UDXFYTW.SYS

Posted 11/7/2008 7:43 PM
#67816
User avatar

dorkomatic Member

Date Joined Nov 2016
Total Posts: 1
Howdy! My antivirus "Antivir" was going off all the time and sometimes I would get music playing suddenly so I opened my task manager and found udxfytw.exe running and I check it out. It said it was a dangerous virus and I went on the web and did all this stuff and Im not sure if I have it or got rid of it. My antivirus program isnt sounding any more so maybe I beat it. Can you check out my txt file and make sure for me.
Thank a million!

Here is a copy of "log.txt"
ComboFix 08-11-06.01 - The Family 2008-11-07 19:21:18.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.612 [GMT 1:00]
Running from: c:\documents and settings\The Family\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Install.txt
c:\windows\system32\afisicx.exe
c:\windows\system32\comsa32.sys
c:\windows\system32\drmgs.sys
c:\windows\system32\Indt2.sys
c:\windows\system32\mabidwe.exe
c:\windows\system32\noytcyr.exe
c:\windows\system32\roytctm.exe
c:\windows\system32\soxpeca.exe
c:\windows\system32\tdydowkc.exe
c:\windows\system32\tmp0_100835329775.bk
c:\windows\system32\tmp0_101685250933.bk
c:\windows\system32\tmp0_10215010888.bk
c:\windows\system32\tmp0_102919808777.bk
c:\windows\system32\tmp0_103369863796.bk
c:\windows\system32\tmp0_10377347744.bk
c:\windows\system32\tmp0_105965451947.bk
c:\windows\system32\tmp0_106145384878.bk
c:\windows\system32\tmp0_108407577123.bk
c:\windows\system32\tmp0_109995822852.bk
c:\windows\system32\tmp0_122370560597.bk
c:\windows\system32\tmp0_124198375053.bk
c:\windows\system32\tmp0_125719135930.bk
c:\windows\system32\tmp0_127625876030.bk
c:\windows\system32\tmp0_138123318673.bk
c:\windows\system32\tmp0_143356266691.bk
c:\windows\system32\tmp0_14502984782.bk
c:\windows\system32\tmp0_145795367399.bk
c:\windows\system32\tmp0_147072145481.bk
c:\windows\system32\tmp0_14943813517.bk
c:\windows\system32\tmp0_158827224958.bk
c:\windows\system32\tmp0_159350153083.bk
c:\windows\system32\tmp0_16380347882.bk
c:\windows\system32\tmp0_163896385111.bk
c:\windows\system32\tmp0_166507193928.bk
c:\windows\system32\tmp0_171432555074.bk
c:\windows\system32\tmp0_175246789663.bk
c:\windows\system32\tmp0_176212132486.bk
c:\windows\system32\tmp0_177892710651.bk
c:\windows\system32\tmp0_178690532850.bk
c:\windows\system32\tmp0_179625251311.bk
c:\windows\system32\tmp0_18116765794.bk
c:\windows\system32\tmp0_182941116427.bk
c:\windows\system32\tmp0_186057354289.bk
c:\windows\system32\tmp0_190851790519.bk
c:\windows\system32\tmp0_196242627746.bk
c:\windows\system32\tmp0_1966354490.bk
c:\windows\system32\tmp0_19749742348.bk
c:\windows\system32\tmp0_198122800076.bk
c:\windows\system32\tmp0_19815286035.bk
c:\windows\system32\tmp0_199110309579.bk
c:\windows\system32\tmp0_20127609508.bk
c:\windows\system32\tmp0_20430865902.bk
c:\windows\system32\tmp0_206658834503.bk
c:\windows\system32\tmp0_20840752448.bk
c:\windows\system32\tmp0_208479413206.bk
c:\windows\system32\tmp0_2096484467.bk
c:\windows\system32\tmp0_210370847749.bk
c:\windows\system32\tmp0_212317723633.bk
c:\windows\system32\tmp0_217336295208.bk
c:\windows\system32\tmp0_225314657184.bk
c:\windows\system32\tmp0_225839558950.bk
c:\windows\system32\tmp0_228611757115.bk
c:\windows\system32\tmp0_23273984645.bk
c:\windows\system32\tmp0_232763743738.bk
c:\windows\system32\tmp0_233453354671.bk
c:\windows\system32\tmp0_23653740364.bk
c:\windows\system32\tmp0_241042236686.bk
c:\windows\system32\tmp0_242286417463.bk
c:\windows\system32\tmp0_243353522427.bk
c:\windows\system32\tmp0_243928864669.bk
c:\windows\system32\tmp0_244832140504.bk
c:\windows\system32\tmp0_2463486.bk
c:\windows\system32\tmp0_249826644875.bk
c:\windows\system32\tmp0_251189784343.bk
c:\windows\system32\tmp0_258030119928.bk
c:\windows\system32\tmp0_259425353883.bk
c:\windows\system32\tmp0_260101877406.bk
c:\windows\system32\tmp0_26154191985.bk
c:\windows\system32\tmp0_261927403173.bk
c:\windows\system32\tmp0_264942525417.bk
c:\windows\system32\tmp0_270122587544.bk
c:\windows\system32\tmp0_278403865906.bk
c:\windows\system32\tmp0_278938566600.bk
c:\windows\system32\tmp0_280157201953.bk
c:\windows\system32\tmp0_280245222981.bk
c:\windows\system32\tmp0_283518404894.bk
c:\windows\system32\tmp0_285628647859.bk
c:\windows\system32\tmp0_287377150161.bk
c:\windows\system32\tmp0_2886837870.bk
c:\windows\system32\tmp0_294271661291.bk
c:\windows\system32\tmp0_29492832273.bk
c:\windows\system32\tmp0_295651321352.bk
c:\windows\system32\tmp0_30028755402.bk
c:\windows\system32\tmp0_303742759569.bk
c:\windows\system32\tmp0_31087381610.bk
c:\windows\system32\tmp0_315686544228.bk
c:\windows\system32\tmp0_316280137348.bk
c:\windows\system32\tmp0_319691788950.bk
c:\windows\system32\tmp0_32009614859.bk
c:\windows\system32\tmp0_3338856406.bk
c:\windows\system32\tmp0_334457546074.bk
c:\windows\system32\tmp0_337028797766.bk
c:\windows\system32\tmp0_338228313688.bk
c:\windows\system32\tmp0_349470578022.bk
c:\windows\system32\tmp0_352565501560.bk
c:\windows\system32\tmp0_353945405622.bk
c:\windows\system32\tmp0_35778084877.bk
c:\windows\system32\tmp0_360096763819.bk
c:\windows\system32\tmp0_360313410437.bk
c:\windows\system32\tmp0_361511512065.bk
c:\windows\system32\tmp0_362020720230.bk
c:\windows\system32\tmp0_36530229217.bk
c:\windows\system32\tmp0_369394189188.bk
c:\windows\system32\tmp0_374258661410.bk
c:\windows\system32\tmp0_379462114138.bk
c:\windows\system32\tmp0_380549392730.bk
c:\windows\system32\tmp0_38065491513.bk
c:\windows\system32\tmp0_381118152962.bk
c:\windows\system32\tmp0_381591108152.bk
c:\windows\system32\tmp0_383928583291.bk
c:\windows\system32\tmp0_384635681883.bk
c:\windows\system32\tmp0_386519519020.bk
c:\windows\system32\tmp0_389235135104.bk
c:\windows\system32\tmp0_390794429166.bk
c:\windows\system32\tmp0_393939102800.bk
c:\windows\system32\tmp0_396412503359.bk
c:\windows\system32\tmp0_397119856424.bk
c:\windows\system32\tmp0_39965442783.bk
c:\windows\system32\tmp0_399721369076.bk
c:\windows\system32\tmp0_400838419433.bk
c:\windows\system32\tmp0_400889509724.bk
c:\windows\system32\tmp0_401684152810.bk
c:\windows\system32\tmp0_40604422684.bk
c:\windows\system32\tmp0_406585554072.bk
c:\windows\system32\tmp0_408233829880.bk
c:\windows\system32\tmp0_408588474040.bk
c:\windows\system32\tmp0_414436557537.bk
c:\windows\system32\tmp0_417435241768.bk
c:\windows\system32\tmp0_4211768816.bk
c:\windows\system32\tmp0_423821370379.bk
c:\windows\system32\tmp0_431179762671.bk
c:\windows\system32\tmp0_433482492927.bk
c:\windows\system32\tmp0_434482266230.bk
c:\windows\system32\tmp0_447551336945.bk
c:\windows\system32\tmp0_447939862274.bk
c:\windows\system32\tmp0_45477208194.bk
c:\windows\system32\tmp0_458653339142.bk
c:\windows\system32\tmp0_464596162181.bk
c:\windows\system32\tmp0_468848449705.bk
c:\windows\system32\tmp0_470922502208.bk
c:\windows\system32\tmp0_475706457611.bk
c:\windows\system32\tmp0_476850846301.bk
c:\windows\system32\tmp0_480971465734.bk
c:\windows\system32\tmp0_481625252115.bk
c:\windows\system32\tmp0_486400531274.bk
c:\windows\system32\tmp0_486568619941.bk
c:\windows\system32\tmp0_487590551389.bk
c:\windows\system32\tmp0_492111488078.bk
c:\windows\system32\tmp0_493261784658.bk
c:\windows\system32\tmp0_493297164825.bk
c:\windows\system32\tmp0_493816673194.bk
c:\windows\system32\tmp0_49684632188.bk
c:\windows\system32\tmp0_498503646377.bk
c:\windows\system32\tmp0_502412229104.bk
c:\windows\system32\tmp0_505715796380.bk
c:\windows\system32\tmp0_50730447195.bk
c:\windows\system32\tmp0_50914916984.bk
c:\windows\system32\tmp0_510695307212.bk
c:\windows\system32\tmp0_511803437083.bk
c:\windows\system32\tmp0_513550818496.bk
c:\windows\system32\tmp0_518981883871.bk
c:\windows\system32\tmp0_523328148996.bk
c:\windows\system32\tmp0_53095587716.bk
c:\windows\system32\tmp0_532661306862.bk
c:\windows\system32\tmp0_54099114778.bk
c:\windows\system32\tmp0_547359439830.bk
c:\windows\system32\tmp0_548773524932.bk
c:\windows\system32\tmp0_551477377737.bk
c:\windows\system32\tmp0_55678596080.bk
c:\windows\system32\tmp0_565022258362.bk
c:\windows\system32\tmp0_568103658693.bk
c:\windows\system32\tmp0_568433577900.bk
c:\windows\system32\tmp0_56898402877.bk
c:\windows\system32\tmp0_577869188273.bk
c:\windows\system32\tmp0_580771414900.bk
c:\windows\system32\tmp0_582094835679.bk
c:\windows\system32\tmp0_587335418184.bk
c:\windows\system32\tmp0_600467607875.bk
c:\windows\system32\tmp0_600958666048.bk
c:\windows\system32\tmp0_602362455148.bk
c:\windows\system32\tmp0_608413361462.bk
c:\windows\system32\tmp0_61629199850.bk
c:\windows\system32\tmp0_616676498367.bk
c:\windows\system32\tmp0_617429746161.bk
c:\windows\system32\tmp0_622181486625.bk
c:\windows\system32\tmp0_623069653756.bk
c:\windows\system32\tmp0_632576421219.bk
c:\windows\system32\tmp0_640550100627.bk
c:\windows\system32\tmp0_64316537500.bk
c:\windows\system32\tmp0_649168286314.bk
c:\windows\system32\tmp0_651611879622.bk
c:\windows\system32\tmp0_657764761690.bk
c:\windows\system32\tmp0_657890198043.bk
c:\windows\system32\tmp0_65979828150.bk
c:\windows\system32\tmp0_663455826236.bk
c:\windows\system32\tmp0_668786202456.bk
c:\windows\system32\tmp0_674005764275.bk
c:\windows\system32\tmp0_679073216793.bk
c:\windows\system32\tmp0_681035827541.bk
c:\windows\system32\tmp0_685562848651.bk
c:\windows\system32\tmp0_685985197010.bk
c:\windows\system32\tmp0_687313263022.bk
c:\windows\system32\tmp0_689460145.bk
c:\windows\system32\tmp0_70512725571.bk
c:\windows\system32\tmp0_710823140311.bk
c:\windows\system32\tmp0_715498378402.bk
c:\windows\system32\tmp0_718693742192.bk
c:\windows\system32\tmp0_723324872268.bk
c:\windows\system32\tmp0_724001740384.bk
c:\windows\system32\tmp0_729579763661.bk
c:\windows\system32\tmp0_731808859428.bk
c:\windows\system32\tmp0_737473706093.bk
c:\windows\system32\tmp0_737577382490.bk
c:\windows\system32\tmp0_739760612120.bk
