IMT217.xml
C:\DOCUME~1\Kate\LOCALS~1\Temp\IMT218.xml
C:\DOCUME~1\Kate\LOCALS~1\Temp\IMT219.xml
C:\DOCUME~1\Kate\LOCALS~1\Temp\install_flash_player_10_plugin.msi
C:\DOCUME~1\Kate\LOCALS~1\Temp\iou324.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\iTunes8Setup570.log
C:\DOCUME~1\Kate\LOCALS~1\Temp\iTunesPluginWinSetup_3.0.0.13.exe
C:\DOCUME~1\Kate\LOCALS~1\Temp\iTunesPluginWinSetup_3.0.1.0.exe
C:\DOCUME~1\Kate\LOCALS~1\Temp\iTunesSetup2C4.log
C:\DOCUME~1\Kate\LOCALS~1\Temp\IUJ19192Swap.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\IUJ22960Swap.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\IUJ22972Swap.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\IUJ22978Swap.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\IUJ22984Swap.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\IUJ22990Swap.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\IUJ22996Swap.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\IUJ33882Swap.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\IUJ33891Swap.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\IUJ34302Swap.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\IUJ34714Swap.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\jar_cache11047.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\jar_cache21786.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\jar_cache21790.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\jar_cache21801.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\jar_cache22307.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\jar_cache28617.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\jar_cache32063.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\jar_cache35899.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\jar_cache35900.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\jar_cache35901.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\jar_cache35902.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\jar_cache35903.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\jar_cache39051.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\jar_cache39294.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\jar_cache41895.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\jar_cache44299.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\jar_cache44795.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\jar_cache45705.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\jar_cache46347.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\jar_cache48388.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\jar_cache48492.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\jar_cache4931.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\jar_cache59945.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\jar_cache59946.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\jar_cache59947.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\jar_cache59948.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\jar_cache59949.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\jar_cache59950.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\jar_cache59951.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\jar_cache59952.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\jar_cache59953.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\jar_cache59954.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\jar_cache59955.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\jar_cache59956.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\jar_cache59957.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\jar_cache59958.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\jar_cache59959.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\jar_cache59960.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\jar_cache59968.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\jar_cache59969.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\jar_cache59970.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\jar_cache59971.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\jar_cache59972.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\jar_cache60880.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\jar_cache60882.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\jar_cache8874.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\jar_cache8875.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\java_install.log
C:\DOCUME~1\Kate\LOCALS~1\Temp\java_install_reg.log
C:\DOCUME~1\Kate\LOCALS~1\Temp\jinstall.cfg
C:\DOCUME~1\Kate\LOCALS~1\Temp\jusched.log
C:\DOCUME~1\Kate\LOCALS~1\Temp\katemoennig.bmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\kkj31E.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\kljAA4.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\kx1553.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\Last.fm-1.5.1.29527.exe
C:\DOCUME~1\Kate\LOCALS~1\Temp\LgDrvInst.log
C:\DOCUME~1\Kate\LOCALS~1\Temp\lilo23156
C:\DOCUME~1\Kate\LOCALS~1\Temp\lilo33156
C:\DOCUME~1\Kate\LOCALS~1\Temp\lilo43156
C:\DOCUME~1\Kate\LOCALS~1\Temp\lilo53156
C:\DOCUME~1\Kate\LOCALS~1\Temp\lilo63156
C:\DOCUME~1\Kate\LOCALS~1\Temp\lilo73156
C:\DOCUME~1\Kate\LOCALS~1\Temp\lilo83156
C:\DOCUME~1\Kate\LOCALS~1\Temp\Lion_{E66DDA31-2444-4063-879F-E5C019A4722E}.xml
C:\DOCUME~1\Kate\LOCALS~1\Temp\logierr.log
C:\DOCUME~1\Kate\LOCALS~1\Temp\LVCOMSX.LOG
C:\DOCUME~1\Kate\LOCALS~1\Temp\lvp325.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\mea572.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\Microsoft Office PowerPoint Viewer 2007 (0).log
C:\DOCUME~1\Kate\LOCALS~1\Temp\mmmxl.log
C:\DOCUME~1\Kate\LOCALS~1\Temp\ModelFileHandler.log
C:\DOCUME~1\Kate\LOCALS~1\Temp\Mona Lisa_{6D2F662D-C0A6-4B22-8214-0E6CF43E0335}.xml
C:\DOCUME~1\Kate\LOCALS~1\Temp\Moon_{E71E1B4D-5C32-4792-BFF4-A09D9640AF35}.xml
C:\DOCUME~1\Kate\LOCALS~1\Temp\Mother Nature_{5E8CAF37-B057-4003-B097-8BB0E5952DAA}.xml
