Google Redirecting

Dell / Dimension 9100...
January 11, 2009 at 13:03:27
Specs: Microsoft Windows XP Home Edition, 2.793 GHz / 1022 MB
Hello,

I have the same problem as most people on this site... I get redirected to ads when I click on links on Google. I'm sorry if I tired anyone from adding one more topic of the same problem. Please help though.


See More: Google Redirecting

Report •


#1
January 11, 2009 at 15:42:29
Please download Malwarebytes' Anti-Malware from one of these sites:

MalwareBytes1

MalwareBytes2

Rename the setup file, mbam-setup.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename mbam-setup.exe to tool.exe> click save.

1. Double Click tool.exe to install the application.
2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything found is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Copy&Paste the entire report in your next reply.


Please download and install the latest version of HijackThis v2.0.2:


Download the "HijackThis" Installer from this link:
Hijack This

Rename the setup file, HJTInstall.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename HJTInstall.exe to tools.exe> click save.
1. Save " tools.exe" to your desktop.
2. Double click on tools.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.


Report •

#2
January 12, 2009 at 13:45:19
Malwarebytes' Anti-Malware 1.32
Database version: 1647
Windows 5.1.2600 Service Pack 3

1/12/2009 4:23:24 PM
mbam-log-2009-01-12 (16-23-24).txt

Scan type: Quick Scan
Objects scanned: 74033
Time elapsed: 29 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 21
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (Adware.MyWay) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34552d29-21d3-4c52-8c76-b3d984d8ad7e} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hdaus32 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{34552d29-21d3-4c52-8c76-b3d984d8ad7e} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\saix.installercaller (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\saix.installercaller.1 (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{dd469a88-316c-441d-b712-783d9b9a6707} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{4d25f920-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4d25f923-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d25f921-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d25f921-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4d25f921-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d25f924-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{deceaaa2-370a-49bb-9362-68c3a58ddc62} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{981bda1d-c8ad-46ff-be2c-fddd859ac6f5} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{d28cd14c-50be-4cfa-951e-b37f25da3472} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{deceaaa2-370a-49bb-9362-68c3a58ddc62} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\txorep (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kcuxigor (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\MyWaySA (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWaySA\SrchAsDe\1.bin (Adware.MyWebSearch) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\Hdaus32.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (Adware.MyWebSearch) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\VideoEgg\user.dat (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\WINDOWS\osofozuz.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\Rlezov.dat (Trojan.Agent) -> Delete on reboot.
_____________________________________________
Hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:43:22 PM, on 1/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Belkin\F5D8051v3\Belkinwcui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Digsby\lib\digsby-app.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\ALEX\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 203.125.104.250:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [F5D8051v3] C:\Program Files\Belkin\F5D8051v3\Belkinwcui.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?Lin...
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/s...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US...
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gam...
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim...
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/so...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gam...
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://www.adobe.com/products/acrob...
O16 - DPF: {CFD7D0F6-CCAF-4FFA-9D7F-CE9B65F562EC} (AppCaller Control) - http://bombndash.com/common/AppCall...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g...
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutCo...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binar...
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 16217 bytes


Report •

#3
January 12, 2009 at 14:06:16
Go to the provided link and follow the instruction to remove “Dell’s Myway search assistant”. Regardless of what Dell says it is spyware.

Remove Dell's MyWaySearch

Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Combofix is a powerful tool so follow the instructions exactly or you could damage your computer.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with Combofix and remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

In your case to run Combofix do the following:
1. Go offline turn off your McAfee antivirus, and any other antispyware that you may have.
2. Run Combofix and save its log.
3. Restart the computer to get the antivirus running again but leave the antispyware programs off until we get the computer cleaned.
4. Post the Combofix log.


Remember to re-enable the protection again afterwards before connecting to the Internet.

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running or move the mouse, it will cause your system to hang.)
Please post the log it produces.


Report •

Related Solutions

#4
January 13, 2009 at 14:02:22
For some reason... I can't post my log. Is it too long?

Report •

#5
January 13, 2009 at 15:45:34
Post it in segments, it may take two or three post.

Report •

#6
January 14, 2009 at 14:03:14
ComboFix 09-01-13.03 - ALEX 2009-01-13 16:21:59.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.488 [GMT -5:00]
Running from: c:\documents and settings\ALEX\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\test.txt
c:\windows\Downloaded Program Files\setup.inf
c:\windows\IE4 Error Log.txt

.
((((((((((((((((((((((((( Files Created from 2008-12-13 to 2009-01-13 )))))))))))))))))))))))))))))))
.

2009-01-13 15:32 . 2005-08-08 22:37 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Jasc Software Inc
2009-01-13 15:32 . 2005-08-08 22:45 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Gtek
2009-01-13 15:32 . 2005-08-08 22:46 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Creative
2009-01-13 15:32 . 2009-01-13 15:32 <DIR> d-------- c:\documents and settings\Administrator
2009-01-12 16:37 . 2009-01-12 16:36 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-12 16:26 . 2009-01-13 15:40 54,156 --ah----- c:\windows\QTFont.qfn
2009-01-12 16:26 . 2009-01-12 16:26 1,409 --a------ c:\windows\QTFont.for
2009-01-12 15:49 . 2009-01-12 15:49 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-12 15:49 . 2009-01-12 15:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-12 15:49 . 2009-01-12 15:49 <DIR> d-------- c:\documents and settings\ALEX\Application Data\Malwarebytes
2009-01-12 15:49 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-12 15:49 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-03 19:12 . 2009-01-11 11:56 156 --a------ c:\windows\Twunk001.MTX
2009-01-03 19:12 . 2009-01-11 11:56 4 --a------ c:\windows\Twain001.Mtx
2009-01-03 19:12 . 2009-01-03 19:12 0 --a------ c:\windows\Twunk002.MTX
2009-01-02 21:28 . 2009-01-02 21:28 <DIR> d-------- c:\program files\Bonjour
2009-01-02 21:10 . 2009-01-02 21:10 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2008-12-30 17:02 . 2008-12-30 17:02 7,029 --a------ c:\windows\efewebewah.dll
2008-12-28 18:14 . 2008-12-28 18:14 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-12-28 18:06 . 2008-12-29 09:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS
2008-12-26 13:54 . 2008-12-26 13:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\ATI
2008-12-26 13:54 . 2008-12-26 13:54 <DIR> d-------- c:\documents and settings\ALEX\Application Data\ATI
2008-12-26 13:52 . 2008-12-26 13:52 0 --a------ c:\windows\ativpsrm.bin
2008-12-26 13:42 . 2008-12-01 14:35 593,920 --------- c:\windows\system32\ati2sgag.exe
2008-12-26 13:39 . 2008-12-26 13:39 <DIR> d-------- C:\ATI
2008-12-26 11:36 . 2009-01-12 15:29 <DIR> d-------- c:\program files\Steam
2008-12-23 10:23 . 2008-12-23 10:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\BVRP Software
2008-12-16 19:54 . 2008-12-17 15:20 <DIR> d-------- c:\documents and settings\ALEX\Application Data\U3
2008-12-14 12:41 . 2008-12-14 12:41 7,009 --a------ c:\windows\afaqikuwafonutul.dll
2008-12-13 19:56 . 2008-12-13 19:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP
2008-12-13 19:55 . 2008-12-13 19:55 <DIR> d-------- c:\program files\Hewlett-Packard
2008-12-13 19:55 . 2008-12-13 19:55 <DIR> d-------- c:\program files\Common Files\HP
2008-12-13 19:55 . 2008-12-13 19:55 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard
2008-12-13 19:54 . 2008-12-13 19:54 <DIR> d-------- c:\windows\braveheart
2008-12-13 19:54 . 2007-11-06 21:04 1,373,528 -ra------ c:\windows\hpzshl01.exe
2008-12-13 19:54 . 2007-11-06 21:15 1,140,056 -ra------ c:\windows\hpzmsi01.exe
2008-12-13 19:54 . 2008-06-09 14:05 12,717 -ra------ c:\windows\hpwscr14.dat
2008-12-13 19:53 . 2008-12-13 19:53 <DIR> d-------- c:\program files\HP
2008-12-13 19:49 . 2007-01-17 11:37 49,920 -ra------ c:\windows\system32\drivers\HPZid412.sys
2008-12-13 19:49 . 2007-01-17 11:37 16,496 -ra------ c:\windows\system32\drivers\HPZipr12.sys
2008-12-13 19:48 . 2008-12-13 19:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2008-12-13 19:48 . 2008-12-13 20:22 179,485 --a------ c:\windows\hpwins14.dat
2008-12-13 19:48 . 2008-06-09 14:02 1,108 -ra------ c:\windows\hpwmdl14.dat
2008-12-13 19:47 . 2007-11-06 21:10 271,704 -ra------ c:\windows\system32\hpzids01.dll
2008-12-13 19:47 . 2008-07-01 12:10 118,272 --a------ c:\windows\system32\hpz3l5jy.dll
2008-12-13 19:47 . 2007-01-17 11:37 21,568 -ra------ c:\windows\system32\drivers\HPZius12.sys
2008-12-13 19:45 . 2007-10-31 07:19 970,752 -ra------ c:\windows\system32\hpwtiop3.dll
2008-12-13 19:45 . 2007-10-31 07:19 729,088 -ra------ c:\windows\system32\hpwwiax3.dll
2008-12-13 19:45 . 2007-01-17 11:37 364,544 -ra------ c:\windows\system32\hppldcoi.dll
2008-12-13 19:45 . 2007-01-17 11:37 309,760 -ra------ c:\windows\system32\difxapi.dll
2008-12-13 19:45 . 2007-01-17 11:31 294,912 -ra------ c:\windows\system32\hpovst11.dll
2008-12-13 19:44 . 2008-04-13 14:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-12-13 19:44 . 2008-04-13 14:45 15,104 --a------ c:\windows\system32\dllcache\usbscan.sys
2008-12-13 17:05 . 2008-12-13 17:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Digsby

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-13 21:12 --------- d-----w c:\documents and settings\ALEX\Application Data\Skype
2009-01-13 21:01 --------- d-----w c:\documents and settings\ALEX\Application Data\skypePM
2009-01-13 20:39 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2009-01-13 20:39 0 ----a-w c:\windows\system32\drivers\logiflt.iad
2009-01-12 21:36 --------- d-----w c:\program files\Java
2009-01-11 20:15 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-01-10 22:39 --------- d-----w c:\program files\Warcraft III
2009-01-09 03:08 --------- d-----w c:\documents and settings\ALEX\Application Data\FrostWire
2009-01-03 03:03 --------- d-----w c:\documents and settings\ALEX\Application Data\uTorrent
2009-01-03 02:28 --------- d-----w c:\program files\Common Files\Adobe
2008-12-30 14:26 --------- d-----w c:\program files\Common Files\Logitech
2008-12-26 18:43 --------- d-----w c:\program files\ATI Technologies
2008-12-26 18:42 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-17 20:03 --------- d-----w c:\program files\Digsby
2008-12-13 22:05 --------- d-----w c:\documents and settings\ALEX\Application Data\Digsby
2008-12-13 06:40 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-06 23:00 --------- d-----w c:\program files\Skype
2008-12-04 21:39 --------- d-----w c:\program files\FrostWire
2008-12-01 22:13 3,452,928 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2008-12-01 22:13 3,452,928 ----a-w c:\windows\system32\dllcache\ati2mtag.sys
2008-12-01 20:52 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll
2008-12-01 20:51 318,464 ----a-w c:\windows\system32\ati2dvag.dll
2008-12-01 20:46 11,304,960 ----a-w c:\windows\system32\atioglxx.dll
2008-12-01 20:41 188,416 ----a-w c:\windows\system32\atipdlxx.dll
2008-12-01 20:40 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2008-12-01 20:40 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2008-12-01 20:40 147,456 ----a-w c:\windows\system32\Oemdspif.dll
2008-12-01 20:40 143,360 ----a-w c:\windows\system32\ati2evxx.dll
2008-12-01 20:40 --------- d-----w c:\program files\QuickTime
2008-12-01 20:38 598,016 ----a-w c:\windows\system32\ati2evxx.exe
2008-12-01 20:37 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
2008-12-01 20:27 4,120,384 ----a-w c:\windows\system32\ati3duag.dll
2008-12-01 20:19 307,200 ----a-w c:\windows\system32\atiiiexx.dll
2008-12-01 20:11 2,495,360 ----a-w c:\windows\system32\ativvaxx.dll
2008-12-01 19:57 48,640 ----a-w c:\windows\system32\amdpcom32.dll
2008-12-01 19:53 45,056 ----a-w c:\windows\system32\amdcalrt.dll
2008-12-01 19:53 45,056 ----a-w c:\windows\system32\amdcalcl.dll
2008-12-01 19:53 401,408 ----a-w c:\windows\system32\atikvmag.dll
2008-12-01 19:52 86,016 ----a-w c:\windows\system32\atiadlxx.dll
2008-12-01 19:52 17,408 ----a-w c:\windows\system32\atitvo32.dll
2008-12-01 19:51 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2008-12-01 19:50 3,252,224 ----a-w c:\windows\system32\Amdcaldd.dll
2008-12-01 19:50 286,720 ----a-w c:\windows\system32\atiok3x2.dll
2008-12-01 19:45 577,536 ----a-w c:\windows\system32\ati2cqag.dll
2008-11-24 20:46 253,952 ----a-w c:\windows\odexulodipoki.dll
2008-11-22 15:22 --------- d-----w c:\program files\Google
2008-11-04 17:14 65,536 -c--a-w c:\windows\IFinst27.exe
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-21 18:51 118,784 ----a-w c:\windows\system32\atibrtmon.exe
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-04-06 00:29 32 -c--a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2007-12-27 16:20 22,328 -c--a-w c:\documents and settings\ALEX\Application Data\PnkBstrK.sys
2007-10-13 19:12 81,920 -c--a-w c:\documents and settings\ALEX\Application Data\ezpinst.exe
2007-10-13 19:12 47,360 -c--a-w c:\documents and settings\ALEX\Application Data\pcouffin.sys
2007-07-18 15:03 49 -c--a-w c:\documents and settings\ALEX\Application Data\internaldb9946.dat
2007-07-18 14:34 439,296 -c--a-w c:\documents and settings\ALEX\GoToAssist_phone__317_en.exe
2007-02-01 23:52 6,144 -c--a-w c:\documents and settings\LocalService\Application Data\internaldb488.dat
2006-09-05 20:54 9,216 -c--a-w c:\documents and settings\ALEX\Application Data\internaldb7522.dat
2006-09-05 20:54 0 -c--a-w c:\documents and settings\ALEX\Application Data\internaldb8273.dat
2006-09-05 20:34 299 -c--a-w c:\documents and settings\ALEX\Application Data\internaldb1942.dat
2006-07-01 12:24 144,480 -c--a-w c:\program files\Mc
2005-09-29 22:20 56 --sh--r c:\windows\system32\[u]0[/u]B00221261.sys
2008-08-15 13:48 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081520080816\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-08 67128]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-12 136600]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-04-25 139264]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-14 344064]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"A Verizon App"="c:\progra~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE" [2005-05-23 50744]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-28 185896]
"EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2007-06-06 151552]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 4838952]
"MBkLogOnHook"="c:\program files\McAfee\MBK\LogOnHook.exe" [2007-01-08 20480]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"F5D8051v3"="c:\program files\Belkin\F5D8051v3\Belkinwcui.exe" [2007-08-02 1630208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"CTHelper"="CTHELPER.EXE" [2004-03-11 c:\windows\system32\CTHELPER.EXE]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-08 67128]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\CyberLink\\PowerDirector Express\\PDX.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=
"c:\\Program Files\\Digsby\\Digsby.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\BitTorrent\\uTorrent.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Steam\\steamapps\\p4ttheb4ker\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager

S3 rt2870;Belkin N1 Wireless USB Adapter Driver;c:\windows\system32\drivers\rt2870.sys [2008-09-30 485248]
S3 XDva008;XDva008;\??\c:\windows\system32\XDva008.sys --> c:\windows\system32\XDva008.sys [?]
S3 XDva021;XDva021;\??\c:\windows\system32\XDva021.sys --> c:\windows\system32\XDva021.sys [?]
S3 XDva202;XDva202;\??\c:\windows\system32\XDva202.sys --> c:\windows\system32\XDva202.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e8b185e-cbbd-11dd-ba57-001cdf4aa84b}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-01-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-07-18 c:\windows\Tasks\McAfee Cleanup.job
- c:\docume~1\ALEX\LOCALS~1\Temp\MCPR.tmp\mccleanup.exe []

2009-01-09 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (SEBASTIAN-ALERIE).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe []

2008-07-18 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2009-01-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BitTorrent - c:\program files\BitTorrent\bittorrent.exe
HKCU-Run-BitTorrent DNA - c:\program files\BitTorrent_DNA\dna.exe


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar =
uInternet Settings,ProxyServer = 203.125.104.250:8080
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Download All by FlashGet - c:\progra~1\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\progra~1\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

c:\windows\Downloaded Program Files\AppCaller.ocx - O16 -: {CFD7D0F6-CCAF-4FFA-9D7F-CE9B65F562EC}
hxxp://bombndash.com/common/AppCaller.ocx

c:\windows\system32\mfc42.dll - O16 -: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D}
hxxp://www.gamengame.com/KALogoutComponent.cab
c:\windows\Downloaded Program Files\KALogoutComponent.inf
FF - ProfilePath - c:\documents and settings\ALEX\Application Data\Mozilla\Firefox\Profiles\bwdzxnq3.default\
FF - plugin: c:\documents and settings\ALEX\Application Data\Mozilla\Firefox\Profiles\bwdzxnq3.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvirtools.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-13 16:26:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
McAfee Backup = c:\program files\McAfee\MBK\McAfeeDataBackup.exe?????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...