c:\windows\system32\tmp0_741771505829.bk
c:\windows\system32\tmp0_742594422874.bk
c:\windows\system32\tmp0_744902114516.bk
c:\windows\system32\tmp0_748542127016.bk
c:\windows\system32\tmp0_749296573040.bk
c:\windows\system32\tmp0_755174647159.bk
c:\windows\system32\tmp0_755406117306.bk
c:\windows\system32\tmp0_757707479333.bk
c:\windows\system32\tmp0_76069490254.bk
c:\windows\system32\tmp0_760968461360.bk
c:\windows\system32\tmp0_765789593788.bk
c:\windows\system32\tmp0_76596559670.bk
c:\windows\system32\tmp0_767843813668.bk
c:\windows\system32\tmp0_7698697691.bk
c:\windows\system32\tmp0_7702834401.bk
c:\windows\system32\tmp0_77162975897.bk
c:\windows\system32\tmp0_776477516960.bk
c:\windows\system32\tmp0_784536235681.bk
c:\windows\system32\tmp0_785760350415.bk
c:\windows\system32\tmp0_786336543799.bk
c:\windows\system32\tmp0_786931840166.bk
c:\windows\system32\tmp0_788734357237.bk
c:\windows\system32\tmp0_789045441019.bk
c:\windows\system32\tmp0_794016681575.bk
c:\windows\system32\tmp0_794682694683.bk
c:\windows\system32\tmp0_796802155664.bk
c:\windows\system32\tmp0_798466863455.bk
c:\windows\system32\tmp0_803018666812.bk
c:\windows\system32\tmp0_807747267952.bk
c:\windows\system32\tmp0_809649589191.bk
c:\windows\system32\tmp0_814887654424.bk
c:\windows\system32\tmp0_816718804415.bk
c:\windows\system32\tmp0_81843381416.bk
c:\windows\system32\tmp0_822483651444.bk
c:\windows\system32\tmp0_822916422396.bk
c:\windows\system32\tmp0_823574698225.bk
c:\windows\system32\tmp0_82537479762.bk
c:\windows\system32\tmp0_82776452683.bk
c:\windows\system32\tmp0_827952335627.bk
c:\windows\system32\tmp0_829782240380.bk
c:\windows\system32\tmp0_83210105604.bk
c:\windows\system32\tmp0_834399556830.bk
c:\windows\system32\tmp0_834612422981.bk
c:\windows\system32\tmp0_83525895406.bk
c:\windows\system32\tmp0_83550326011.bk
c:\windows\system32\tmp0_841832493338.bk
c:\windows\system32\tmp0_842406509303.bk
c:\windows\system32\tmp0_844023552752.bk
c:\windows\system32\tmp0_844287492420.bk
c:\windows\system32\tmp0_848291596982.bk
c:\windows\system32\tmp0_8489524937.bk
c:\windows\system32\tmp0_851083440067.bk
c:\windows\system32\tmp0_852610704311.bk
c:\windows\system32\tmp0_854907875810.bk
c:\windows\system32\tmp0_85554196163.bk
c:\windows\system32\tmp0_86047245948.bk
c:\windows\system32\tmp0_86282614282.bk
c:\windows\system32\tmp0_864290273317.bk
c:\windows\system32\tmp0_865248697341.bk
c:\windows\system32\tmp0_866820259896.bk
c:\windows\system32\tmp0_86931281992.bk
c:\windows\system32\tmp0_873630140975.bk
c:\windows\system32\tmp0_88731317276.bk
c:\windows\system32\tmp0_895007591463.bk
c:\windows\system32\tmp0_895816833455.bk
c:\windows\system32\tmp0_89849545932.bk
c:\windows\system32\tmp0_899138418890.bk
c:\windows\system32\tmp0_93095362655.bk
c:\windows\system32\tmp1_108167185341.bk
c:\windows\system32\tmp1_11500035483.bk
c:\windows\system32\tmp1_125002520884.bk
c:\windows\system32\tmp1_130833131046.bk
c:\windows\system32\tmp1_14499669287.bk
c:\windows\system32\tmp1_146353689118.bk
c:\windows\system32\tmp1_15871331009.bk
c:\windows\system32\tmp1_180780382391.bk
c:\windows\system32\tmp1_194894481313.bk
c:\windows\system32\tmp1_206058389286.bk
c:\windows\system32\tmp1_218961794853.bk
c:\windows\system32\tmp1_229584202776.bk
c:\windows\system32\tmp1_231447795983.bk
c:\windows\system32\tmp1_233738883652.bk
c:\windows\system32\tmp1_242958146206.bk
c:\windows\system32\tmp1_259507263189.bk
c:\windows\system32\tmp1_284150219892.bk
c:\windows\system32\tmp1_29644735836.bk
c:\windows\system32\tmp1_312568265366.bk
c:\windows\system32\tmp1_32733355579.bk
c:\windows\system32\tmp1_330074854430.bk
c:\windows\system32\tmp1_338414106506.bk
c:\windows\system32\tmp1_340536313890.bk
c:\windows\system32\tmp1_350341877526.bk
c:\windows\system32\tmp1_357317199513.bk
c:\windows\system32\tmp1_36134381678.bk
c:\windows\system32\tmp1_365768367931.bk
c:\windows\system32\tmp1_371347446532.bk
c:\windows\system32\tmp1_372905780171.bk
c:\windows\system32\tmp1_386174596789.bk
c:\windows\system32\tmp1_398784686101.bk
c:\windows\system32\tmp1_398799792859.bk
c:\windows\system32\tmp1_410524103676.bk
c:\windows\system32\tmp1_42365579292.bk
c:\windows\system32\tmp1_431890570869.bk
c:\windows\system32\tmp1_433340503492.bk
c:\windows\system32\tmp1_435125628016.bk
c:\windows\system32\tmp1_445913710071.bk
c:\windows\system32\tmp1_471626463255.bk
c:\windows\system32\tmp1_47248650262.bk
c:\windows\system32\tmp1_475169262402.bk
c:\windows\system32\tmp1_489367808651.bk
c:\windows\system32\tmp1_493419804792.bk
c:\windows\system32\tmp1_499773231512.bk
c:\windows\system32\tmp1_518783602500.bk
c:\windows\system32\tmp1_53418542912.bk
c:\windows\system32\tmp1_53982742904.bk
c:\windows\system32\tmp1_542818647014.bk
c:\windows\system32\tmp1_552534535077.bk
c:\windows\system32\tmp1_562574293007.bk
c:\windows\system32\tmp1_60808289543.bk
c:\windows\system32\tmp1_608685259202.bk
c:\windows\system32\tmp1_614698687513.bk
c:\windows\system32\tmp1_62072024634.bk
c:\windows\system32\tmp1_64072116106.bk
c:\windows\system32\tmp1_656581242741.bk
c:\windows\system32\tmp1_660384137766.bk
c:\windows\system32\tmp1_667944442798.bk
c:\windows\system32\tmp1_669802831022.bk
c:\windows\system32\tmp1_678145653102.bk
c:\windows\system32\tmp1_679192418433.bk
c:\windows\system32\tmp1_698696322707.bk
c:\windows\system32\tmp1_698733208.bk
c:\windows\system32\tmp1_700619421728.bk
c:\windows\system32\tmp1_707297744391.bk
c:\windows\system32\tmp1_709647629988.bk
c:\windows\system32\tmp1_712786171788.bk
c:\windows\system32\tmp1_712868315510.bk
c:\windows\system32\tmp1_715197120149.bk
c:\windows\system32\tmp1_72282411568.bk
c:\windows\system32\tmp1_725783780104.bk
c:\windows\system32\tmp1_74066412850.bk
c:\windows\system32\tmp1_744231600077.bk
c:\windows\system32\tmp1_766661799627.bk
c:\windows\system32\tmp1_780763575465.bk
c:\windows\system32\tmp1_785155379609.bk
c:\windows\system32\tmp1_787491862987.bk
c:\windows\system32\tmp1_795110470460.bk
c:\windows\system32\tmp1_812455806944.bk
c:\windows\system32\tmp1_814610848444.bk
c:\windows\system32\tmp1_819792841943.bk
c:\windows\system32\tmp1_82380277593.bk
c:\windows\system32\tmp1_831549120250.bk
c:\windows\system32\tmp1_836866711296.bk
c:\windows\system32\tmp1_840631255916.bk
c:\windows\system32\tmp1_849526460541.bk
c:\windows\system32\tmp1_850658379498.bk
c:\windows\system32\tmp1_85632157307.bk
c:\windows\system32\tmp1_862619795016.bk
c:\windows\system32\tmp1_86293435906.bk
c:\windows\system32\tmp1_868580651336.bk
c:\windows\system32\tmp1_9107662099.bk
c:\windows\system32\tmp1_92755768014.bk
c:\windows\system32\tmp2_110169625700.bk
c:\windows\system32\tmp2_219105635376.bk
c:\windows\system32\tmp2_22093879450.bk
c:\windows\system32\tmp2_229837859464.bk
c:\windows\system32\tmp2_261642819745.bk
c:\windows\system32\tmp2_339488142404.bk
c:\windows\system32\tmp2_391838617053.bk
c:\windows\system32\tmp2_499654568864.bk
c:\windows\system32\tmp2_544572787459.bk
c:\windows\system32\tmp2_649185853906.bk
c:\windows\system32\tmp2_71819486440.bk
c:\windows\system32\tmp2_84361105737.bk
c:\windows\system32\tmp2_856806707734.bk
c:\windows\system32\tmp2_890834476984.bk
c:\windows\system32\tmp3_100021549030.bk
c:\windows\system32\tmp3_10156931358.bk
c:\windows\system32\tmp3_114906452657.bk
c:\windows\system32\tmp3_116269315253.bk
c:\windows\system32\tmp3_11718972258.bk
c:\windows\system32\tmp3_120816369186.bk
c:\windows\system32\tmp3_125372210929.bk
c:\windows\system32\tmp3_129568443625.bk
c:\windows\system32\tmp3_129874491067.bk
c:\windows\system32\tmp3_137804331661.bk
c:\windows\system32\tmp3_139699356922.bk
c:\windows\system32\tmp3_143372181030.bk
c:\windows\system32\tmp3_143776783014.bk
c:\windows\system32\tmp3_145730600359.bk
c:\windows\system32\tmp3_148712421056.bk
c:\windows\system32\tmp3_157459408218.bk
c:\windows\system32\tmp3_162133591576.bk
c:\windows\system32\tmp3_163180725344.bk
c:\windows\system32\tmp3_163806372890.bk
c:\windows\system32\tmp3_164840895574.bk
c:\windows\system32\tmp3_170859424981.bk
c:\windows\system32\tmp3_173931546698.bk
c:\windows\system32\tmp3_179708795103.bk
c:\windows\system32\tmp3_180609384860.bk
c:\windows\system32\tmp3_18300616033.bk
c:\windows\system32\tmp3_18475492518.bk
c:\windows\system32\tmp3_18882287980.bk
c:\windows\system32\tmp3_190563489847.bk
c:\windows\system32\tmp3_1943212348.bk
c:\windows\system32\tmp3_194742471807.bk
c:\windows\system32\tmp3_195105286647.bk
c:\windows\system32\tmp3_197991815044.bk
c:\windows\system32\tmp3_198547119275.bk
c:\windows\system32\tmp3_20126474896.bk
c:\windows\system32\tmp3_20503539460.bk
c:\windows\system32\tmp3_207633682871.bk
c:\windows\system32\tmp3_209984229697.bk
c:\windows\system32\tmp3_210254137831.bk
c:\windows\system32\tmp3_224699672095.bk
c:\windows\system32\tmp3_226038474358.bk
c:\windows\system32\tmp3_226225201107.bk
c:\windows\system32\tmp3_22622662495.bk
c:\windows\system32\tmp3_226897432012.bk
c:\windows\system32\tmp3_227293318535.bk
c:\windows\system32\tmp3_227881685718.bk
c:\windows\system32\tmp3_231410221174.bk
c:\windows\system32\tmp3_234192736613.bk
c:\windows\system32\tmp3_234792603072.bk
c:\windows\system32\tmp3_2367902603.bk
c:\windows\system32\tmp3_237103250881.bk
c:\windows\system32\tmp3_241919298778.bk
c:\windows\system32\tmp3_246534120365.bk
c:\windows\system32\tmp3_248176580142.bk
c:\windows\system32\tmp3_250422341213.bk
c:\windows\system32\tmp3_254425741982.bk
c:\windows\system32\tmp3_266219719643.bk
c:\windows\system32\tmp3_266412770131.bk
c:\windows\system32\tmp3_272786517718.bk
c:\windows\system32\tmp3_274267718427.bk
c:\windows\system32\tmp3_275452688283.bk
c:\windows\system32\tmp3_276170298483.bk
c:\windows\system32\tmp3_2858586797.bk
c:\windows\system32\tmp3_293119123970.bk
c:\windows\system32\tmp3_297270155663.bk
c:\windows\system32\tmp3_298350191958.bk
c:\windows\system32\tmp3_300519275306.bk
c:\windows\system32\tmp3_30316662087.bk
c:\windows\system32\tmp3_320824821061.bk