C:\DOCUME~1\Kate\LOCALS~1\Temp\MSI2C5.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso109.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso10A.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso119.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso128.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso129.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso138.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso139.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso13A.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso167.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso168.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso177.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso178.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso179.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso17A.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso186.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso187.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso188.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso196.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso197.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso198.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso1B5.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso1B6.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso1C5.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso1C6.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso1C7.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso1C8.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso1E4.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso1E5.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso1E6.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso1E7.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso1F.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso1F4.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso203.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso232.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso242.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso251.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso252.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso253.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso261.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso271.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso272.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso280.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso290.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso2AF.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso2B0.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso2B1.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso2BF.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso2DE.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso2E.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso2EE.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso2EF.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso2F0.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso2FD.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso30D.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso30E.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso32C.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso32D.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso32E.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso32F.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso33C.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso33D.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso33E.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso33F.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso34B.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso35B.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso35C.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso35D.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso38A.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso38B.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso38C.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso3A9.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso3AA.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso3AB.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso3B9.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso3C8.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso3D8.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso3E.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso431.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso432.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso433.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso434.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso435.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso4E.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso4F.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso50.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso51.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso56A.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso56A.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso56B.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso56B.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso56E.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso56E.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso57D.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso57E.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso57F.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso580.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso581.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso582.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso583.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso5D.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso5E.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso7D.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso8C.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso8D.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso8E.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mso9C.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\msoAB.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\msoAC.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\msoAD.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\msoAE.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\msoAF.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\msoB0.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\msoBB.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\msoEA.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\msoEAA.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\msoEB.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\msoEC.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\msoED.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\msoEE.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\msoFA.wmf
C:\DOCUME~1\Kate\LOCALS~1\Temp\mvt.cab
C:\DOCUME~1\Kate\LOCALS~1\Temp\mvtapp.log
C:\DOCUME~1\Kate\LOCALS~1\Temp\MVTDetection.log
C:\DOCUME~1\Kate\LOCALS~1\Temp\Neonize_{481A76E6-7496-4674-88A0-7608DBE300D3}.xml
C:\DOCUME~1\Kate\LOCALS~1\Temp\nhi320.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\niu637.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\olaA5E.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\PCULog0.txt