c:\windows\TEMP\{9E2514D9-DC24-4634-B348-61F3EF0F1628}
c:\windows\TEMP\{A1185190-514F-11D6-A285-00A0CC51B2FE}
c:\windows\TEMP\{AC157741-3285-4D6A-B934-9174587A3493}
c:\windows\TEMP\{B3549608-69D3-11D7-AB2D-0090271A23A2}
c:\windows\TEMP\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}
c:\windows\TEMP\{DABD554A-7DA6-4763-BF17-D3CAFB55E5A6}
c:\windows\TEMP\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}
c:\windows\TEMP\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}
c:\windows\TEMP\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}
c:\windows\TEMP\{FD851F7E-F887-405D-9E1C-488811113EF3}
c:\windows\TEMP\~WZS2714.TMP
c:\windows\TEMP\~WZS2714.TMP\SETUP.EXE 81920 bytes executable
c:\windows\TEMP\~WZS2714.TMP\Setup.ini 1590 bytes
c:\windows\TEMP\{435E969D-867E-4364-8E74-3DC8A69C5BDB}
c:\windows\TEMP\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}
c:\windows\TEMP\{67AEFC4C-69E4-11D7-85F4-00E018013273}
c:\windows\TEMP\{7201B853-5833-11D6-A285-00A0CC51B2FE}
c:\windows\TEMP\{72A810B1-EE62-455A-A086-E1C9FEDE7F29}
c:\windows\TEMP\{7A900EAB-DA37-4554-AF19-9C337476D05D}
c:\windows\TEMP\{9154ED7C-926E-49CC-B677-0CF3C5267457}
c:\windows\TEMP\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}
c:\windows\TEMP\sqlite_YsLgzotwhIoeHNW 1024 bytes
c:\windows\TEMP\sqlite_ySqRUyGHp86HBFm 0 bytes
c:\windows\TEMP\sqlite_ysYIyXi6GcmNQh2 1024 bytes
c:\windows\TEMP\sqlite_yvJscgf4hyvg7Bv 1024 bytes
c:\windows\TEMP\sqlite_YvQpiCebFitQVfe 1024 bytes
c:\windows\TEMP\sqlite_Yw9mGBm4QUSbSAT 0 bytes
c:\windows\TEMP\sqlite_yWB9LDbNJisQ7cP 0 bytes
c:\windows\TEMP\sqlite_yWdOXfY4bL1ehgy 1024 bytes
c:\windows\TEMP\sqlite_yWIuqvYC1NRqoaR 0 bytes
c:\windows\TEMP\sqlite_YWoGKb9rBT0kHfk 0 bytes
c:\windows\TEMP\sqlite_YXbbPCzBdlsTljO 1024 bytes
c:\windows\TEMP\sqlite_yxbbvFMlrsYcyQj 0 bytes
c:\windows\TEMP\sqlite_YXMJkMJF7lJnHlO 0 bytes
c:\windows\TEMP\sqlite_YyJXUQ1ZiUEoINx 0 bytes
c:\windows\TEMP\sqlite_yyKbfdOSnRY3w8f 0 bytes
c:\windows\TEMP\sqlite_Yz24lgB64Y7hzhN 0 bytes
c:\windows\TEMP\sqlite_nYtVUG866RHOnBY 0 bytes
c:\windows\TEMP\sqlite_nyvKOdr21reasDN 0 bytes
c:\windows\TEMP\sqlite_nZFl5jzRNkU6LC2 0 bytes
c:\windows\TEMP\sqlite_NzN7hWKgAOyCWn9 1024 bytes
c:\windows\TEMP\sqlite_nzVrffObj6heZRr 0 bytes
c:\windows\TEMP\sqlite_o08S4Q8hsBySXdp 0 bytes
c:\windows\TEMP\sqlite_O0z97Xh4Wp5IFMt 0 bytes
c:\windows\TEMP\sqlite_o1jTbkjhxIRlvly 0 bytes
c:\windows\TEMP\sqlite_O2nEUdygb3BPpWB 1024 bytes
c:\windows\TEMP\sqlite_o3eiFYJggscg6nJ 1024 bytes
c:\windows\TEMP\sqlite_o3mO4d5rhcpq22p 0 bytes
c:\windows\TEMP\sqlite_O4iiFn0VhgIGFdL 1024 bytes
c:\windows\TEMP\sqlite_o4KxVusRY92ccYj 0 bytes
c:\windows\TEMP\sqlite_o4mdDu4QYN0cgCc 0 bytes
c:\windows\TEMP\sqlite_O5m0TENCa6Q8Yph 0 bytes
c:\windows\TEMP\sqlite_o625uyPwp7u1Ic2 1024 bytes
c:\windows\TEMP\Perflib_Perfdata_a88.dat 16384 bytes
c:\windows\TEMP\sqlite_Tl3ehnqaINbZS7V 1024 bytes
c:\windows\TEMP\sqlite_tLyYDzA1LihjXpr 0 bytes
c:\windows\TEMP\sqlite_tmvqthuDBnhiTWb 1024 bytes
c:\windows\TEMP\sqlite_TMxfyXBIaUk89TC 0 bytes
c:\windows\TEMP\sqlite_TNgSaCO0CaigKfe 0 bytes
c:\windows\TEMP\sqlite_TNW8sgDf9kv37T0 1024 bytes
c:\windows\TEMP\sqlite_TODqJRDSJXtCiji 1024 bytes
c:\windows\TEMP\sqlite_TOmO5gEdKctgCnO 0 bytes
c:\windows\TEMP\sqlite_tP80vc6TIRiDjLK 0 bytes
c:\windows\TEMP\sqlite_tPe75PmV0SJyjvd 1024 bytes
c:\windows\TEMP\sqlite_tPyTdimk9svV2WO 0 bytes
c:\windows\TEMP\sqlite_tQI2oGpXvg48veb 0 bytes
c:\windows\TEMP\sqlite_tQr762tVrLVGwDp 0 bytes
c:\windows\TEMP\sqlite_TRBwx5yLrB1MD1B 0 bytes
c:\windows\TEMP\sqlite_TRMDa7erolqKCFd 0 bytes
c:\windows\TEMP\sqlite_ts0Q6jEfMCdYas7 0 bytes
c:\windows\TEMP\sqlite_Ts9wxUR3WhGqd2H 0 bytes
c:\windows\TEMP\sqlite_TSk3E1tTLNt5RPQ 0 bytes
c:\windows\TEMP\sqlite_tt96HBDqigk65sO 1024 bytes
c:\windows\TEMP\sqlite_TtBd6Oopcbpxycr 0 bytes
c:\windows\TEMP\sqlite_TTKXQzCvrjLZE3o 1024 bytes
c:\windows\TEMP\sqlite_tTqyOK8E4aacplE 0 bytes
c:\windows\TEMP\sqlite_TtTJUqJafVkArD6 0 bytes
c:\windows\TEMP\sqlite_TU0ogJN2w6H4pqw 0 bytes
c:\windows\TEMP\sqlite_tUdMYaLEdVgcatchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
c:\windows\TEMP\sqlite_TUhQKLgoNGyW5A4 1024 bytes
c:\windows\TEMP\sqlite_qpm3qtgkQzc2WVB 0 bytes
c:\windows\TEMP\sqlite_QPsYoVXh2x9Dbn1 0 bytes
c:\windows\TEMP\sqlite_QqAn5n4G7tVamdy 1024 bytes
c:\windows\TEMP\sqlite_QquVL1fKb39RPHa 0 bytes
c:\windows\TEMP\sqlite_qR9nWAzhR2qf1nI 0 bytes
c:\windows\TEMP\sqlite_QRHh5EdZIyrCSPA 0 bytes
c:\windows\TEMP\sqlite_QrSBNSwgKY4A5wi 0 bytes
c:\windows\TEMP\sqlite_QsBWULXDiFc--tL 0 bytes
c:\windows\TEMP\sqlite_qssuvZ3ReWVttja 1024 bytes
c:\windows\TEMP\sqlite_qtgqzaQd7ChEDOv 0 bytes
c:\windows\TEMP\sqlite_QTHVY8p1VODxZZK 0 bytes
c:\windows\TEMP\sqlite_QTV2rbaZ7cj29sA 1024 bytes
c:\windows\TEMP\sqlite_qtY9qMsGTXxoyiO 0 bytes
c:\windows\TEMP\sqlite_qtZwGZxmpfdD81k 0 bytes
c:\windows\TEMP\sqlite_quC7pMl0JeRYLpz 0 bytes
c:\windows\TEMP\sqlite_qUH31ZkJb09gff6 1024 bytes
c:\windows\TEMP\sqlite_qVQ4hbqeEa7AUya 1024 bytes
c:\windows\TEMP\sqlite_qwbQhStEdVSQJTj 0 bytes
c:\windows\TEMP\sqlite_qXkVIAsISWvbxym 1024 bytes
c:\windows\TEMP\sqlite_QXnLReubgGX81uc 1024 bytes
c:\windows\TEMP\sqlite_qybfA4iZoyXDAJN 0 bytes
c:\windows\TEMP\sqlite_qyC3zbugNaY6UDk 0 bytes
c:\windows\TEMP\sqlite_qYD3bJAQH6M7B7S 1024 bytes
c:\windows\TEMP\sqlite_QzIUV06qPxCTgEE 0 bytes
c:\windows\TEMP\sqlite_qZJp1qOmIspmc7j 1024 bytes
c:\windows\TEMP\sqlite_qzThD3yOv8hYAG6 1024 bytes
c:\windows\TEMP\sqlite_lsCee3ZeGdbxmta 0 bytes
c:\windows\TEMP\sqlite_lsEnwJHTOvQ2drP 1024 bytes
c:\windows\TEMP\sqlite_lSoD35k3hVvUaqS 1024 bytes
c:\windows\TEMP\sqlite_lT3sX9fGW2noSQQ 1024 bytes
c:\windows\TEMP\sqlite_lTG4HClCcxMBMZL 1024 bytes
c:\windows\TEMP\sqlite_luFgEH7ss0q1fg0 0 bytes
c:\windows\TEMP\sqlite_lULvyAh7iZeoCcd 1024 bytes
c:\windows\TEMP\sqlite_lUQ4OafXdIrxgCM 0 bytes
c:\windows\TEMP\sqlite_LuuhTxixifSZ6FZ 1024 bytes
c:\windows\TEMP\sqlite_LUuTg02YmdIs9GK 0 bytes
c:\windows\TEMP\sqlite_luyg7gbHMblqL7K 0 bytes
c:\windows\TEMP\sqlite_LV0v2886AqhOw6E 0 bytes
c:\windows\TEMP\sqlite_lVknhBJw875wkyw 0 bytes
c:\windows\TEMP\sqlite_LVls4cmd90cCvs9 0 bytes
c:\windows\TEMP\sqlite_lvpJUXbeTpwvSjA 0 bytes
c:\windows\TEMP\sqlite_lw8PHJZvEQbonHu 0 bytes
c:\windows\TEMP\sqlite_lWFgUmTj81sDvyr 1024 bytes
c:\windows\TEMP\sqlite_LwMQtoZZBpp9lBj 1024 bytes
c:\windows\TEMP\sqlite_LwxYZFV58OGOo9M 1024 bytes
c:\windows\TEMP\sqlite_LXaY7Y8ddwv4BD5 0 bytes
c:\windows\TEMP\sqlite_lXhmA60qKS6f6d9 0 bytes
c:\windows\TEMP\sqlite_lyrPhMDJo6IxtSL 1024 bytes
c:\windows\TEMP\sqlite_LziOy8YvXK1nF5t 0 bytes
c:\windows\TEMP\sqlite_lZLbQdtT138Ryr3 0 bytes
c:\windows\TEMP\sqlite_lzOE3uNns7nRvdx 0 bytes
c:\windows\TEMP\sqlite_lzUhuvKStKtKNfR 1024 bytes
c:\windows\TEMP\sqlite_M0pB7NltxgRDcdg 0 bytes
c:\windows\TEMP\sqlite_M0sIsdk0govTwoV 1024 bytes
c:\windows\TEMP\sqlite_m0vn0a0iSdSd9g5 0 bytes
c:\windows\TEMP\sqlite_M28aDjD16V1a4KP 1024 bytes
c:\windows\TEMP\sqlite_W70EUUgZ1E6FkY0 0 bytes
c:\windows\TEMP\sqlite_w7h3h49EaX4Rbff 0 bytes
c:\windows\TEMP\sqlite_w7wtnFOuL27Czhu 0 bytes
c:\windows\TEMP\sqlite_w8hDik7ncbmsYAY 0 bytes
c:\windows\TEMP\sqlite_Wap5yYYxyjIKne5 0 bytes
c:\windows\TEMP\sqlite_wAwfZk4DiaTecto 0 bytes
c:\windows\TEMP\sqlite_WbxIDkz23pVg9bd 0 bytes
c:\windows\TEMP\sqlite_wcufdqgav7avzVq 0 bytes
c:\windows\TEMP\sqlite_WD8pDqAm02mAYrA 1024 bytes
c:\windows\TEMP\sqlite_WdGZmSdcT5Es6yD 1024 bytes
c:\windows\TEMP\sqlite_WDOdo9v6326Hwie 0 bytes
c:\windows\TEMP\sqlite_wdYMTXUVyXDqoRb 0 bytes
c:\windows\TEMP\sqlite_WET3bt5DCzuhJa7 0 bytes
c:\windows\TEMP\sqlite_WeYIqtX4lsKcMFC 0 bytes
c:\windows\TEMP\sqlite_wF1ua0yarSo7UZD 1024 bytes
c:\windows\TEMP\sqlite_wFC309vLfCgibkH 0 bytes
c:\windows\TEMP\sqlite_ZV86XXo0FdtaDYK 0 bytes
c:\windows\TEMP\sqlite_ZVYkj22GadkAEKu 0 bytes
c:\windows\TEMP\sqlite_ZW6ztSwJIeXXzaW 1024 bytes
c:\windows\TEMP\sqlite_ZX0tEXmpKVb1FaR 0 bytes
c:\windows\TEMP\sqlite_zXldriF4fA8tAWl 1024 bytes
c:\windows\TEMP\sqlite_zxZ2bW2l3KrScAn 0 bytes
c:\windows\TEMP\sqlite_zypWuRpRsxQf6Aj 0 bytes
c:\windows\TEMP\sqlite_ZYs93rL2j5mXxEr 0 bytes
c:\windows\TEMP\sqlite_ZZ0dlKxoHOE932B 0 bytes
c:\windows\TEMP\sqlite_ZZhKaeGXnwHV3Qx 0 bytes
c:\windows\TEMP\sqlite_zZkxcaGDqzQZnWT 0 bytes
c:\windows\TEMP\Stick_Figure_{A1A13D7E-C668-4046-B7BC-400922F632D4}.xml 2710 bytes
c:\windows\TEMP\sw_hp.reg 28902 bytes
c:\windows\TEMP\sw_unins.reg 443380 bytes
c:\windows\TEMP\T30DebugLogFile.txt 0 bytes
c:\windows\TEMP\sqlite_uQ94ud2rDhAd4tu 0 bytes
c:\windows\TEMP\sqlite_UQ9DeKPgmt5haQb 1024 bytes
c:\windows\TEMP\sqlite_UQNpklbyIQ1dVST 0 bytes
c:\windows\TEMP\sqlite_uQp9fetda5FaY4x 0 bytes
c:\windows\TEMP\sqlite_uqX79PhTtFYw3bB 0 bytes
c:\windows\TEMP\sqlite_URbUvVb3P9dURIR 0 bytes
c:\windows\TEMP\sqlite_uriGe2V1qW1XGsa 0 bytes
c:\windows\TEMP\sqlite_Us969dt7Sc0FPeH 0 bytes
c:\windows\TEMP\sqlite_usi79EXp8Ny4O8Z 0 bytes
c:\windows\TEMP\sqlite_USJUhHa3CYalBUn 0 bytes
c:\windows\TEMP\sqlite_UsNIH3cq2WV8pNC 0 bytes
c:\windows\TEMP\sqlite_UsYfTChyxLFVnDG 0 bytes


Report •

#7
January 14, 2009 at 14:06:06
Continued Part 2
___________________________________