c:\windows\system32\tmp3_322631819264.bk
c:\windows\system32\tmp3_339443842288.bk
c:\windows\system32\tmp3_339547507513.bk
c:\windows\system32\tmp3_340109772071.bk
c:\windows\system32\tmp3_342522307056.bk
c:\windows\system32\tmp3_348898801747.bk
c:\windows\system32\tmp3_349497405603.bk
c:\windows\system32\tmp3_351985406502.bk
c:\windows\system32\tmp3_352777667550.bk
c:\windows\system32\tmp3_353685408793.bk
c:\windows\system32\tmp3_359000211920.bk
c:\windows\system32\tmp3_360472865022.bk
c:\windows\system32\tmp3_363831595848.bk
c:\windows\system32\tmp3_368167890055.bk
c:\windows\system32\tmp3_368446365798.bk
c:\windows\system32\tmp3_369358659922.bk
c:\windows\system32\tmp3_371820849500.bk
c:\windows\system32\tmp3_374035620059.bk
c:\windows\system32\tmp3_374093787232.bk
c:\windows\system32\tmp3_374297679346.bk
c:\windows\system32\tmp3_374945541062.bk
c:\windows\system32\tmp3_378330262246.bk
c:\windows\system32\tmp3_379947451239.bk
c:\windows\system32\tmp3_385116335770.bk
c:\windows\system32\tmp3_391322267686.bk
c:\windows\system32\tmp3_392825332839.bk
c:\windows\system32\tmp3_394135317270.bk
c:\windows\system32\tmp3_400650161635.bk
c:\windows\system32\tmp3_405956749624.bk
c:\windows\system32\tmp3_407034215914.bk
c:\windows\system32\tmp3_407582716601.bk
c:\windows\system32\tmp3_411712761888.bk
c:\windows\system32\tmp3_413378684771.bk
c:\windows\system32\tmp3_414198185298.bk
c:\windows\system32\tmp3_415134588240.bk
c:\windows\system32\tmp3_416722293925.bk
c:\windows\system32\tmp3_419051509862.bk
c:\windows\system32\tmp3_421979174175.bk
c:\windows\system32\tmp3_423221845220.bk
c:\windows\system32\tmp3_426758814769.bk
c:\windows\system32\tmp3_430606842200.bk
c:\windows\system32\tmp3_433769543918.bk
c:\windows\system32\tmp3_437717203221.bk
c:\windows\system32\tmp3_438257532582.bk
c:\windows\system32\tmp3_440164740418.bk
c:\windows\system32\tmp3_440531748882.bk
c:\windows\system32\tmp3_445003178621.bk
c:\windows\system32\tmp3_446909589698.bk
c:\windows\system32\tmp3_449876370648.bk
c:\windows\system32\tmp3_46029599064.bk
c:\windows\system32\tmp3_4612902250.bk
c:\windows\system32\tmp3_463292490558.bk
c:\windows\system32\tmp3_464057187338.bk
c:\windows\system32\tmp3_472269532740.bk
c:\windows\system32\tmp3_47749588617.bk
c:\windows\system32\tmp3_478107705687.bk
c:\windows\system32\tmp3_481566151360.bk
c:\windows\system32\tmp3_485915570849.bk
c:\windows\system32\tmp3_487404765301.bk
c:\windows\system32\tmp3_487704171612.bk
c:\windows\system32\tmp3_49529881387.bk
c:\windows\system32\tmp3_495963725339.bk
c:\windows\system32\tmp3_507827584969.bk
c:\windows\system32\tmp3_51060596597.bk
c:\windows\system32\tmp3_512282714962.bk
c:\windows\system32\tmp3_51236192682.bk
c:\windows\system32\tmp3_515397704193.bk
c:\windows\system32\tmp3_522202712595.bk
c:\windows\system32\tmp3_522938515997.bk
c:\windows\system32\tmp3_5298697923.bk
c:\windows\system32\tmp3_531798136523.bk
c:\windows\system32\tmp3_536327108821.bk
c:\windows\system32\tmp3_54110943684.bk
c:\windows\system32\tmp3_54772353934.bk
c:\windows\system32\tmp3_548197613914.bk
c:\windows\system32\tmp3_550851194348.bk
c:\windows\system32\tmp3_56454871962.bk
c:\windows\system32\tmp3_567358890489.bk
c:\windows\system32\tmp3_573565422818.bk
c:\windows\system32\tmp3_576593700041.bk
c:\windows\system32\tmp3_577420810251.bk
c:\windows\system32\tmp3_578228288124.bk
c:\windows\system32\tmp3_578816831838.bk
c:\windows\system32\tmp3_578970764936.bk
c:\windows\system32\tmp3_580797131668.bk
c:\windows\system32\tmp3_580910598263.bk
c:\windows\system32\tmp3_582457726469.bk
c:\windows\system32\tmp3_58358081164.bk
c:\windows\system32\tmp3_585798817409.bk
c:\windows\system32\tmp3_585911238702.bk
c:\windows\system32\tmp3_593814168040.bk
c:\windows\system32\tmp3_5970497732.bk
c:\windows\system32\tmp3_602220352100.bk
c:\windows\system32\tmp3_605310837521.bk
c:\windows\system32\tmp3_607439317446.bk
c:\windows\system32\tmp3_610944361960.bk
c:\windows\system32\tmp3_612625768867.bk
c:\windows\system32\tmp3_619126443152.bk
c:\windows\system32\tmp3_621088162381.bk
c:\windows\system32\tmp3_625637210952.bk
c:\windows\system32\tmp3_62599660097.bk
c:\windows\system32\tmp3_627199503100.bk
c:\windows\system32\tmp3_6290351001.bk
c:\windows\system32\tmp3_636302174537.bk
c:\windows\system32\tmp3_63708159112.bk
c:\windows\system32\tmp3_639247808263.bk
c:\windows\system32\tmp3_649575225188.bk
c:\windows\system32\tmp3_6500825015.bk
c:\windows\system32\tmp3_660664570935.bk
c:\windows\system32\tmp3_66162894359.bk
c:\windows\system32\tmp3_662410673780.bk
c:\windows\system32\tmp3_66284489199.bk
c:\windows\system32\tmp3_667494293117.bk
c:\windows\system32\tmp3_670298157807.bk
c:\windows\system32\tmp3_673082302490.bk
c:\windows\system32\tmp3_688895164900.bk
c:\windows\system32\tmp3_690569465687.bk
c:\windows\system32\tmp3_696423380533.bk
c:\windows\system32\tmp3_698158801268.bk
c:\windows\system32\tmp3_698503460437.bk
c:\windows\system32\tmp3_700257151407.bk
c:\windows\system32\tmp3_7008711640.bk
c:\windows\system32\tmp3_700897159943.bk
c:\windows\system32\tmp3_701334862498.bk
c:\windows\system32\tmp3_703688373270.bk
c:\windows\system32\tmp3_707654803887.bk
c:\windows\system32\tmp3_710088620916.bk
c:\windows\system32\tmp3_714343319770.bk
c:\windows\system32\tmp3_716143370023.bk
c:\windows\system32\tmp3_717799789024.bk
c:\windows\system32\tmp3_719240523075.bk
c:\windows\system32\tmp3_719521877548.bk
c:\windows\system32\tmp3_721230679172.bk
c:\windows\system32\tmp3_722137753881.bk
c:\windows\system32\tmp3_722773428688.bk
c:\windows\system32\tmp3_722883676754.bk
c:\windows\system32\tmp3_723560391087.bk
c:\windows\system32\tmp3_727365677594.bk
c:\windows\system32\tmp3_73140890718.bk
c:\windows\system32\tmp3_735494686374.bk
c:\windows\system32\tmp3_737274395298.bk
c:\windows\system32\tmp3_746096354638.bk
c:\windows\system32\tmp3_748077699825.bk
c:\windows\system32\tmp3_755135371303.bk
c:\windows\system32\tmp3_755999155622.bk
c:\windows\system32\tmp3_756151401645.bk
c:\windows\system32\tmp3_759905312804.bk
c:\windows\system32\tmp3_761086798181.bk
c:\windows\system32\tmp3_761486340681.bk
c:\windows\system32\tmp3_76286482855.bk
c:\windows\system32\tmp3_76465136922.bk
c:\windows\system32\tmp3_766158416968.bk
c:\windows\system32\tmp3_771383703416.bk
c:\windows\system32\tmp3_77744150561.bk
c:\windows\system32\tmp3_780144439021.bk
c:\windows\system32\tmp3_782882233711.bk
c:\windows\system32\tmp3_785264690811.bk
c:\windows\system32\tmp3_788858241642.bk
c:\windows\system32\tmp3_79131678484.bk
c:\windows\system32\tmp3_793810104979.bk
c:\windows\system32\tmp3_793978519923.bk
c:\windows\system32\tmp3_794435886646.bk
c:\windows\system32\tmp3_79648848704.bk
c:\windows\system32\tmp3_803782634839.bk
c:\windows\system32\tmp3_810468527726.bk
c:\windows\system32\tmp3_812059285070.bk
c:\windows\system32\tmp3_812579892380.bk
c:\windows\system32\tmp3_818270137264.bk
c:\windows\system32\tmp3_81938892626.bk
c:\windows\system32\tmp3_82087017224.bk
c:\windows\system32\tmp3_821341896486.bk
c:\windows\system32\tmp3_821503856362.bk
c:\windows\system32\tmp3_826560613792.bk
c:\windows\system32\tmp3_827338293649.bk
c:\windows\system32\tmp3_831100872912.bk
c:\windows\system32\tmp3_831792487315.bk
c:\windows\system32\tmp3_834270837684.bk
c:\windows\system32\tmp3_839388243726.bk
c:\windows\system32\tmp3_840348692031.bk
c:\windows\system32\tmp3_84484038529.bk
c:\windows\system32\tmp3_84685739427.bk
c:\windows\system32\tmp3_848272141581.bk
c:\windows\system32\tmp3_851993691493.bk
c:\windows\system32\tmp3_85816421892.bk
c:\windows\system32\tmp3_859395450025.bk
c:\windows\system32\tmp3_859471516001.bk
c:\windows\system32\tmp3_869365493447.bk
c:\windows\system32\tmp3_873475474682.bk
c:\windows\system32\tmp3_874661162010.bk
c:\windows\system32\tmp3_875011218122.bk
c:\windows\system32\tmp3_875909156640.bk
c:\windows\system32\tmp3_888647225873.bk
c:\windows\system32\tmp3_890549497118.bk
c:\windows\system32\tmp3_90849741852.bk
c:\windows\system32\tmp3_9418223315.bk
c:\windows\system32\tmp3_94537898598.bk
c:\windows\system32\tmp3_95008856403.bk
c:\windows\system32\tmp4_107185462280.bk
c:\windows\system32\tmp4_107356722414.bk
c:\windows\system32\tmp4_109329603165.bk
c:\windows\system32\tmp4_11439442968.bk
c:\windows\system32\tmp4_125571260708.bk
c:\windows\system32\tmp4_130010275277.bk
c:\windows\system32\tmp4_137211740183.bk
c:\windows\system32\tmp4_137693806068.bk
c:\windows\system32\tmp4_165549803980.bk
c:\windows\system32\tmp4_165929892874.bk
c:\windows\system32\tmp4_16780506649.bk
c:\windows\system32\tmp4_171931728144.bk
c:\windows\system32\tmp4_173104786968.bk
c:\windows\system32\tmp4_17340976483.bk
c:\windows\system32\tmp4_177289252784.bk
c:\windows\system32\tmp4_18479990498.bk
c:\windows\system32\tmp4_193080142519.bk
c:\windows\system32\tmp4_199642456629.bk
c:\windows\system32\tmp4_204979144607.bk
c:\windows\system32\tmp4_211700713562.bk
c:\windows\system32\tmp4_215497450262.bk
c:\windows\system32\tmp4_216367430733.bk
c:\windows\system32\tmp4_216387744870.bk
c:\windows\system32\tmp4_219995137164.bk
c:\windows\system32\tmp4_226660884469.bk
c:\windows\system32\tmp4_230908847686.bk
c:\windows\system32\tmp4_234032740092.bk
c:\windows\system32\tmp4_235051180123.bk
c:\windows\system32\tmp4_238870854920.bk
c:\windows\system32\tmp4_241864653605.bk
c:\windows\system32\tmp4_242668404398.bk
c:\windows\system32\tmp4_24914837177.bk
c:\windows\system32\tmp4_251077265893.bk
c:\windows\system32\tmp4_255549597679.bk
c:\windows\system32\tmp4_258179628532.bk
c:\windows\system32\tmp4_262713128169.bk
c:\windows\system32\tmp4_262887248813.bk
c:\windows\system32\tmp4_272307497114.bk
c:\windows\system32\tmp4_27327699893.bk
c:\windows\system32\tmp4_2751036374.bk
c:\windows\system32\tmp4_278427196281.bk
c:\windows\system32\tmp4_279253108206.bk
c:\windows\system32\tmp4_279995880065.bk
c:\windows\system32\tmp4_283337352616.bk
c:\windows\system32\tmp4_285738315472.bk