C:\DOCUME~1\Kate\LOCALS~1\Temp\PCULog1.txt
C:\DOCUME~1\Kate\LOCALS~1\Temp\PCULog2.txt
C:\DOCUME~1\Kate\LOCALS~1\Temp\PCULog3.txt
C:\DOCUME~1\Kate\LOCALS~1\Temp\PICT0007.JPG
C:\DOCUME~1\Kate\LOCALS~1\Temp\pif483.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\Pig_nose_{52373697-C0A7-40C9-A9D0-F448C0E7A621}.xml
C:\DOCUME~1\Kate\LOCALS~1\Temp\pushing-daisies._V11952822_.jpg
C:\DOCUME~1\Kate\LOCALS~1\Temp\q09A64.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\q2oE1.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\q40AA5.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\q7i21D.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\qc10install.log
C:\DOCUME~1\Kate\LOCALS~1\Temp\qcsetup.log
C:\DOCUME~1\Kate\LOCALS~1\Temp\qfs323.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\qg0396.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\qlfAA6.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\qpj670.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\QTInstallCode.log
C:\DOCUME~1\Kate\LOCALS~1\Temp\qtplugin.log
C:\DOCUME~1\Kate\LOCALS~1\Temp\Queen Victoria Empress of India.pptx
C:\DOCUME~1\Kate\LOCALS~1\Temp\quickcamenu.exe.sig
C:\DOCUME~1\Kate\LOCALS~1\Temp\ra81B.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\Raccoons_{C7AA1B3E-50D2-49C0-A916-247607BFB791}.xml
C:\DOCUME~1\Kate\LOCALS~1\Temp\RhapInstTemp.exe
C:\DOCUME~1\Kate\LOCALS~1\Temp\rix10CE.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\rix126.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\rix127.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\rix15A.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\rix15B.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\rix179.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\rix19E.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\rix19F.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\rix1A.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\rix1A0.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\rix1A1.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\rix1B.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\rix1C.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\rix417.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\rix418.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\rix42.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\Robot_Face_{446DBFE6-4E06-4320-818C-AFCE072048D2}.xml
C:\DOCUME~1\Kate\LOCALS~1\Temp\s0y47B.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\sftv3_1800.gif
C:\DOCUME~1\Kate\LOCALS~1\Temp\share-1.gif
C:\DOCUME~1\Kate\LOCALS~1\Temp\share.gif
C:\DOCUME~1\Kate\LOCALS~1\Temp\share_button_ff_win.gif
C:\DOCUME~1\Kate\LOCALS~1\Temp\Shark_{0B0FB8EA-CC0B-4FB8-BFD1-F1AB182761DC}.xml
C:\DOCUME~1\Kate\LOCALS~1\Temp\Shutdown_.txt
C:\DOCUME~1\Kate\LOCALS~1\Temp\spring_syllabus_2009_130p.doc
C:\DOCUME~1\Kate\LOCALS~1\Temp\SqbXQV++.wmv.part
C:\DOCUME~1\Kate\LOCALS~1\Temp\srv333.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\Stick_Figure_{A1A13D7E-C668-4046-B7BC-400922F632D4}.xml
C:\DOCUME~1\Kate\LOCALS~1\Temp\stpE2.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\SUITELOG.TXT
C:\DOCUME~1\Kate\LOCALS~1\Temp\Supporatability.log
C:\DOCUME~1\Kate\LOCALS~1\Temp\swt-awt-win32-3346.dll
C:\DOCUME~1\Kate\LOCALS~1\Temp\swt-win32-3346.dll
C:\DOCUME~1\Kate\LOCALS~1\Temp\Talk to the Hand_{038A0070-5643-411D-9E65-EDF91666D94F}.xml
C:\DOCUME~1\Kate\LOCALS~1\Temp\tc82AF.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\temp0.exe
C:\DOCUME~1\Kate\LOCALS~1\Temp\temp1.exe
C:\DOCUME~1\Kate\LOCALS~1\Temp\temp2.exe
C:\DOCUME~1\Kate\LOCALS~1\Temp\Theodora.xml
C:\DOCUME~1\Kate\LOCALS~1\Temp\thethread.bmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\They're Watching_{E431CEC6-FA6D-469C-A1F0-0A562AFEDA96}.xml
C:\DOCUME~1\Kate\LOCALS~1\Temp\Tiled Up_{13F4D7E5-D931-443D-99AF-E9021029322C}.xml
C:\DOCUME~1\Kate\LOCALS~1\Temp\tka8.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\TMP10.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\TMPD.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\TMPE.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\toasterWrite1.html
C:\DOCUME~1\Kate\LOCALS~1\Temp\u65E9E.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\Uninst.exe
C:\DOCUME~1\Kate\LOCALS~1\Temp\VideoSnap.xml
C:\DOCUME~1\Kate\LOCALS~1\Temp\VLogTools.xml
C:\DOCUME~1\Kate\LOCALS~1\Temp\wecerr.txt
C:\DOCUME~1\Kate\LOCALS~1\Temp\WiseUpdX.exe
C:\DOCUME~1\Kate\LOCALS~1\Temp\woaA4.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\wp866C.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\wu28CA.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\xgucTxVn.htm.part
C:\DOCUME~1\Kate\LOCALS~1\Temp\xprt0524.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\xprt0cf3.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\xprt0ddf.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\xprt0f54.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\xprt10b0.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\xprt16b2.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\xprt20fd.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\xprt3af9.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\xprt3d5a.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\xprt744b.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\xprt74fd.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\xprt7bc0.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\yjr44B.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\yku3C.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\ymsgr2
C:\DOCUME~1\Kate\LOCALS~1\Temp\z4a12.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\zf644C.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\zikE03.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\_Metadata.xml
C:\DOCUME~1\Kate\LOCALS~1\Temp\{193F8A7B-1853-48D5-88AC-19446C2C1D13}estk_ribs_bgd.png
C:\DOCUME~1\Kate\LOCALS~1\Temp\{61D23D99-3398-414E-974E-EBAE498BB298}bridge.ico
C:\DOCUME~1\Kate\LOCALS~1\Temp\{C4519961-AC64-4565-B3AF-9050296B5D5A}ai_install_pkg_rev.ico
C:\DOCUME~1\Kate\LOCALS~1\Temp\{C4519961-AC64-4565-B3AF-9050296B5D5A}ai_ribs_bgd.png
C:\DOCUME~1\Kate\LOCALS~1\Temp\~DF6098.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\~DF737D.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\~DFCDE2.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\~DFD89A.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\~DFE766.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\~DFF9C2.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\~WRD0001.doc
C:\DOCUME~1\Kate\LOCALS~1\Temp\~WRF0000.tmp
C:\DOCUME~1\Kate\LOCALS~1\Temp\~WRS0002.tmp