c:\windows\TEMP\sqlite_uSZUUSzGYreElQ5 1024 bytes
c:\windows\TEMP\sqlite_utcNlByedZdbcaG 0 bytes
c:\windows\TEMP\sqlite_Utz0vTqZBrkV7XK 1024 bytes
c:\windows\TEMP\sqlite_uu0k8hLZxsJvbSy 1024 bytes
c:\windows\TEMP\sqlite_uudR667rihjQdqA 0 bytes
c:\windows\TEMP\sqlite_UUXXcEwcKgCiFss 1024 bytes
c:\windows\TEMP\sqlite_UvgrtAcp3poOCVy 1024 bytes
c:\windows\TEMP\sqlite_uVkmQpzD8PVVJJf 1024 bytes
c:\windows\TEMP\sqlite_UWZGrr7dPdawhSi 0 bytes
c:\windows\TEMP\sqlite_UxppebMGhHg4rJ1 0 bytes
c:\windows\TEMP\sqlite_uYgQQKITfaNulOG 0 bytes
c:\windows\TEMP\sqlite_UYKUj6tRa2ZAga0 1024 bytes
c:\windows\TEMP\sqlite_UZ52T5whKBPT2ZQ 0 bytes
c:\windows\TEMP\sqlite_UZkUrxHJE5uRsg7 1024 bytes
c:\windows\TEMP\sqlite_s2K6OxNT2D1B0PW 0 bytes
c:\windows\TEMP\sqlite_s3N2I7IosYuCTS6 1024 bytes
c:\windows\TEMP\sqlite_s41hhJKS0aGJKT3 1024 bytes
c:\windows\TEMP\sqlite_S5iGY22crbxeZcq 0 bytes
c:\windows\TEMP\sqlite_s6qJ0YPH5yNhF5i 0 bytes
c:\windows\TEMP\sqlite_S7diZU2vCfTV6S2 0 bytes
c:\windows\TEMP\sqlite_S9y8vJ9x2u3E5Bq 0 bytes
c:\windows\TEMP\sqlite_Sa8YZuAXhHaBorq 1024 bytes
c:\windows\TEMP\sqlite_Saf6GrXIHk3UjsA 0 bytes
c:\windows\TEMP\sqlite_sAGBf4evgMJcivM 1024 bytes
c:\windows\TEMP\sqlite_saNBZ86eloVNVvh 0 bytes
c:\windows\TEMP\sqlite_SBsnH1d1zsVTlze 0 bytes
c:\windows\TEMP\sqlite_sbXwpJrpZL2a9Yi 0 bytes
c:\windows\TEMP\sqlite_Sc8lWdZXTAG8Chk 1024 bytes
c:\windows\TEMP\sqlite_SCuUPGaTb58NP9b 0 bytes
c:\windows\TEMP\sqlite_scuyAds4Y2ir6U8 1024 bytes
c:\windows\TEMP\sqlite_ScX1LhAa1ut004m 1024 bytes
c:\windows\TEMP\sqlite_sd0DOljI12anZNH 1024 bytes
c:\windows\TEMP\sqlite_SDUpADc5489UlJV 1024 bytes
c:\windows\TEMP\sqlite_sE4jLBLSCagwQRr 0 bytes
c:\windows\TEMP\sqlite_sehundbq3cxxbVA 0 bytes
c:\windows\TEMP\sqlite_sEt3rwtIdRkJhWk 0 bytes
c:\windows\TEMP\sqlite_sfBvwkiUDnwf2EY 0 bytes
c:\windows\TEMP\sqlite_SGDUEuayvCLlm4f 0 bytes
c:\windows\TEMP\sqlite_SGm44kbSeuzeXnl 1024 bytes
c:\windows\TEMP\sqlite_mREqFgxh8LoiDkj 1024 bytes
c:\windows\TEMP\sqlite_MRn4BaziQbQFap3 1024 bytes
c:\windows\TEMP\sqlite_MSIbiHUxxoFfkgM 1024 bytes
c:\windows\TEMP\sqlite_MsP3dSV6czcmBVe 0 bytes
c:\windows\TEMP\sqlite_MTgegfvUkHJ0MJZ 0 bytes
c:\windows\TEMP\sqlite_MTlb97xCeJ8FxbA 0 bytes
c:\windows\TEMP\sqlite_mTNA9M4vZDi4TUT 0 bytes
c:\windows\TEMP\sqlite_MtoagqaCOu6uXUA 1024 bytes
c:\windows\TEMP\sqlite_MU7r23cbwQcK3Df 0 bytes
c:\windows\TEMP\sqlite_muANK4Zaqq4ENzR 1024 bytes
c:\windows\TEMP\sqlite_MULAWLEARxR4ES2 1024 bytes
c:\windows\TEMP\sqlite_MvfruGuOreWN8fh 0 bytes
c:\windows\TEMP\sqlite_mvQ00cd5q3MrOoe 1024 bytes
c:\windows\TEMP\sqlite_mvQsbjpZj5qlcCw 0 bytes
c:\windows\TEMP\sqlite_MVTeIfGA7kN0R4D 0 bytes
c:\windows\TEMP\sqlite_mVTFKIgEjtKPeSA 1024 bytes
c:\windows\TEMP\sqlite_Mvvo1cwa3oYSK8d 1024 bytes
c:\windows\TEMP\sqlite_MxRih779vIxL1b0 0 bytes
c:\windows\TEMP\sqlite_MxXB4qm5cC9ZVH3 0 bytes
c:\windows\TEMP\sqlite_mxYgWIahl88eTRI 0 bytes
c:\windows\TEMP\sqlite_MXZJOD3EivK0d0K 0 bytes
c:\windows\TEMP\sqlite_mY7n4nKrRFN3IeI 1024 bytes
c:\windows\TEMP\sqlite_MYrNA0Nb0QG3XoO 1024 bytes
c:\windows\TEMP\sqlite_mZ1Qel2n6rSiEgb 1024 bytes
c:\windows\TEMP\sqlite_P8h18knbv2Kizeg 0 bytes
c:\windows\TEMP\sqlite_p8mkRpfwXZUgalo 1024 bytes
c:\windows\TEMP\sqlite_P8TP6BWvQOxXpDL 1024 bytes
c:\windows\TEMP\sqlite_P9oxqwW4nGSVW0Z 1024 bytes
c:\windows\TEMP\sqlite_PA2E3KItf8Q8kZq 0 bytes
c:\windows\TEMP\sqlite_PA5tusPCtD1wL3D 0 bytes
c:\windows\TEMP\sqlite_pafTajAweqUVWc1 1024 bytes
c:\windows\TEMP\sqlite_PAjnu9hNyVcUT6w 0 bytes
c:\windows\TEMP\sqlite_PAsbrluIaO0ETM1 1024 bytes
c:\windows\TEMP\sqlite_Pb42MYdJWyqbSca 0 bytes
c:\windows\TEMP\sqlite_PBMjA0pdQKayglU 0 bytes
c:\windows\TEMP\sqlite_pCaBvgO4DMpZo8w 1024 bytes
c:\windows\TEMP\sqlite_pcmiJa3gf2FoYUC 1024 bytes
c:\windows\TEMP\sqlite_pCpfXh4UyU79xg9 0 bytes
c:\windows\TEMP\sqlite_PDlneQR2pghdL81 1024 bytes
c:\windows\TEMP\sqlite_pDpDbTknJdv3VNl 1024 bytes
c:\windows\TEMP\sqlite_pefrjcdx3PnOI2u 0 bytes
c:\windows\TEMP\sqlite_xjrc2aDwrDavkdz 0 bytes
c:\windows\TEMP\sqlite_XJybrSuaiE3rmt4 0 bytes
c:\windows\TEMP\sqlite_XKIdEfuklr2fdso 1024 bytes
c:\windows\TEMP\sqlite_xldBuf9fTmSwLBf 0 bytes
c:\windows\TEMP\sqlite_XljMTIab8T5pLls 0 bytes
c:\windows\TEMP\sqlite_xlNl6TWbA1oBCWi 1024 bytes
c:\windows\TEMP\sqlite_XLQhL4Lsd4r7L9h 0 bytes
c:\windows\TEMP\sqlite_Xmmd90FXFqE7EFD 1024 bytes
c:\windows\TEMP\sqlite_XNBieXcbyzCuEQf 0 bytes
c:\windows\TEMP\sqlite_xnfKwx4bOOMRX4v 1024 bytes
c:\windows\TEMP\sqlite_XNlGUZ4kYJn5g6D 0 bytes
c:\windows\TEMP\sqlite_XO4qgMoadhEcZRl 0 bytes
c:\windows\TEMP\sqlite_xO5I3w3BEc19d3D 0 bytes
c:\windows\TEMP\sqlite_xohlFbflnz74EP6 0 bytes
c:\windows\TEMP\sqlite_XOQfoxjePb7tmZq 1024 bytes
c:\windows\TEMP\sqlite_Xpdl240Wf3u12Ok 0 bytes
c:\windows\TEMP\sqlite_xPot4gc4McqRUzs 0 bytes
c:\windows\TEMP\sqlite_XPSiihsPTUlkufE 1024 bytes
c:\windows\TEMP\sqlite_XqCAXFjXdgi8snl 1024 bytes
c:\windows\TEMP\sqlite_xqcDmZNtNZWllQ7 1024 bytes
c:\windows\TEMP\sqlite_XqgHNg9KtXD03hp 0 bytes
c:\windows\TEMP\sqlite_XqHvfzk3TQVjjtS 0 bytes
c:\windows\TEMP\sqlite_xQVhk147pcKJCDj 1024 bytes
c:\windows\TEMP\sqlite_XQYRusnI6LCuhVl 0 bytes
c:\windows\TEMP\sqlite_xqZq21MIKA0CeEH 1024 bytes
c:\windows\TEMP\sqlite_xRfE1JcjDNM3N9X 1024 bytes
c:\windows\TEMP\sqlite_xRVJXe82knfxIia 0 bytes
c:\windows\TEMP\sqlite_XRynJojejDFmQP6 1024 bytes
c:\windows\TEMP\sqlite_xSEv1pFJNVioiRn 0 bytes
c:\windows\TEMP\sqlite_vcEt5hDdnBWtN5N 0 bytes
c:\windows\TEMP\sqlite_vChpi9pSljesvmQ 0 bytes
c:\windows\TEMP\sqlite_VcI3oBfkuZZMBQy 0 bytes
c:\windows\TEMP\sqlite_vcXPaIRFkQrfaj1 1024 bytes
c:\windows\TEMP\sqlite_vD56WBf6Z5cp170 0 bytes
c:\windows\TEMP\sqlite_VDJvY5524rVtI8d 0 bytes
c:\windows\TEMP\sqlite_ve7LuwIzpn7XWNO 1024 bytes
c:\windows\TEMP\sqlite_vEeAlIObUehqZ3r 1024 bytes
c:\windows\TEMP\sqlite_VEtCaC0YuOjEbrh 0 bytes
c:\windows\TEMP\sqlite_VfGKTAfpiBCydaw 0 bytes
c:\windows\TEMP\sqlite_vfZhAuF5WUE35Ru 1024 bytes
c:\windows\TEMP\sqlite_vgAGIb4PEu0cXHg 1024 bytes
c:\windows\TEMP\sqlite_vGaUte00ZPl9jFx 1024 bytes
c:\windows\TEMP\sqlite_VGmdKunNZCrnwWu 1024 bytes
c:\windows\TEMP\sqlite_VgQd2cKngPCEPT8 0 bytes
c:\windows\TEMP\sqlite_vHt0f2T8Vfnp7Y7 0 bytes
c:\windows\TEMP\sqlite_vJHdQVCgEm4nmi4 0 bytes
c:\windows\TEMP\sqlite_vk0MVc0vrMW31Ps 1024 bytes
c:\windows\TEMP\sqlite_VKJBuCBNW5fve73 0 bytes
c:\windows\TEMP\sqlite_vmqKk7zDg1r7hVT 0 bytes
c:\windows\TEMP\sqlite_Vmy00z4OaYCrRXy 0 bytes
c:\windows\TEMP\sqlite_VN9gVuKhWFFJxFF 1024 bytes
c:\windows\TEMP\sqlite_vnH9Xam1VNsBHqX 0 bytes
c:\windows\TEMP\sqlite_Vo0JDWGszF3aIK4 0 bytes
c:\windows\TEMP\sqlite_VOL5A5qDRCi4RhB 0 bytes
c:\windows\TEMP\sqlite_voPqNE0OpY2nMUe 1024 bytes
c:\windows\TEMP\sqlite_voUEqWY0DYtX2GO 1024 bytes
c:\windows\TEMP\sqlite_VoybvE774T5cAWb 0 bytes
c:\windows\TEMP\sqlite_l7Did4XVvzFaUEo 1024 bytes
c:\windows\TEMP\sqlite_lHAfdSlMnzRbNs9 0 bytes
c:\windows\TEMP\sqlite_lR1jccGKCQ4iQOY 0 bytes
c:\windows\TEMP\sqlite_m2wCWfwnSguXFNf 1024 bytes
c:\windows\TEMP\sqlite_mCVflMFQH65pNVC 1024 bytes
c:\windows\TEMP\sqlite_MGUeJZDdTegRgqp 0 bytes
c:\windows\TEMP\sqlite_MrBDRTgTCA9yMtk 0 bytes
c:\windows\TEMP\sqlite_N1ElIZJts6wEsL2 1024 bytes
c:\windows\TEMP\sqlite_ndT3x4YOpi3FPkd 1024 bytes
c:\windows\TEMP\sqlite_NNLMKRGahXmChwO 0 bytes
c:\windows\TEMP\sqlite_nyn8TbzaWsgeghk 1024 bytes
c:\windows\TEMP\sqlite_O6Cb7mGAG5fZyu8 0 bytes
c:\windows\TEMP\sqlite_OJ4vLddy4z8e50S 0 bytes
c:\windows\TEMP\sqlite_OvjRD1pXSXMWHDl 0 bytes
c:\windows\TEMP\sqlite_wyVWQ6evQGDbhlf 0 bytes
c:\windows\TEMP\sqlite_wZ3IG2sktI777UJ 0 bytes
c:\windows\TEMP\sqlite_WZ5P4b9OaycZx2H 0 bytes
c:\windows\TEMP\sqlite_WZIob6nxpdhh4z2 1024 bytes
c:\windows\TEMP\sqlite_wZis1i739lGJCeP 0 bytes
c:\windows\TEMP\sqlite_WZtofMWfgdJzrQf 1024 bytes
c:\windows\TEMP\sqlite_X1bQXiShqAOIPEY 0 bytes
c:\windows\TEMP\sqlite_X1rAQAinBpNmsu0 0 bytes
c:\windows\TEMP\sqlite_x1tCZ2u6dmFnHR3 1024 bytes
c:\windows\TEMP\sqlite_x1tdnh5fPcoe5mZ 0 bytes
c:\windows\TEMP\sqlite_x40etFirZdcXEMg 0 bytes
c:\windows\TEMP\sqlite_x4DqElckgDeRxxf 0 bytes
c:\windows\TEMP\sqlite_X4mpKgLegcNbo4q 0 bytes
c:\windows\TEMP\sqlite_x56xeSqGi6ozMbK 1024 bytes
c:\windows\TEMP\sqlite_X5bjiaKbfPJJZxT 0 bytes
c:\windows\TEMP\sqlite_x7dzqBffiRoFKaa 0 bytes
c:\windows\TEMP\sqlite_x7PiDRRBwvYU9Wl 0 bytes
c:\windows\TEMP\sqlite_X7tGXgUhLnGUrpY 1024 bytes
c:\windows\TEMP\sqlite_x8bb9uq95u87oY0 1024 bytes
c:\windows\TEMP\sqlite_XagLw2BtKln1b8a 1024 bytes
c:\windows\TEMP\sqlite_xAJt6hmd5xGZ70H 1024 bytes
c:\windows\TEMP\sqlite_Xbg2sfnVf39KTpz 0 bytes
c:\windows\TEMP\sqlite_XbQJTw7vRIio7rj 0 bytes
c:\windows\TEMP\sqlite_xCC99vc68gYPcxm 0 bytes
c:\windows\TEMP\sqlite_XcjXSGajGhdSiBc 1024 bytes
c:\windows\TEMP\sqlite_xd2oFzvshWLu7uj 0 bytes
c:\windows\TEMP\sqlite_XDB34ngXy3duNAS 1024 bytes
c:\windows\TEMP\sqlite_zdJgzBDuLIaAYgq 1024 bytes
c:\windows\TEMP\sqlite_ZDrBAWOT6UNrFOo 0 bytes
c:\windows\TEMP\sqlite_ZdyONaG55twAQnc 0 bytes
c:\windows\TEMP\sqlite_zefEb1sOvOYuZmd 1024 bytes
c:\windows\TEMP\sqlite_zEhJ1vUMbhMgte9 0 bytes
c:\windows\TEMP\sqlite_zeIO8On5QbGqQLc 1024 bytes
c:\windows\TEMP\sqlite_ZEzL8ip5d0n1nuQ 0 bytes
c:\windows\TEMP\sqlite_ZFGLnd8Ls7wERDh 0 bytes
c:\windows\TEMP\sqlite_ZfJKmYxg0q5X1JJ 0 bytes
c:\windows\TEMP\sqlite_ZfmGtx4Z6AwVP3k 0 bytes
c:\windows\TEMP\sqlite_ZfpQIaL7RUxRhH9 0 bytes
c:\windows\TEMP\sqlite_Zfq4JmiBIsSpsiU 0 bytes
c:\windows\TEMP\sqlite_ZFqVUuOOnAFVmWZ 0 bytes
c:\windows\TEMP\sqlite_ZfTV9YIPxVbXEir 0 bytes
c:\windows\TEMP\sqlite_zg6X7BmT23Z9LRK 0 bytes
c:\windows\TEMP\sqlite_zgxWk96inh3w2Z5 0 bytes
c:\windows\TEMP\sqlite_zIZMYLXXFSrhGeP 1024 bytes
c:\windows\TEMP\sqlite_zKK2BKh2nrujG6c 1024 bytes
c:\windows\TEMP\sqlite_zmD0lhhUsAg9pPm 0 bytes
c:\windows\TEMP\sqlite_zMQLBZD4FfOsd8o 1024 bytes
c:\windows\TEMP\sqlite_znoZ4Lzeps9JrUN 1024 bytes
c:\windows\TEMP\sqlite_ZOtmVb3Mf7hc8VB 0 bytes
c:\windows\TEMP\sqlite_U4lrt6pEnCaU2qC 0 bytes
c:\windows\TEMP\sqlite_u5tkk6xdMKjfOnv 0 bytes
c:\windows\TEMP\sqlite_U65UsulfF4CL8v2 0 bytes
c:\windows\TEMP\sqlite_u6ixLPXNfQj7EUQ 1024 bytes
c:\windows\TEMP\sqlite_u8e7v442pKUrGYj 0 bytes
c:\windows\TEMP\sqlite_u8zFvNjWWqF5llf 1024 bytes
c:\windows\TEMP\sqlite_U94OaEwFE303fgz 0 bytes
c:\windows\TEMP\sqlite_Ua5zoKlQpjZlfVe 1024 bytes
c:\windows\TEMP\sqlite_UAdvqopf6SfjnnT 0 bytes
c:\windows\TEMP\sqlite_UAhXj6rcoJttvgw 0 bytes
c:\windows\TEMP\sqlite_UaZRAzxIaMSUrPA 0 bytes
c:\windows\TEMP\sqlite_UBgBcJllCy9x2sT 0 bytes
c:\windows\TEMP\sqlite_ubSb9rXIFtXHJJI 0 bytes
c:\windows\TEMP\sqlite_UBWCwArcVdO85oF 0 bytes
c:\windows\TEMP\sqlite_Uc1UYMOaWFkz4zh 0 bytes
c:\windows\TEMP\sqlite_Ucd4jfjw3CPGWSf 0 bytes
c:\windows\TEMP\sqlite_UcTgE9cIPT03by2 0 bytes
c:\windows\TEMP\sqlite_udHlUDRtqxX23NT 0 bytes
c:\windows\TEMP\sqlite_UDiGMvFWPDqR8Sw 0 bytes
c:\windows\TEMP\sqlite_UdoZfAsac0MYTlw 1024 bytes
c:\windows\TEMP\sqlite_uEqvUXH6HdSImQ5 0 bytes
c:\windows\TEMP\sqlite_ufifOfCvHJgQ0C7 0 bytes
c:\windows\TEMP\sqlite_UFMhcxR0iV9t8XV 1024 bytes
c:\windows\TEMP\sqlite_UFWO9YlhHZH4O3P 0 bytes
c:\windows\TEMP\sqlite_uGDsSKx6OrJoQpo 0 bytes
c:\windows\TEMP\sqlite_ugxwSTRkq2wvddh 0 bytes
c:\windows\TEMP\sqlite_Q0PT7VLdM5V1bMm 0 bytes
c:\windows\TEMP\sqlite_Q1agdBUwO9zaNEl 1024 bytes
c:\windows\TEMP\sqlite_q1J0ziyh5bFsdzh 0 bytes
c:\windows\TEMP\sqlite_Q1SlDQh4H2kpWKu 0 bytes
c:\windows\TEMP\sqlite_q2ZGgo1X9pDorQA 0 bytes
c:\windows\TEMP\sqlite_Q4W3bsGfTP3f9RH 0 bytes
c:\windows\TEMP\sqlite_q6hAt6fHHS95rlg 1024 bytes
c:\windows\TEMP\sqlite_Q7Im52NcPpMfkvv 1024 bytes
c:\windows\TEMP\sqlite_q7ZXwnnSdSXbKsx 0 bytes
c:\windows\TEMP\sqlite_q9AfhvxQ7R1nNIt 0 bytes
c:\windows\TEMP\sqlite_QA6IAL2lhSnOWpQ 0 bytes
c:\windows\TEMP\sqlite_qaw84SLv9juceWY 0 bytes
c:\windows\TEMP\sqlite_QAZRhSICfZRyhM1 0 bytes
c:\windows\TEMP\sqlite_qBCOc14AqYCe8xk 1024 bytes
c:\windows\TEMP\sqlite_QBHKF4GuKynb5B5 0 bytes
c:\windows\TEMP\sqlite_SPkxw04nH1L1abB 0 bytes
c:\windows\TEMP\sqlite_SPtWg58y8zu8cTU 1024 bytes
c:\windows\TEMP\sqlite_SPvZatw0e0IRy6R 1024 bytes
c:\windows\TEMP\sqlite_sPwzzdosKkMfX6e 0 bytes
c:\windows\TEMP\sqlite_SPz0v9feDGUK6XP 0 bytes
c:\windows\TEMP\sqlite_sQxegnQziRig7s1 0 bytes
c:\windows\TEMP\sqlite_sRie4XP1ShSge1B 0 bytes
c:\windows\TEMP\sqlite_SrrdhHGobCAL3DR 0 bytes
c:\windows\TEMP\sqlite_SSgbZgqU1fZbagW 0 bytes
c:\windows\TEMP\sqlite_SsRDBqHhFN4TSei 1024 bytes
c:\windows\TEMP\sqlite_st6YLc7oTz1khYh 0 bytes
c:\windows\TEMP\sqlite_stGmh3ZGn7UY4Tf 0 bytes
c:\windows\TEMP\sqlite_SuhjaRz0yuqTf28 0 bytes
c:\windows\TEMP\sqlite_SUImzG9FdBi4wOn 1024 bytes
c:\windows\TEMP\sqlite_RBkOkbpxRdotC1x 0 bytes
c:\windows\TEMP\sqlite_RBRbcBybWt2REXl 0 bytes
c:\windows\TEMP\sqlite_rCEqpjG6zuBtq7e 0 bytes
c:\windows\TEMP\sqlite_RCsBcwkHkKLJcSa 0 bytes
c:\windows\TEMP\sqlite_rD4m5mUc1yDAb8S 1024 bytes
c:\windows\TEMP\sqlite_REETT848YeBRBVX 0 bytes
c:\windows\TEMP\sqlite_rEmQgGR5zsNYAcp 0 bytes
c:\windows\TEMP\sqlite_RFSY6cAAazZ2ejj 1024 bytes
c:\windows\TEMP\sqlite_RFTYmm26BNN8TzF 1024 bytes
c:\windows\TEMP\sqlite_rGDZm0cMg6q6bYp 0 bytes
c:\windows\TEMP\sqlite_RgmCCfcvOmT0fie 1024 bytes