c:\windows\system32\tmp4_286449741708.bk
c:\windows\system32\tmp4_288847437036.bk
c:\windows\system32\tmp4_289830810953.bk
c:\windows\system32\tmp4_292686654848.bk
c:\windows\system32\tmp4_293045454214.bk
c:\windows\system32\tmp4_294016639363.bk
c:\windows\system32\tmp4_297559276893.bk
c:\windows\system32\tmp4_298449330893.bk
c:\windows\system32\tmp4_300095135986.bk
c:\windows\system32\tmp4_30198321742.bk
c:\windows\system32\tmp4_302401737782.bk
c:\windows\system32\tmp4_310801441924.bk
c:\windows\system32\tmp4_313838585491.bk
c:\windows\system32\tmp4_314865768984.bk
c:\windows\system32\tmp4_316964757407.bk
c:\windows\system32\tmp4_324413663391.bk
c:\windows\system32\tmp4_331560386668.bk
c:\windows\system32\tmp4_331719428204.bk
c:\windows\system32\tmp4_334446491381.bk
c:\windows\system32\tmp4_335488539623.bk
c:\windows\system32\tmp4_338766156961.bk
c:\windows\system32\tmp4_339018316870.bk
c:\windows\system32\tmp4_341528864517.bk
c:\windows\system32\tmp4_342661657420.bk
c:\windows\system32\tmp4_346356438291.bk
c:\windows\system32\tmp4_349533654836.bk
c:\windows\system32\tmp4_349611143236.bk
c:\windows\system32\tmp4_352557548981.bk
c:\windows\system32\tmp4_362617229752.bk
c:\windows\system32\tmp4_363347552635.bk
c:\windows\system32\tmp4_363497859102.bk
c:\windows\system32\tmp4_364546816471.bk
c:\windows\system32\tmp4_36487530734.bk
c:\windows\system32\tmp4_366713866007.bk
c:\windows\system32\tmp4_367037688756.bk
c:\windows\system32\tmp4_37311347539.bk
c:\windows\system32\tmp4_373441623717.bk
c:\windows\system32\tmp4_373446378580.bk
c:\windows\system32\tmp4_373469251745.bk
c:\windows\system32\tmp4_373790185502.bk
c:\windows\system32\tmp4_379535608808.bk
c:\windows\system32\tmp4_381339443566.bk
c:\windows\system32\tmp4_381835484693.bk
c:\windows\system32\tmp4_383031586429.bk
c:\windows\system32\tmp4_383747126390.bk
c:\windows\system32\tmp4_383969551660.bk
c:\windows\system32\tmp4_38459367045.bk
c:\windows\system32\tmp4_388333339469.bk
c:\windows\system32\tmp4_388567768332.bk
c:\windows\system32\tmp4_396604328262.bk
c:\windows\system32\tmp4_401308290170.bk
c:\windows\system32\tmp4_40395938632.bk
c:\windows\system32\tmp4_40819631010.bk
c:\windows\system32\tmp4_409175537455.bk
c:\windows\system32\tmp4_411189537021.bk
c:\windows\system32\tmp4_412324494178.bk
c:\windows\system32\tmp4_419325683664.bk
c:\windows\system32\tmp4_423836274300.bk
c:\windows\system32\tmp4_423930275263.bk
c:\windows\system32\tmp4_430923473752.bk
c:\windows\system32\tmp4_431735417733.bk
c:\windows\system32\tmp4_432570644186.bk
c:\windows\system32\tmp4_434457544319.bk
c:\windows\system32\tmp4_43447392212.bk
c:\windows\system32\tmp4_447206156848.bk
c:\windows\system32\tmp4_45064694424.bk
c:\windows\system32\tmp4_45476465015.bk
c:\windows\system32\tmp4_45591953189.bk
c:\windows\system32\tmp4_456835788517.bk
c:\windows\system32\tmp4_457434183453.bk
c:\windows\system32\tmp4_460965723178.bk
c:\windows\system32\tmp4_462706455626.bk
c:\windows\system32\tmp4_462958142370.bk
c:\windows\system32\tmp4_46756163505.bk
c:\windows\system32\tmp4_476004541597.bk
c:\windows\system32\tmp4_481026166691.bk
c:\windows\system32\tmp4_481429430231.bk
c:\windows\system32\tmp4_490219251283.bk
c:\windows\system32\tmp4_500758456812.bk
c:\windows\system32\tmp4_507260361311.bk
c:\windows\system32\tmp4_508785436615.bk
c:\windows\system32\tmp4_508819623739.bk
c:\windows\system32\tmp4_509231856819.bk
c:\windows\system32\tmp4_510739834009.bk
c:\windows\system32\tmp4_522926454278.bk
c:\windows\system32\tmp4_531780887877.bk
c:\windows\system32\tmp4_53267184677.bk
c:\windows\system32\tmp4_53372191037.bk
c:\windows\system32\tmp4_535509700745.bk
c:\windows\system32\tmp4_536229815043.bk
c:\windows\system32\tmp4_538982394790.bk
c:\windows\system32\tmp4_539098723644.bk
c:\windows\system32\tmp4_53951990878.bk
c:\windows\system32\tmp4_545445793154.bk
c:\windows\system32\tmp4_549078866884.bk
c:\windows\system32\tmp4_554997160408.bk
c:\windows\system32\tmp4_555407828212.bk
c:\windows\system32\tmp4_558309123150.bk
c:\windows\system32\tmp4_561566819901.bk
c:\windows\system32\tmp4_561796711499.bk
c:\windows\system32\tmp4_5682346033.bk
c:\windows\system32\tmp4_577774561404.bk
c:\windows\system32\tmp4_58114227299.bk
c:\windows\system32\tmp4_584627326904.bk
c:\windows\system32\tmp4_587653838411.bk
c:\windows\system32\tmp4_58814383761.bk
c:\windows\system32\tmp4_588216486329.bk
c:\windows\system32\tmp4_594676340534.bk
c:\windows\system32\tmp4_59492995821.bk
c:\windows\system32\tmp4_596481395976.bk
c:\windows\system32\tmp4_59735419828.bk
c:\windows\system32\tmp4_599099318157.bk
c:\windows\system32\tmp4_60234153998.bk
c:\windows\system32\tmp4_602741556374.bk
c:\windows\system32\tmp4_603255236983.bk
c:\windows\system32\tmp4_603700533452.bk
c:\windows\system32\tmp4_606377645501.bk
c:\windows\system32\tmp4_61735159322.bk
c:\windows\system32\tmp4_61796275836.bk
c:\windows\system32\tmp4_627911530744.bk
c:\windows\system32\tmp4_636215223911.bk
c:\windows\system32\tmp4_636265187020.bk
c:\windows\system32\tmp4_637132312366.bk
c:\windows\system32\tmp4_637955170531.bk
c:\windows\system32\tmp4_64482855812.bk
c:\windows\system32\tmp4_64627889476.bk
c:\windows\system32\tmp4_64680716334.bk
c:\windows\system32\tmp4_649790301333.bk
c:\windows\system32\tmp4_65666992972.bk
c:\windows\system32\tmp4_658840391457.bk
c:\windows\system32\tmp4_660640860546.bk
c:\windows\system32\tmp4_660761871760.bk
c:\windows\system32\tmp4_662664558645.bk
c:\windows\system32\tmp4_664153621068.bk
c:\windows\system32\tmp4_66719318113.bk
c:\windows\system32\tmp4_670931455959.bk
c:\windows\system32\tmp4_6731236505.bk
c:\windows\system32\tmp4_67462765169.bk
c:\windows\system32\tmp4_675092113978.bk
c:\windows\system32\tmp4_675330594206.bk
c:\windows\system32\tmp4_677129863960.bk
c:\windows\system32\tmp4_677758179410.bk
c:\windows\system32\tmp4_678055860033.bk
c:\windows\system32\tmp4_68186589941.bk
c:\windows\system32\tmp4_68312334464.bk
c:\windows\system32\tmp4_68354806546.bk
c:\windows\system32\tmp4_687089473211.bk
c:\windows\system32\tmp4_688862116075.bk
c:\windows\system32\tmp4_690098578744.bk
c:\windows\system32\tmp4_691783537196.bk
c:\windows\system32\tmp4_698341132311.bk
c:\windows\system32\tmp4_700356258062.bk
c:\windows\system32\tmp4_702457632878.bk
c:\windows\system32\tmp4_703056256146.bk
c:\windows\system32\tmp4_717092712940.bk
c:\windows\system32\tmp4_722947390811.bk
c:\windows\system32\tmp4_72896065070.bk
c:\windows\system32\tmp4_72959851611.bk
c:\windows\system32\tmp4_731592409058.bk
c:\windows\system32\tmp4_734225808480.bk
c:\windows\system32\tmp4_734957745693.bk
c:\windows\system32\tmp4_739321112619.bk
c:\windows\system32\tmp4_73939349048.bk
c:\windows\system32\tmp4_740725713897.bk
c:\windows\system32\tmp4_744789124938.bk
c:\windows\system32\tmp4_74728177452.bk
c:\windows\system32\tmp4_747338408398.bk
c:\windows\system32\tmp4_750010753308.bk
c:\windows\system32\tmp4_75874392268.bk
c:\windows\system32\tmp4_759324237212.bk
c:\windows\system32\tmp4_760667780519.bk
c:\windows\system32\tmp4_762002571642.bk
c:\windows\system32\tmp4_76644357176.bk
c:\windows\system32\tmp4_772726224115.bk
c:\windows\system32\tmp4_775695264571.bk
c:\windows\system32\tmp4_77706572905.bk
c:\windows\system32\tmp4_779739797076.bk
c:\windows\system32\tmp4_780995723877.bk
c:\windows\system32\tmp4_783580330725.bk
c:\windows\system32\tmp4_785523581970.bk
c:\windows\system32\tmp4_791821634119.bk
c:\windows\system32\tmp4_797073209396.bk
c:\windows\system32\tmp4_80864655674.bk
c:\windows\system32\tmp4_81016414658.bk
c:\windows\system32\tmp4_812119319351.bk
c:\windows\system32\tmp4_81500663245.bk
c:\windows\system32\tmp4_818784750852.bk
c:\windows\system32\tmp4_82011548970.bk
c:\windows\system32\tmp4_82135331477.bk
c:\windows\system32\tmp4_829767356515.bk
c:\windows\system32\tmp4_830040539203.bk
c:\windows\system32\tmp4_830220436517.bk
c:\windows\system32\tmp4_834422420574.bk
c:\windows\system32\tmp4_836997681710.bk
c:\windows\system32\tmp4_838138434785.bk
c:\windows\system32\tmp4_838977249449.bk
c:\windows\system32\tmp4_841379882168.bk
c:\windows\system32\tmp4_842045385925.bk
c:\windows\system32\tmp4_844950799797.bk
c:\windows\system32\tmp4_845063542627.bk
c:\windows\system32\tmp4_84535810651.bk
c:\windows\system32\tmp4_851005644102.bk
c:\windows\system32\tmp4_855766628986.bk
c:\windows\system32\tmp4_856989171856.bk
c:\windows\system32\tmp4_864314862357.bk
c:\windows\system32\tmp4_865375306079.bk
c:\windows\system32\tmp4_867171692575.bk
c:\windows\system32\tmp4_868692797147.bk
c:\windows\system32\tmp4_871585146159.bk
c:\windows\system32\tmp4_872173534395.bk
c:\windows\system32\tmp4_877577725182.bk
c:\windows\system32\tmp4_879651733477.bk
c:\windows\system32\tmp4_882506461122.bk
c:\windows\system32\tmp4_884729439783.bk
c:\windows\system32\tmp4_885453383952.bk
c:\windows\system32\tmp4_886608723844.bk
c:\windows\system32\tmp4_88851789641.bk
c:\windows\system32\tmp4_89149346709.bk
c:\windows\system32\tmp4_895412867358.bk
c:\windows\system32\tmp4_90649122146.bk
c:\windows\system32\tmp4_94430561037.bk
c:\windows\system32\tmp4_9656038511.bk
c:\windows\system32\tmp4_99306355357.bk
c:\windows\system32\tpszxyd.sys
c:\windows\system32\wsldoekd.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AFINDING
-------\Legacy_AFISICX
-------\Legacy_MABIDWE
-------\Legacy_MACIDWE
-------\Legacy_NOBICYT
-------\Legacy_NOYTCYR
-------\Legacy_PERFMONS
-------\Legacy_ROUTING
-------\Legacy_ROYTCTM
-------\Legacy_SOBICYT
-------\Legacy_SOXPECA
-------\Legacy_TDXDOWKC
-------\Legacy_TDYDOWKC
-------\Legacy_WSERVING
-------\Legacy_WSLDOEKD
-------\Service_AFinding
-------\Service_afisicx
-------\Service_mabidwe
-------\Service_macidwe
-------\Service_NOBICYT
-------\Service_noytcyr
-------\Service_perfmons
-------\Service_Routing
-------\Service_roytctm
-------\Service_sobicyt
-------\Service_soxpeca
-------\Service_tdxdowkc
-------\Service_tdydowkc
-------\Service_WServing
-------\Service_wsldoekd


