Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Win32.FraudLoad.edt, Virtumonde, Win32.FraudLoad, etc...

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Win32.FraudLoad.edt, Virtumonde, Win32.FraudLoad, etc...

Unread postby misterbanksiii » July 20th, 2010, 6:18 am

Description Of Problem(s):

-Misdirected web pages (Firefox 3.6.6)
- Random mouse-clicking sound
-Glitchy, halted using experience
- Unable to install (free) AVG anti-virus
-Installed, but couldn't run Spybot, unless in safe mode
- Spybot could not stop Win32.Fraudload (registry change), Virtumonde.dll (file), or Win32.Fraudload.edt (INI delete) after 3 attempts

HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:53:31 AM, on 7/20/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Apoint\Apoint .exe
C:\Program Files\Common Files\Java\Java Update\jusched .exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [JDK5SWFMZY] C:\WINDOWS\TEMP\Sm2 .exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [JDK5SWFMZY] C:\WINDOWS\TEMP\Sm2 .exe (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{021D7D1F-D391-4033-886C-74AB8F86C2B1}: NameServer = 93.188.163.187,93.188.166.187
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2E4DE2A-EBD1-4771-A669-75F7C0F19952}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.163.187,93.188.166.187
O17 - HKLM\System\CS1\Services\Tcpip\..\{021D7D1F-D391-4033-886C-74AB8F86C2B1}: NameServer = 93.188.163.187,93.188.166.187
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{021D7D1F-D391-4033-886C-74AB8F86C2B1}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.187,93.188.166.187
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 6402 bytes

Uninstall List:


2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.3
ALPS Touch Pad Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Bonjour
Broadcom 440x 10/100 Integrated Controller
Character Builder
C-Major Audio
Conexant D110 MDC V.92 Modem
dBpoweramp [Multi Encoder] Codec
dBpoweramp FLAC Codec
dBpoweramp m4a Codec
dBpoweramp m4a Utilities
dBpoweramp Music Converter
Dell Printer Software Uninstall
ESET Online Scanner v3
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
iTunes
Java(TM) 6 Update 20
MagicDisc 2.7.106
mCore
mDriver
mDrWiFi
mHlpDell
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
mIWA
mLogView
mMHouse
Mozilla Firefox (3.6.6)
Mp3tag v2.43
mPfMgr
mPfWiz
mProSafe
mSCfg
mSSO
MSXML 6.0 Parser
mWlsSafe
mWMI
mZConfig
QuickSet
QuickTime
RegScrubXP 5.1
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Spybot - Search & Destroy
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 1.0.5
WinRAR archiver
misterbanksiii
Active Member
 
Posts: 7
Joined: July 20th, 2010, 6:02 am
Advertisement
Register to Remove

Re: Win32.FraudLoad.edt, Virtumonde, Win32.FraudLoad, etc...

Unread postby Airscape » July 22nd, 2010, 12:44 pm

Hello misterbanksiii... welcome to the forum.
My name is Airscape and I'll be helping you with your malware issues.
The logs can take a while to research. Please be patient with me.

Take note of the following before we begin:
  • Post to this thread only and please stick to it until you are given an All Clean. Absence of symptoms does not mean that your computer is clean.
  • The instructions I give are for This computer only and should not be used on any other pc.
  • Do NOT run any tools/scans unless I instruct you to.
  • Try not to install/uninstall any programs while we work. This will add extra time researching your logs.
  • If you have found assistance elsewhere and no longer require our help, please say so, and this topic will be closed.
  • If you have any problems, please stop and ask before proceeding with any fixes.
  • ALL USERS OF THIS FORUM MUST READ THIS FIRST

Note: As I'm still in training here at MRU everything I post must be checked by a teacher first. So there may be a slight delay in between posts.

If you no longer need help, I would appreciate if you let me know. Thanks.
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: Win32.FraudLoad.edt, Virtumonde, Win32.FraudLoad, etc...

Unread postby misterbanksiii » July 22nd, 2010, 4:59 pm

Airscape, thank you for your attention to my infected laptop. I am most definitely still in need of assistance in removing previously mentioned viri. Patiently awaiting your instructions. -Mister Banks
misterbanksiii
Active Member
 
Posts: 7
Joined: July 20th, 2010, 6:02 am

Re: Win32.FraudLoad.edt, Virtumonde, Win32.FraudLoad, etc...

Unread postby Airscape » July 23rd, 2010, 11:46 am

Hi misterbanksiii,

Please do the following in the order listed, try not to restart the computer untill the end of the instructions.


Download/Run Rkill
Please download Rkill from Here, Here,Here, or Here and save to the desktop.
  • Double click on Rkill to run it.
  • A command window will open then disappear upon completion, this is normal.
  • Please leave Rkill on the Desktop until otherwise advised.
Note: If your security software warns about Rkill, please ignore and allow the download to continue.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

GMER
Please download GMER from here and save it to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Double-click the randomly named.exe file to run it.
  • At the start if given a warning and are asked to fully scan your system, click NO.
  • Remain on the Rootkit tab at the top.
  • Click the Scan button to start the scan. Don't use the computer while the scan is running.
  • When the scan finishes click Save... save it to the desktop as gmer.log
  • Re-connect to the internet then copy/paste the log into your next reply.
Note: If Gmer won't run then on the right leave only the sections and C: boxes checked shown here and run the scan again.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Random's System Information Tool (RSIT)
  • Please download RSIT by random/random from here and save it to your desktop.
  • Double-click on RSIT.exe to run it.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open.
  • Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Note: both logs can be found in the C:\rsit folder if you lose them.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logs/information to post in next reply:
  • GMER log
  • RSIT logs (log.txt and info.txt)
  • How is the pc running?
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: Win32.FraudLoad.edt, Virtumonde, Win32.FraudLoad, etc...

Unread postby misterbanksiii » July 23rd, 2010, 5:55 pm

Airscape - Please see my notes at the bottom of this post.

gmer log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-23 15:38:17
Windows 5.1.2600 Service Pack 3
Running: pjgdclff.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\awlorfob.sys


---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1036] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 007B000A
.text C:\WINDOWS\System32\svchost.exe[1036] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 007C000A
.text C:\WINDOWS\System32\svchost.exe[1036] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 007A000C
.text C:\WINDOWS\System32\svchost.exe[1036] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00F2000A
.text C:\WINDOWS\System32\svchost.exe[1036] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00C2000A
.text C:\WINDOWS\system32\spoolsv.exe[1524] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00EB000A
.text C:\WINDOWS\explorer.exe[3164] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A2000A
.text C:\WINDOWS\explorer.exe[3164] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A8000A
.text C:\WINDOWS\explorer.exe[3164] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A1000C

---- EOF - GMER 1.0.15 ----


RSIT Log:


Logfile of random's system information tool 1.08 (written by random/random)
Run by Administrator at 2010-07-23 15:38:55
Microsoft Windows XP Professional Service Pack 3
System drive C: has 90 GB (59%) free of 153 GB
Total RAM: 2047 MB (78% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\51e89591.job
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At100.job
C:\WINDOWS\tasks\At1000.job
C:\WINDOWS\tasks\At1001.job
C:\WINDOWS\tasks\At1002.job
C:\WINDOWS\tasks\At1003.job
C:\WINDOWS\tasks\At1004.job
C:\WINDOWS\tasks\At1005.job
C:\WINDOWS\tasks\At1006.job
C:\WINDOWS\tasks\At1007.job
C:\WINDOWS\tasks\At1008.job
C:\WINDOWS\tasks\At1009.job
C:\WINDOWS\tasks\At101.job
C:\WINDOWS\tasks\At1010.job
C:\WINDOWS\tasks\At1011.job
C:\WINDOWS\tasks\At1012.job
C:\WINDOWS\tasks\At1013.job
C:\WINDOWS\tasks\At1014.job
C:\WINDOWS\tasks\At1015.job
C:\WINDOWS\tasks\At1016.job
C:\WINDOWS\tasks\At1017.job
C:\WINDOWS\tasks\At1018.job
C:\WINDOWS\tasks\At1019.job
C:\WINDOWS\tasks\At102.job
C:\WINDOWS\tasks\At1020.job
C:\WINDOWS\tasks\At1021.job
C:\WINDOWS\tasks\At1022.job
C:\WINDOWS\tasks\At1023.job
C:\WINDOWS\tasks\At1024.job
C:\WINDOWS\tasks\At1025.job
C:\WINDOWS\tasks\At1026.job
C:\WINDOWS\tasks\At1027.job
C:\WINDOWS\tasks\At1028.job
C:\WINDOWS\tasks\At1029.job
C:\WINDOWS\tasks\At103.job
C:\WINDOWS\tasks\At1030.job
C:\WINDOWS\tasks\At1031.job
C:\WINDOWS\tasks\At1032.job
C:\WINDOWS\tasks\At1033.job
C:\WINDOWS\tasks\At1034.job
C:\WINDOWS\tasks\At1035.job
C:\WINDOWS\tasks\At1036.job
C:\WINDOWS\tasks\At1037.job
C:\WINDOWS\tasks\At1038.job
C:\WINDOWS\tasks\At1039.job
C:\WINDOWS\tasks\At104.job
C:\WINDOWS\tasks\At1040.job
C:\WINDOWS\tasks\At1041.job
C:\WINDOWS\tasks\At1042.job
C:\WINDOWS\tasks\At1043.job
C:\WINDOWS\tasks\At1044.job
C:\WINDOWS\tasks\At1045.job
C:\WINDOWS\tasks\At1046.job
C:\WINDOWS\tasks\At1047.job
C:\WINDOWS\tasks\At1048.job
C:\WINDOWS\tasks\At1049.job
C:\WINDOWS\tasks\At105.job
C:\WINDOWS\tasks\At1050.job
C:\WINDOWS\tasks\At1051.job
C:\WINDOWS\tasks\At1052.job
C:\WINDOWS\tasks\At1053.job
C:\WINDOWS\tasks\At1054.job
C:\WINDOWS\tasks\At1055.job
C:\WINDOWS\tasks\At1056.job
C:\WINDOWS\tasks\At1057.job
C:\WINDOWS\tasks\At1058.job
C:\WINDOWS\tasks\At1059.job
C:\WINDOWS\tasks\At106.job
C:\WINDOWS\tasks\At1060.job
C:\WINDOWS\tasks\At1061.job
C:\WINDOWS\tasks\At1062.job
C:\WINDOWS\tasks\At1063.job
C:\WINDOWS\tasks\At1064.job
C:\WINDOWS\tasks\At1065.job
C:\WINDOWS\tasks\At1066.job
C:\WINDOWS\tasks\At1067.job
C:\WINDOWS\tasks\At1068.job
C:\WINDOWS\tasks\At1069.job
C:\WINDOWS\tasks\At107.job
C:\WINDOWS\tasks\At1070.job
C:\WINDOWS\tasks\At1071.job
C:\WINDOWS\tasks\At1072.job
C:\WINDOWS\tasks\At1073.job
C:\WINDOWS\tasks\At1074.job
C:\WINDOWS\tasks\At1075.job
C:\WINDOWS\tasks\At1076.job
C:\WINDOWS\tasks\At1077.job
C:\WINDOWS\tasks\At1078.job
C:\WINDOWS\tasks\At1079.job
C:\WINDOWS\tasks\At108.job
C:\WINDOWS\tasks\At1080.job
C:\WINDOWS\tasks\At1081.job
C:\WINDOWS\tasks\At1082.job
C:\WINDOWS\tasks\At1083.job
C:\WINDOWS\tasks\At1084.job
C:\WINDOWS\tasks\At1085.job
C:\WINDOWS\tasks\At1086.job
C:\WINDOWS\tasks\At1087.job
C:\WINDOWS\tasks\At1088.job
C:\WINDOWS\tasks\At1089.job
C:\WINDOWS\tasks\At109.job
C:\WINDOWS\tasks\At1090.job
C:\WINDOWS\tasks\At1091.job
C:\WINDOWS\tasks\At1092.job
C:\WINDOWS\tasks\At1093.job
C:\WINDOWS\tasks\At1094.job
C:\WINDOWS\tasks\At1095.job
C:\WINDOWS\tasks\At1096.job
C:\WINDOWS\tasks\At1097.job
C:\WINDOWS\tasks\At1098.job
C:\WINDOWS\tasks\At1099.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At110.job
C:\WINDOWS\tasks\At1100.job
C:\WINDOWS\tasks\At1101.job
C:\WINDOWS\tasks\At1102.job
C:\WINDOWS\tasks\At1103.job
C:\WINDOWS\tasks\At1104.job
C:\WINDOWS\tasks\At1105.job
C:\WINDOWS\tasks\At1106.job
C:\WINDOWS\tasks\At1107.job
C:\WINDOWS\tasks\At1108.job
C:\WINDOWS\tasks\At1109.job
C:\WINDOWS\tasks\At111.job
C:\WINDOWS\tasks\At1110.job
C:\WINDOWS\tasks\At1111.job
C:\WINDOWS\tasks\At1112.job
C:\WINDOWS\tasks\At1113.job
C:\WINDOWS\tasks\At1114.job
C:\WINDOWS\tasks\At1115.job
C:\WINDOWS\tasks\At1116.job
C:\WINDOWS\tasks\At1117.job
C:\WINDOWS\tasks\At1118.job
C:\WINDOWS\tasks\At1119.job
C:\WINDOWS\tasks\At112.job
C:\WINDOWS\tasks\At1120.job
C:\WINDOWS\tasks\At1121.job
C:\WINDOWS\tasks\At1122.job
C:\WINDOWS\tasks\At1123.job
C:\WINDOWS\tasks\At1124.job
C:\WINDOWS\tasks\At1125.job
C:\WINDOWS\tasks\At1126.job
C:\WINDOWS\tasks\At1127.job
C:\WINDOWS\tasks\At1128.job
C:\WINDOWS\tasks\At1129.job
C:\WINDOWS\tasks\At113.job
C:\WINDOWS\tasks\At1130.job
C:\WINDOWS\tasks\At1131.job
C:\WINDOWS\tasks\At1132.job
C:\WINDOWS\tasks\At1133.job
C:\WINDOWS\tasks\At1134.job
C:\WINDOWS\tasks\At1135.job
C:\WINDOWS\tasks\At1136.job
C:\WINDOWS\tasks\At1137.job
C:\WINDOWS\tasks\At1138.job
C:\WINDOWS\tasks\At1139.job
C:\WINDOWS\tasks\At114.job
C:\WINDOWS\tasks\At1140.job
C:\WINDOWS\tasks\At1141.job
C:\WINDOWS\tasks\At1142.job
C:\WINDOWS\tasks\At1143.job
C:\WINDOWS\tasks\At1144.job
C:\WINDOWS\tasks\At1145.job
C:\WINDOWS\tasks\At1146.job
C:\WINDOWS\tasks\At1147.job
C:\WINDOWS\tasks\At1148.job
C:\WINDOWS\tasks\At1149.job
C:\WINDOWS\tasks\At115.job
C:\WINDOWS\tasks\At1150.job
C:\WINDOWS\tasks\At1151.job
C:\WINDOWS\tasks\At1152.job
C:\WINDOWS\tasks\At1153.job
C:\WINDOWS\tasks\At1154.job
C:\WINDOWS\tasks\At1155.job
C:\WINDOWS\tasks\At1156.job
C:\WINDOWS\tasks\At1157.job
C:\WINDOWS\tasks\At1158.job
C:\WINDOWS\tasks\At1159.job
C:\WINDOWS\tasks\At116.job
C:\WINDOWS\tasks\At1160.job
C:\WINDOWS\tasks\At1161.job
C:\WINDOWS\tasks\At1162.job
C:\WINDOWS\tasks\At1163.job
C:\WINDOWS\tasks\At1164.job
C:\WINDOWS\tasks\At1165.job
C:\WINDOWS\tasks\At1166.job
C:\WINDOWS\tasks\At1167.job
C:\WINDOWS\tasks\At1168.job
C:\WINDOWS\tasks\At1169.job
C:\WINDOWS\tasks\At117.job
C:\WINDOWS\tasks\At1170.job
C:\WINDOWS\tasks\At1171.job
C:\WINDOWS\tasks\At1172.job
C:\WINDOWS\tasks\At1173.job
C:\WINDOWS\tasks\At1174.job
C:\WINDOWS\tasks\At1175.job
C:\WINDOWS\tasks\At1176.job
C:\WINDOWS\tasks\At1177.job
C:\WINDOWS\tasks\At1178.job
C:\WINDOWS\tasks\At1179.job
C:\WINDOWS\tasks\At118.job
C:\WINDOWS\tasks\At1180.job
C:\WINDOWS\tasks\At1181.job
C:\WINDOWS\tasks\At1182.job
C:\WINDOWS\tasks\At1183.job
C:\WINDOWS\tasks\At1184.job
C:\WINDOWS\tasks\At1185.job
C:\WINDOWS\tasks\At1186.job
C:\WINDOWS\tasks\At1187.job
C:\WINDOWS\tasks\At1188.job
C:\WINDOWS\tasks\At1189.job
C:\WINDOWS\tasks\At119.job
C:\WINDOWS\tasks\At1190.job
C:\WINDOWS\tasks\At1191.job
C:\WINDOWS\tasks\At1192.job
C:\WINDOWS\tasks\At1193.job
C:\WINDOWS\tasks\At1194.job
C:\WINDOWS\tasks\At1195.job
C:\WINDOWS\tasks\At1196.job
C:\WINDOWS\tasks\At1197.job
C:\WINDOWS\tasks\At1198.job
C:\WINDOWS\tasks\At1199.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At120.job
C:\WINDOWS\tasks\At1200.job
C:\WINDOWS\tasks\At1201.job
C:\WINDOWS\tasks\At121.job
C:\WINDOWS\tasks\At122.job
C:\WINDOWS\tasks\At123.job
C:\WINDOWS\tasks\At124.job
C:\WINDOWS\tasks\At125.job
C:\WINDOWS\tasks\At126.job
C:\WINDOWS\tasks\At127.job
C:\WINDOWS\tasks\At128.job
C:\WINDOWS\tasks\At129.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At130.job
C:\WINDOWS\tasks\At131.job
C:\WINDOWS\tasks\At132.job
C:\WINDOWS\tasks\At133.job
C:\WINDOWS\tasks\At134.job
C:\WINDOWS\tasks\At135.job
C:\WINDOWS\tasks\At136.job
C:\WINDOWS\tasks\At137.job
C:\WINDOWS\tasks\At138.job
C:\WINDOWS\tasks\At139.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At140.job
C:\WINDOWS\tasks\At141.job
C:\WINDOWS\tasks\At142.job
C:\WINDOWS\tasks\At143.job
C:\WINDOWS\tasks\At144.job
C:\WINDOWS\tasks\At145.job
C:\WINDOWS\tasks\At146.job
C:\WINDOWS\tasks\At147.job
C:\WINDOWS\tasks\At148.job
C:\WINDOWS\tasks\At149.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At150.job
C:\WINDOWS\tasks\At151.job
C:\WINDOWS\tasks\At152.job
C:\WINDOWS\tasks\At153.job
C:\WINDOWS\tasks\At154.job
C:\WINDOWS\tasks\At155.job
C:\WINDOWS\tasks\At156.job
C:\WINDOWS\tasks\At157.job
C:\WINDOWS\tasks\At158.job
C:\WINDOWS\tasks\At159.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At160.job
C:\WINDOWS\tasks\At161.job
C:\WINDOWS\tasks\At162.job
C:\WINDOWS\tasks\At163.job
C:\WINDOWS\tasks\At164.job
C:\WINDOWS\tasks\At165.job
C:\WINDOWS\tasks\At166.job
C:\WINDOWS\tasks\At167.job
C:\WINDOWS\tasks\At168.job
C:\WINDOWS\tasks\At169.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At170.job
C:\WINDOWS\tasks\At171.job
C:\WINDOWS\tasks\At172.job
C:\WINDOWS\tasks\At173.job
C:\WINDOWS\tasks\At174.job
C:\WINDOWS\tasks\At175.job
C:\WINDOWS\tasks\At176.job
C:\WINDOWS\tasks\At177.job
C:\WINDOWS\tasks\At178.job
C:\WINDOWS\tasks\At179.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At180.job
C:\WINDOWS\tasks\At181.job
C:\WINDOWS\tasks\At182.job
C:\WINDOWS\tasks\At183.job
C:\WINDOWS\tasks\At184.job
C:\WINDOWS\tasks\At185.job
C:\WINDOWS\tasks\At186.job
C:\WINDOWS\tasks\At187.job
C:\WINDOWS\tasks\At188.job
C:\WINDOWS\tasks\At189.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At190.job
C:\WINDOWS\tasks\At191.job
C:\WINDOWS\tasks\At192.job
C:\WINDOWS\tasks\At193.job
C:\WINDOWS\tasks\At194.job
C:\WINDOWS\tasks\At195.job
C:\WINDOWS\tasks\At196.job
C:\WINDOWS\tasks\At197.job
C:\WINDOWS\tasks\At198.job