c:\windows\TEMP\sqlite_rGoYq8gw9igk4RC 0 bytes
c:\windows\TEMP\sqlite_Rh9txvHeQlp0Uer 0 bytes
c:\windows\TEMP\sqlite_rhd5Vq1PhpH4lWa 0 bytes
c:\windows\TEMP\sqlite_RhfcfQRrdhPYFLP 0 bytes
c:\windows\TEMP\sqlite_rHhK2e6NYV3a0rV 1024 bytes
c:\windows\TEMP\sqlite_RhTcWdVRnxoD6Gt 0 bytes
c:\windows\TEMP\sqlite_Ri94feZfWELNsFa 1024 bytes
c:\windows\TEMP\sqlite_rIHTFhH4v86qbzh 0 bytes
c:\windows\TEMP\sqlite_rIPHrnQj3NulE6R 0 bytes
c:\windows\TEMP\sqlite_rJ4ZbEDsfOi9NfZ 0 bytes
c:\windows\TEMP\sqlite_Rj5OSfkpdkAOiit 0 bytes
c:\windows\TEMP\sqlite_rK3QpO5A12h8g98 0 bytes
c:\windows\TEMP\sqlite_y6CIIPXcowiXDmh 0 bytes
c:\windows\TEMP\sqlite_Y6ihJKAFOXlaesb 0 bytes
c:\windows\TEMP\sqlite_Y6u42TdaJXRK7MK 1024 bytes
c:\windows\TEMP\sqlite_Y7cvcC8bsQIHXtV 0 bytes
c:\windows\TEMP\sqlite_YA92HfKUdtXtBqE 0 bytes
c:\windows\TEMP\sqlite_YaWm4Al4Zhb4jGR 0 bytes
c:\windows\TEMP\sqlite_Ybccn9bgcIahdxo 1024 bytes
c:\windows\TEMP\sqlite_ybpQwmb9AKMduCG 0 bytes
c:\windows\TEMP\sqlite_yCyphfdykZzLyQK 0 bytes
c:\windows\TEMP\sqlite_Yd1WbYeNnx6H8bE 0 bytes
c:\windows\TEMP\sqlite_YDgSyzmS6ndIci5 0 bytes
c:\windows\TEMP\sqlite_YDHqGKEQNhpdQ0R 1024 bytes
c:\windows\TEMP\sqlite_yECTDJIM5LyrUmN 0 bytes
c:\windows\TEMP\sqlite_yF1AuaRDHsawno4 1024 bytes
c:\windows\TEMP\sqlite_YfAoi30qdF6tiUw 0 bytes
c:\windows\TEMP\sqlite_yfM7kltSpOYqkkL 1024 bytes
c:\windows\TEMP\sqlite_nEeyckgDOhnWjSs 1024 bytes
c:\windows\TEMP\sqlite_neJ3onyCSNiDjPb 1024 bytes
c:\windows\TEMP\sqlite_nEkdJRuLrp0KDDD 0 bytes
c:\windows\TEMP\sqlite_neldDP2Haf7jJ52 1024 bytes
c:\windows\TEMP\sqlite_nFtz8mcB5K6yhOF 1024 bytes
c:\windows\TEMP\sqlite_ngFtOjgNQyiTiqJ 1024 bytes
c:\windows\TEMP\sqlite_ngi4880onRbeFVr 0 bytes
c:\windows\TEMP\sqlite_ngyunR1UbpZIcYL 0 bytes
c:\windows\TEMP\sqlite_nhSkl2tbNq0a0io 0 bytes
c:\windows\TEMP\sqlite_ni02De4IJxFGCu6 1024 bytes
c:\windows\TEMP\sqlite_nIUfmLgDIbadMEX 1024 bytes
c:\windows\TEMP\sqlite_NIuOgKHP7dzAedd 0 bytes
c:\windows\TEMP\sqlite_nj0MpKLpgsV0ovl 0 bytes
c:\windows\TEMP\sqlite_nj2H6ZT5Zp8SeH1 1024 bytes
c:\windows\TEMP\sqlite_nJD6BeOA2f2VOwC 1024 bytes
c:\windows\TEMP\sqlite_nk71qa7rDyS8rif 0 bytes
c:\windows\TEMP\sqlite_NkBHXKb1e6OoGzN 0 bytes
c:\windows\TEMP\sqlite_nkpxsCqXiaDnp8O 0 bytes
c:\windows\TEMP\sqlite_NKToXh6Icg7sXhW 0 bytes
c:\windows\TEMP\sqlite_Nl6H7UtSQYh51wz 0 bytes
c:\windows\TEMP\sqlite_NlBhiYAPAoiUm74 1024 bytes
c:\windows\TEMP\sqlite_NMhKG1x55bqW1qb 1024 bytes
c:\windows\TEMP\sqlite_nMtQmq8GQQZHIZK 1024 bytes
c:\windows\TEMP\sqlite_NncXclqLHjgpah7 1024 bytes
c:\windows\TEMP\sqlite_M3iR4nUnQ2FdxXw 0 bytes
c:\windows\TEMP\sqlite_m3XRggTqsFHf1Lv 0 bytes
c:\windows\TEMP\sqlite_m7Non5PSvLvvpJH 1024 bytes
c:\windows\TEMP\sqlite_M7OizdUjmHKd41J 0 bytes
c:\windows\TEMP\sqlite_m8eOGweggWkeWBH 0 bytes
c:\windows\TEMP\sqlite_m9MjLeR8ea4NWiO 0 bytes
c:\windows\TEMP\sqlite_maB75Uk1ezSmUah 1024 bytes
c:\windows\TEMP\sqlite_magHqZZ2P98qCZ0 0 bytes
c:\windows\TEMP\sqlite_makGL9oC6RUO3SN 0 bytes
c:\windows\TEMP\sqlite_MB3hLIwgIdEeVab 0 bytes
c:\windows\TEMP\sqlite_mbmfAC0bQO9sJfM 0 bytes
c:\windows\TEMP\sqlite_Mc8imRknDFjvK2f 1024 bytes
c:\windows\TEMP\sqlite_MCHyD70cEg0bF4E 1024 bytes
c:\windows\TEMP\sqlite_MCQU3XPrAROd3Id 1024 bytes
c:\windows\TEMP\sqlite_l8HbhFb9eQNWEKD 0 bytes
c:\windows\TEMP\sqlite_lA5RJrNOjj6uLl1 0 bytes
c:\windows\TEMP\sqlite_lARx0bwt8SmQesA 0 bytes
c:\windows\TEMP\sqlite_lAWn4zP26KJcJcJ 0 bytes
c:\windows\TEMP\sqlite_lbevx7QVymtq7Ig 1024 bytes
c:\windows\TEMP\sqlite_lBKUB67gJYrRb7n 1024 bytes
c:\windows\TEMP\sqlite_lbTkv0UIOtzOBZD 0 bytes
c:\windows\TEMP\sqlite_lBvzmEa8wwLaykZ 1024 bytes
c:\windows\TEMP\sqlite_LC3iw6zo2aiFL8m 0 bytes
c:\windows\TEMP\sqlite_lcQ8tkHI8kyNffc 0 bytes
c:\windows\TEMP\sqlite_LEqAF4CrtAvO83S 1024 bytes
c:\windows\TEMP\sqlite_lEriKrhq6uifc4W 0 bytes
c:\windows\TEMP\sqlite_lFA6RfXX1ZRajOs 1024 bytes
c:\windows\TEMP\sqlite_lfe62iXTgdhk1uw 0 bytes
c:\windows\TEMP\sqlite_lfLNRDRql5tRaDb 1024 bytes
c:\windows\TEMP\sqlite_Lgl0AtBqk9rXzA8 1024 bytes
c:\windows\TEMP\sqlite_lglM3WbxT60FIWT 1024 bytes
c:\windows\TEMP\sqlite_oK5GExAcWrhrZp6 0 bytes
c:\windows\TEMP\sqlite_OKIWK1WWc0URF22 0 bytes
c:\windows\TEMP\sqlite_OkzqgwJLyUwDPMP 0 bytes
c:\windows\TEMP\sqlite_olVHueyk3cPqQBR 1024 bytes
c:\windows\TEMP\sqlite_OmA0yYFonilUCIX 1024 bytes
c:\windows\TEMP\sqlite_OMCSAZclRdju5fI 1024 bytes
c:\windows\TEMP\sqlite_OmifP64cp9sYd1e 1024 bytes
c:\windows\TEMP\sqlite_onayESTpMTfabkG 0 bytes
c:\windows\TEMP\sqlite_onEQXkDmsHmmJqM 1024 bytes
c:\windows\TEMP\sqlite_oOgc08TDdAgjhKr 0 bytes
c:\windows\TEMP\sqlite_OoPjaUtQOQPk3ma 0 bytes
c:\windows\TEMP\sqlite_oOVy4SudDsSdgIE 0 bytes
c:\windows\TEMP\sqlite_ooXshfBdglxXvZH 0 bytes
c:\windows\TEMP\sqlite_OpzB42eeJxfu32b 0 bytes
c:\windows\TEMP\sqlite_oqKVx1Hq2YEmZik 1024 bytes
c:\windows\TEMP\sqlite_Or5BSBSy57MQNY1 0 bytes
c:\windows\TEMP\sqlite_OR69O6RQmtkOllW 0 bytes
c:\windows\TEMP\sqlite_osNT21ttsKrXGwf 0 bytes
c:\windows\TEMP\sqlite_OUe0CA3NDkPHqMr 0 bytes
c:\windows\TEMP\sqlite_OUxDlihhTDrb7jR 0 bytes
c:\windows\TEMP\sqlite_Vq1F9Bck54z1bEu 0 bytes
c:\windows\TEMP\sqlite_vQkHZi7Ej7W52or 0 bytes
c:\windows\TEMP\sqlite_VrGi7HW33U7Mlq2 0 bytes
c:\windows\TEMP\sqlite_VRisebpXbCBTP6R 0 bytes
c:\windows\TEMP\sqlite_VrmhVvN8g5skr8l 0 bytes
c:\windows\TEMP\sqlite_vROfOaU1CalezS4 1024 bytes
c:\windows\TEMP\sqlite_vRpuBI1LX3kosH8 1024 bytes
c:\windows\TEMP\sqlite_VS0L3QiB9zGpGal 0 bytes
c:\windows\TEMP\sqlite_VSiB9jC4mDXMJBl 0 bytes
c:\windows\TEMP\sqlite_vsIby2Sx6wGMfM3 0 bytes
c:\windows\TEMP\sqlite_vskmotuj8nDWsZV 0 bytes
c:\windows\TEMP\sqlite_Vtg3vRMPfklrOkM 0 bytes
c:\windows\TEMP\sqlite_vuKVY81TuMiUcb3 0 bytes
c:\windows\TEMP\sqlite_vuL1IS4bZ3otRTE 1024 bytes
c:\windows\TEMP\sqlite_VUZ1Q0cdn1m1XX3 0 bytes
c:\windows\TEMP\sqlite_vWEWJOwjv0tDtKa 0 bytes
c:\windows\TEMP\sqlite_vWk1WY57HRj72GY 1024 bytes
c:\windows\TEMP\mcmsc_wXIByNtetGdgVgl 1024 bytes
c:\windows\TEMP\sqlite_P7EBZaUk9W8UfVL 0 bytes
c:\windows\TEMP\sqlite_TkQ2BBC6VFWKg0D 0 bytes
c:\windows\TEMP\sqlite_wNZbgIrCraA6Jcm 1024 bytes
c:\windows\TEMP\sqlite_wO2BhYZ8QsX2jIn 1024 bytes
c:\windows\TEMP\sqlite_WoAkNppihqrs9sc 1024 bytes
c:\windows\TEMP\sqlite_wocevQxdyTazpGn 1024 bytes
c:\windows\TEMP\sqlite_WOzOOw09CeQaN1D 1024 bytes
c:\windows\TEMP\sqlite_wp2kI4o4UrasfDl 1024 bytes
c:\windows\TEMP\sqlite_wP3S0fijwO41Erk 0 bytes
c:\windows\TEMP\sqlite_wP69ooTrRwQ9vEz 0 bytes
c:\windows\TEMP\sqlite_wpE3Y49dojzp2HI 0 bytes
c:\windows\TEMP\sqlite_wPyicOIeJ4mfiP6 0 bytes
c:\windows\TEMP\sqlite_WQbv2WOLJdBA2B8 1024 bytes
c:\windows\TEMP\sqlite_WQjIXdsdF9AZmd0 0 bytes
c:\windows\TEMP\sqlite_Wqoj4xda7sRWpco 1024 bytes
c:\windows\TEMP\sqlite_WqzTErAHuM9O2de 1024 bytes
c:\windows\TEMP\sqlite_wRGtMqgwMQE7q9A 1024 bytes
c:\windows\TEMP\sqlite_WrnwhmlMacGZmlb 0 bytes
c:\windows\TEMP\sqlite_pLYazaySnR3sB26 1024 bytes
c:\windows\TEMP\sqlite_pmhHKYseJTADKhN 1024 bytes
c:\windows\TEMP\sqlite_pmX4Hda961Ityhl 1024 bytes
c:\windows\TEMP\sqlite_PN6BZaNZdS71lcS 0 bytes
c:\windows\TEMP\sqlite_PnBAjYF1n2FY0qJ 0 bytes
c:\windows\TEMP\sqlite_PnIWCunbcEfnZ1V 0 bytes
c:\windows\TEMP\sqlite_PO48Ks3BkqGoG4Q 1024 bytes
c:\windows\TEMP\sqlite_pO9Kuluw9sFoQLt 0 bytes
c:\windows\TEMP\sqlite_POd3crx1tVoonf2 1024 bytes
c:\windows\TEMP\sqlite_pOwmDIGcovKce4F 0 bytes
c:\windows\TEMP\sqlite_PPPWWKmgfiJgfQM 0 bytes
c:\windows\TEMP\sqlite_pr5kgNE4mR6FrB8 1024 bytes
c:\windows\TEMP\sqlite_prfBdpBeidYr3fq 0 bytes
c:\windows\TEMP\sqlite_PRKcI4EJxrcWs96 0 bytes
c:\windows\TEMP\sqlite_PSju3u3MdKV0NUV 0 bytes
c:\windows\TEMP\sqlite_psslzU5mvgIn6v1 1024 bytes
c:\windows\TEMP\sqlite_pTdzxOeeipywU1c 1024 bytes
c:\windows\TEMP\sqlite_RlZ8W6J8CdwoBqB 0 bytes
c:\windows\TEMP\sqlite_Rmk8qcVpmb55O13 0 bytes
c:\windows\TEMP\sqlite_rMO9QQMsGUEqA4c 1024 bytes
c:\windows\TEMP\sqlite_RmZmacO37ax79YA 0 bytes
c:\windows\TEMP\sqlite_rnQZKOoJmqGd6ig 0 bytes
c:\windows\TEMP\sqlite_RO2EFFcRq7xuxaL 1024 bytes
c:\windows\TEMP\sqlite_ro5Uxedera28Uf3 0 bytes
c:\windows\TEMP\sqlite_rofAQwLNrNe89Dc 0 bytes
c:\windows\TEMP\sqlite_rots7V2J4XsnCs5 1024 bytes
c:\windows\TEMP\sqlite_rOw2H9Kfhn9ygdT 0 bytes
c:\windows\TEMP\sqlite_rp3vC3gv1aAeAON 1024 bytes
c:\windows\TEMP\sqlite_rPtHmrxPoGoNFpc 0 bytes
c:\windows\TEMP\sqlite_Rq1Q0Tx1MqU1b1s 1024 bytes
c:\windows\TEMP\sqlite_rQcJAGlAbY8dvEy 0 bytes
c:\windows\TEMP\sqlite_RqrBJHVwCz09kpp 0 bytes
c:\windows\TEMP\sqlite_rQVMsOaLRJfGTpW 0 bytes
c:\windows\TEMP\sqlite_Tui3hyeeRNmnauy 0 bytes
c:\windows\TEMP\sqlite_u45d11lZlL1xa2s 1024 bytes
c:\windows\TEMP\sqlite_UIbFy5id2GyITtX 0 bytes
c:\windows\TEMP\sqlite_Uq1SzW5QkgzdT5A 0 bytes
c:\windows\TEMP\sqlite_UZMjZDG94Xi0xfU 0 bytes
c:\windows\TEMP\sqlite_VcehgFRXn6uHo2X 0 bytes
c:\windows\TEMP\sqlite_VPT6AhMc3pxyqOr 0 bytes
c:\windows\TEMP\sqlite_vX63k1Xsey421be 1024 bytes
c:\windows\TEMP\sqlite_W5If3zOjUsQIjGL 1024 bytes
c:\windows\TEMP\sqlite_WFWje9OLQucJnv1 0 bytes
c:\windows\TEMP\sqlite_WNvHdkVfsd07spo 0 bytes
c:\windows\TEMP\sqlite_WSMboqvxUhJzkDu 0 bytes
c:\windows\TEMP\sqlite_WYgJObEpLbjC4bV 0 bytes
c:\windows\TEMP\sqlite_XdcyAIXNDgzhKmq 0 bytes
c:\windows\TEMP\sqlite_XJNqzDS00fmbbMh 0 bytes
c:\windows\TEMP\sqlite_XshjdQhAf3KdM8H 1024 bytes
c:\windows\TEMP\sqlite_y64XEmOqBSjY2c9 0 bytes
c:\windows\TEMP\sqlite_yfrVFdfIYbcHVXk 1024 bytes
c:\windows\TEMP\sqlite_YNZ4qVqUSb9Oxsa 1024 bytes
c:\windows\TEMP\sqlite_YsFSVrbBdSjnsrI 0 bytes
c:\windows\TEMP\sqlite_yZ4DmO80L30pQfq 1024 bytes
c:\windows\TEMP\sqlite_zCzCOIAZ6YQR2w5 0 bytes
c:\windows\TEMP\sqlite_zoTuwR1TjB9G5uj 1024 bytes
c:\windows\TEMP\sqlite_Zv4b90YT8nUhepg 0 bytes
c:\windows\TEMP\Talk to the Hand_{038A0070-5643-411D-9E65-EDF91666D94F}.xml 2735 bytes
c:\windows\TEMP\vmgr2ae9.tmp
c:\windows\TEMP\vmgr2ae9.tmp\close.gif 672 bytes
c:\windows\TEMP\vmgr2ae9.tmp\install.html 27247 bytes
c:\windows\TEMP\vmgr2ae9.tmp\logo.gif 1216 bytes
c:\windows\TEMP\vmgr2ae9.tmp\options.ini 79 bytes
c:\windows\TEMP\vmgr2ae9.tmp\s.gif 43 bytes
c:\windows\TEMP\vmgr2ae9.tmp\sc2.gif 4744 bytes
c:\windows\TEMP\vmgr2ae9.tmp\sc3.gif 4507 bytes
c:\windows\TEMP\vmgr2ae9.tmp\UpdateInfo.dll 24651 bytes executable
c:\windows\TEMP\WFVD.tmp 50806784 bytes
c:\windows\TEMP\sqlite_YOFFZIPGU7JgN2K 0 bytes
c:\windows\TEMP\sqlite_YoGzUQJPubYSgSi 0 bytes
c:\windows\TEMP\sqlite_YP1npzf5vUa9B57 0 bytes
c:\windows\TEMP\sqlite_YPoBS0rDkXEwi5p 1024 bytes
c:\windows\TEMP\sqlite_ypSt9eZ1jiJGjfP 1024 bytes
c:\windows\TEMP\sqlite_YQbg2OHoTxHs4uj 0 bytes
c:\windows\TEMP\sqlite_yQqnmGf2XmdRWds 0 bytes
c:\windows\TEMP\sqlite_YQQv2eAT2YOu9Lo 0 bytes
c:\windows\TEMP\sqlite_yqUSWboakddvM0G 1024 bytes
c:\windows\TEMP\sqlite_YqXGPDmgHv8gAzS 1024 bytes
c:\windows\TEMP\sqlite_yR9YodMomQFIjM0 0 bytes
c:\windows\TEMP\sqlite_yrbD5E1vVazfCxC 0 bytes
c:\windows\TEMP\sqlite_yRCJTPyziSec1Bf 0 bytes
c:\windows\TEMP\sqlite_yRDX4BBMnAlFcKO 0 bytes
c:\windows\TEMP\sqlite_YrfZAfHpSws28Ka 1024 bytes
c:\windows\TEMP\sqlite_yRnwdF3OI5qcGbc 0 bytes
c:\windows\TEMP\sqlite_yS4lRc9TAccbZwG 0 bytes
c:\windows\TEMP\sqlite_ySfOxgTuaGSXSgR 0 bytes
c:\windows\TEMP\sqlite_TukKTkXDQaN0551 1024 bytes
c:\windows\TEMP\sqlite_tUnHjrdpFA7fWfj 0 bytes
c:\windows\TEMP\sqlite_TUwRuipCxvKMYyD 1024 bytes
c:\windows\TEMP\sqlite_Tv7Ae1tELKcajPk 0 bytes
c:\windows\TEMP\sqlite_TvcoAJgqqbAcad7 0 bytes
c:\windows\TEMP\sqlite_tVIZfbZO52c4cWX 0 bytes
c:\windows\TEMP\sqlite_tVOF1tUUc40OsHh 1024 bytes
c:\windows\TEMP\sqlite_tvqz5bgxS5NaMd2 1024 bytes
c:\windows\TEMP\sqlite_TVvO6Q4LsKbOq3U 0 bytes
c:\windows\TEMP\sqlite_tw4i4rqdwBIPv1g 1024 bytes
c:\windows\TEMP\sqlite_Tw5tpelcJ9QU31u 1024 bytes
c:\windows\TEMP\sqlite_TywVoDrLPoS5hx7 1024 bytes
c:\windows\TEMP\sqlite_tzlPKWtvlNoGpCH 1024 bytes
c:\windows\TEMP\sqlite_U0qhRfnJz3Wikxv 0 bytes
c:\windows\TEMP\sqlite_U1ulx4bdkOZPrcG 1024 bytes
c:\windows\TEMP\sqlite_u2LAV739UocfJtF 1024 bytes
c:\windows\TEMP\sqlite_U32HfXiyA4G4pEE 0 bytes
c:\windows\TEMP\sqlite_U3fkeKWav7fxKMR 0 bytes
c:\windows\TEMP\sqlite_u3xLbodTxt5vIZU 0 bytes
c:\windows\TEMP\sqlite_u43qdYJrv3MxOx2 0 bytes
c:\windows\TEMP\sqlite_V0MkZo5M44maJlM 1024 bytes
c:\windows\TEMP\sqlite_V2WFbYSWXQoP939 1024 bytes
c:\windows\TEMP\sqlite_v473aRui90L74wS 0 bytes
c:\windows\TEMP\sqlite_V47IJ2grqAKIK2v 0 bytes
c:\windows\TEMP\sqlite_v4I5k3Gk8Yo7YVb 1024 bytes
c:\windows\TEMP\sqlite_V5H1z8ILydTFiCn 1024 bytes
c:\windows\TEMP\sqlite_V5XdlsWzHeclvqL 0 bytes
c:\windows\TEMP\sqlite_V6mg3I7A4jlKAUf 1024 bytes
c:\windows\TEMP\sqlite_v7Mxa46ylsDSNzg 1024 bytes
c:\windows\TEMP\sqlite_v7uhsRTEbbJJ4ug 1024 bytes
c:\windows\TEMP\sqlite_V81cSwfsCbexTrl 1024 bytes
c:\windows\TEMP\sqlite_v9H222CDe6bW7sk 0 bytes
c:\windows\TEMP\sqlite_VA9N2yeqjGIwiOY 1024 bytes
c:\windows\TEMP\sqlite_vAeFcTGCsoyvuyY 0 bytes
c:\windows\TEMP\sqlite_VaEx85S0Aew0HU1 1024 bytes
c:\windows\TEMP\sqlite_vAvCNsSFbrrShPc 0 bytes
c:\windows\TEMP\sqlite_vAxsdMyOBjidIMW 1024 bytes
c:\windows\TEMP\sqlite_VbenLrwrbvcqnIL 1024 bytes
c:\windows\TEMP\sqlite_vBMfd9Dfl3vyTPO 0 bytes
c:\windows\TEMP\sqlite_VBmwfjcQClAy6se 0 bytes