((((((((((((((((((((((((( Files Created from 2008-10-07 to 2008-11-07 )))))))))))))))))))))))))))))))
.

2008-11-07 18:42 . 2008-11-07 18:42 d-------- c:\program files\CCleaner
2008-10-23 19:51 . 2008-10-15 17:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-17 18:26 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-17 18:24 . 2008-08-14 11:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-17 18:24 . 2008-08-14 11:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-17 18:24 . 2008-08-14 10:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-17 18:24 . 2008-08-14 10:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-17 18:24 . 2008-09-15 13:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-12 15:23 . 2008-10-12 15:23 d-------- c:\program files\iPod
2008-10-12 15:22 . 2008-10-12 15:23 d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-12 15:21 . 2008-10-12 15:21 d-------- c:\program files\Bonjour
2008-10-12 15:19 . 2008-10-12 15:20 d-------- c:\program files\QuickTime
2008-10-12 15:16 . 2008-10-12 15:16 d-------- c:\program files\Apple Software Update

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-23 19:04 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-12 14:19 --------- d-----w c:\program files\Common Files\Apple
2008-10-12 13:58 --------- d-----w c:\documents and settings\The Family\Application Data\BitTorrent
2008-10-01 17:09 --------- d-----w c:\program files\MSN Messenger
2008-10-01 11:01 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys
2008-09-20 20:46 --------- d-----w c:\documents and settings\The Family\Application Data\Thinstall
2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys
2008-07-02 20:57 0 ----a-w c:\documents and settings\The Family\jagex_runescape_preferences.dat
2008-01-31 19:08 33,224 -c--a-w c:\documents and settings\The Family\Application Data\GDIPFONTCACHEV1.DAT
2007-05-27 19:34 560 ----a-w c:\documents and settings\The Family\Application Data\ViewerApp.dat
2006-10-16 16:15 25,600 -c--a-w c:\documents and settings\The Family\usbsermptxp.sys
2006-10-16 16:15 22,768 -c--a-w c:\documents and settings\The Family\usbsermpt.sys
2006-07-31 19:09 78,440 -c--a-w c:\documents and settings\All Users\Application Data\firstlsp.reg.dat
2007-06-27 09:48 11,270 --sha-w c:\windows\system32\KGyGaAvL.sys
.