479 Files deleted

====== Files and Folders under "All Users\Application Data" Last 60 Days======

3/8/2009 12:44:34 AM    609053    C:\Documents and Settings\All Users\Application Data\Yahoo!
3/8/2009 12:48:44 AM    1456    C:\Documents and Settings\All Users\Application Data\Yahoo!\Messenger
3/8/2009 12:48:44 AM    1456    C:\Documents and Settings\All Users\Application Data\Yahoo!\Messenger\Plugin
3/8/2009 8:05:36 PM    1456    C:\Documents and Settings\All Users\Application Data\Yahoo!\Messenger\Plugin\4eb73995-f313-4f4a-49a5-1bc4d7c3ee68.yplugin
3/8/2009 8:05:36 PM    1456    C:\Documents and Settings\All Users\Application Data\Yahoo!\Messenger\Plugin\4eb73995-f313-4f4a-49a5-1bc4d7c3ee68.yplugin\MANIFEST
3/8/2009 12:44:34 AM    607597    C:\Documents and Settings\All Users\Application Data\Yahoo!\YUpdater
3/8/2009 12:46:12 AM    131507    C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
4/24/2009 12:25:43 AM    1160    C:\Documents and Settings\All Users\Application Data\Yahoo! Companion\Cache
3/8/2009 12:46:12 AM    102739    C:\Documents and Settings\All Users\Application Data\Yahoo! Companion\Data
3/8/2009 12:46:12 AM    102739    C:\Documents and Settings\All Users\Application Data\Yahoo! Companion\Data\default
3/8/2009 12:46:12 AM    0    C:\Documents and Settings\All Users\Application Data\Yahoo! Companion\Download
3/8/2009 12:46:12 AM    27608    C:\Documents and Settings\All Users\Application Data\Yahoo! Companion\Icons
3/8/2009 12:46:12 AM    0    C:\Documents and Settings\All Users\Application Data\Yahoo! Companion\Media
3/8/2009 12:46:12 AM    0    C:\Documents and Settings\All Users\Application Data\Yahoo! Companion\Modules

====== Values under HKLM\Software\microsoft\shared tools\msconfig\startupreg ======

HKLM\Software\microsoft\shared tools\msconfig\startupreg\
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