Report •

#8
January 14, 2009 at 14:06:52
Continued Part 3
_______________________________

c:\windows\TEMP\sqlite_VbviDIlIWr3KGK0 1024 bytes
c:\windows\TEMP\sqlite_VbvP12yqEqx9MuT 0 bytes
c:\windows\TEMP\sqlite_XSLdE6Ai7Nu5DcD 1024 bytes
c:\windows\TEMP\sqlite_Xubvc5wi0GxYc0c 1024 bytes
c:\windows\TEMP\sqlite_XuT4wejdwU3BRyX 0 bytes
c:\windows\TEMP\sqlite_XV8aEhmlmikvhhb 1024 bytes
c:\windows\TEMP\sqlite_XVQPMdpY1fEBqC5 1024 bytes
c:\windows\TEMP\sqlite_XWCBhueDgSSd8Yk 1024 bytes
c:\windows\TEMP\sqlite_xwHkikhv5K3sUO0 1024 bytes
c:\windows\TEMP\sqlite_xWMDuP4f9dwl0Wp 1024 bytes
c:\windows\TEMP\sqlite_xwzhjCuNO68Tzct 0 bytes
c:\windows\TEMP\sqlite_xX3Aegbv0YWQqEh 0 bytes
c:\windows\TEMP\sqlite_xXS3dC0qEbVgupQ 1024 bytes
c:\windows\TEMP\sqlite_XxsYVAbu49aSKS8 1024 bytes
c:\windows\TEMP\sqlite_xxWBLzebzcgjn8I 0 bytes
c:\windows\TEMP\sqlite_xY7xs7SjQE5nvgn 0 bytes
c:\windows\TEMP\sqlite_xYezTtUCMCQyQE7 0 bytes
c:\windows\TEMP\sqlite_XzB1YdiGCf1n5Rr 0 bytes
c:\windows\TEMP\sqlite_Y0lK127tZXxgDQP 1024 bytes
c:\windows\TEMP\sqlite_Y0TFwfmsgbUqtMQ 1024 bytes
c:\windows\TEMP\sqlite_y0WpOZSQFjUl8TG 0 bytes
c:\windows\TEMP\sqlite_y2HhEfkqdW9Df0o 0 bytes
c:\windows\TEMP\sqlite_y2MUxDkYEJZ93gY 0 bytes
c:\windows\TEMP\sqlite_Y42pzMrRe7CY8X1 0 bytes
c:\windows\TEMP\sqlite_y55FM3MbZqXO3SG 1024 bytes
c:\windows\TEMP\sqlite_UIkXx4NJOXkzsRv 0 bytes
c:\windows\TEMP\sqlite_UiL4rDueESRVCdg 0 bytes
c:\windows\TEMP\sqlite_uilzqV765NMoSFk 0 bytes
c:\windows\TEMP\sqlite_uIQutTDgt4m3I4c 0 bytes
c:\windows\TEMP\sqlite_uIxOwqbbzy4wUZA 0 bytes
c:\windows\TEMP\sqlite_ujgtpcUFYyGppb1 1024 bytes
c:\windows\TEMP\sqlite_UjVNGcoz8UvGALt 0 bytes
c:\windows\TEMP\sqlite_ukCUpOyGZbgNLWr 0 bytes
c:\windows\TEMP\sqlite_ukmzAkGu9YVizm8 0 bytes
c:\windows\TEMP\sqlite_uLc0gnHSheE9Nxd 0 bytes
c:\windows\TEMP\sqlite_UlIqCtWsrveZd3J 1024 bytes
c:\windows\TEMP\sqlite_umU2D52nY94MxWO 0 bytes
c:\windows\TEMP\sqlite_UN69L4lhdhR0KTB 0 bytes
c:\windows\TEMP\sqlite_UNSd1w3qiYNxaXI 0 bytes
c:\windows\TEMP\sqlite_UNucboxv2LTuRNc 1024 bytes
c:\windows\TEMP\sqlite_UnXmP6LStHVqnAw 1024 bytes
c:\windows\TEMP\sqlite_UOQf4nEva82ZOMk 0 bytes
c:\windows\TEMP\sqlite_UpAkG8bsv9dShzK 0 bytes
c:\windows\TEMP\sqlite_uPSbJWZvCGhb1aB 0 bytes
c:\windows\TEMP\sqlite_upzGlc71OxG7bmK 1024 bytes
c:\windows\TEMP\Temporary Internet Files
c:\windows\TEMP\Temporary Internet Files\Content.IE5
c:\windows\TEMP\Temporary Internet Files\Content.IE5\45QZKL6N
c:\windows\TEMP\Temporary Internet Files\Content.IE5\45QZKL6N\bkgrd_nav_section_hho1x24[1].gif 70 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\45QZKL6N\CA05ABK9.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\45QZKL6N\CA2NW5QN.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\45QZKL6N\CACOVJPF.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\45QZKL6N\CAQFCPAF.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\45QZKL6N\CAT98CPT.lpk 872 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\45QZKL6N\CAWY68QW.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\45QZKL6N\CAZ2PFO3.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\45QZKL6N\CAZEK7Z9.gif 43 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\45QZKL6N\desktop.ini 67 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\45QZKL6N\getdownloadmgr[1].htm 6244 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\45QZKL6N\lang_default[1].js 2711 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\45QZKL6N\logo_redOnWhite_170x75[1].gif 2690 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\desktop.ini 67 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\index.dat 49152 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\O5Q7S52V
c:\windows\TEMP\Temporary Internet Files\Content.IE5\O5Q7S52V\btn_learnMore_270x114[1].gif 6369 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\O5Q7S52V\btn_upgrade_270x114[1].gif 6181 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\O5Q7S52V\CA21OLGT.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\O5Q7S52V\CA3MMO4B.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\O5Q7S52V\CA8H67SH.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\O5Q7S52V\CACX8LYH.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\O5Q7S52V\CADDOTUI.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\O5Q7S52V\CAKQPUVU.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\O5Q7S52V\CAN104JA.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\O5Q7S52V\currentUser2007[1].htm 3524 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\O5Q7S52V\desktop.ini 67 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\O5Q7S52V\general[1].css 23037 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\O5Q7S52V\productDemo[1].js 378 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\O5Q7S52V\systray_m_165x42[1].gif 3111 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\OT2R0PAZ
c:\windows\TEMP\Temporary Internet Files\Content.IE5\OT2R0PAZ\CA23SLUJ.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\OT2R0PAZ\CA3Y8OGB.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\OT2R0PAZ\CAF982VW.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\OT2R0PAZ\CAK3ILOT.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\OT2R0PAZ\CAN51PP7.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\OT2R0PAZ\common[1].css 16408 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\OT2R0PAZ\demosV1[1].css 3347 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\OT2R0PAZ\desktop.ini 67 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\OT2R0PAZ\detectBrowser[1].js 941 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\OT2R0PAZ\download_warning[1].gif 11020 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\OT2R0PAZ\IEActiveContentFix[1].js 214 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\OT2R0PAZ\productdemo[1].htm 4764 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\OT2R0PAZ\productdemo[2].htm 4764 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\OT2R0PAZ\security_warning[1].gif 10945 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\OT2R0PAZ\valert[1].ui 22112 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\W9QN4TEJ
c:\windows\TEMP\Temporary Internet Files\Content.IE5\W9QN4TEJ\CA4V9BYW.lpk 872 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\W9QN4TEJ\CA63OREX.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\W9QN4TEJ\CA6741AB.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\W9QN4TEJ\CAAF41A7.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\W9QN4TEJ\CAEJWHYR.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\W9QN4TEJ\CANE0ZZT.gif 43 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\W9QN4TEJ\CASBKD41.lpk 1843 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\W9QN4TEJ\desktop.ini 67 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\W9QN4TEJ\getev5[1].js 705 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\W9QN4TEJ\mcltvers[1].ini 2657 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\W9QN4TEJ\player1[2].swf 76885 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\W9QN4TEJ\Sitewise[1].htm 4150 bytes
c:\windows\TEMP\Temporary Internet Files\Content.IE5\W9QN4TEJ\upgradeArrow_90[1].gif 4620 bytes
c:\windows\TEMP\TFR10C.tmp 8196 bytes
c:\windows\TEMP\TFR286.tmp 8196 bytes
c:\windows\TEMP\They're Watching_{E431CEC6-FA6D-469C-A1F0-0A562AFEDA96}.xml 2765 bytes
c:\windows\TEMP\Tiled Up_{13F4D7E5-D931-443D-99AF-E9021029322C}.xml 2645 bytes
c:\windows\TEMP\TWAIN.LOG 20989 bytes
c:\windows\TEMP\Twunk002.MTX 0 bytes
c:\windows\TEMP\uxeventlog.txt 2186 bytes
c:\windows\TEMP\ver81.tmp 0 bytes
c:\windows\TEMP\sqlite_XdfkrQsddKUPPk2 0 bytes
c:\windows\TEMP\sqlite_XDfzSvJbWjnpjHh 1024 bytes
c:\windows\TEMP\sqlite_XebxxcOb6OlF8OC 1024 bytes
c:\windows\TEMP\sqlite_XegTVdak8IigYG2 0 bytes
c:\windows\TEMP\sqlite_XetLWZHXbQxesQ4 0 bytes
c:\windows\TEMP\sqlite_XEu5uh2RZNMZdwT 1024 bytes
c:\windows\TEMP\sqlite_Xf5uFKRSSezqyFd 0 bytes
c:\windows\TEMP\sqlite_XFb7Op40JFqwXtJ 0 bytes
c:\windows\TEMP\sqlite_XfnbuuNmXGh1Fq0 0 bytes
c:\windows\TEMP\sqlite_XgbuLQgTgijNOT0 1024 bytes
c:\windows\TEMP\sqlite_xgcoGurypex7Mco 1024 bytes
c:\windows\TEMP\sqlite_XghP5tFSiczMdbD 0 bytes
c:\windows\TEMP\sqlite_xgOmsQwVBFYdX22 1024 bytes
c:\windows\TEMP\sqlite_xgSA3aBULg0Aiuf 1024 bytes
c:\windows\TEMP\sqlite_xIA8Sd1livtqYgG 0 bytes
c:\windows\TEMP\sqlite_XId5PYsjbRdOXoW 1024 bytes
c:\windows\TEMP\sqlite_XIUBIhteCAE6Dht 1024 bytes
c:\windows\TEMP\sqlite_XJ2btE6cGayxsCF 0 bytes
c:\windows\TEMP\sqlite_xJgbcYwUc7OD8nq 0 bytes
c:\windows\TEMP\sqlite_xJlCeaY0HWp4fkI 1024 bytes
c:\windows\TEMP\sqlite_t4kVdVlUmW5V5Hf 0 bytes
c:\windows\TEMP\sqlite_t4vd7UGCpB1Lcok 0 bytes
c:\windows\TEMP\sqlite_t5FcDpl0GpDrS1x 0 bytes
c:\windows\TEMP\sqlite_t6RffP5cPuTKlvU 0 bytes
c:\windows\TEMP\sqlite_T9vf9kjepHYQqb2 0 bytes
c:\windows\TEMP\sqlite_tA14ear7gDcosUP 0 bytes
c:\windows\TEMP\sqlite_Ta4HPm2vC9IHSSv 0 bytes
c:\windows\TEMP\sqlite_TAqEITutaBqm6kg 1024 bytes
c:\windows\TEMP\sqlite_Tb5uzEhQt0teYdc 1024 bytes
c:\windows\TEMP\sqlite_TBAnzokVTZNLqCX 1024 bytes
c:\windows\TEMP\sqlite_TBH1dvTTEBDWd5i 0 bytes
c:\windows\TEMP\sqlite_TbP70wEob44OtVZ 1024 bytes
c:\windows\TEMP\sqlite_TcCWY0c5NFcCEqp 0 bytes
c:\windows\TEMP\sqlite_TcYpE3HJft0ymC4 0 bytes
c:\windows\TEMP\sqlite_td2BP4rMIto1MWG 0 bytes
c:\windows\TEMP\sqlite_teGPn9L9AAjnU1S 1024 bytes
c:\windows\TEMP\sqlite_TEkHH7WvzScjXHm 0 bytes
c:\windows\TEMP\sqlite_tFDQqAG5c7yxHNH 1024 bytes
c:\windows\TEMP\sqlite_tGhC8n4IYvDwjbI 1024 bytes
c:\windows\TEMP\sqlite_TH5jYFgRx13Rm6K 1024 bytes
c:\windows\TEMP\sqlite_tHL8ZcxeI0caYz3 1024 bytes
c:\windows\TEMP\sqlite_tiE3VmUxIvSoTnx 1024 bytes
c:\windows\TEMP\sqlite_tIlVJasTY0bzCdR 0 bytes
c:\windows\TEMP\sqlite_TkeL621c3MlOadR 0 bytes
c:\windows\TEMP\sqlite_nnm4fTcjPX71I0l 0 bytes
c:\windows\TEMP\sqlite_NNtw5MxVIKVczWn 0 bytes
c:\windows\TEMP\sqlite_no613JJvPXMdIoF 0 bytes
c:\windows\TEMP\sqlite_noHA74KKaskOL43 0 bytes
c:\windows\TEMP\sqlite_Np7nuJgRnhbRc8F 0 bytes
c:\windows\TEMP\sqlite_Npu25oVcm6F73cE 0 bytes
c:\windows\TEMP\sqlite_nqeoanRNUZCM1dI 1024 bytes
c:\windows\TEMP\sqlite_NRGL6x5X5BFfyd9 0 bytes
c:\windows\TEMP\sqlite_NRhu16fc1wVXYcv 0 bytes
c:\windows\TEMP\sqlite_nsFmvHAEIPGSpTS 1024 bytes
c:\windows\TEMP\sqlite_nSNuuNNuSou8LIe 0 bytes
c:\windows\TEMP\sqlite_NuHcD15ebAPjzYc 1024 bytes
c:\windows\TEMP\sqlite_nuNWH7D1PaMPtUz 1024 bytes
c:\windows\TEMP\sqlite_NvE8mrLPbG8m9QY 1024 bytes
c:\windows\TEMP\sqlite_nvMQ1eac1NkDt9D 0 bytes
c:\windows\TEMP\sqlite_NWegOgeFaBXxtTl 0 bytes
c:\windows\TEMP\sqlite_NwhsEa41dufIreL 0 bytes
c:\windows\TEMP\sqlite_NWJsVDPisZ5WIpM 1024 bytes