C:\WINDOWS\tasks\At199.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At200.job
C:\WINDOWS\tasks\At201.job
C:\WINDOWS\tasks\At202.job
C:\WINDOWS\tasks\At203.job
C:\WINDOWS\tasks\At204.job
C:\WINDOWS\tasks\At205.job
C:\WINDOWS\tasks\At206.job
C:\WINDOWS\tasks\At207.job
C:\WINDOWS\tasks\At208.job
C:\WINDOWS\tasks\At209.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At210.job
C:\WINDOWS\tasks\At211.job
C:\WINDOWS\tasks\At212.job
C:\WINDOWS\tasks\At213.job
C:\WINDOWS\tasks\At214.job
C:\WINDOWS\tasks\At215.job
C:\WINDOWS\tasks\At216.job
C:\WINDOWS\tasks\At217.job
C:\WINDOWS\tasks\At218.job
C:\WINDOWS\tasks\At219.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At220.job
C:\WINDOWS\tasks\At221.job
C:\WINDOWS\tasks\At222.job
C:\WINDOWS\tasks\At223.job
C:\WINDOWS\tasks\At224.job
C:\WINDOWS\tasks\At225.job
C:\WINDOWS\tasks\At226.job
C:\WINDOWS\tasks\At227.job
C:\WINDOWS\tasks\At228.job
C:\WINDOWS\tasks\At229.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At230.job
C:\WINDOWS\tasks\At231.job
C:\WINDOWS\tasks\At232.job
C:\WINDOWS\tasks\At233.job
C:\WINDOWS\tasks\At234.job
C:\WINDOWS\tasks\At235.job
C:\WINDOWS\tasks\At236.job
C:\WINDOWS\tasks\At237.job
C:\WINDOWS\tasks\At238.job
C:\WINDOWS\tasks\At239.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At240.job
C:\WINDOWS\tasks\At241.job
C:\WINDOWS\tasks\At242.job
C:\WINDOWS\tasks\At243.job
C:\WINDOWS\tasks\At244.job
C:\WINDOWS\tasks\At245.job
C:\WINDOWS\tasks\At246.job
C:\WINDOWS\tasks\At247.job
C:\WINDOWS\tasks\At248.job
C:\WINDOWS\tasks\At249.job
C:\WINDOWS\tasks\At25.job
C:\WINDOWS\tasks\At250.job
C:\WINDOWS\tasks\At251.job
C:\WINDOWS\tasks\At252.job
C:\WINDOWS\tasks\At253.job
C:\WINDOWS\tasks\At254.job
C:\WINDOWS\tasks\At255.job
C:\WINDOWS\tasks\At256.job
C:\WINDOWS\tasks\At257.job
C:\WINDOWS\tasks\At258.job
C:\WINDOWS\tasks\At259.job
C:\WINDOWS\tasks\At26.job
C:\WINDOWS\tasks\At260.job
C:\WINDOWS\tasks\At261.job
C:\WINDOWS\tasks\At262.job
C:\WINDOWS\tasks\At263.job
C:\WINDOWS\tasks\At264.job
C:\WINDOWS\tasks\At265.job
C:\WINDOWS\tasks\At266.job
C:\WINDOWS\tasks\At267.job
C:\WINDOWS\tasks\At268.job
C:\WINDOWS\tasks\At269.job
C:\WINDOWS\tasks\At27.job
C:\WINDOWS\tasks\At270.job
C:\WINDOWS\tasks\At271.job
C:\WINDOWS\tasks\At272.job
C:\WINDOWS\tasks\At273.job
C:\WINDOWS\tasks\At274.job
C:\WINDOWS\tasks\At275.job
C:\WINDOWS\tasks\At276.job
C:\WINDOWS\tasks\At277.job
C:\WINDOWS\tasks\At278.job
C:\WINDOWS\tasks\At279.job
C:\WINDOWS\tasks\At28.job
C:\WINDOWS\tasks\At280.job
C:\WINDOWS\tasks\At281.job
C:\WINDOWS\tasks\At282.job
C:\WINDOWS\tasks\At283.job
C:\WINDOWS\tasks\At284.job
C:\WINDOWS\tasks\At285.job
C:\WINDOWS\tasks\At286.job
C:\WINDOWS\tasks\At287.job
C:\WINDOWS\tasks\At288.job
C:\WINDOWS\tasks\At289.job
C:\WINDOWS\tasks\At29.job
C:\WINDOWS\tasks\At290.job
C:\WINDOWS\tasks\At291.job
C:\WINDOWS\tasks\At292.job
C:\WINDOWS\tasks\At293.job
C:\WINDOWS\tasks\At294.job
C:\WINDOWS\tasks\At295.job
C:\WINDOWS\tasks\At296.job
C:\WINDOWS\tasks\At297.job
C:\WINDOWS\tasks\At298.job
C:\WINDOWS\tasks\At299.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At30.job
C:\WINDOWS\tasks\At300.job
C:\WINDOWS\tasks\At301.job
C:\WINDOWS\tasks\At302.job
C:\WINDOWS\tasks\At303.job
C:\WINDOWS\tasks\At304.job
C:\WINDOWS\tasks\At305.job
C:\WINDOWS\tasks\At306.job
C:\WINDOWS\tasks\At307.job
C:\WINDOWS\tasks\At308.job
C:\WINDOWS\tasks\At309.job
C:\WINDOWS\tasks\At31.job
C:\WINDOWS\tasks\At310.job
C:\WINDOWS\tasks\At311.job
C:\WINDOWS\tasks\At312.job
C:\WINDOWS\tasks\At313.job
C:\WINDOWS\tasks\At314.job
C:\WINDOWS\tasks\At315.job
C:\WINDOWS\tasks\At316.job
C:\WINDOWS\tasks\At317.job
C:\WINDOWS\tasks\At318.job
C:\WINDOWS\tasks\At319.job
C:\WINDOWS\tasks\At32.job
C:\WINDOWS\tasks\At320.job
C:\WINDOWS\tasks\At321.job
C:\WINDOWS\tasks\At322.job
C:\WINDOWS\tasks\At323.job
C:\WINDOWS\tasks\At324.job
C:\WINDOWS\tasks\At325.job
C:\WINDOWS\tasks\At326.job
C:\WINDOWS\tasks\At327.job
C:\WINDOWS\tasks\At328.job
C:\WINDOWS\tasks\At329.job
C:\WINDOWS\tasks\At33.job
C:\WINDOWS\tasks\At330.job
C:\WINDOWS\tasks\At331.job
C:\WINDOWS\tasks\At332.job
C:\WINDOWS\tasks\At333.job
C:\WINDOWS\tasks\At334.job
C:\WINDOWS\tasks\At335.job
C:\WINDOWS\tasks\At336.job
C:\WINDOWS\tasks\At337.job
C:\WINDOWS\tasks\At338.job
C:\WINDOWS\tasks\At339.job
C:\WINDOWS\tasks\At34.job
C:\WINDOWS\tasks\At340.job
C:\WINDOWS\tasks\At341.job
C:\WINDOWS\tasks\At342.job
C:\WINDOWS\tasks\At343.job
C:\WINDOWS\tasks\At344.job
C:\WINDOWS\tasks\At345.job
C:\WINDOWS\tasks\At346.job
C:\WINDOWS\tasks\At347.job
C:\WINDOWS\tasks\At348.job
C:\WINDOWS\tasks\At349.job
C:\WINDOWS\tasks\At35.job
C:\WINDOWS\tasks\At350.job
C:\WINDOWS\tasks\At351.job
C:\WINDOWS\tasks\At352.job
C:\WINDOWS\tasks\At353.job
C:\WINDOWS\tasks\At354.job
C:\WINDOWS\tasks\At355.job
C:\WINDOWS\tasks\At356.job
C:\WINDOWS\tasks\At357.job
C:\WINDOWS\tasks\At358.job
C:\WINDOWS\tasks\At359.job
C:\WINDOWS\tasks\At36.job
C:\WINDOWS\tasks\At360.job
C:\WINDOWS\tasks\At361.job
C:\WINDOWS\tasks\At362.job
C:\WINDOWS\tasks\At363.job
C:\WINDOWS\tasks\At364.job
C:\WINDOWS\tasks\At365.job
C:\WINDOWS\tasks\At366.job
C:\WINDOWS\tasks\At367.job
C:\WINDOWS\tasks\At368.job
C:\WINDOWS\tasks\At369.job
C:\WINDOWS\tasks\At37.job
C:\WINDOWS\tasks\At370.job
C:\WINDOWS\tasks\At371.job
C:\WINDOWS\tasks\At372.job
C:\WINDOWS\tasks\At373.job
C:\WINDOWS\tasks\At374.job
C:\WINDOWS\tasks\At375.job
C:\WINDOWS\tasks\At376.job
C:\WINDOWS\tasks\At377.job
C:\WINDOWS\tasks\At378.job
C:\WINDOWS\tasks\At379.job
C:\WINDOWS\tasks\At38.job
C:\WINDOWS\tasks\At380.job
C:\WINDOWS\tasks\At381.job
C:\WINDOWS\tasks\At382.job
C:\WINDOWS\tasks\At383.job
C:\WINDOWS\tasks\At384.job
C:\WINDOWS\tasks\At385.job
C:\WINDOWS\tasks\At386.job
C:\WINDOWS\tasks\At387.job
C:\WINDOWS\tasks\At388.job
C:\WINDOWS\tasks\At389.job
C:\WINDOWS\tasks\At39.job
C:\WINDOWS\tasks\At390.job
C:\WINDOWS\tasks\At391.job
C:\WINDOWS\tasks\At392.job
C:\WINDOWS\tasks\At393.job
C:\WINDOWS\tasks\At394.job
C:\WINDOWS\tasks\At395.job
C:\WINDOWS\tasks\At396.job
C:\WINDOWS\tasks\At397.job
C:\WINDOWS\tasks\At398.job
C:\WINDOWS\tasks\At399.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At40.job
C:\WINDOWS\tasks\At400.job
C:\WINDOWS\tasks\At401.job
C:\WINDOWS\tasks\At402.job
C:\WINDOWS\tasks\At403.job
C:\WINDOWS\tasks\At404.job
C:\WINDOWS\tasks\At405.job
C:\WINDOWS\tasks\At406.job
C:\WINDOWS\tasks\At407.job
C:\WINDOWS\tasks\At408.job
C:\WINDOWS\tasks\At409.job
C:\WINDOWS\tasks\At41.job
C:\WINDOWS\tasks\At410.job
C:\WINDOWS\tasks\At411.job
C:\WINDOWS\tasks\At412.job
C:\WINDOWS\tasks\At413.job
C:\WINDOWS\tasks\At414.job
C:\WINDOWS\tasks\At415.job
C:\WINDOWS\tasks\At416.job
C:\WINDOWS\tasks\At417.job
C:\WINDOWS\tasks\At418.job
C:\WINDOWS\tasks\At419.job
C:\WINDOWS\tasks\At42.job
C:\WINDOWS\tasks\At420.job
C:\WINDOWS\tasks\At421.job
C:\WINDOWS\tasks\At422.job
C:\WINDOWS\tasks\At423.job
C:\WINDOWS\tasks\At424.job
C:\WINDOWS\tasks\At425.job
C:\WINDOWS\tasks\At426.job
C:\WINDOWS\tasks\At427.job
C:\WINDOWS\tasks\At428.job
C:\WINDOWS\tasks\At429.job
C:\WINDOWS\tasks\At43.job
C:\WINDOWS\tasks\At430.job
C:\WINDOWS\tasks\At431.job
C:\WINDOWS\tasks\At432.job
C:\WINDOWS\tasks\At433.job
C:\WINDOWS\tasks\At434.job
C:\WINDOWS\tasks\At435.job
C:\WINDOWS\tasks\At436.job
C:\WINDOWS\tasks\At437.job
C:\WINDOWS\tasks\At438.job
C:\WINDOWS\tasks\At439.job
C:\WINDOWS\tasks\At44.job
C:\WINDOWS\tasks\At440.job
C:\WINDOWS\tasks\At441.job
C:\WINDOWS\tasks\At442.job
C:\WINDOWS\tasks\At443.job
C:\WINDOWS\tasks\At444.job
C:\WINDOWS\tasks\At445.job
C:\WINDOWS\tasks\At446.job
C:\WINDOWS\tasks\At447.job
C:\WINDOWS\tasks\At448.job
C:\WINDOWS\tasks\At449.job
C:\WINDOWS\tasks\At45.job
C:\WINDOWS\tasks\At450.job
C:\WINDOWS\tasks\At451.job
C:\WINDOWS\tasks\At452.job
C:\WINDOWS\tasks\At453.job
C:\WINDOWS\tasks\At454.job
C:\WINDOWS\tasks\At455.job
C:\WINDOWS\tasks\At456.job
C:\WINDOWS\tasks\At457.job
C:\WINDOWS\tasks\At458.job
C:\WINDOWS\tasks\At459.job
C:\WINDOWS\tasks\At46.job
C:\WINDOWS\tasks\At460.job
C:\WINDOWS\tasks\At461.job
C:\WINDOWS\tasks\At462.job
C:\WINDOWS\tasks\At463.job
C:\WINDOWS\tasks\At464.job
C:\WINDOWS\tasks\At465.job
C:\WINDOWS\tasks\At466.job
C:\WINDOWS\tasks\At467.job
C:\WINDOWS\tasks\At468.job
C:\WINDOWS\tasks\At469.job
C:\WINDOWS\tasks\At47.job
C:\WINDOWS\tasks\At470.job
C:\WINDOWS\tasks\At471.job
C:\WINDOWS\tasks\At472.job
C:\WINDOWS\tasks\At473.job
C:\WINDOWS\tasks\At474.job
C:\WINDOWS\tasks\At475.job
C:\WINDOWS\tasks\At476.job
C:\WINDOWS\tasks\At477.job
C:\WINDOWS\tasks\At478.job
C:\WINDOWS\tasks\At479.job
C:\WINDOWS\tasks\At48.job
C:\WINDOWS\tasks\At480.job
C:\WINDOWS\tasks\At481.job
C:\WINDOWS\tasks\At482.job
C:\WINDOWS\tasks\At483.job
C:\WINDOWS\tasks\At484.job
C:\WINDOWS\tasks\At485.job
C:\WINDOWS\tasks\At486.job
C:\WINDOWS\tasks\At487.job
C:\WINDOWS\tasks\At488.job
C:\WINDOWS\tasks\At489.job
C:\WINDOWS\tasks\At49.job
C:\WINDOWS\tasks\At490.job
C:\WINDOWS\tasks\At491.job
C:\WINDOWS\tasks\At492.job
C:\WINDOWS\tasks\At493.job
C:\WINDOWS\tasks\At494.job
C:\WINDOWS\tasks\At495.job
C:\WINDOWS\tasks\At496.job
C:\WINDOWS\tasks\At497.job
C:\WINDOWS\tasks\At498.job