-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Steam"="d:\program files\Valve\Steam.exe" [2008-10-10 1410296]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="d:\program files\Winamp\Winampa.exe" [2001-03-03 7680]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-07-17 266497]
"PWRISOVM.EXE"="d:\ross\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2004-09-20 4583424]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SoundMan"="SOUNDMAN.EXE" [2004-07-27 c:\windows\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2004-09-20 c:\windows\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2004-09-20 c:\windows\system32\nvmctray.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-03-30 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Microsoft Office.lnk - d:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll
"vidc.asv2"= asusasv2.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Venturi 2.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Venturi 2.lnk
backup=c:\windows\pss\Venturi 2.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^The Family^Start Menu^Programs^Startup^BAMMediaPlayerUpdater.lnk]
path=c:\documents and settings\The Family\Start Menu\Programs\Startup\BAMMediaPlayerUpdater.lnk
backup=c:\windows\pss\BAMMediaPlayerUpdater.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^The Family^Start Menu^Programs^Startup^swarmcast.lnk]
path=c:\documents and settings\The Family\Start Menu\Programs\Startup\swarmcast.lnk
backup=c:\windows\pss\swarmcast.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^The Family^Start Menu^Programs^Startup^WinMySQLadmin.lnk]
path=c:\documents and settings\The Family\Start Menu\Programs\Startup\WinMySQLadmin.lnk
backup=c:\windows\pss\WinMySQLadmin.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
--a------ 2007-09-19 00:37 587568 d:\program files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
--a------ 2004-09-17 14:24 61440 c:\program files\Lexmark 6200 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 17:57 289576 d:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-06-08 13:44 196608 c:\program files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 14:24 458752 c:\program files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 14:14 217088 c:\program files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-07-19 16:32 221184 c:\windows\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxbumon.exe]
--a------ 2004-09-22 11:59 188416 c:\program files\Lexmark 6200 Series\lxbumon.exE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:55 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 09:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-10-10 16:23 1410296 d:\program files\Valve\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-07-31 22:30 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Venturi2"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\WOW\\World of Warcraft\\WoW-1.11.0-enGB-downloader.exe"=
"d:\\Program Files\\WOW\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enGB-downloader.exe"=
"c:\\StubInstaller.exe"=
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\lxbucoms.exe"=
"d:\\Program Files\\LimeWire\\LimeWire.exe"=
"d:\\Program Files\\WOW\\World of Warcraft\\WoW-1.11.2.5464-to-1.12.0.5595-enGB-downloader.exe"=
"d:\\Program Files\\Valve\\steamapps\\rf123\\counter-strike\\hl.exe"=
"d:\\Program Files\\Valve\\steamapps\\rf123\\condition zero\\hl.exe"=
"d:\\Program Files\\WOW\\World of Warcraft\\BackgroundDownloader.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Counter-Strike\\czero.exe"=
"d:\\Program Files\\Valve\\steamapps\\rf123\\dedicated server\\hlds.exe"=
"d:\\Program Files\\Valve\\steamapps\\rf123\\dark messiah might and magic dedicated server\\srcds.exe"=
"c:\\Program Files\\Dell TrueMobile 2300\\ControlUtility.exe"=
"d:\\Program Files\\Valve\\steamapps\\ache154\\counter-strike\\hl.exe"=
"d:\\Program Files\\WOW\\World of Warcraft\\WoW-2.0.12.6546-to-2.1.0.6692-enGB-downloader.exe"=
"d:\\Program Files\\quake3.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\Program Files\\Valve\\Steam.exe"=
"d:\\Program Files\\Valve\\steamapps\\jocke101\\counter-strike\\hl.exe"=
"d:\\Program Files\\Valve\\steamapps\\jocke101\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"d:\\Program Files\\Valve\\steamapps\\rf123\\condition zero deleted scenes\\hl.exe"=
"d:\\Ross\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"d:\\Ross\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"d:\\Program Files\\Valve\\steamapps\\henke_brunis\\counter-strike\\hl.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"d:\\Dave\\Portable P2P tv apps\\portable P2P tv apps\\Portable KeyHoleTV.exe"=
"d:\\Program Files\\Counter-Strike\\hltv.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader

R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\DRIVERS\agpkx.sys [2005-05-03 45056]
R2 AntiVirMailService;AntiVir PersonalEdition Premium MailGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2008-07-17 164097]
R2 antivirwebservice;Avira AntiVir Premium WebGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE [2008-07-17 258305]
R2 AVEService;AntiVir PersonalEdition Premium MailGuard helper service;c:\program files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2008-07-17 41217]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\DRIVERS\ULILAN51.SYS [2005-03-22 28672]
R3 Video3D;ASUS Video3D Service;c:\windows\system32\Drivers\Video3D.sys [2004-07-06 44544]
S2 solewxte;solewxte Service;c:\windows\system32\solewxte.exe [ ]
S3 DMSKSSRh;DMSKSSRh;c:\docume~1\THEFAM~1\LOCALS~1\Temp\DMSKSSRh.sys [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f5d0de0-1f34-11dd-ac7a-00138f73d024}]
\Shell\AutoRun\command - g:\wd_windows_tools\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-10-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\The Family\Application Data\Mozilla\Firefox\Profiles\orvve0sx.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://cm.my.yahoo.com/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2008-11-07 19:31:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Avira\AntiVir PersonalEdition Premium\avguard.exe
c:\program files\Avira\AntiVir PersonalEdition Premium\sched.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\ATKKBService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\nvsvc32.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-11-07 19:43:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-07 18:43:04