c:\windows\TEMP\sqlite_NWYcCAr7zQEIjpj 0 bytes
c:\windows\TEMP\sqlite_nyaBujhiXfUCglH 0 bytes
c:\windows\TEMP\sqlite_qh2vSfJbQR2YDcb 0 bytes
c:\windows\TEMP\sqlite_QH3Wjw9HE9l2h0g 1024 bytes
c:\windows\TEMP\sqlite_qhadkMg8GhMswGF 0 bytes
c:\windows\TEMP\sqlite_qHe13YyFehnXn37 1024 bytes
c:\windows\TEMP\sqlite_QhTjc2Id0dzajnX 0 bytes
c:\windows\TEMP\sqlite_QhyWLtKBnsE51kS 0 bytes
c:\windows\TEMP\sqlite_qI97NdGN4YXEPhE 0 bytes
c:\windows\TEMP\sqlite_qImAR0bHuQ3jaOB 0 bytes
c:\windows\TEMP\sqlite_qJ9wdPdUuNBNfv7 1024 bytes
c:\windows\TEMP\sqlite_qjcVVZEb9ToqdaT 0 bytes
c:\windows\TEMP\sqlite_QjeqcDT06VpJFb6 0 bytes
c:\windows\TEMP\sqlite_QjPfRVjSycrXe0U 0 bytes
c:\windows\TEMP\sqlite_qk8tegrA7ZintNM 0 bytes
c:\windows\TEMP\sqlite_QKk3jTZry4Ii5Qt 0 bytes
c:\windows\TEMP\sqlite_qkRi7AH9FSuevkS 0 bytes
c:\windows\TEMP\sqlite_qljPf7S5pQOchZl 0 bytes
c:\windows\TEMP\sqlite_qLQfSKRo6aHBcrH 0 bytes
c:\windows\TEMP\sqlite_qLUJHgfbUUmdPtv 0 bytes
c:\windows\TEMP\sqlite_Qlx4Icgi0qB0FwB 0 bytes
c:\windows\TEMP\sqlite_QMFh0OSpz8hsAav 0 bytes
c:\windows\TEMP\sqlite_qmlek91GS2YjCbK 0 bytes
c:\windows\TEMP\sqlite_qn4kSFh6Z0iVQod 0 bytes
c:\windows\TEMP\sqlite_MH6dSSsN6HPviI8 1024 bytes
c:\windows\TEMP\sqlite_MhJdTyvziPQJ72y 0 bytes
c:\windows\TEMP\sqlite_mHv0JkbLYONdaac 1024 bytes
c:\windows\TEMP\sqlite_mhWND3C1RVSeLS2 1024 bytes
c:\windows\TEMP\sqlite_Mi1GtvJ3CBykCVh 1024 bytes
c:\windows\TEMP\sqlite_mJfbqiTj5omrI8b 0 bytes
c:\windows\TEMP\sqlite_mJPJlFiV75cfoZv 0 bytes
c:\windows\TEMP\sqlite_mJpvsSsKuO3RDN6 1024 bytes
c:\windows\TEMP\sqlite_mk5cg4iCYZaBS3a 1024 bytes
c:\windows\TEMP\sqlite_mk5GtOXeFPswHAX 1024 bytes
c:\windows\TEMP\sqlite_MkcIHi8IEy1VXY6 0 bytes
c:\windows\TEMP\sqlite_MKlYTwLbVxDy9Wz 1024 bytes
c:\windows\TEMP\sqlite_mKU2rqMET78NcQC 1024 bytes
c:\windows\TEMP\sqlite_MLeJOgXmWFWKEOd 0 bytes
c:\windows\TEMP\sqlite_MLOhDMcf9VOboUK 0 bytes
c:\windows\TEMP\sqlite_mMa9XoUIWRbQCEq 0 bytes
c:\windows\TEMP\sqlite_mMCgWq7iKCodtNi 0 bytes
c:\windows\TEMP\sqlite_mMsnC5tDPp77FLU 1024 bytes
c:\windows\TEMP\sqlite_MnafLmJEKdHdgC9 0 bytes
c:\windows\TEMP\sqlite_mNtV6Q3AheP5I87 0 bytes
c:\windows\TEMP\sqlite_MNYYRWS5Bbn0dAj 1024 bytes
c:\windows\TEMP\sqlite_mOhlLhonnreHszz 1024 bytes
c:\windows\TEMP\sqlite_mOJh3etVeEGsrGS 0 bytes
c:\windows\TEMP\sqlite_MP1wb8uK4tn2dwt 1024 bytes
c:\windows\TEMP\sqlite_MPLxPfXIh1zJiZc 1024 bytes
c:\windows\TEMP\sqlite_MpNulhc9CoaHlWX 0 bytes
c:\windows\TEMP\sqlite_mR7R4JCzcBJM7EQ 1024 bytes
c:\windows\TEMP\sqlite_ZpcJOemjo2AU1mS 0 bytes
c:\windows\TEMP\sqlite_ZPgENXJLqyTv3T5 1024 bytes
c:\windows\TEMP\sqlite_zPirndELihHhTXr 0 bytes
c:\windows\TEMP\sqlite_ZpKaVg0L2H67iBO 1024 bytes
c:\windows\TEMP\sqlite_ZQamkYdeE3odlaR 0 bytes
c:\windows\TEMP\sqlite_zQbeYkteGygkn40 1024 bytes
c:\windows\TEMP\sqlite_ZqrNPXPrniJvKxw 0 bytes
c:\windows\TEMP\sqlite_ZrEGbdW7kar4TTH 0 bytes
c:\windows\TEMP\sqlite_ZRgshv8wrX6FVZ3 0 bytes
c:\windows\TEMP\sqlite_ZrKdqtX9iwO3G79 1024 bytes
c:\windows\TEMP\sqlite_ZrMrPrBQ9crKPoV 1024 bytes
c:\windows\TEMP\sqlite_zrmvm8JVHIYXT7B 0 bytes
c:\windows\TEMP\sqlite_ZrxiDc49AsgD17f 0 bytes
c:\windows\TEMP\sqlite_zrz5om6e1CmiOBD 1024 bytes
c:\windows\TEMP\sqlite_ZS2sJSuSHVkFhaB 1024 bytes
c:\windows\TEMP\sqlite_zS5BbKuLA8Yp6ua 0 bytes
c:\windows\TEMP\sqlite_Zs6o2zd9dMa0DDJ 0 bytes
c:\windows\TEMP\sqlite_ZS6Y4vc6EOWlfxU 0 bytes
c:\windows\TEMP\sqlite_zSaraqljYDqyaKl 1024 bytes
c:\windows\TEMP\sqlite_zSN9hknjCJaVcdz 0 bytes
c:\windows\TEMP\sqlite_ztdtdVthpsdS40Q 1024 bytes
c:\windows\TEMP\sqlite_ZtjDN82jiM5dX4p 0 bytes
c:\windows\TEMP\sqlite_shkogOBjl3Jasaq 0 bytes
c:\windows\TEMP\sqlite_SHLC9ZHdMTn0b9V 0 bytes
c:\windows\TEMP\sqlite_sHsJKwQZfPMwn0A 1024 bytes
c:\windows\TEMP\sqlite_SIAD0ytUQrF2Edb 1024 bytes
c:\windows\TEMP\sqlite_Sjv2KW9dEMsH9ZY 0 bytes
c:\windows\TEMP\sqlite_sK3cuhARyonUCUr 1024 bytes
c:\windows\TEMP\sqlite_SKbuompWbznbQ81 1024 bytes
c:\windows\TEMP\sqlite_SLeOpLosMShbpoE 1024 bytes
c:\windows\TEMP\sqlite_sLihDcPPxMyGwPc 0 bytes
c:\windows\TEMP\sqlite_slsGqWWS5aSKWVd 1024 bytes
c:\windows\TEMP\sqlite_SMfl4bfKo0EmcEN 0 bytes
c:\windows\TEMP\sqlite_SMkRJfFuZn48Mtr 0 bytes
c:\windows\TEMP\sqlite_sMlIKE4K7YEDMYb 0 bytes
c:\windows\TEMP\sqlite_smnpYmVoKx3vCeh 0 bytes
c:\windows\TEMP\sqlite_SN0capSdKBr7IY0 0 bytes
c:\windows\TEMP\sqlite_sNHm0q2gKJ1SzRF 1024 bytes
c:\windows\TEMP\sqlite_sNJcFeUgdoGcawt 0 bytes
c:\windows\TEMP\sqlite_SoDtLcyEjvHmNxh 0 bytes
c:\windows\TEMP\sqlite_lhQzBXrjG6BaDvr 0 bytes
c:\windows\TEMP\sqlite_LiDkcPn448msnOY 1024 bytes
c:\windows\TEMP\sqlite_lIJDHFOFimCtGfK 0 bytes
c:\windows\TEMP\sqlite_lIntY0B4b33RsW2 0 bytes
c:\windows\TEMP\sqlite_lK0LnOdkhjBT2Fr 0 bytes
c:\windows\TEMP\sqlite_lK89tIy7shT8pIc 0 bytes
c:\windows\TEMP\sqlite_lKc132GpLv9V9cl 0 bytes
c:\windows\TEMP\sqlite_LKFV4uKjcXkD8Y4 1024 bytes
c:\windows\TEMP\sqlite_LkyVicoKdjM9kok 0 bytes
c:\windows\TEMP\sqlite_llZPfTfV0cYDVG4 1024 bytes
c:\windows\TEMP\sqlite_lm3ISyr0u8MaeUY 0 bytes
c:\windows\TEMP\sqlite_lmTZRWkIyfXNHEA 0 bytes
c:\windows\TEMP\sqlite_LMwUPvLw61sQ6MO 1024 bytes
c:\windows\TEMP\sqlite_LnrnnKOTlGAHZFY 0 bytes
c:\windows\TEMP\sqlite_Lnv3F4zsRjM72cG 1024 bytes
c:\windows\TEMP\sqlite_LnvvJd5YlCduazf 0 bytes
c:\windows\TEMP\sqlite_LPh5OLOmVQIkVHe 0 bytes
c:\windows\TEMP\sqlite_lPSWHaJOlIqTQRu 1024 bytes
c:\windows\TEMP\sqlite_lPteG1v5fCcpDDC 0 bytes
c:\windows\TEMP\sqlite_lqfQaaaVWoQhIwT 0 bytes
c:\windows\TEMP\sqlite_lqJ2LI9OLNa4EiJ 0 bytes
c:\windows\TEMP\sqlite_n1FDHUijEGd2fmh 0 bytes
c:\windows\TEMP\sqlite_N2Ap8omxHKIHF1N 0 bytes
c:\windows\TEMP\sqlite_N3LBHUtWQ5MnnSW 0 bytes
c:\windows\TEMP\sqlite_n3oPv9BSkRsCtnt 0 bytes
c:\windows\TEMP\sqlite_n3RP75qYY7RQE8g 0 bytes
c:\windows\TEMP\sqlite_N4LGqPoV71OxdgE 1024 bytes
c:\windows\TEMP\sqlite_N5tDHSzXKuj7kfe 0 bytes
c:\windows\TEMP\sqlite_n8XLy8fUN6LPkAn 0 bytes
c:\windows\TEMP\sqlite_N901AHst7QIrzwD 0 bytes
c:\windows\TEMP\sqlite_NAbIxaxIn32vLY3 1024 bytes
c:\windows\TEMP\sqlite_naEpBDoZYwPnLAt 0 bytes
c:\windows\TEMP\sqlite_NAxlpzFTQtJfoaO 1024 bytes
c:\windows\TEMP\sqlite_Nazmrl5ospGhuMd 1024 bytes
c:\windows\TEMP\sqlite_Nb4seThSweoAE3F 0 bytes
c:\windows\TEMP\sqlite_nCmjcehWOs9U2xZ 0 bytes
c:\windows\TEMP\sqlite_Ncwgfie2POVi0Qh 0 bytes
c:\windows\TEMP\sqlite_NDNUfZNe29SOCiL 0 bytes
c:\windows\TEMP\sqlite_o7KWi7wzZcJkqVZ 1024 bytes
c:\windows\TEMP\sqlite_O7Vgghwr5nCvOsm 0 bytes
c:\windows\TEMP\sqlite_O7vLtXM8ngekUFM 0 bytes
c:\windows\TEMP\sqlite_o8jldbFoSjtQT2n 0 bytes
c:\windows\TEMP\sqlite_Oa68vOItS6bcVzC 1024 bytes
c:\windows\TEMP\sqlite_obbILU0y4fp9dqH 0 bytes
c:\windows\TEMP\sqlite_oBnXN5EbYmpb9S0 1024 bytes
c:\windows\TEMP\sqlite_oBQKchst0irbzcc 0 bytes
c:\windows\TEMP\sqlite_OChbrMWJH6BchpL 0 bytes
c:\windows\TEMP\sqlite_OelhMCe5ydksYqo 1024 bytes
c:\windows\TEMP\sqlite_Of4bkXklOOaP52f 0 bytes
c:\windows\TEMP\sqlite_OgBi9LyHYrG8HWP 0 bytes
c:\windows\TEMP\sqlite_ognA810wlMGrK2Q 0 bytes
c:\windows\TEMP\sqlite_oh2vPtjcPfI4ayQ 0 bytes
c:\windows\TEMP\sqlite_ohKiv4Egq0PxP69 1024 bytes
c:\windows\TEMP\sqlite_ohS6rbrl6O6uqgC 0 bytes
c:\windows\TEMP\sqlite_OI1QcNbHUZLu5w6 0 bytes
c:\windows\TEMP\sqlite_OJ0MSIdw7794wS7 0 bytes
c:\windows\TEMP\sqlite_KYTWpZeWh4rC1Hr 0 bytes
c:\windows\TEMP\sqlite_kyVVj0iPmkEI0gY 0 bytes
c:\windows\TEMP\sqlite_Kz6AYPbJRQGMuR2 0 bytes
c:\windows\TEMP\sqlite_kzWxg3sGz8RfIUI 0 bytes
c:\windows\TEMP\sqlite_L0CZDS9ewuDMOwj 0 bytes
c:\windows\TEMP\sqlite_l1Ipurm1qBykiJS 0 bytes
c:\windows\TEMP\sqlite_L2DxafOaZAqDWug 1024 bytes
c:\windows\TEMP\sqlite_L2WmrqDVyPBK0cV 0 bytes
c:\windows\TEMP\sqlite_L2X7fgnKUSgaVzI 1024 bytes
c:\windows\TEMP\sqlite_l3QRpHibjdllKEO 0 bytes
c:\windows\TEMP\sqlite_L3rFq9BMXgcigIa 0 bytes
c:\windows\TEMP\sqlite_L3z12fiUuMbhHLX 0 bytes
c:\windows\TEMP\sqlite_l4LgazF49CTbdrE 1024 bytes
c:\windows\TEMP\sqlite_l5ArkmgraPokoVQ 1024 bytes
c:\windows\TEMP\sqlite_l5tILez8E074jRK 0 bytes
c:\windows\TEMP\sqlite_l60W4MAgIOKwp7g 1024 bytes
c:\windows\TEMP\sqlite_l6Lqd0aU9Vd3F2Z 0 bytes
c:\windows\TEMP\sqlite_L6ZQ244BbjijnBe 0 bytes
c:\windows\TEMP\sqlite_r1b3j434WTMua1I 1024 bytes
c:\windows\TEMP\sqlite_r1UiJCFg9sXAOSO 0 bytes
c:\windows\TEMP\sqlite_R2vXCVAgQDr60bg 0 bytes
c:\windows\TEMP\sqlite_R3bRX0zJPg50GDa 0 bytes
c:\windows\TEMP\sqlite_R4b7wkK43JKrBKq 0 bytes
c:\windows\TEMP\sqlite_r4jIpElhVpxA7Df 1024 bytes
c:\windows\TEMP\sqlite_r4OuY2gSK7ygitX 1024 bytes
c:\windows\TEMP\sqlite_r5Eiw1mxhegQS5R 0 bytes
c:\windows\TEMP\sqlite_R5rUybFtSO26Y78 0 bytes
c:\windows\TEMP\sqlite_r5txhR5aQkD9p53 1024 bytes
c:\windows\TEMP\sqlite_R60TeiMqgWZ77Ct 1024 bytes
c:\windows\TEMP\sqlite_R7ATHDOvbefQogD 0 bytes
c:\windows\TEMP\sqlite_r83GOn3EEEvrN65 0 bytes
c:\windows\TEMP\sqlite_R84BrFGNhsE94bv 0 bytes
c:\windows\TEMP\sqlite_R8jdAkyE74yFcsI 0 bytes
c:\windows\TEMP\sqlite_r9dvGfsLOgIODEM 1024 bytes
c:\windows\TEMP\sqlite_RAg3euuYSSPvKzI 0 bytes
c:\windows\TEMP\sqlite_rAp37SC9jh1i6YI 0 bytes
c:\windows\TEMP\sqlite_RaRk4UTmCisztlI 1024 bytes
c:\windows\TEMP\mcmsc_jOJQhQq3vAEfwpA 1024 bytes
c:\windows\TEMP\mcmsc_NTNHE6YI0U7zGaX 0 bytes
c:\windows\TEMP\sqlite_vXe5zpZEdRWDwrz 1024 bytes
c:\windows\TEMP\sqlite_VYBG7JrzfGmic9f 1024 bytes
c:\windows\TEMP\sqlite_vzej3asj6jSnM90 1024 bytes
c:\windows\TEMP\sqlite_VZMXeh9SFMo9bdc 1024 bytes
c:\windows\TEMP\sqlite_VZnTqxYrwTo1yMV 0 bytes
c:\windows\TEMP\sqlite_vZTVPjrl1LUOBg5 0 bytes
c:\windows\TEMP\sqlite_w0Aqlclq0Dcrtay 0 bytes
c:\windows\TEMP\sqlite_W16dpnzqNOqAWIQ 0 bytes
c:\windows\TEMP\sqlite_w1d6kFQY7bMpWeo 1024 bytes
c:\windows\TEMP\sqlite_W1dQ0fObLUHr0Cb 0 bytes
c:\windows\TEMP\sqlite_w1mMk2dIPmui0yh 0 bytes
c:\windows\TEMP\sqlite_W1WU6hfjT1BpoMi 1024 bytes
c:\windows\TEMP\sqlite_W22xARsoDdurBXi 0 bytes
c:\windows\TEMP\sqlite_W2UUJQHdruH8dmf 0 bytes
c:\windows\TEMP\sqlite_w3rlZyH6PfnWt8S 0 bytes
c:\windows\TEMP\sqlite_W3Z1wVrw17ACq8Z 0 bytes
c:\windows\TEMP\sqlite_w3ZeEnoJq9a98zO 0 bytes
c:\windows\TEMP\sqlite_W4EBPA6Oqbtmggc 0 bytes
c:\windows\TEMP\sqlite_W4Rq286RPF3iBja 0 bytes
c:\windows\TEMP\sqlite_w50mTuqW7Tx4qYg 0 bytes
c:\windows\TEMP\sqlite_yZ5QNdvlcaruxk6 0 bytes
c:\windows\TEMP\sqlite_YZCK2QcahaFeS0C 1024 bytes
c:\windows\TEMP\sqlite_yZPMpWIiXeklwZ9 1024 bytes
c:\windows\TEMP\sqlite_YZR87gdVBLrJzla 1024 bytes
c:\windows\TEMP\sqlite_Z03FcuY1QA3QlL5 0 bytes
c:\windows\TEMP\sqlite_Z0BylCGSa0yc8vh 0 bytes
c:\windows\TEMP\sqlite_z127RqFc8EBblY8 1024 bytes
c:\windows\TEMP\sqlite_z1EtvSKEkgVjEjt 1024 bytes
c:\windows\TEMP\sqlite_Z1R85MMlwQZ41lg 1024 bytes
c:\windows\TEMP\sqlite_z50DqPDyvdVIaZC 0 bytes
c:\windows\TEMP\sqlite_z5KOkA5GwmWdMEV 0 bytes
c:\windows\TEMP\sqlite_z5nXfQ7crjAoGlL 1024 bytes
c:\windows\TEMP\sqlite_z5NzhIJH7TkcLuq 1024 bytes
c:\windows\TEMP\sqlite_z6pBaErUEiMfhi8 1024 bytes
c:\windows\TEMP\sqlite_Z7yUxyd7MNLRkZ3 0 bytes