C:\WINDOWS\tasks\At499.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At50.job
C:\WINDOWS\tasks\At500.job
C:\WINDOWS\tasks\At501.job
C:\WINDOWS\tasks\At502.job
C:\WINDOWS\tasks\At503.job
C:\WINDOWS\tasks\At504.job
C:\WINDOWS\tasks\At505.job
C:\WINDOWS\tasks\At506.job
C:\WINDOWS\tasks\At507.job
C:\WINDOWS\tasks\At508.job
C:\WINDOWS\tasks\At509.job
C:\WINDOWS\tasks\At51.job
C:\WINDOWS\tasks\At510.job
C:\WINDOWS\tasks\At511.job
C:\WINDOWS\tasks\At512.job
C:\WINDOWS\tasks\At513.job
C:\WINDOWS\tasks\At514.job
C:\WINDOWS\tasks\At515.job
C:\WINDOWS\tasks\At516.job
C:\WINDOWS\tasks\At517.job
C:\WINDOWS\tasks\At518.job
C:\WINDOWS\tasks\At519.job
C:\WINDOWS\tasks\At52.job
C:\WINDOWS\tasks\At520.job
C:\WINDOWS\tasks\At521.job
C:\WINDOWS\tasks\At522.job
C:\WINDOWS\tasks\At523.job
C:\WINDOWS\tasks\At524.job
C:\WINDOWS\tasks\At525.job
C:\WINDOWS\tasks\At526.job
C:\WINDOWS\tasks\At527.job
C:\WINDOWS\tasks\At528.job
C:\WINDOWS\tasks\At529.job
C:\WINDOWS\tasks\At53.job
C:\WINDOWS\tasks\At530.job
C:\WINDOWS\tasks\At531.job
C:\WINDOWS\tasks\At532.job
C:\WINDOWS\tasks\At533.job
C:\WINDOWS\tasks\At534.job
C:\WINDOWS\tasks\At535.job
C:\WINDOWS\tasks\At536.job
C:\WINDOWS\tasks\At537.job
C:\WINDOWS\tasks\At538.job
C:\WINDOWS\tasks\At539.job
C:\WINDOWS\tasks\At54.job
C:\WINDOWS\tasks\At540.job
C:\WINDOWS\tasks\At541.job
C:\WINDOWS\tasks\At542.job
C:\WINDOWS\tasks\At543.job
C:\WINDOWS\tasks\At544.job
C:\WINDOWS\tasks\At545.job
C:\WINDOWS\tasks\At546.job
C:\WINDOWS\tasks\At547.job
C:\WINDOWS\tasks\At548.job
C:\WINDOWS\tasks\At549.job
C:\WINDOWS\tasks\At55.job
C:\WINDOWS\tasks\At550.job
C:\WINDOWS\tasks\At551.job
C:\WINDOWS\tasks\At552.job
C:\WINDOWS\tasks\At553.job
C:\WINDOWS\tasks\At554.job
C:\WINDOWS\tasks\At555.job
C:\WINDOWS\tasks\At556.job
C:\WINDOWS\tasks\At557.job
C:\WINDOWS\tasks\At558.job
C:\WINDOWS\tasks\At559.job
C:\WINDOWS\tasks\At56.job
C:\WINDOWS\tasks\At560.job
C:\WINDOWS\tasks\At561.job
C:\WINDOWS\tasks\At562.job
C:\WINDOWS\tasks\At563.job
C:\WINDOWS\tasks\At564.job
C:\WINDOWS\tasks\At565.job
C:\WINDOWS\tasks\At566.job
C:\WINDOWS\tasks\At567.job
C:\WINDOWS\tasks\At568.job
C:\WINDOWS\tasks\At569.job
C:\WINDOWS\tasks\At57.job
C:\WINDOWS\tasks\At570.job
C:\WINDOWS\tasks\At571.job
C:\WINDOWS\tasks\At572.job
C:\WINDOWS\tasks\At573.job
C:\WINDOWS\tasks\At574.job
C:\WINDOWS\tasks\At575.job
C:\WINDOWS\tasks\At576.job
C:\WINDOWS\tasks\At577.job
C:\WINDOWS\tasks\At578.job
C:\WINDOWS\tasks\At579.job
C:\WINDOWS\tasks\At58.job
C:\WINDOWS\tasks\At580.job
C:\WINDOWS\tasks\At581.job
C:\WINDOWS\tasks\At582.job
C:\WINDOWS\tasks\At583.job
C:\WINDOWS\tasks\At584.job
C:\WINDOWS\tasks\At585.job
C:\WINDOWS\tasks\At586.job
C:\WINDOWS\tasks\At587.job
C:\WINDOWS\tasks\At588.job
C:\WINDOWS\tasks\At589.job
C:\WINDOWS\tasks\At59.job
C:\WINDOWS\tasks\At590.job
C:\WINDOWS\tasks\At591.job
C:\WINDOWS\tasks\At592.job
C:\WINDOWS\tasks\At593.job
C:\WINDOWS\tasks\At594.job
C:\WINDOWS\tasks\At595.job
C:\WINDOWS\tasks\At596.job
C:\WINDOWS\tasks\At597.job
C:\WINDOWS\tasks\At598.job
C:\WINDOWS\tasks\At599.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At60.job
C:\WINDOWS\tasks\At600.job
C:\WINDOWS\tasks\At601.job
C:\WINDOWS\tasks\At602.job
C:\WINDOWS\tasks\At603.job
C:\WINDOWS\tasks\At604.job
C:\WINDOWS\tasks\At605.job
C:\WINDOWS\tasks\At606.job
C:\WINDOWS\tasks\At607.job
C:\WINDOWS\tasks\At608.job
C:\WINDOWS\tasks\At609.job
C:\WINDOWS\tasks\At61.job
C:\WINDOWS\tasks\At610.job
C:\WINDOWS\tasks\At611.job
C:\WINDOWS\tasks\At612.job
C:\WINDOWS\tasks\At613.job
C:\WINDOWS\tasks\At614.job
C:\WINDOWS\tasks\At615.job
C:\WINDOWS\tasks\At616.job
C:\WINDOWS\tasks\At617.job
C:\WINDOWS\tasks\At618.job
C:\WINDOWS\tasks\At619.job
C:\WINDOWS\tasks\At62.job
C:\WINDOWS\tasks\At620.job
C:\WINDOWS\tasks\At621.job
C:\WINDOWS\tasks\At622.job
C:\WINDOWS\tasks\At623.job
C:\WINDOWS\tasks\At624.job
C:\WINDOWS\tasks\At625.job
C:\WINDOWS\tasks\At626.job
C:\WINDOWS\tasks\At627.job
C:\WINDOWS\tasks\At628.job
C:\WINDOWS\tasks\At629.job
C:\WINDOWS\tasks\At63.job
C:\WINDOWS\tasks\At630.job
C:\WINDOWS\tasks\At631.job
C:\WINDOWS\tasks\At632.job
C:\WINDOWS\tasks\At633.job
C:\WINDOWS\tasks\At634.job
C:\WINDOWS\tasks\At635.job
C:\WINDOWS\tasks\At636.job
C:\WINDOWS\tasks\At637.job
C:\WINDOWS\tasks\At638.job
C:\WINDOWS\tasks\At639.job
C:\WINDOWS\tasks\At64.job
C:\WINDOWS\tasks\At640.job
C:\WINDOWS\tasks\At641.job
C:\WINDOWS\tasks\At642.job
C:\WINDOWS\tasks\At643.job
C:\WINDOWS\tasks\At644.job
C:\WINDOWS\tasks\At645.job
C:\WINDOWS\tasks\At646.job
C:\WINDOWS\tasks\At647.job
C:\WINDOWS\tasks\At648.job
C:\WINDOWS\tasks\At649.job
C:\WINDOWS\tasks\At65.job
C:\WINDOWS\tasks\At650.job
C:\WINDOWS\tasks\At651.job
C:\WINDOWS\tasks\At652.job
C:\WINDOWS\tasks\At653.job
C:\WINDOWS\tasks\At654.job
C:\WINDOWS\tasks\At655.job
C:\WINDOWS\tasks\At656.job
C:\WINDOWS\tasks\At657.job
C:\WINDOWS\tasks\At658.job
C:\WINDOWS\tasks\At659.job
C:\WINDOWS\tasks\At66.job
C:\WINDOWS\tasks\At660.job
C:\WINDOWS\tasks\At661.job
C:\WINDOWS\tasks\At662.job
C:\WINDOWS\tasks\At663.job
C:\WINDOWS\tasks\At664.job
C:\WINDOWS\tasks\At665.job
C:\WINDOWS\tasks\At666.job
C:\WINDOWS\tasks\At667.job
C:\WINDOWS\tasks\At668.job
C:\WINDOWS\tasks\At669.job
C:\WINDOWS\tasks\At67.job
C:\WINDOWS\tasks\At670.job
C:\WINDOWS\tasks\At671.job
C:\WINDOWS\tasks\At672.job
C:\WINDOWS\tasks\At673.job
C:\WINDOWS\tasks\At674.job
C:\WINDOWS\tasks\At675.job
C:\WINDOWS\tasks\At676.job
C:\WINDOWS\tasks\At677.job
C:\WINDOWS\tasks\At678.job
C:\WINDOWS\tasks\At679.job
C:\WINDOWS\tasks\At68.job
C:\WINDOWS\tasks\At680.job
C:\WINDOWS\tasks\At681.job
C:\WINDOWS\tasks\At682.job
C:\WINDOWS\tasks\At683.job
C:\WINDOWS\tasks\At684.job
C:\WINDOWS\tasks\At685.job
C:\WINDOWS\tasks\At686.job
C:\WINDOWS\tasks\At687.job
C:\WINDOWS\tasks\At688.job
C:\WINDOWS\tasks\At689.job
C:\WINDOWS\tasks\At69.job
C:\WINDOWS\tasks\At690.job
C:\WINDOWS\tasks\At691.job
C:\WINDOWS\tasks\At692.job
C:\WINDOWS\tasks\At693.job
C:\WINDOWS\tasks\At694.job
C:\WINDOWS\tasks\At695.job
C:\WINDOWS\tasks\At696.job
C:\WINDOWS\tasks\At697.job
C:\WINDOWS\tasks\At698.job
C:\WINDOWS\tasks\At699.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At70.job
C:\WINDOWS\tasks\At700.job
C:\WINDOWS\tasks\At701.job
C:\WINDOWS\tasks\At702.job
C:\WINDOWS\tasks\At703.job
C:\WINDOWS\tasks\At704.job
C:\WINDOWS\tasks\At705.job
C:\WINDOWS\tasks\At706.job
C:\WINDOWS\tasks\At707.job
C:\WINDOWS\tasks\At708.job
C:\WINDOWS\tasks\At709.job
C:\WINDOWS\tasks\At71.job
C:\WINDOWS\tasks\At710.job
C:\WINDOWS\tasks\At711.job
C:\WINDOWS\tasks\At712.job
C:\WINDOWS\tasks\At713.job
C:\WINDOWS\tasks\At714.job
C:\WINDOWS\tasks\At715.job
C:\WINDOWS\tasks\At716.job
C:\WINDOWS\tasks\At717.job
C:\WINDOWS\tasks\At718.job
C:\WINDOWS\tasks\At719.job
C:\WINDOWS\tasks\At72.job
C:\WINDOWS\tasks\At720.job
C:\WINDOWS\tasks\At721.job
C:\WINDOWS\tasks\At722.job
C:\WINDOWS\tasks\At723.job
C:\WINDOWS\tasks\At724.job
C:\WINDOWS\tasks\At725.job
C:\WINDOWS\tasks\At726.job
C:\WINDOWS\tasks\At727.job
C:\WINDOWS\tasks\At728.job
C:\WINDOWS\tasks\At729.job
C:\WINDOWS\tasks\At73.job
C:\WINDOWS\tasks\At730.job
C:\WINDOWS\tasks\At731.job
C:\WINDOWS\tasks\At732.job
C:\WINDOWS\tasks\At733.job
C:\WINDOWS\tasks\At734.job
C:\WINDOWS\tasks\At735.job
C:\WINDOWS\tasks\At736.job
C:\WINDOWS\tasks\At737.job
C:\WINDOWS\tasks\At738.job
C:\WINDOWS\tasks\At739.job
C:\WINDOWS\tasks\At74.job
C:\WINDOWS\tasks\At740.job
C:\WINDOWS\tasks\At741.job
C:\WINDOWS\tasks\At742.job
C:\WINDOWS\tasks\At743.job
C:\WINDOWS\tasks\At744.job
C:\WINDOWS\tasks\At745.job
C:\WINDOWS\tasks\At746.job
C:\WINDOWS\tasks\At747.job
C:\WINDOWS\tasks\At748.job
C:\WINDOWS\tasks\At749.job
C:\WINDOWS\tasks\At75.job
C:\WINDOWS\tasks\At750.job
C:\WINDOWS\tasks\At751.job
C:\WINDOWS\tasks\At752.job
C:\WINDOWS\tasks\At753.job
C:\WINDOWS\tasks\At754.job
C:\WINDOWS\tasks\At755.job
C:\WINDOWS\tasks\At756.job
C:\WINDOWS\tasks\At757.job
C:\WINDOWS\tasks\At758.job
C:\WINDOWS\tasks\At759.job
C:\WINDOWS\tasks\At76.job
C:\WINDOWS\tasks\At760.job
C:\WINDOWS\tasks\At761.job
C:\WINDOWS\tasks\At762.job
C:\WINDOWS\tasks\At763.job
C:\WINDOWS\tasks\At764.job
C:\WINDOWS\tasks\At765.job
C:\WINDOWS\tasks\At766.job
C:\WINDOWS\tasks\At767.job
C:\WINDOWS\tasks\At768.job
C:\WINDOWS\tasks\At769.job
C:\WINDOWS\tasks\At77.job
C:\WINDOWS\tasks\At770.job
C:\WINDOWS\tasks\At771.job
C:\WINDOWS\tasks\At772.job
C:\WINDOWS\tasks\At773.job
C:\WINDOWS\tasks\At774.job
C:\WINDOWS\tasks\At775.job
C:\WINDOWS\tasks\At776.job
C:\WINDOWS\tasks\At777.job
C:\WINDOWS\tasks\At778.job
C:\WINDOWS\tasks\At779.job
C:\WINDOWS\tasks\At78.job
C:\WINDOWS\tasks\At780.job
C:\WINDOWS\tasks\At781.job
C:\WINDOWS\tasks\At782.job
C:\WINDOWS\tasks\At783.job
C:\WINDOWS\tasks\At784.job
C:\WINDOWS\tasks\At785.job
C:\WINDOWS\tasks\At786.job
C:\WINDOWS\tasks\At787.job
C:\WINDOWS\tasks\At788.job
C:\WINDOWS\tasks\At789.job
C:\WINDOWS\tasks\At79.job
C:\WINDOWS\tasks\At790.job
C:\WINDOWS\tasks\At791.job
C:\WINDOWS\tasks\At792.job
C:\WINDOWS\tasks\At793.job
C:\WINDOWS\tasks\At794.job
C:\WINDOWS\tasks\At795.job
C:\WINDOWS\tasks\At796.job
C:\WINDOWS\tasks\At797.job
C:\WINDOWS\tasks\At798.job