====== Services ( Services that are Whitelisted are not shown) ======

Afc (PPdus ASPI Shell)- C:\WINDOWS\system32\drivers\Afc.sys - Manual/Running
APPDRV (APPDRV)- C:\WINDOWS\system32\DRIVERS\APPDRV.SYS - System/Running
BCM43XX (Dell Wireless WLAN Card Driver)- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys - Manual/Running
bvrp_pci (bvrp_pci)- - Manual/Stopped
cercsr6 (cercsr6)- C:\WINDOWS\system32\drivers\cercsr6.sys - Boot/Stopped
CVirtA (Cisco Systems VPN Adapter)- C:\WINDOWS\system32\DRIVERS\CVirtA.sys - Manual/Stopped
CVPNDRVA (Cisco Systems Inc. IPSec Driver)- \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys - Auto/Running
DNE (Deterministic Network Enhancer Miniport)- C:\WINDOWS\system32\DRIVERS\dne2000.sys - Manual/Running
E100B (Intel(R) PRO Adapter Driver)- C:\WINDOWS\system32\DRIVERS\e100b325.sys - Manual/Stopped
HSFHWICH (HSFHWICH)- C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys - Manual/Running
MCSTRM (MCSTRM)- - Auto/Stopped
MxlW2k (MxlW2k)- C:\WINDOWS\system32\drivers\MxlW2k.sys - Manual/Running
NdisIP (Microsoft TV/Video Connection)- C:\WINDOWS\system32\DRIVERS\NdisIP.sys - Manual/Stopped
NETMDUSB (Net MD)- C:\WINDOWS\system32\Drivers\NETMDUSB.sys - Manual/Stopped
OMCI (OMCI)- C:\WINDOWS\system32\DRIVERS\OMCI.SYS - System/Running
pepifilter (Volume Adapter)- C:\WINDOWS\system32\DRIVERS\lv302af.sys - Manual/Running
PID_PEPI (Logitech QuickCam IM(PID_PEPI))- C:\WINDOWS\system32\DRIVERS\LV302V32.SYS - Manual/Running
ragjptxm (ragjptxm)- C:\WINDOWS\system32\drivers\vmpqokdj.dat - Boot/Running
SLIP (BDA Slip De-Framer)- C:\WINDOWS\system32\DRIVERS\SLIP.sys - Manual/Stopped
SMNDIS5 (SMNDIS5 NDIS Protocol Driver)- \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS - Manual/Stopped
STAC97 (SigmaTel C-Major Audio)- C:\WINDOWS\system32\drivers\STAC97.sys - Manual/Running
SynTP (Synaptics TouchPad Driver)- C:\WINDOWS\system32\DRIVERS\SynTP.sys - Manual/Running
TnIDriver (TnIDriver)- \??\C:\DOCUME~1\Kate\LOCALS~1\Temp\tni7AE.tmp - Manual/Stopped
UIUSys (Conexant Setup API)- C:\WINDOWS\system32\drivers\UIUSys.sys - Manual/Stopped
USBAAPL (Apple Mobile USB Driver)- C:\WINDOWS\system32\Drivers\usbaapl.sys - Manual/Stopped
usbbus (LGE CDMA Composite USB Device)- C:\WINDOWS\system32\DRIVERS\lgusbbus.sys - Manual/Stopped
UsbDiag (LGE CDMA USB Serial Port)- C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys - Manual/Stopped
USBModem (LGE CDMA USB Modem)- C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys - Manual/Stopped
WpdUsb (WpdUsb)- C:\WINDOWS\system32\Drivers\wpdusb.sys - Manual/Stopped

====== Uninstall List ======

Adobe Flash Player 10 ActiveX
Adobe SVG Viewer 3.0
Adobe Illustrator CS3
AIM 6
Dell Wireless WLAN Card
Conexant D110 MDC V.9x Modem
Dell Digital Jukebox Driver
Dell Photo AIO Printer 922
HijackThis 2.0.2
OpenMG Secure Module 4.3.00
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows Media Player 6.4 (KB925398)
Hotfix for Windows Media Format 11 SDK (KB929399)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Update for Windows XP (KB951072-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Update for Windows XP (KB951978)
Security Update for Windows XP (KB952004)
Security Update for Windows Media Player (KB952069)
Hotfix for Windows XP (KB952287)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Update for Windows XP (KB955839)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB963027)
Update for Windows XP (KB967715)
Last.fm 1.5.1.29527
LimeWire 5.0.9
Logitech QuickCam Driver Package
Macromedia Shockwave Player
Mozilla Firefox (3.0.10)
Mozilla Firefox (3.0b5)
McAfee SecurityCenter
OpenMG Limited Patch 4.3-05-10-05-01
Picasa 3
Intel(R) PRO Network Adapters and Drivers
RealPlayer
Macromedia Flash Player 8
Synaptics Pointing Device Driver
V CAST Music with Rhapsody
Viewpoint Manager (Remove Only)
Viewpoint Media Player
VZAccess Manager
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows XP Service Pack 3
Windows Media Format 11 runtime
Microsoft User-Mode Driver Framework Feature Pack 1.0
Yahoo! Toolbar
Yahoo! Messenger
Outerinfo
Microsoft Office 2000 Premium
Google Gmail Notifier
Adobe Help Viewer CS3
Adobe Bridge Start Meeting
Cisco Systems VPN Client 5.0.01.0600
Adobe WinSoft Linguistics Plugin
MSXML 6 Service Pack 2 (KB954459)
Internal Network Card Power Management
Dell Media Experience
Adobe Stock Photos CS3
TurboTax ItsDeductible 2005
iTunes
J2SE Runtime Environment 5.0 Update 3
Java(TM) 6 Update 2
Java(TM) 6 Update 5
WebFldrs XP
ArcSoft Media Card Companion
MUSICMATCH® Jukebox
Adobe Setup
Adobe Color EU Extra Settings
DV 8800N
Adobe Linguistics CS3
ArcSoft MediaConverter 2
Apple Software Update
Adobe Fonts All
Adobe Asset Services CS3
Java 2 Runtime Environment, SE v1.4.2_03
Microsoft Visual C++ 2005 Redistributable
Modem Helper
Adobe XMP Panels CS3
Jasc Paint Shop Pro 8 Dell Edition
Windows Media Encoder 9 Series SDK
Bonjour
Intel(R) Graphics Media Accelerator Driver for Mobile
Adobe Device Central CS3
Adobe Type Support
Adobe Anchor Service CS3
ArcSoft PhotoImpression 5
Logitech QuickCam
Microsoft Office PowerPoint Viewer 2007 (English)
Adobe Color NA Recommended Settings
Adobe Bridge CS3
Adobe CMaps
C-Major Audio
PDF Settings
Adobe Reader 6.0.1
Adobe Camera Raw 4.0
Adobe Default Language CS3
Adobe ExtendScript Toolkit 2
LG USB Modem driver
QuickSet
Bazooka Scanner
Jasc Paint Shop Photo Album
Adobe Version Cue CS3 Client
ABBYY FineReader 5.0 Sprint Plus
Adobe PDF Library Files
Dell ResourceCD
Adobe Color Common Settings
Adobe Color JA Extra Settings
Ad-Aware 2007
Windows Media Encoder 9 Series
Adobe Update Manager CS3
muvee autoProducer 4.1
Apple Mobile Device Support
Adobe Flash Player 10 Plugin
Adobe Illustrator CS3
OpenMG Secure Module 4.3.00
QuickTime