c:\windows\TEMP\sqlite_Z8bFxY2uT0MiRwT 0 bytes
c:\windows\TEMP\sqlite_zaOeogI7FKvIHJh 0 bytes
c:\windows\TEMP\sqlite_ZbAAjRTM9OlZzoc 0 bytes
c:\windows\TEMP\sqlite_zbySiFmlJePToEq 1024 bytes
c:\windows\TEMP\sqlite_ZcaFYgS30B7iEoF 1024 bytes
c:\windows\TEMP\sqlite_ZCugJzC4BZqJU4S 1024 bytes
c:\windows\TEMP\sqlite_ZCYpywUxBdgW5Ua 0 bytes
c:\windows\TEMP\sqlite_RSdqg53atq0aAif 0 bytes
c:\windows\TEMP\sqlite_rsecH6G8yjERjJV 1024 bytes
c:\windows\TEMP\sqlite_RSucsHLu5Kgpm0S 0 bytes
c:\windows\TEMP\sqlite_rsX8qmbIkuKr2j0 1024 bytes
c:\windows\TEMP\sqlite_rTRWsaCkhRDBUdp 0 bytes
c:\windows\TEMP\sqlite_RTxNss9THdMCUf6 0 bytes
c:\windows\TEMP\sqlite_RUbFTNHKKdKuih8 0 bytes
c:\windows\TEMP\sqlite_rv3X8kEhBWxfDj1 0 bytes
c:\windows\TEMP\sqlite_rvhKzm9CjZCjESz 1024 bytes
c:\windows\TEMP\sqlite_rWbBCQOULkvLbf6 1024 bytes
c:\windows\TEMP\sqlite_rwcLAPV5HZdR5Lq 0 bytes
c:\windows\TEMP\sqlite_RxcJk2ENoQCnhak 0 bytes
c:\windows\TEMP\sqlite_RxyoAu3gptrsho0 1024 bytes
c:\windows\TEMP\sqlite_ryj3QpFkjYGeZ9F 0 bytes
c:\windows\TEMP\sqlite_rymvvhaXhkq4MhI 0 bytes
c:\windows\TEMP\sqlite_rYwsBIglA8q0TOS 0 bytes
c:\windows\TEMP\sqlite_RyXqYgQ5dsAc3Ef 1024 bytes
c:\windows\TEMP\sqlite_rzsbKLLBxyNOofD 1024 bytes
c:\windows\TEMP\sqlite_RzXSA3sMURmRPY7 1024 bytes
c:\windows\TEMP\sqlite_pEJ1fwXhZxM6XLR 0 bytes
c:\windows\TEMP\sqlite_pEpkHanLuX31DRh 0 bytes
c:\windows\TEMP\sqlite_Pf2lUMtfy4GM46g 1024 bytes
c:\windows\TEMP\sqlite_pFaUuPzD29XemIM 1024 bytes
c:\windows\TEMP\sqlite_Pfb5FjhjLrxwoRD 1024 bytes
c:\windows\TEMP\sqlite_pFtySAWpdocmCQ2 0 bytes
c:\windows\TEMP\sqlite_Pgb4rUZe5laMtH4 0 bytes
c:\windows\TEMP\sqlite_pGG2u0HWZPrJ9bn 0 bytes
c:\windows\TEMP\sqlite_PGozT2ghckRxwyK 1024 bytes
c:\windows\TEMP\sqlite_pgufzyaoXv8gJph 0 bytes
c:\windows\TEMP\sqlite_phcwgLsWBvNOGex 1024 bytes
c:\windows\TEMP\sqlite_phUiXCc6lVP9Ewt 0 bytes
c:\windows\TEMP\sqlite_PIrHynSyNBFViWn 1024 bytes
c:\windows\TEMP\sqlite_PjoOxOYtOgdFmST 0 bytes
c:\windows\TEMP\sqlite_PkL7p5VD17apmIL 0 bytes
c:\windows\TEMP\sqlite_pKTgMIMX0Gc0zHW 0 bytes
c:\windows\TEMP\sqlite_pTGbwvKBDrEzghT 0 bytes
c:\windows\TEMP\sqlite_pTZtgDhJyI2gaSZ 0 bytes
c:\windows\TEMP\sqlite_PuGFa0JYGpLjVpg 0 bytes
c:\windows\TEMP\sqlite_PV9RIIef8B0Vy6B 1024 bytes
c:\windows\TEMP\sqlite_pVLAsFLrDKHbjhv 1024 bytes
c:\windows\TEMP\sqlite_PwzikhXCS2qztra 0 bytes
c:\windows\TEMP\sqlite_Px0rutEJw7ccwIC 1024 bytes
c:\windows\TEMP\sqlite_pX6VBziJ4cgxy05 0 bytes
c:\windows\TEMP\sqlite_pxckbaXdq0sWb4N 0 bytes
c:\windows\TEMP\sqlite_pxIrL6KZqvgY8o3 0 bytes
c:\windows\TEMP\sqlite_pxkmUI4rt2ny801 1024 bytes
c:\windows\TEMP\sqlite_PxS8meyntCBF251 0 bytes
c:\windows\TEMP\sqlite_PYrCdO5pMdmQNky 0 bytes
c:\windows\TEMP\sqlite_pYW7s0Kk7lZWbst 0 bytes
c:\windows\TEMP\sqlite_Pz3C8sxk6nWRdOV 0 bytes
c:\windows\TEMP\sqlite_Pzlqhj9bWdGRhLv 1024 bytes
c:\windows\TEMP\sqlite_PzR92muzOnjLaXL 0 bytes
c:\windows\TEMP\sqlite_YfZ17NjkThXfgCk 0 bytes
c:\windows\TEMP\sqlite_YgNbwgIkyC9OHrQ 1024 bytes
c:\windows\TEMP\sqlite_YgPlg7NRevhJTad 1024 bytes
c:\windows\TEMP\sqlite_Ygvw61ik8O0lz7I 1024 bytes
c:\windows\TEMP\sqlite_yhBnv355IYVVCOA 1024 bytes
c:\windows\TEMP\sqlite_YIytfes6qbgGzHJ 0 bytes
c:\windows\TEMP\sqlite_Yj0rUdmpaav1a7c 0 bytes
c:\windows\TEMP\sqlite_Yjl3KTMrUS1dVh1 0 bytes
c:\windows\TEMP\sqlite_yJO8XWHE62LhdIQ 0 bytes
c:\windows\TEMP\sqlite_YJuWTOKMVDOgUnr 0 bytes
c:\windows\TEMP\sqlite_yjzbwcRmWmAbNnO 0 bytes
c:\windows\TEMP\sqlite_YkK04xrgTwpwsof 0 bytes
c:\windows\TEMP\sqlite_Ykw2a9gznYtaKIs 1024 bytes
c:\windows\TEMP\sqlite_YNNxK9znXRbv697 0 bytes
c:\windows\TEMP\sqlite_YNW3W9HLaafDZmp 0 bytes
c:\windows\TEMP\sqlite_oVQineoGfbQ6QMP 0 bytes
c:\windows\TEMP\sqlite_OvtfeltrJH7HNZg 0 bytes
c:\windows\TEMP\sqlite_ovVKndZ44sB2ybI 0 bytes
c:\windows\TEMP\sqlite_OwVonPckqv16cOf 1024 bytes
c:\windows\TEMP\sqlite_OxooXg3VyeEUfgd 1024 bytes
c:\windows\TEMP\sqlite_oxrzpfKQuUKHfW4 0 bytes
c:\windows\TEMP\sqlite_OxZGbzpoC1kc5EE 1024 bytes
c:\windows\TEMP\sqlite_OYdj6HqRX8uYBAM 0 bytes
c:\windows\TEMP\sqlite_OYeLX0bCAY6XFun 0 bytes
c:\windows\TEMP\sqlite_oyUah9eRaKnNoVD 1024 bytes
c:\windows\TEMP\sqlite_ozifjmsWE512iwL 0 bytes
c:\windows\TEMP\sqlite_OZPtXWuzPL58FZu 0 bytes
c:\windows\TEMP\sqlite_OzxQA5v6OJgypmE 1024 bytes
c:\windows\TEMP\sqlite_OzZLeRu5RN7fgzg 0 bytes
c:\windows\TEMP\sqlite_P41cZclzkj5ISqG 1024 bytes
c:\windows\TEMP\sqlite_P4HereEc9m1ZExw 1024 bytes
c:\windows\TEMP\sqlite_p4VBN8YvzntsFKX 1024 bytes
c:\windows\TEMP\sqlite_p5kkpOT4UE2u5ll 1024 bytes
c:\windows\TEMP\sqlite_WGIfJlzSwPIoGAO 0 bytes
c:\windows\TEMP\sqlite_WgLq3j1okru1HTj 0 bytes
c:\windows\TEMP\sqlite_wGOni1PZ78QLkrG 0 bytes
c:\windows\TEMP\sqlite_Wgx1b8BvV5jqhRt 0 bytes
c:\windows\TEMP\sqlite_WHcDcdZa8CsBZTG 0 bytes
c:\windows\TEMP\sqlite_WHhcrOS6DKoGBVz 1024 bytes
c:\windows\TEMP\sqlite_WHjM74Jhn4Awi55 0 bytes
c:\windows\TEMP\sqlite_whRDXAPJD0Q1yuu 0 bytes
c:\windows\TEMP\sqlite_WIABefRDJHa11AG 0 bytes
c:\windows\TEMP\sqlite_wIaRTNHq8Uq9vQz 1024 bytes
c:\windows\TEMP\sqlite_wifVjrIvNOyAPib 1024 bytes
c:\windows\TEMP\sqlite_wjNcGvaTy33m5Qi 0 bytes
c:\windows\TEMP\sqlite_wjQEAh3ekb6cIiC 1024 bytes
c:\windows\TEMP\sqlite_WJxQFeU8nfdrK3h 0 bytes
c:\windows\TEMP\sqlite_wkQIcfjE1waUJ9m 0 bytes
c:\windows\TEMP\sqlite_WMbczDTzao4sohb 1024 bytes
c:\windows\TEMP\sqlite_WMDjxvC9IAemChx 0 bytes
c:\windows\TEMP\sqlite_WNA6kiIvZ3wupzq 0 bytes
c:\windows\TEMP\sqlite_wso8im9wxqBXXAS 1024 bytes
c:\windows\TEMP\sqlite_wT0X2BFYyAXDeCQ 1024 bytes
c:\windows\TEMP\sqlite_Wt8YYJ5KC0OFz7F 0 bytes
c:\windows\TEMP\sqlite_WtCEZ6O6WSwv7WK 1024 bytes
c:\windows\TEMP\sqlite_wUntKGD2YO4gm50 1024 bytes
c:\windows\TEMP\sqlite_wuSMrc3lQIt1O9d 1024 bytes
c:\windows\TEMP\sqlite_wvMsa7LFNcg0DEB 0 bytes
c:\windows\TEMP\sqlite_wvvttp75vYpL3HO 1024 bytes
c:\windows\TEMP\sqlite_wWFsqL3CYxu9lP0 0 bytes
c:\windows\TEMP\sqlite_wWgQW2FMZYTDeiq 1024 bytes
c:\windows\TEMP\sqlite_wwv20vIpt91EBMZ 0 bytes
c:\windows\TEMP\sqlite_wx7Pt4OPCBCOsC6 0 bytes
c:\windows\TEMP\sqlite_wX9BdhekHzJhHwb 0 bytes
c:\windows\TEMP\sqlite_WxcjSbkQHdC6oOo 0 bytes
c:\windows\TEMP\sqlite_wXjP1rX8UhTNKFs 1024 bytes
c:\windows\TEMP\sqlite_wxPoCtTMTkJznQR 0 bytes
c:\windows\TEMP\sqlite_WYbNeMHWZpeCP0N 1024 bytes
c:\windows\TEMP\sqlite_wYfMZ22kBouYqHb 1024 bytes
c:\windows\TEMP\sqlite_QCGTneK30Zogd8h 1024 bytes
c:\windows\TEMP\sqlite_qcNEdGevK58HYNH 1024 bytes
c:\windows\TEMP\sqlite_QcpEOHc9YGGpAkg 0 bytes
c:\windows\TEMP\sqlite_qcrUaZSvh2UkAGV 0 bytes
c:\windows\TEMP\sqlite_qCsasRdTgGzYXnl 1024 bytes
c:\windows\TEMP\sqlite_qcv88JLyfbbdQEl 0 bytes
c:\windows\TEMP\sqlite_qDu6R8ourmUtP8p 0 bytes
c:\windows\TEMP\sqlite_qdYLcV5m9DjEpm5 1024 bytes
c:\windows\TEMP\sqlite_QDZ2h7Hu4lYfJDO 0 bytes
c:\windows\TEMP\sqlite_QEHsCyK7ylwsNQb 0 bytes
c:\windows\TEMP\sqlite_qej76dTdt0gJgbb 1024 bytes
c:\windows\TEMP\sqlite_QEN1ORbyhK9ZClA 1024 bytes
c:\windows\TEMP\sqlite_Qf6MiX9cgdTk03u 0 bytes
c:\windows\TEMP\sqlite_QfNF7EhAWNtNpXu 0 bytes
c:\windows\TEMP\sqlite_qgggh0TGbrFdFxN 0 bytes
c:\windows\TEMP\sqlite_pefudHDTB0hIN8R 1024 bytes
c:\windows\TEMP\sqlite_PlGcMKnYb9SxwJ4 0 bytes
c:\windows\TEMP\sqlite_ptfOaTZHKFF3IBR 0 bytes
c:\windows\TEMP\sqlite_pzsz1XldEGPycZo 0 bytes
c:\windows\TEMP\sqlite_qbL3d3aaAWjI6Rw 0 bytes
c:\windows\TEMP\sqlite_QGgzrtMQEcZsOjI 0 bytes
c:\windows\TEMP\sqlite_qNAFG9i4yRG4Er3 0 bytes
c:\windows\TEMP\sqlite_R0ecjgUIFprEYe5 0 bytes
c:\windows\TEMP\sqlite_rAXMuiCuqUdeBYX 0 bytes
c:\windows\TEMP\sqlite_RKzA2xYPdOBwSjG 0 bytes
c:\windows\TEMP\sqlite_Rrp0wV2slBSQBhZ 1024 bytes
c:\windows\TEMP\sqlite_Rzzz3xb7EtYvQBe 0 bytes
c:\windows\TEMP\sqlite_SH2UQnGGLohO6py 1024 bytes
c:\windows\TEMP\sqlite_sOVTUttueXxoqHC 0 bytes
c:\windows\TEMP\sqlite_SUXyMs1rlP4id65 1024 bytes
c:\windows\TEMP\sqlite_sZSRHGBtjbxa0yl 0 bytes
c:\windows\TEMP\sqlite_sVdNx6fLJAaN3aW 0 bytes
c:\windows\TEMP\sqlite_sVfTXePZiUnhRcR 0 bytes
c:\windows\TEMP\sqlite_SVo3pqKixbww0zR 0 bytes
c:\windows\TEMP\sqlite_sVuuk17fcgc0fD6 0 bytes
c:\windows\TEMP\sqlite_SW0Wq0FXTeXw57r 0 bytes
c:\windows\TEMP\sqlite_SwdgFxFTP1YHhc6 0 bytes
c:\windows\TEMP\sqlite_sWwYjr8ymQgisGZ 0 bytes
c:\windows\TEMP\sqlite_sXCAqqMcRhozRiH 1024 bytes
c:\windows\TEMP\sqlite_SYcEGg6FiaZvyiY 1024 bytes
c:\windows\TEMP\sqlite_SyoppiyZUhtQFo9 1024 bytes
c:\windows\TEMP\sqlite_SYZXzB72jdKwaf7 1024 bytes
c:\windows\TEMP\sqlite_sz5htjLeKo5KKu8 0 bytes
c:\windows\TEMP\sqlite_sZ7ou7Pv8vSp6wm 1024 bytes
c:\windows\TEMP\sqlite_sZEtl0FiHkN1YuK 1024 bytes
c:\windows\TEMP\sqlite_sZQ0y1aWSmsQZiT 0 bytes
c:\windows\TEMP\sqlite_mDDWjMEvnFge 0 bytes
c:\windows\TEMP\sqlite_MDg1JL6PUR2nLjI 0 bytes
c:\windows\TEMP\sqlite_MDrET787NjcVlg6 0 bytes
c:\windows\TEMP\sqlite_mE06LMA6uwo3SIs 0 bytes
c:\windows\TEMP\sqlite_ME7dyAGbg9NWeFq 0 bytes
c:\windows\TEMP\sqlite_mejhoLs4DFXNpjF 1024 bytes
c:\windows\TEMP\sqlite_MepYTCpt4zDv3ll 1024 bytes
c:\windows\TEMP\sqlite_mFSaqoVbTH36eAh 0 bytes
c:\windows\TEMP\sqlite_MfzOEC0h7Hx7jLF 1024 bytes
c:\windows\TEMP\sqlite_MG2muKcUu8Mef8u 0 bytes
c:\windows\TEMP\sqlite_mg8REgDieKLbT2O 0 bytes
c:\windows\TEMP\sqlite_Mg9CzEAfnAJGt9Q 0 bytes
c:\windows\TEMP\sqlite_mgA8dnmOwepCS5g 0 bytes
c:\windows\TEMP\sqlite_mGLkqUhA3Z7J22G 0 bytes
c:\windows\TEMP\sqlite_Mgq0tfg9rnwJthF 1024 bytes
c:\windows\TEMP\logishrd
c:\windows\TEMP\logishrd\LVPrcInj02.dll 109080 bytes executable
c:\windows\TEMP\WFV1.tmp 49946624 bytes
c:\windows\TEMP\WFV10.tmp 39645184 bytes
c:\windows\TEMP\WFV11.tmp 45383680 bytes
c:\windows\TEMP\WFV12.tmp 40660992 bytes
c:\windows\TEMP\WFV13.tmp 45383680 bytes
c:\windows\TEMP\WFV14.tmp 44560384 bytes
c:\windows\TEMP\WFV15.tmp 45162496 bytes
c:\windows\TEMP\WFV16.tmp 45383680 bytes
c:\windows\TEMP\WFV169.tmp 40660992 bytes
c:\windows\TEMP\WFV17.tmp 46182400 bytes
c:\windows\TEMP\WFV18.tmp 51646464 bytes
c:\windows\TEMP\WFV180.tmp 40660992 bytes
c:\windows\TEMP\WFV233.tmp 40787968 bytes
c:\windows\TEMP\WFV3D.tmp 42889216 bytes
c:\windows\TEMP\WFV3E.tmp 41345024 bytes
c:\windows\TEMP\WFV40.tmp 46489600 bytes
c:\windows\TEMP\WFV44.tmp 0 bytes
c:\windows\TEMP\WFV56.tmp 0 bytes
c:\windows\TEMP\WFVC.tmp 51511296 bytes
c:\windows\TEMP\WFVE.tmp 51511296 bytes
c:\windows\TEMP\WGAErrLog.txt 255 bytes
c:\windows\TEMP\WGANotify.settings 409 bytes
c:\windows\TEMP\zjtwaii1.0.cs 11781 bytes
c:\windows\TEMP\zjtwaii1.cmdline 315 bytes
c:\windows\TEMP\zjtwaii1.dll 8192 bytes executable
c:\windows\TEMP\zjtwaii1.err 0 bytes
c:\windows\TEMP\zjtwaii1.out 578 bytes
c:\windows\TEMP\_add_ds.log 991 bytes
c:\windows\TEMP\_Metadata.xml 232 bytes
c:\windows\TEMP\{169F8893-C1C5-4847-972C-EA1E008112AC}
c:\windows\TEMP\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-01-13 16:31:58
ComboFix-quarantined-files.txt 2009-01-13 21:30:40