C:\WINDOWS\tasks\At799.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At80.job
C:\WINDOWS\tasks\At800.job
C:\WINDOWS\tasks\At801.job
C:\WINDOWS\tasks\At802.job
C:\WINDOWS\tasks\At803.job
C:\WINDOWS\tasks\At804.job
C:\WINDOWS\tasks\At805.job
C:\WINDOWS\tasks\At806.job
C:\WINDOWS\tasks\At807.job
C:\WINDOWS\tasks\At808.job
C:\WINDOWS\tasks\At809.job
C:\WINDOWS\tasks\At81.job
C:\WINDOWS\tasks\At810.job
C:\WINDOWS\tasks\At811.job
C:\WINDOWS\tasks\At812.job
C:\WINDOWS\tasks\At813.job
C:\WINDOWS\tasks\At814.job
C:\WINDOWS\tasks\At815.job
C:\WINDOWS\tasks\At816.job
C:\WINDOWS\tasks\At817.job
C:\WINDOWS\tasks\At818.job
C:\WINDOWS\tasks\At819.job
C:\WINDOWS\tasks\At82.job
C:\WINDOWS\tasks\At820.job
C:\WINDOWS\tasks\At821.job
C:\WINDOWS\tasks\At822.job
C:\WINDOWS\tasks\At823.job
C:\WINDOWS\tasks\At824.job
C:\WINDOWS\tasks\At825.job
C:\WINDOWS\tasks\At826.job
C:\WINDOWS\tasks\At827.job
C:\WINDOWS\tasks\At828.job
C:\WINDOWS\tasks\At829.job
C:\WINDOWS\tasks\At83.job
C:\WINDOWS\tasks\At830.job
C:\WINDOWS\tasks\At831.job
C:\WINDOWS\tasks\At832.job
C:\WINDOWS\tasks\At833.job
C:\WINDOWS\tasks\At834.job
C:\WINDOWS\tasks\At835.job
C:\WINDOWS\tasks\At836.job
C:\WINDOWS\tasks\At837.job
C:\WINDOWS\tasks\At838.job
C:\WINDOWS\tasks\At839.job
C:\WINDOWS\tasks\At84.job
C:\WINDOWS\tasks\At840.job
C:\WINDOWS\tasks\At841.job
C:\WINDOWS\tasks\At842.job
C:\WINDOWS\tasks\At843.job
C:\WINDOWS\tasks\At844.job
C:\WINDOWS\tasks\At845.job
C:\WINDOWS\tasks\At846.job
C:\WINDOWS\tasks\At847.job
C:\WINDOWS\tasks\At848.job
C:\WINDOWS\tasks\At849.job
C:\WINDOWS\tasks\At85.job
C:\WINDOWS\tasks\At850.job
C:\WINDOWS\tasks\At851.job
C:\WINDOWS\tasks\At852.job
C:\WINDOWS\tasks\At853.job
C:\WINDOWS\tasks\At854.job
C:\WINDOWS\tasks\At855.job
C:\WINDOWS\tasks\At856.job
C:\WINDOWS\tasks\At857.job
C:\WINDOWS\tasks\At858.job
C:\WINDOWS\tasks\At859.job
C:\WINDOWS\tasks\At86.job
C:\WINDOWS\tasks\At860.job
C:\WINDOWS\tasks\At861.job
C:\WINDOWS\tasks\At862.job
C:\WINDOWS\tasks\At863.job
C:\WINDOWS\tasks\At864.job
C:\WINDOWS\tasks\At865.job
C:\WINDOWS\tasks\At866.job
C:\WINDOWS\tasks\At867.job
C:\WINDOWS\tasks\At868.job
C:\WINDOWS\tasks\At869.job
C:\WINDOWS\tasks\At87.job
C:\WINDOWS\tasks\At870.job
C:\WINDOWS\tasks\At871.job
C:\WINDOWS\tasks\At872.job
C:\WINDOWS\tasks\At873.job
C:\WINDOWS\tasks\At874.job
C:\WINDOWS\tasks\At875.job
C:\WINDOWS\tasks\At876.job
C:\WINDOWS\tasks\At877.job
C:\WINDOWS\tasks\At878.job
C:\WINDOWS\tasks\At879.job
C:\WINDOWS\tasks\At88.job
C:\WINDOWS\tasks\At880.job
C:\WINDOWS\tasks\At881.job
C:\WINDOWS\tasks\At882.job
C:\WINDOWS\tasks\At883.job
C:\WINDOWS\tasks\At884.job
C:\WINDOWS\tasks\At885.job
C:\WINDOWS\tasks\At886.job
C:\WINDOWS\tasks\At887.job
C:\WINDOWS\tasks\At888.job
C:\WINDOWS\tasks\At889.job
C:\WINDOWS\tasks\At89.job
C:\WINDOWS\tasks\At890.job
C:\WINDOWS\tasks\At891.job
C:\WINDOWS\tasks\At892.job
C:\WINDOWS\tasks\At893.job
C:\WINDOWS\tasks\At894.job
C:\WINDOWS\tasks\At895.job
C:\WINDOWS\tasks\At896.job
C:\WINDOWS\tasks\At897.job
C:\WINDOWS\tasks\At898.job
C:\WINDOWS\tasks\At899.job
C:\WINDOWS\tasks\At9.job
C:\WINDOWS\tasks\At90.job
C:\WINDOWS\tasks\At900.job
C:\WINDOWS\tasks\At901.job
C:\WINDOWS\tasks\At902.job
C:\WINDOWS\tasks\At903.job
C:\WINDOWS\tasks\At904.job
C:\WINDOWS\tasks\At905.job
C:\WINDOWS\tasks\At906.job
C:\WINDOWS\tasks\At907.job
C:\WINDOWS\tasks\At908.job
C:\WINDOWS\tasks\At909.job
C:\WINDOWS\tasks\At91.job
C:\WINDOWS\tasks\At910.job
C:\WINDOWS\tasks\At911.job
C:\WINDOWS\tasks\At912.job
C:\WINDOWS\tasks\At913.job
C:\WINDOWS\tasks\At914.job
C:\WINDOWS\tasks\At915.job
C:\WINDOWS\tasks\At916.job
C:\WINDOWS\tasks\At917.job
C:\WINDOWS\tasks\At918.job
C:\WINDOWS\tasks\At919.job
C:\WINDOWS\tasks\At92.job
C:\WINDOWS\tasks\At920.job
C:\WINDOWS\tasks\At921.job
C:\WINDOWS\tasks\At922.job
C:\WINDOWS\tasks\At923.job
C:\WINDOWS\tasks\At924.job
C:\WINDOWS\tasks\At925.job
C:\WINDOWS\tasks\At926.job
C:\WINDOWS\tasks\At927.job
C:\WINDOWS\tasks\At928.job
C:\WINDOWS\tasks\At929.job
C:\WINDOWS\tasks\At93.job
C:\WINDOWS\tasks\At930.job
C:\WINDOWS\tasks\At931.job
C:\WINDOWS\tasks\At932.job
C:\WINDOWS\tasks\At933.job
C:\WINDOWS\tasks\At934.job
C:\WINDOWS\tasks\At935.job
C:\WINDOWS\tasks\At936.job
C:\WINDOWS\tasks\At937.job
C:\WINDOWS\tasks\At938.job
C:\WINDOWS\tasks\At939.job
C:\WINDOWS\tasks\At94.job
C:\WINDOWS\tasks\At940.job
C:\WINDOWS\tasks\At941.job
C:\WINDOWS\tasks\At942.job
C:\WINDOWS\tasks\At943.job
C:\WINDOWS\tasks\At944.job
C:\WINDOWS\tasks\At945.job
C:\WINDOWS\tasks\At946.job
C:\WINDOWS\tasks\At947.job
C:\WINDOWS\tasks\At948.job
C:\WINDOWS\tasks\At949.job
C:\WINDOWS\tasks\At95.job
C:\WINDOWS\tasks\At950.job
C:\WINDOWS\tasks\At951.job
C:\WINDOWS\tasks\At952.job
C:\WINDOWS\tasks\At953.job
C:\WINDOWS\tasks\At954.job
C:\WINDOWS\tasks\At955.job
C:\WINDOWS\tasks\At956.job
C:\WINDOWS\tasks\At957.job
C:\WINDOWS\tasks\At958.job
C:\WINDOWS\tasks\At959.job
C:\WINDOWS\tasks\At96.job
C:\WINDOWS\tasks\At960.job
C:\WINDOWS\tasks\At961.job
C:\WINDOWS\tasks\At962.job
C:\WINDOWS\tasks\At963.job
C:\WINDOWS\tasks\At964.job
C:\WINDOWS\tasks\At965.job
C:\WINDOWS\tasks\At966.job
C:\WINDOWS\tasks\At967.job
C:\WINDOWS\tasks\At968.job
C:\WINDOWS\tasks\At969.job
C:\WINDOWS\tasks\At97.job
C:\WINDOWS\tasks\At970.job
C:\WINDOWS\tasks\At971.job
C:\WINDOWS\tasks\At972.job
C:\WINDOWS\tasks\At973.job
C:\WINDOWS\tasks\At974.job
C:\WINDOWS\tasks\At975.job
C:\WINDOWS\tasks\At976.job
C:\WINDOWS\tasks\At977.job
C:\WINDOWS\tasks\At978.job
C:\WINDOWS\tasks\At979.job
C:\WINDOWS\tasks\At98.job
C:\WINDOWS\tasks\At980.job
C:\WINDOWS\tasks\At981.job
C:\WINDOWS\tasks\At982.job
C:\WINDOWS\tasks\At983.job
C:\WINDOWS\tasks\At984.job
C:\WINDOWS\tasks\At985.job
C:\WINDOWS\tasks\At986.job
C:\WINDOWS\tasks\At987.job
C:\WINDOWS\tasks\At988.job
C:\WINDOWS\tasks\At989.job
C:\WINDOWS\tasks\At99.job
C:\WINDOWS\tasks\At990.job
C:\WINDOWS\tasks\At991.job
C:\WINDOWS\tasks\At992.job
C:\WINDOWS\tasks\At993.job
C:\WINDOWS\tasks\At994.job
C:\WINDOWS\tasks\At995.job
C:\WINDOWS\tasks\At996.job
C:\WINDOWS\tasks\At997.job
C:\WINDOWS\tasks\At998.job
C:\WINDOWS\tasks\At999.job
C:\WINDOWS\tasks\EWFNVHKQG.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-27 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-27 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-07-17 36868]
"QuickTime Task"=C:\Program Files\QuickTime\qttask .exe [2010-03-17 421888]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2010-07-17 36868]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-07-17 36868]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-07-17 36868]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2010-07-19 36872]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-04 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\ClamWin\bin\ClamWin.exe"="C:\Program Files\ClamWin\bin\ClamWin.exe:*:Enabled:Virus Scanner"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Disabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Disabled:Microsoft Office OneNote"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-07-23 15:38:55 ----D---- C:\rsit
2010-07-23 15:16:11 ----A---- C:\WINDOWS\fonts\2EJRGyl.com
2010-07-23 14:05:50 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2010-07-23 14:02:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-07-23 14:00:53 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-07-23 13:16:11 ----A---- C:\WINDOWS\system32\2EJRGyl.com
2010-07-20 04:26:25 ----D---- C:\Program Files\RegScrubXP
2010-07-20 04:19:09 ----D---- C:\Program Files\Trend Micro
2010-07-20 03:17:35 ----D---- C:\VundoFix Backups
2010-07-20 01:59:55 ----A---- C:\WINDOWS\wininit.ini
2010-07-20 00:50:18 ----SHD---- C:\WINDOWS\CSC
2010-07-20 00:26:36 ----A---- C:\WINDOWS\ntbtlog.txt
2010-07-20 00:19:44 ----A---- C:\WINDOWS\IE4 Error Log.txt
2010-07-19 23:38:36 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-07-19 23:38:36 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-18 14:46:00 ----D---- C:\Program Files\ESET
2010-07-18 06:02:07 ----A---- C:\WINDOWS\system32\wmpns.dll
2010-07-18 06:01:17 ----A---- C:\Documents and Settings\All Users\Application Data\2EJRGyl.exe
2010-07-17 04:35:49 ----A---- C:\Documents and Settings\All Users\Application Data\W334kc1B.exe
2010-07-17 04:32:28 ----A---- C:\WINDOWS\system32\DdXkot3O.dll
2010-07-16 21:00:20 ----RASH---- C:\WINDOWS\system32\proctexeg.dll
2010-07-16 16:56:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-07-15 18:08:10 ----D---- C:\Program Files\Common Files\Adobe
2010-07-15 18:06:52 ----D---- C:\827fb91b5755f263d4d041
2010-07-08 03:49:20 ----D---- C:\Documents and Settings\Administrator\Application Data\dBpoweramp
2010-07-05 01:50:02 ----D---- C:\Documents and Settings\Administrator\Application Data\AccurateRip
2010-07-05 01:49:58 ----A---- C:\WINDOWS\system32\SpoonUninstall.exe
2010-07-05 01:49:53 ----D---- C:\Program Files\Illustrate
2010-06-29 01:52:59 ----D---- C:\WINDOWS\Sun
2010-06-28 22:22:14 ----A---- C:\Program Files\vlc-1.1.0-win32.exe
2010-06-27 12:13:11 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee

======List of files/folders modified in the last 1 months======

2010-07-23 15:37:16 ----D---- C:\WINDOWS\Prefetch
2010-07-23 15:16:13 ----SD---- C:\WINDOWS\Tasks
2010-07-23 15:16:11 ----RSD---- C:\WINDOWS\Fonts
2010-07-23 15:16:11 ----D---- C:\Program Files\QuickTime
2010-07-23 15:16:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-23 14:58:12 ----D---- C:\WINDOWS\Temp
2010-07-23 14:48:00 ----D---- C:\WINDOWS\system32\drivers
2010-07-23 14:30:52 ----D---- C:\Documents and Settings\Administrator\Application Data\vlc
2010-07-23 14:02:33 ----RD---- C:\Program Files
2010-07-23 13:59:41 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-23 13:16:11 ----D---- C:\WINDOWS\system32
2010-07-20 05:25:27 ----SHD---- C:\System Volume Information
2010-07-20 05:25:27 ----D---- C:\WINDOWS\system32\Restore
2010-07-20 04:23:01 ----D---- C:\Program Files\uTorrent
2010-07-20 04:23:00 ----D---- C:\Documents and Settings\Administrator\Application Data\uTorrent
2010-07-20 04:19:09 ----SHD---- C:\WINDOWS\Installer
2010-07-20 04:19:09 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2010-07-20 04:15:52 ----D---- C:\Program Files\Apoint
2010-07-20 01:59:55 ----D---- C:\WINDOWS
2010-07-20 00:35:57 ----D---- C:\WINDOWS\system32\drivers\etc
2010-07-19 02:48:39 ----D---- C:\Program Files\Messenger
2010-07-18 06:02:09 ----A---- C:\WINDOWS\OEWABLog.txt
2010-07-17 04:30:01 ----D---- C:\Program Files\iTunes
2010-07-17 03:19:53 ----HD---- C:\WINDOWS\inf
2010-07-17 00:16:49 ----D---- C:\WINDOWS\system32\wbem
2010-07-17 00:16:48 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-07-16 16:56:30 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-07-16 16:56:11 ----HD---- C:\WINDOWS\$hf_mig$
2010-07-16 09:20:16 ----D---- C:\Documents and Settings\Administrator\Application Data\dvdcss
2010-07-15 18:09:12 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-07-15 18:08:10 ----D---- C:\Program Files\Common Files
2010-07-15 18:08:10 ----D---- C:\Program Files\Adobe
2010-07-06 12:30:15 ----D---- C:\Program Files\VLC
2010-07-02 14:39:05 ----A---- C:\WINDOWS\system32\MRT.exe
2010-06-29 15:03:33 ----D---- C:\Program Files\Mozilla Firefox

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.6.0.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2010-06-11 21425]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-02-21 12416]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2005-09-28 113847]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-04 1273344]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2004-05-26 44928]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS [2005-05-03 1033728]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2005-05-03 208384]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2009-02-24 116736]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
R3 STAC97;SigmaTel C-Major Audio; C:\WINDOWS\system32\drivers\STAC97.sys [2005-03-10 273168]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-05-03 705408]
S0 cerc6;cerc6; C:\WINDOWS\system32\drivers\cerc6.sys []
S3 awlorfob;awlorfob; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\awlorfob.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\drivers\UIUSys.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2010-04-19 41984]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2007-02-08 2209408]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-04 380928]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-02-21 643072]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2006-06-29 376832]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-02-21 327680]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-02-21 983040]
R2 WLANKEEPER;Intel(R) PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2007-02-21 294912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-06-15 540472]
S2 6to4;Network Security; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


RSIT Info:


info.txt logfile of random's system information tool 1.08 2010-07-23 15:38:56

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
Adobe Reader 9.3.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
ALPS Touch Pad Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
Apple Application Support-->MsiExec.exe /I{B2D328BE-45AD-4D92-96F9-2151490A203E}
Apple Mobile Device Support-->MsiExec.exe /I{85991ED2-010C-4930-96FA-52F43C2CE98A}
Apple Software Update-->MsiExec.exe /I{C41300B9-185D-475E-BFEC-39EF732F19B1}
ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Bonjour-->MsiExec.exe /X{0CB9668D-F979-4F31-B8B8-67FE90F929F8}
Broadcom 440x 10/100 Integrated Controller-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{52504CE6-E909-4113-B232-4AFEC6543A61} /l1033
Character Builder-->MsiExec.exe /I{626C034B-50B8-47BD-AF93-EEFD0FA78FF4}
C-Major Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Conexant D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
dBpoweramp [Multi Encoder] Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp [Multi Encoder] Codec.dat
dBpoweramp FLAC Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
dBpoweramp m4a Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
dBpoweramp m4a Utilities-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp m4a Utilities.dat
dBpoweramp Music Converter-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
Dell Printer Software Uninstall-->C:\Program Files\Dell_HostCD\Install\Uninstall.exe
ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
iTunes-->MsiExec.exe /I{7AB3A249-FB81-416B-917A-A2A10E74C503}
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
MagicDisc 2.7.106-->C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (3.6.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mp3tag v2.43-->C:\Program Files\Mp3tag\Mp3tagUninstall.EXE
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSCfg-->MsiExec.exe /I{829CD169-E692-48E8-9BDE-A3E8D8B65538}
mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 6.0 Parser-->MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
RegScrubXP 5.1-->"C:\Program Files\RegScrubXP\unins000.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981349)-->"C:\WINDOWS\$NtUninstallKB981349$\spuninst\spuninst.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VLC media player 1.0.5-->C:\Program Files\VLC\uninstall.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Hosts File======

127.0.0.1 http://www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 http://www.008k.com
127.0.0.1 008k.com
127.0.0.1 http://www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 http://www.032439.com
127.0.0.1 032439.com

======System event log======

Computer Name: X-013126ED881B4
Event Code: 7001
Message: The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:
A device attached to the system is not functioning.


Record Number: 7
Source Name: Service Control Manager
Time Written: 20100720002808.000000-300
Event Type: error
User:

Computer Name: X-013126ED881B4
Event Code: 7001
Message: The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
A device attached to the system is not functioning.


Record Number: 6
Source Name: Service Control Manager
Time Written: 20100720002808.000000-300
Event Type: error
User:

Computer Name: X-013126ED881B4
Event Code: 7001
Message: The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:
A device attached to the system is not functioning.


Record Number: 5
Source Name: Service Control Manager
Time Written: 20100720002808.000000-300
Event Type: error
User:

Computer Name: X-013126ED881B4
Event Code: 10005
Message: DCOM got error "%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Record Number: 4
Source Name: DCOM
Time Written: 20100720002735.000000-300
Event Type: error
User: X-013126ED881B4\Administrator

Computer Name: X-013126ED881B4
Event Code: 10005
Message: DCOM got error "%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Record Number: 3
Source Name: DCOM
Time Written: 20100720002730.000000-300
Event Type: error
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: X-013126ED881B4
Event Code: 100
Message: Task Scheduling Error: m->NextScheduledEvent 6281

Record Number: 760
Source Name: Bonjour Service
Time Written: 20100716183407.000000-300
Event Type: error
User:

Computer Name: X-013126ED881B4
Event Code: 100
Message: Task Scheduling Error: Continuously busy for more than a second

Record Number: 759
Source Name: Bonjour Service
Time Written: 20100716183407.000000-300
Event Type: error
User:

Computer Name: X-013126ED881B4
Event Code: 100
Message: Task Scheduling Error: m->NextScheduledSPRetry 2078

Record Number: 758
Source Name: Bonjour Service
Time Written: 20100716043845.000000-300
Event Type: error
User:

Computer Name: X-013126ED881B4
Event Code: 100
Message: Task Scheduling Error: m->NextScheduledEvent 2078

Record Number: 757
Source Name: Bonjour Service
Time Written: 20100716043845.000000-300
Event Type: error
User:

Computer Name: X-013126ED881B4
Event Code: 100
Message: Task Scheduling Error: Continuously busy for more than a second

Record Number: 756
Source Name: Bonjour Service
Time Written: 20100716043845.000000-300
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"asl.log"=Destination=file;OnFirstLog=command,environment
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

NOTE: ALL instances of UTorrent were removed within 5 minutes of my initial posting to Malwareremoval.org. LESSON F#@%&ING LEARNED.

Airscape - The PC is running very glitchy. It won't let me go to certain websites (i.e. safer-networking.org), and if I Google anything malware/virus removal related, the links I click on redirect me to fake sites or just plain random ones (myfijihotels.com?). After I ran all the logging programs you told me to, I couldn't actually open the text files to cut and paste into this post, thus having to restart the computer. Spybot.exe won't open unless I'm in safemode, although it will work using the integrated explorer right-click, in which case it will scan specific files. AVG-free wouldn't install in normal mode. Everything is just taking longer to open in general.

Also, I have had no virus/malware/spyware programs installed in almost the past 2 years (I only started trying to install Spybot and AVG once I realized there was a issue); this is the first problem I've encountered. I do have Windows firewall turned on.

Thank you for your time,
Misterbanksiii
misterbanksiii
Active Member
 
Posts: 7
Joined: July 20th, 2010, 6:02 am

Re: Win32.FraudLoad.edt, Virtumonde, Win32.FraudLoad, etc...

Unread postby Airscape » July 24th, 2010, 1:03 pm

Also, I have had no virus/malware/spyware programs installed in almost the past 2 years (I only started trying to install Spybot and AVG once I realized there was a issue); this is the first problem I've encountered. I do have Windows firewall turned on.

Combined with an outdated Internet Explorer and lack of security software in almost 2 years the malware may have done serious damage to the pc from your first comments also. If you have means to reformat and reinstall then I would strongly recommend you do so, this will ensure the pc will be back to a clean working state.

If you want to attempt to clean the pc and see how it goes then that's fine, but bare in mind no guarantees can be made afterwards.
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: Win32.FraudLoad.edt, Virtumonde, Win32.FraudLoad, etc...

Unread postby misterbanksiii » July 24th, 2010, 6:36 pm

Airscape~

Of course, I forgot to mention that the current hard drive installed in the infected laptop is only about 2 months old. Had to install a new one and reinstall Windows when the old one died on me.

So, new hard drive; new Windows XP installation.

Let's go ahead with whatever you have up your sleeve.


-Misterbanksiii
misterbanksiii
Active Member
 
Posts: 7
Joined: July 20th, 2010, 6:02 am

Re: Win32.FraudLoad.edt, Virtumonde, Win32.FraudLoad, etc...

Unread postby Airscape » July 24th, 2010, 8:01 pm

Hi misterbanksiii,

Please Re-Run Rkill as described earlier, it should still be on the desktop.
If any problems during the fix then run Rkill right before without restarting the pc.

Backup the Registry:
  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes System registry and Current user registry are selected.
  • Click on OK
  • Then click on YES to create the folder.

Note: To restore the registry in the event of problems open the backup folder created and click ERDNT.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download/Run OTM
Download OTM by OldTimer from Here and save it to your desktop.
  • Double click on OTM.exe to run it.
  • Copy/Paste the text inside the Code box below into Paste Instructions for Items to be Moved

Code: Select all
:Processes

:Files
C:\WINDOWS\tasks\*.job /s
C:\WINDOWS\fonts\2EJRGyl.com
C:\WINDOWS\system32\2EJRGyl.com
C:\Documents and Settings\All Users\Application Data\2EJRGyl.exe
C:\Documents and Settings\All Users\Application Data\W334kc1B.exe
C:\WINDOWS\system32\DdXkot3O.dll
C:\827fb91b5755f263d4d041
C:\Program Files\uTorrent
C:\Documents and Settings\Administrator\Application Data\uTorrent

:Reg
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\uTorrent\uTorrent.exe"=-

:Commands
[EmptyTemp]
[Start Explorer]
[Reboot]

  • Click on the MoveIt! button
  • When the tool is finished, click on Exit
  • Note: If a file or folder can't be moved immediately, you may be asked to restart your computer. Choose Yes.
  • A log will be produced at C:\_OTM\MovedFiles\date_time.log where date_time are numbers.
  • Please copy/paste the contents of that log into your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here and save it to your desktop.
  • Double click mbam-setup.exe and follow the prompts to install the program.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked and click Remove Selected.
  • When completed, a log will open in Notepad. Please post this log in your next reply.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.

Note: Some infections will prevent MBAM from running. If MBAM won't run, try renaming the file mbam-setup.exe to a random name, then try again.

Please post back with the Malwarebytes log, the OTM log, and a new RSIT log (make sure the pc is connected to the internet while running RSIT)
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: Win32.FraudLoad.edt, Virtumonde, Win32.FraudLoad, etc...

Unread postby misterbanksiii » July 24th, 2010, 10:55 pm

Airscape: See my notes at bottom of post.


MBAM Log:

Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

7/24/2010 9:27:41 PM
mbam-log-2010-07-24 (21-27-41).txt

Scan type: Quick scan
Objects scanned: 117100
Time elapsed: 4 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.163.187,93.188.166.187 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{021d7d1f-d391-4033-886c-74ab8f86c2b1}\NameServer (Trojan.DNSChanger) -> Data: 93.188.163.187,93.188.166.187 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d2e4de2a-ebd1-4771-a669-75f7c0f19952}\NameServer (Trojan.DNSChanger) -> Data: 93.188.163.187,93.188.166.187 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.