Pre-Run: 5 898 784 768 bytes free
Post-Run: 5,859,311,616 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

1182 --- E O F --- 2008-11-01 18:45:52
------------------------------------------------------------------------------------------------------------

and here is a copy of "highjackthis.log"
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:02:39, on 2008-11-07
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\nvsvc32.exe
D:\Program Files\Winamp\Winampa.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
D:\Ross\PowerISO\PWRISOVM.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
D:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\LVComsX.exe
C:\HJT\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Ross\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "D:\Program Files\Valve\Steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "D:\Ross\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "D:\Ross\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\The Family\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - https://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154373393218
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://boaekonomi.gotdns.org/Remote/msrdp.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - https://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - https://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: solewxte Service (solewxte) - Unknown owner - C:\WINDOWS\system32\solewxte.exe (file missing)

--
End of file - 7754 bytes
Posted 11/9/2008 7:37 AM
#67889
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Please download Malwarebytes' Anti-Malware

to your desktop.


  • Double-click mbam-setup.exe and follow the prompts to install the program.

  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

  • If an update is found, it will download and install the latest version.

  • Once the program has loaded, select Perform full scan, then click Scan.

  • When the scan is complete, click OK, then Show Results to view the results.

  • Be sure that everything is checked, and click Remove Selected.

  • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt


  • Please post contents of that file in your next reply, along with new hijackthis log and tell how things are running ?

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Thursday, January 20, 2022, 2:02 AM (GMT +1)
There are a total of 61,946 posts in 13,685 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 38,662 registered members. Please welcome our newest member, Star1.
74 Guest(s), 0 Registered Member(s) are currently online.
×

Just a minute

Privacy has never been so important.

Nearly 50% of online users are now using a VPN to protect their privacy.

Find out why

…and if it grabs you bag yourself a VPN bargain.