Pre-Run: 198,276,169,728 bytes free
Post-Run: 198,673,719,296 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

1649 --- E O F --- 2008-12-19 01:36:23


Report •

#9
January 14, 2009 at 14:47:03
Please go to Virus Total and upload the following files one at the time for analysis:

c:\windows\efewebewah.dll

c:\windows\afaqikuwafonutul.dll

c:\windows\odexulodipoki.dll

Use the browse button at the site to find the file, once you find the file double click it and it should appear in the empty space to the left of the browse button> click "send file".

Post the results in your reply.

Please download GooredFix and save it to your Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt). Note: Do not run Option #2 yet.


Report •

#10
January 16, 2009 at 12:55:45
File efewebewah.dll received on 01.15.2009 03:07:45 (CET)
Antivirus Version Last Update Result
a-squared 4.0.0.73 2009.01.15 -
AhnLab-V3 2009.1.15.0 2009.01.14 -
AntiVir 7.9.0.54 2009.01.14 -
Authentium 5.1.0.4 2009.01.14 -
Avast 4.8.1281.0 2009.01.14 -
AVG 8.0.0.229 2009.01.14 -
BitDefender 7.2 2009.01.15 -
CAT-QuickHeal 10.00 2009.01.14 -
ClamAV 0.94.1 2009.01.14 -
Comodo 931 2009.01.14 -
DrWeb 4.44.0.09170 2009.01.15 -
eSafe 7.0.17.0 2009.01.14 -
eTrust-Vet 31.6.6308 2009.01.15 -
F-Prot 4.4.4.56 2009.01.14 -
F-Secure 8.0.14470.0 2009.01.15 -
Fortinet 3.117.0.0 2009.01.15 -
GData 19 2009.01.15 -
Ikarus T3.1.1.45.0 2009.01.15 -
K7AntiVirus 7.10.584 2009.01.09 -
Kaspersky 7.0.0.125 2009.01.15 -
McAfee 5495 2009.01.14 -
McAfee+Artemis 5495 2009.01.14 -
Microsoft 1.4205 2009.01.15 -
NOD32 3767 2009.01.15 -
Norman 5.93.01 2009.01.13 -
nProtect 2009.1.8.0 2009.01.15 -
Panda 9.5.1.2 2009.01.14 -
PCTools 4.4.2.0 2009.01.14 -
Prevx1 V2 2009.01.15 -
Rising 21.12.22.00 2009.01.14 -
SecureWeb-Gateway 6.7.6 2009.01.15 -
Sophos 4.37.0 2009.01.15 -
Sunbelt 3.2.1831.2 2009.01.09 -
Symantec 10 2009.01.15 -
TheHacker 6.3.1.4.220 2009.01.14 -
TrendMicro 8.700.0.1004 2009.01.14 -
VBA32 3.12.8.10 2009.01.14 -
ViRobot 2009.1.14.1559 2009.01.14 -
VirusBuster 4.5.11.0 2009.01.14 -
Additional information
File size: 7029 bytes
MD5...: caa401de2e4be225335d27449c4ba2b6
SHA1..: 79e7f2478940f27604f9050bbaee4c34102e4402
SHA256: 2a2702a748226c237d936b0ad7d4ad712490e6a81f69bff4c6bd3183a7cc5021
SHA512: dceed4fdd99ef0260a10d96239186874a0fa62eed99152eb41732eba2c1ae9ef
667a755a671cc99562bb4f6d689842903e4b3ab0a7121c4adcad7a7c063eaef8

ssdeep: 96:0e/EWgjIuTFBaVGvyKWjpsgLucNSqFUE4A+5v/gRm3tdy3PXP:GnTLaVjsgLR
Pw609dy/XP

PEiD..: -
TrID..: File type identification
HyperText Markup Language (100.0%)
PEInfo: -
___________________________________________________________________________________________


File afaqikuwafonutul.dll received on 01.16.2009 21:16:59 (CET)
Antivirus Version Last Update Result
a-squared 4.0.0.73 2009.01.16 -
AhnLab-V3 2009.1.15.0 2009.01.16 -
AntiVir 7.9.0.55 2009.01.16 -
Authentium 5.1.0.4 2009.01.16 -
Avast 4.8.1281.0 2009.01.16 -
AVG 8.0.0.229 2009.01.16 -
BitDefender 7.2 2009.01.16 -
CAT-QuickHeal 10.00 2009.01.16 -
ClamAV 0.94.1 2009.01.16 -
Comodo 933 2009.01.16 -
DrWeb 4.44.0.09170 2009.01.16 -
eSafe 7.0.17.0 2009.01.15 -
eTrust-Vet 31.6.6311 2009.01.16 -
F-Prot 4.4.4.56 2009.01.16 -
F-Secure 8.0.14470.0 2009.01.16 -
Fortinet 3.117.0.0 2009.01.15 -
GData 19 2009.01.16 -
Ikarus T3.1.1.45.0 2009.01.16 -
K7AntiVirus 7.10.593 2009.01.16 -
Kaspersky 7.0.0.125 2009.01.16 -
McAfee 5497 2009.01.16 -
McAfee+Artemis 5497 2009.01.16 -
Microsoft 1.4205 2009.01.16 -
NOD32 3772 2009.01.16 -
Norman 5.93.01 2009.01.16 -
nProtect 2009.1.8.0 2009.01.16 -
Panda 9.5.1.2 2009.01.16 -
PCTools 4.4.2.0 2009.01.16 -
Prevx1 V2 2009.01.16 -
Rising 21.12.42.00 2009.01.16 -
SecureWeb-Gateway 6.7.6 2009.01.16 -
Sophos 4.37.0 2009.01.16 -
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.01.16 -
TheHacker 6.3.1.4.220 2009.01.14 -
TrendMicro 8.700.0.1004 2009.01.16 -
ViRobot 2009.1.16.1562 2009.01.16 -
VirusBuster 4.5.11.0 2009.01.16 -
Additional information
File size: 7009 bytes
MD5...: 7288660112ab3d0adb527a8a88306716
SHA1..: 238f293dbc0fc35a235dd2a040c9ffdcea720ff7
SHA256: 8b7b56fab413543f37131788a6dccf7c4705c185e026833a927750a6f55d3fae
SHA512: 7e8812ae25ea11c8dc525bcb94ed9e8007ed85e44511f7e819b7f371407db315
d5a67bc5931dbb146a8f05a98e2db19b0f9b0a717bbe587d7e3ba6dedb2fc977

ssdeep: 96:0e/EWgjIuVFBaVGvyKWjpsgLucNSqFUEp8KMx/4Okitdy3PXP:GHVLaVjsgLR
P/rhsdy/XP

PEiD..: -
TrID..: File type identification
HyperText Markup Language (100.0%)
PEInfo: -

______________________________________________________________________________


File odexulodipoki.dll received on 01.16.2009 21:50:44 (CET)
Antivirus Version Last Update Result
a-squared 4.0.0.73 2009.01.16 -
AhnLab-V3 2009.1.15.0 2009.01.16 -
AntiVir 7.9.0.55 2009.01.16 -
Authentium 5.1.0.4 2009.01.16 -
Avast 4.8.1281.0 2009.01.16 -
AVG 8.0.0.229 2009.01.16 -
BitDefender 7.2 2009.01.16 -
CAT-QuickHeal 10.00 2009.01.16 -
ClamAV 0.94.1 2009.01.16 -
Comodo 933 2009.01.16 -
DrWeb 4.44.0.09170 2009.01.16 -
eSafe 7.0.17.0 2009.01.15 -
eTrust-Vet 31.6.6311 2009.01.16 -
F-Prot 4.4.4.56 2009.01.16 -
F-Secure 8.0.14470.0 2009.01.16 -
Fortinet 3.117.0.0 2009.01.15 -
GData 19 2009.01.16 -
Ikarus T3.1.1.45.0 2009.01.16 -
K7AntiVirus 7.10.593 2009.01.16 -
Kaspersky 7.0.0.125 2009.01.16 -
McAfee 5497 2009.01.16 -
McAfee+Artemis 5497 2009.01.16 -
Microsoft 1.4205 2009.01.16 -
NOD32 3772 2009.01.16 -
Norman 5.93.01 2009.01.16 -
nProtect 2009.1.8.0 2009.01.16 -
Panda 9.5.1.2 2009.01.16 -
PCTools 4.4.2.0 2009.01.16 -
Prevx1 V2 2009.01.16 -
Rising 21.12.42.00 2009.01.16 -
SecureWeb-Gateway 6.7.6 2009.01.16 -
Sophos 4.37.0 2009.01.16 Troj/BHO-IQ
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.01.16 -
TheHacker 6.3.1.4.220 2009.01.14 -
TrendMicro 8.700.0.1004 2009.01.16 -
VBA32 3.12.8.10 2009.01.16 -
ViRobot 2009.1.16.1562 2009.01.16 -
VirusBuster 4.5.11.0 2009.01.16 -
Additional information
File size: 253952 bytes
MD5...: 917d487f5f27b93cf279d6ba99b80008
SHA1..: c2e34e6089a97f021ad90d96e38a639434c59ef6
SHA256: 4570174e921bec60a3d63c80aa6d3ba6bfb9cf0079c40d2dfb5f37351aafe536
SHA512: 68994a4fcf817c91d1f044fdbdcf85baf1aab4f4d1781c1cb68d80873a8a6924
7fbc5b049462762fca79aaf522c686569deeb2b7b53e971ef725c779abb90d7e

ssdeep: 3072:YKga7W19gFmhzbqfSkkcjLwJLvWMKiuYBDQ3apLe9P32I0nFIOZtw71+:YK
gOW8mhzbqfSknwJLvSiTBE3aRU7

PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x10017964
timedatestamp.....: 0x492888a2 (Sat Nov 22 22:33:06 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x25eca 0x26000 6.09 f14dfec85fab11288c5d562af626a76f
.rdata 0x27000 0xd599 0xe000 5.16 89ea769da8d7fe5875b724701ef0709f
.data 0x35000 0x8200 0x5000 3.45 0bb56d6b0e4707d486cb1ae960775874
.reloc 0x3e000 0x3476 0x4000 5.05 54bd37fa5af85aab3ffae0e351709675

( 8 imports )
> VERSION.dll: VerQueryValueW, GetFileVersionInfoSizeW, GetFileVersionInfoW
> KERNEL32.dll: CreateProcessW, lstrcpyW, lstrcatW, SystemTimeToFileTime, WideCharToMultiByte, ReadFile, GetFileSize, SetFilePointer, CreateFileW, InterlockedDecrement, InterlockedIncrement, GetProcAddress, LoadLibraryW, GetModuleFileNameW, SetEvent, Sleep, ResetEvent, WaitForSingleObject, OpenEventW, CreateMutexW, EnterCriticalSection, LeaveCriticalSection, CreateEventW, SetWaitableTimer, CancelWaitableTimer, GetLastError, CreateWaitableTimerW, OpenWaitableTimerW, lstrcpynA, GetTickCount, MultiByteToWideChar, CreateThread, lstrlenA, RaiseException, InitializeCriticalSection, DeleteCriticalSection, FreeLibraryAndExitThread, OpenMutexW, DisableThreadLibraryCalls, GetVersionExW, CloseHandle, lstrcmpW, FreeLibrary, LocalFree, OpenProcess, LocalAlloc, SetEndOfFile, WriteFile, UnmapViewOfFile, MapViewOfFile, CreateFileMappingW, GetSystemTime, WaitForMultipleObjects, FlushFileBuffers, CreateDirectoryW, RemoveDirectoryW, FindClose, FindNextFileW, DeleteFileW, FindFirstFileW, lstrcpyA, QueryPerformanceCounter, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, GetStartupInfoA, GetFileType, SetHandleCount, GetModuleFileNameA, GetStdHandle, GetOEMCP, VirtualQuery, VirtualAlloc, VirtualFree, HeapCreate, HeapDestroy, ExitProcess, HeapSize, GetLocalTime, lstrlenW, lstrcpynW, GetSystemWindowsDirectoryW, GetVolumeInformationW, GetCurrentProcessId, ReleaseMutex, SetLastError, TlsFree, TlsSetValue, GetLocaleInfoW, LoadLibraryA, IsValidCodePage, IsValidLocale, EnumSystemLocalesA, GetUserDefaultLCID, TlsAlloc, TlsGetValue, GetModuleHandleA, GetStringTypeW, GetStringTypeA, GetCPInfo, LCMapStringW, LCMapStringA, GetProcessHeap, GetCommandLineA, GetCurrentThreadId, HeapReAlloc, HeapAlloc, GetSystemTimeAsFileTime, HeapFree, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, RtlUnwind, InterlockedCompareExchange, GetVersionExA, GetThreadLocale, GetLocaleInfoA, GetACP, InterlockedExchange
> USER32.dll: GetWindowModuleFileNameW, SetWindowsHookExW, PostMessageW, CallNextHookEx, LockSetForegroundWindow, UnregisterClassA, SetWindowTextW, EnumChildWindows, FindWindowExW, SendMessageW, UpdateWindow, IsCharAlphaNumericW, IsCharAlphaW, MsgWaitForMultipleObjects, PeekMessageW, TranslateMessage, DispatchMessageW, wsprintfW, SetWindowPos
> ADVAPI32.dll: RegEnumValueW, RegFlushKey, RegNotifyChangeKeyValue, RegCreateKeyExW, RegQueryValueExW, RegDeleteValueW, RegOpenKeyExW, RegSetValueExW, RegCloseKey
> SHELL32.dll: SHGetFolderPathW, -, SHCreateDirectoryExW
> ole32.dll: CoMarshalInterThreadInterfaceInStream, CoInitializeEx, CoTaskMemFree, CoUninitialize, CoCreateInstance, OleRun, StringFromCLSID, CoCreateGuid, CoGetInterfaceAndReleaseStream
> OLEAUT32.-gt; SHLWAPI.dll: StrStrIW, UrlUnescapeW, UrlEscapeW, StrStrIA, PathFileExistsW, StrRStrIW, StrCmpNW

( 7 exports )
DllCanUnloadNow, DllGetClassObject, DllUnregisterServer, e, i, l, r



Report •

#11
January 16, 2009 at 12:56:54
GooredFix v1.83 by jpshortstuff
Log created at 15:56 on 16/01/2009 running Option #1 (ALEX)
Firefox version 3.0.5 (en-US)

=====Suspect Goored Entries=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{89FF6B53-A802-4B9D-A9E7-AE6DDCD01AD6}"="C:\Documents and Settings\ALEX\Local Settings\Application Data\{89FF6B53-A802-4B9D-A9E7-AE6DDCD01AD6}"

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{89FF6B53-A802-4B9D-A9E7-AE6DDCD01AD6}"="C:\Documents and Settings\ALEX\Local Settings\Application Data\{89FF6B53-A802-4B9D-A9E7-AE6DDCD01AD6}"


Report •

#12
January 16, 2009 at 19:41:31
Open Notepad and copy/paste everything between the X's into it and make sure the first word (such as KILLALL, File, Folder, Registry etc.) is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
KILLALL::
File::
c:\windows\efewebewah.dll
c:\windows\afaqikuwafonutul.dll
c:\windows\odexulodipoki.dll

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red symbol on your desktop) if combofix does not auto start click "run".

Please double-click Goored.exe on your Desktop to run it. Select 2. Fix Goored by typing 2 and pressing Enter. Make sure all instances of Firefox are closed at this point. Type y at the prompt and press Enter again. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.


Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Run an online scan with Kaspersky from the following link:
Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
3.Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
4. Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
5. Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
6. Click View scan report at the bottom.
7. Click the Save Report As... button.
8. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
**Note**

To optimize scanning time and produce a more sensible report for review:
Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


Report •

#13
January 18, 2009 at 10:03:25
GooredFix v1.83 by jpshortstuff
Log created at 13:02 on 18/01/2009 running Option #2 (ALEX)
Firefox version 3.0.5 (en-US)

=====Goored Deletions=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{89FF6B53-A802-4B9D-A9E7-AE6DDCD01AD6}"="C:\Documents and Settings\ALEX\Local Settings\Application Data\{89FF6B53-A802-4B9D-A9E7-AE6DDCD01AD6}"
->Backing up value... Done.
->Deleting value... Done.

C:\Documents and Settings\ALEX\Local Settings\Application Data\{89FF6B53-A802-4B9D-A9E7-AE6DDCD01AD6}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"


Report •

#14
January 18, 2009 at 14:16:44
----------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, January 18, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, January 18, 2009 16:41:06
Records in database: 1642835
----------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 140070
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 03:37:51


File name / Threat name / Threats count
C:\Documents and Settings\ALEX\Application Data\Sun\Java\Deployment\cache\6.0\49\1b7443f1-28aa4f80 Infected: Trojan-Downloader.Java.OpenConnection.ap 1
C:\WINDOWS\system32\SearchTool\SearchTool.dll Infected: not-a-virus:AdWare.Win32.Beginto.f 1

The selected area was scanned.


Report •

#15
January 18, 2009 at 20:04:36
Go to start> control panel> java> temporary internet file> settings> delete files> ok> ok.

Open Notepad and copy/paste everything between the X's into it and make sure the first word (such as KILLALL, File, Folder, Registry etc.) is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Folder::
C:\WINDOWS\system32\SearchTool

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red symbol on your desktop) if combofix does not auto start click "run".

Your computer appears to be clean other than the above exceptions.


Go to start> run> type in combofix /u (note the space after combofix) then press enter> run. This will uninstall combofix so give the uninstaller a minute to run.

Go to start> control panel> add/remove programs and uninstall these programs:

Hijack This

Malwarebytes

Kaspersky

You should keep AFT Cleaner and run it weekly.


You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster

Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.

How is the computer operating?


Report •

#16
January 19, 2009 at 13:17:55
It's running great! No problems so far.

Thank you so much for spending your time analyzing my computer!


Report •

#17
January 20, 2009 at 15:19:25
Glad we could help.

Report •


Ask Question