OTM Log:

All processes killed
========== PROCESSES ==========
========== FILES ==========
C:\WINDOWS\tasks\51e89591.job moved successfully.
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At100.job moved successfully.
C:\WINDOWS\tasks\At1000.job moved successfully.
C:\WINDOWS\tasks\At1001.job moved successfully.
C:\WINDOWS\tasks\At1002.job moved successfully.
C:\WINDOWS\tasks\At1003.job moved successfully.
C:\WINDOWS\tasks\At1004.job moved successfully.
C:\WINDOWS\tasks\At1005.job moved successfully.
C:\WINDOWS\tasks\At1006.job moved successfully.
C:\WINDOWS\tasks\At1007.job moved successfully.
C:\WINDOWS\tasks\At1008.job moved successfully.
C:\WINDOWS\tasks\At1009.job moved successfully.
C:\WINDOWS\tasks\At101.job moved successfully.
C:\WINDOWS\tasks\At1010.job moved successfully.
C:\WINDOWS\tasks\At1011.job moved successfully.
C:\WINDOWS\tasks\At1012.job moved successfully.
C:\WINDOWS\tasks\At1013.job moved successfully.
C:\WINDOWS\tasks\At1014.job moved successfully.
C:\WINDOWS\tasks\At1015.job moved successfully.
C:\WINDOWS\tasks\At1016.job moved successfully.
C:\WINDOWS\tasks\At1017.job moved successfully.
C:\WINDOWS\tasks\At1018.job moved successfully.
C:\WINDOWS\tasks\At1019.job moved successfully.
C:\WINDOWS\tasks\At102.job moved successfully.
C:\WINDOWS\tasks\At1020.job moved successfully.
C:\WINDOWS\tasks\At1021.job moved successfully.
C:\WINDOWS\tasks\At1022.job moved successfully.
C:\WINDOWS\tasks\At1023.job moved successfully.
C:\WINDOWS\tasks\At1024.job moved successfully.
C:\WINDOWS\tasks\At1025.job moved successfully.
C:\WINDOWS\tasks\At1026.job moved successfully.
C:\WINDOWS\tasks\At1027.job moved successfully.
C:\WINDOWS\tasks\At1028.job moved successfully.
C:\WINDOWS\tasks\At1029.job moved successfully.
C:\WINDOWS\tasks\At103.job moved successfully.
C:\WINDOWS\tasks\At1030.job moved successfully.
C:\WINDOWS\tasks\At1031.job moved successfully.
C:\WINDOWS\tasks\At1032.job moved successfully.
C:\WINDOWS\tasks\At1033.job moved successfully.
C:\WINDOWS\tasks\At1034.job moved successfully.
C:\WINDOWS\tasks\At1035.job moved successfully.
C:\WINDOWS\tasks\At1036.job moved successfully.
C:\WINDOWS\tasks\At1037.job moved successfully.
C:\WINDOWS\tasks\At1038.job moved successfully.
C:\WINDOWS\tasks\At1039.job moved successfully.
C:\WINDOWS\tasks\At104.job moved successfully.
C:\WINDOWS\tasks\At1040.job moved successfully.
C:\WINDOWS\tasks\At1041.job moved successfully.
C:\WINDOWS\tasks\At1042.job moved successfully.
C:\WINDOWS\tasks\At1043.job moved successfully.
C:\WINDOWS\tasks\At1044.job moved successfully.
C:\WINDOWS\tasks\At1045.job moved successfully.
C:\WINDOWS\tasks\At1046.job moved successfully.
C:\WINDOWS\tasks\At1047.job moved successfully.
C:\WINDOWS\tasks\At1048.job moved successfully.
C:\WINDOWS\tasks\At1049.job moved successfully.
C:\WINDOWS\tasks\At105.job moved successfully.
C:\WINDOWS\tasks\At1050.job moved successfully.
C:\WINDOWS\tasks\At1051.job moved successfully.
C:\WINDOWS\tasks\At1052.job moved successfully.
C:\WINDOWS\tasks\At1053.job moved successfully.
C:\WINDOWS\tasks\At1054.job moved successfully.
C:\WINDOWS\tasks\At1055.job moved successfully.
C:\WINDOWS\tasks\At1056.job moved successfully.
C:\WINDOWS\tasks\At1057.job moved successfully.
C:\WINDOWS\tasks\At1058.job moved successfully.
C:\WINDOWS\tasks\At1059.job moved successfully.
C:\WINDOWS\tasks\At106.job moved successfully.
C:\WINDOWS\tasks\At1060.job moved successfully.
C:\WINDOWS\tasks\At1061.job moved successfully.
C:\WINDOWS\tasks\At1062.job moved successfully.
C:\WINDOWS\tasks\At1063.job moved successfully.
C:\WINDOWS\tasks\At1064.job moved successfully.
C:\WINDOWS\tasks\At1065.job moved successfully.
C:\WINDOWS\tasks\At1066.job moved successfully.
C:\WINDOWS\tasks\At1067.job moved successfully.
C:\WINDOWS\tasks\At1068.job moved successfully.
C:\WINDOWS\tasks\At1069.job moved successfully.
C:\WINDOWS\tasks\At107.job moved successfully.
C:\WINDOWS\tasks\At1070.job moved successfully.
C:\WINDOWS\tasks\At1071.job moved successfully.
C:\WINDOWS\tasks\At1072.job moved successfully.
C:\WINDOWS\tasks\At1073.job moved successfully.
C:\WINDOWS\tasks\At1074.job moved successfully.
C:\WINDOWS\tasks\At1075.job moved successfully.
C:\WINDOWS\tasks\At1076.job moved successfully.
C:\WINDOWS\tasks\At1077.job moved successfully.
C:\WINDOWS\tasks\At1078.job moved successfully.
C:\WINDOWS\tasks\At1079.job moved successfully.
C:\WINDOWS\tasks\At108.job moved successfully.
C:\WINDOWS\tasks\At1080.job moved successfully.
C:\WINDOWS\tasks\At1081.job moved successfully.
C:\WINDOWS\tasks\At1082.job moved successfully.
C:\WINDOWS\tasks\At1083.job moved successfully.
C:\WINDOWS\tasks\At1084.job moved successfully.
C:\WINDOWS\tasks\At1085.job moved successfully.
C:\WINDOWS\tasks\At1086.job moved successfully.
C:\WINDOWS\tasks\At1087.job moved successfully.
C:\WINDOWS\tasks\At1088.job moved successfully.
C:\WINDOWS\tasks\At1089.job moved successfully.
C:\WINDOWS\tasks\At109.job moved successfully.
C:\WINDOWS\tasks\At1090.job moved successfully.
C:\WINDOWS\tasks\At1091.job moved successfully.
C:\WINDOWS\tasks\At1092.job moved successfully.
C:\WINDOWS\tasks\At1093.job moved successfully.
C:\WINDOWS\tasks\At1094.job moved successfully.
C:\WINDOWS\tasks\At1095.job moved successfully.
C:\WINDOWS\tasks\At1096.job moved successfully.
C:\WINDOWS\tasks\At1097.job moved successfully.
C:\WINDOWS\tasks\At1098.job moved successfully.
C:\WINDOWS\tasks\At1099.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At110.job moved successfully.
C:\WINDOWS\tasks\At1100.job moved successfully.
C:\WINDOWS\tasks\At1101.job moved successfully.
C:\WINDOWS\tasks\At1102.job moved successfully.
C:\WINDOWS\tasks\At1103.job moved successfully.
C:\WINDOWS\tasks\At1104.job moved successfully.
C:\WINDOWS\tasks\At1105.job moved successfully.
C:\WINDOWS\tasks\At1106.job moved successfully.
C:\WINDOWS\tasks\At1107.job moved successfully.
C:\WINDOWS\tasks\At1108.job moved successfully.
C:\WINDOWS\tasks\At1109.job moved successfully.
C:\WINDOWS\tasks\At111.job moved successfully.
C:\WINDOWS\tasks\At1110.job moved successfully.
C:\WINDOWS\tasks\At1111.job moved successfully.
C:\WINDOWS\tasks\At1112.job moved successfully.
C:\WINDOWS\tasks\At1113.job moved successfully.
C:\WINDOWS\tasks\At1114.job moved successfully.
C:\WINDOWS\tasks\At1115.job moved successfully.
C:\WINDOWS\tasks\At1116.job moved successfully.
C:\WINDOWS\tasks\At1117.job moved successfully.
C:\WINDOWS\tasks\At1118.job moved successfully.
C:\WINDOWS\tasks\At1119.job moved successfully.
C:\WINDOWS\tasks\At112.job moved successfully.
C:\WINDOWS\tasks\At1120.job moved successfully.
C:\WINDOWS\tasks\At1121.job moved successfully.
C:\WINDOWS\tasks\At1122.job moved successfully.
C:\WINDOWS\tasks\At1123.job moved successfully.
C:\WINDOWS\tasks\At1124.job moved successfully.
C:\WINDOWS\tasks\At1125.job moved successfully.
C:\WINDOWS\tasks\At1126.job moved successfully.
C:\WINDOWS\tasks\At1127.job moved successfully.
C:\WINDOWS\tasks\At1128.job moved successfully.
C:\WINDOWS\tasks\At1129.job moved successfully.
C:\WINDOWS\tasks\At113.job moved successfully.
C:\WINDOWS\tasks\At1130.job moved successfully.
C:\WINDOWS\tasks\At1131.job moved successfully.
C:\WINDOWS\tasks\At1132.job moved successfully.
C:\WINDOWS\tasks\At1133.job moved successfully.
C:\WINDOWS\tasks\At1134.job moved successfully.
C:\WINDOWS\tasks\At1135.job moved successfully.
C:\WINDOWS\tasks\At1136.job moved successfully.
C:\WINDOWS\tasks\At1137.job moved successfully.
C:\WINDOWS\tasks\At1138.job moved successfully.
C:\WINDOWS\tasks\At1139.job moved successfully.
C:\WINDOWS\tasks\At114.job moved successfully.
C:\WINDOWS\tasks\At1140.job moved successfully.
C:\WINDOWS\tasks\At1141.job moved successfully.
C:\WINDOWS\tasks\At1142.job moved successfully.
C:\WINDOWS\tasks\At1143.job moved successfully.
C:\WINDOWS\tasks\At1144.job moved successfully.
C:\WINDOWS\tasks\At1145.job moved successfully.
C:\WINDOWS\tasks\At1146.job moved successfully.
C:\WINDOWS\tasks\At1147.job moved successfully.
C:\WINDOWS\tasks\At1148.job moved successfully.
C:\WINDOWS\tasks\At1149.job moved successfully.
C:\WINDOWS\tasks\At115.job moved successfully.
C:\WINDOWS\tasks\At1150.job moved successfully.
C:\WINDOWS\tasks\At1151.job moved successfully.
C:\WINDOWS\tasks\At1152.job moved successfully.
C:\WINDOWS\tasks\At1153.job moved successfully.
C:\WINDOWS\tasks\At1154.job moved successfully.
C:\WINDOWS\tasks\At1155.job moved successfully.
C:\WINDOWS\tasks\At1156.job moved successfully.
C:\WINDOWS\tasks\At1157.job moved successfully.
C:\WINDOWS\tasks\At1158.job moved successfully.
C:\WINDOWS\tasks\At1159.job moved successfully.
C:\WINDOWS\tasks\At116.job moved successfully.
C:\WINDOWS\tasks\At1160.job moved successfully.
C:\WINDOWS\tasks\At1161.job moved successfully.
C:\WINDOWS\tasks\At1162.job moved successfully.
C:\WINDOWS\tasks\At1163.job moved successfully.
C:\WINDOWS\tasks\At1164.job moved successfully.
C:\WINDOWS\tasks\At1165.job moved successfully.
C:\WINDOWS\tasks\At1166.job moved successfully.
C:\WINDOWS\tasks\At1167.job moved successfully.
C:\WINDOWS\tasks\At1168.job moved successfully.
C:\WINDOWS\tasks\At1169.job moved successfully.
C:\WINDOWS\tasks\At117.job moved successfully.
C:\WINDOWS\tasks\At1170.job moved successfully.
C:\WINDOWS\tasks\At1171.job moved successfully.
C:\WINDOWS\tasks\At1172.job moved successfully.
C:\WINDOWS\tasks\At1173.job moved successfully.
C:\WINDOWS\tasks\At1174.job moved successfully.
C:\WINDOWS\tasks\At1175.job moved successfully.
C:\WINDOWS\tasks\At1176.job moved successfully.
C:\WINDOWS\tasks\At1177.job moved successfully.
C:\WINDOWS\tasks\At1178.job moved successfully.
C:\WINDOWS\tasks\At1179.job moved successfully.
C:\WINDOWS\tasks\At118.job moved successfully.
C:\WINDOWS\tasks\At1180.job moved successfully.
C:\WINDOWS\tasks\At1181.job moved successfully.
C:\WINDOWS\tasks\At1182.job moved successfully.
C:\WINDOWS\tasks\At1183.job moved successfully.
C:\WINDOWS\tasks\At1184.job moved successfully.
C:\WINDOWS\tasks\At1185.job moved successfully.
C:\WINDOWS\tasks\At1186.job moved successfully.
C:\WINDOWS\tasks\At1187.job moved successfully.
C:\WINDOWS\tasks\At1188.job moved successfully.
C:\WINDOWS\tasks\At1189.job moved successfully.
C:\WINDOWS\tasks\At119.job moved successfully.
C:\WINDOWS\tasks\At1190.job moved successfully.