======== Other Info ========

TOTAL PHYSICAL RAM: 528 MB

Boot Info

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

OS Type: Microsoft Windows XP Home Edition
Build: 5.1.2600
Service Pack: 3.0

====== Files with Hidden Attributes======

C:\hiberfil.sys
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\NTDETECT.COM
C:\Documents and Settings\Administrator\NTUSER.DAT
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
C:\Documents and Settings\All Users\Application Data\5A87A8875A.sys
C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys

==End of Report==

bamajim

10.4K Posts

May 3rd, 2009 10:00

tvethiopia

1. Please download The Avenger by Swandog46 to your Desktop.

Click on Avenger.zip to open the file
Extract avenger.exe to your desktop(How to extract (decompress) zipped or compressed files, help in the link here: )

2. Copy all the text contained in the bold below to your Clipboard by highlighting it and pressing (Ctrl+C):

Drivers to Delete:
ragjptxm

Files to Delete:
C:\WINDOWS\system32\pivehiso.dll
C:\WINDOWS\system32\commdl.dll
C:\WINDOWS\system32\jupayobu.dll
C:\WINDOWS\system32\miduzige.exe
C:\WINDOWS\system32\rejemufa.dll
C:\WINDOWS\system32\sivugejo.dll
C:\WINDOWS\system32\drivers\vmpqokdj.dat

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.

Select Load Script
Select Paste from Clipboard
The information should now appear in the Open window
Select Execute
Answer Yes When prompted "Are you sure you want to execute the current script?"

4. The Avenger will automatically do the following:

It will Restart your computer.
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply

tvethiopia

5 Posts

May 3rd, 2009 12:00

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "ragjptxm" deleted successfully.

Error: file "C:\WINDOWS\system32\pivehiso.dll" not found!
Deletion of file "C:\WINDOWS\system32\pivehiso.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\commdl.dll" deleted successfully.

Error: file "C:\WINDOWS\system32\jupayobu.dll" not found!
Deletion of file "C:\WINDOWS\system32\jupayobu.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\miduzige.exe" deleted successfully.
File "C:\WINDOWS\system32\rejemufa.dll" deleted successfully.
File "C:\WINDOWS\system32\sivugejo.dll" deleted successfully.
File "C:\WINDOWS\system32\drivers\vmpqokdj.dat" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

bamajim

10.4K Posts

May 4th, 2009 09:00

tvethiopia

Good work so far. Rerun Hijackthis and post a fresh Hijackthis log.

And in your reply tell me how your PC is running at this point.

View All

No Events found!

Virus & Spyware

mcafee non-functional, restart issues, boaxxe, sasser?