C:\WINDOWS\tasks\At1191.job moved successfully.
C:\WINDOWS\tasks\At1192.job moved successfully.
C:\WINDOWS\tasks\At1193.job moved successfully.
C:\WINDOWS\tasks\At1194.job moved successfully.
C:\WINDOWS\tasks\At1195.job moved successfully.
C:\WINDOWS\tasks\At1196.job moved successfully.
C:\WINDOWS\tasks\At1197.job moved successfully.
C:\WINDOWS\tasks\At1198.job moved successfully.
C:\WINDOWS\tasks\At1199.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At120.job moved successfully.
C:\WINDOWS\tasks\At1200.job moved successfully.
C:\WINDOWS\tasks\At1201.job moved successfully.
C:\WINDOWS\tasks\At1202.job moved successfully.
C:\WINDOWS\tasks\At1203.job moved successfully.
C:\WINDOWS\tasks\At1204.job moved successfully.
C:\WINDOWS\tasks\At1205.job moved successfully.
C:\WINDOWS\tasks\At1206.job moved successfully.
C:\WINDOWS\tasks\At1207.job moved successfully.
C:\WINDOWS\tasks\At1208.job moved successfully.
C:\WINDOWS\tasks\At1209.job moved successfully.
C:\WINDOWS\tasks\At121.job moved successfully.
C:\WINDOWS\tasks\At1210.job moved successfully.
C:\WINDOWS\tasks\At1211.job moved successfully.
C:\WINDOWS\tasks\At1212.job moved successfully.
C:\WINDOWS\tasks\At1213.job moved successfully.
C:\WINDOWS\tasks\At1214.job moved successfully.
C:\WINDOWS\tasks\At1215.job moved successfully.
C:\WINDOWS\tasks\At1216.job moved successfully.
C:\WINDOWS\tasks\At1217.job moved successfully.
C:\WINDOWS\tasks\At1218.job moved successfully.
C:\WINDOWS\tasks\At1219.job moved successfully.
C:\WINDOWS\tasks\At122.job moved successfully.
C:\WINDOWS\tasks\At1220.job moved successfully.
C:\WINDOWS\tasks\At1221.job moved successfully.
C:\WINDOWS\tasks\At1222.job moved successfully.
C:\WINDOWS\tasks\At1223.job moved successfully.
C:\WINDOWS\tasks\At1224.job moved successfully.
C:\WINDOWS\tasks\At1225.job moved successfully.
C:\WINDOWS\tasks\At123.job moved successfully.
C:\WINDOWS\tasks\At124.job moved successfully.
C:\WINDOWS\tasks\At125.job moved successfully.
C:\WINDOWS\tasks\At126.job moved successfully.
C:\WINDOWS\tasks\At127.job moved successfully.
C:\WINDOWS\tasks\At128.job moved successfully.
C:\WINDOWS\tasks\At129.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At130.job moved successfully.
C:\WINDOWS\tasks\At131.job moved successfully.
C:\WINDOWS\tasks\At132.job moved successfully.
C:\WINDOWS\tasks\At133.job moved successfully.
C:\WINDOWS\tasks\At134.job moved successfully.
C:\WINDOWS\tasks\At135.job moved successfully.
C:\WINDOWS\tasks\At136.job moved successfully.
C:\WINDOWS\tasks\At137.job moved successfully.
C:\WINDOWS\tasks\At138.job moved successfully.
C:\WINDOWS\tasks\At139.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At140.job moved successfully.
C:\WINDOWS\tasks\At141.job moved successfully.
C:\WINDOWS\tasks\At142.job moved successfully.
C:\WINDOWS\tasks\At143.job moved successfully.
C:\WINDOWS\tasks\At144.job moved successfully.
C:\WINDOWS\tasks\At145.job moved successfully.
C:\WINDOWS\tasks\At146.job moved successfully.
C:\WINDOWS\tasks\At147.job moved successfully.
C:\WINDOWS\tasks\At148.job moved successfully.
C:\WINDOWS\tasks\At149.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At150.job moved successfully.
C:\WINDOWS\tasks\At151.job moved successfully.
C:\WINDOWS\tasks\At152.job moved successfully.
C:\WINDOWS\tasks\At153.job moved successfully.
C:\WINDOWS\tasks\At154.job moved successfully.
C:\WINDOWS\tasks\At155.job moved successfully.
C:\WINDOWS\tasks\At156.job moved successfully.
C:\WINDOWS\tasks\At157.job moved successfully.
C:\WINDOWS\tasks\At158.job moved successfully.
C:\WINDOWS\tasks\At159.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At160.job moved successfully.
C:\WINDOWS\tasks\At161.job moved successfully.
C:\WINDOWS\tasks\At162.job moved successfully.
C:\WINDOWS\tasks\At163.job moved successfully.
C:\WINDOWS\tasks\At164.job moved successfully.
C:\WINDOWS\tasks\At165.job moved successfully.
C:\WINDOWS\tasks\At166.job moved successfully.
C:\WINDOWS\tasks\At167.job moved successfully.
C:\WINDOWS\tasks\At168.job moved successfully.
C:\WINDOWS\tasks\At169.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At170.job moved successfully.
C:\WINDOWS\tasks\At171.job moved successfully.
C:\WINDOWS\tasks\At172.job moved successfully.
C:\WINDOWS\tasks\At173.job moved successfully.
C:\WINDOWS\tasks\At174.job moved successfully.
C:\WINDOWS\tasks\At175.job moved successfully.
C:\WINDOWS\tasks\At176.job moved successfully.
C:\WINDOWS\tasks\At177.job moved successfully.
C:\WINDOWS\tasks\At178.job moved successfully.
C:\WINDOWS\tasks\At179.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At180.job moved successfully.
C:\WINDOWS\tasks\At181.job moved successfully.
C:\WINDOWS\tasks\At182.job moved successfully.
C:\WINDOWS\tasks\At183.job moved successfully.
C:\WINDOWS\tasks\At184.job moved successfully.
C:\WINDOWS\tasks\At185.job moved successfully.
C:\WINDOWS\tasks\At186.job moved successfully.
C:\WINDOWS\tasks\At187.job moved successfully.
C:\WINDOWS\tasks\At188.job moved successfully.
C:\WINDOWS\tasks\At189.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At190.job moved successfully.
C:\WINDOWS\tasks\At191.job moved successfully.
C:\WINDOWS\tasks\At192.job moved successfully.
C:\WINDOWS\tasks\At193.job moved successfully.
C:\WINDOWS\tasks\At194.job moved successfully.
C:\WINDOWS\tasks\At195.job moved successfully.
C:\WINDOWS\tasks\At196.job moved successfully.
C:\WINDOWS\tasks\At197.job moved successfully.
C:\WINDOWS\tasks\At198.job moved successfully.
C:\WINDOWS\tasks\At199.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At200.job moved successfully.
C:\WINDOWS\tasks\At201.job moved successfully.
C:\WINDOWS\tasks\At202.job moved successfully.
C:\WINDOWS\tasks\At203.job moved successfully.
C:\WINDOWS\tasks\At204.job moved successfully.
C:\WINDOWS\tasks\At205.job moved successfully.
C:\WINDOWS\tasks\At206.job moved successfully.
C:\WINDOWS\tasks\At207.job moved successfully.
C:\WINDOWS\tasks\At208.job moved successfully.
C:\WINDOWS\tasks\At209.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At210.job moved successfully.
C:\WINDOWS\tasks\At211.job moved successfully.
C:\WINDOWS\tasks\At212.job moved successfully.
C:\WINDOWS\tasks\At213.job moved successfully.
C:\WINDOWS\tasks\At214.job moved successfully.
C:\WINDOWS\tasks\At215.job moved successfully.
C:\WINDOWS\tasks\At216.job moved successfully.
C:\WINDOWS\tasks\At217.job moved successfully.
C:\WINDOWS\tasks\At218.job moved successfully.
C:\WINDOWS\tasks\At219.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At220.job moved successfully.
C:\WINDOWS\tasks\At221.job moved successfully.
C:\WINDOWS\tasks\At222.job moved successfully.
C:\WINDOWS\tasks\At223.job moved successfully.
C:\WINDOWS\tasks\At224.job moved successfully.
C:\WINDOWS\tasks\At225.job moved successfully.
C:\WINDOWS\tasks\At226.job moved successfully.
C:\WINDOWS\tasks\At227.job moved successfully.
C:\WINDOWS\tasks\At228.job moved successfully.
C:\WINDOWS\tasks\At229.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At230.job moved successfully.
C:\WINDOWS\tasks\At231.job moved successfully.
C:\WINDOWS\tasks\At232.job moved successfully.
C:\WINDOWS\tasks\At233.job moved successfully.
C:\WINDOWS\tasks\At234.job moved successfully.
C:\WINDOWS\tasks\At235.job moved successfully.
C:\WINDOWS\tasks\At236.job moved successfully.
C:\WINDOWS\tasks\At237.job moved successfully.
C:\WINDOWS\tasks\At238.job moved successfully.
C:\WINDOWS\tasks\At239.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At240.job moved successfully.
C:\WINDOWS\tasks\At241.job moved successfully.
C:\WINDOWS\tasks\At242.job moved successfully.
C:\WINDOWS\tasks\At243.job moved successfully.
C:\WINDOWS\tasks\At244.job moved successfully.
C:\WINDOWS\tasks\At245.job moved successfully.
C:\WINDOWS\tasks\At246.job moved successfully.
C:\WINDOWS\tasks\At247.job moved successfully.
C:\WINDOWS\tasks\At248.job moved successfully.
C:\WINDOWS\tasks\At249.job moved successfully.
C:\WINDOWS\tasks\At25.job moved successfully.
C:\WINDOWS\tasks\At250.job moved successfully.
C:\WINDOWS\tasks\At251.job moved successfully.
C:\WINDOWS\tasks\At252.job moved successfully.
C:\WINDOWS\tasks\At253.job moved successfully.
C:\WINDOWS\tasks\At254.job moved successfully.
C:\WINDOWS\tasks\At255.job moved successfully.
C:\WINDOWS\tasks\At256.job moved successfully.
C:\WINDOWS\tasks\At257.job moved successfully.
C:\WINDOWS\tasks\At258.job moved successfully.
C:\WINDOWS\tasks\At259.job moved successfully.
C:\WINDOWS\tasks\At26.job moved successfully.
C:\WINDOWS\tasks\At260.job moved successfully.
C:\WINDOWS\tasks\At261.job moved successfully.
C:\WINDOWS\tasks\At262.job moved successfully.
C:\WINDOWS\tasks\At263.job moved successfully.
C:\WINDOWS\tasks\At264.job moved successfully.
C:\WINDOWS\tasks\At265.job moved successfully.
C:\WINDOWS\tasks\At266.job moved successfully.
C:\WINDOWS\tasks\At267.job moved successfully.
C:\WINDOWS\tasks\At268.job moved successfully.
C:\WINDOWS\tasks\At269.job moved successfully.
C:\WINDOWS\tasks\At27.job moved successfully.
C:\WINDOWS\tasks\At270.job moved successfully.
C:\WINDOWS\tasks\At271.job moved successfully.
C:\WINDOWS\tasks\At272.job moved successfully.
C:\WINDOWS\tasks\At273.job moved successfully.
C:\WINDOWS\tasks\At274.job moved successfully.
C:\WINDOWS\tasks\At275.job moved successfully.
C:\WINDOWS\tasks\At276.job moved successfully.
C:\WINDOWS\tasks\At277.job moved successfully.
C:\WINDOWS\tasks\At278.job moved successfully.
C:\WINDOWS\tasks\At279.job moved successfully.
C:\WINDOWS\tasks\At28.job moved successfully.
C:\WINDOWS\tasks\At280.job moved successfully.
C:\WINDOWS\tasks\At281.job moved successfully.
C:\WINDOWS\tasks\At282.job moved successfully.
C:\WINDOWS\tasks\At283.job moved successfully.
C:\WINDOWS\tasks\At284.job moved successfully.
C:\WINDOWS\tasks\At285.job moved successfully.
C:\WINDOWS\tasks\At286.job moved successfully.
C:\WINDOWS\tasks\At287.job moved successfully.
C:\WINDOWS\tasks\At288.job moved successfully.
C:\WINDOWS\tasks\At289.job moved successfully.
C:\WINDOWS\tasks\At29.job moved successfully.
C:\WINDOWS\tasks\At290.job moved successfully.
C:\WINDOWS\tasks\At291.job moved successfully.
C:\WINDOWS\tasks\At292.job moved successfully.
C:\WINDOWS\tasks\At293.job moved successfully.
C:\WINDOWS\tasks\At294.job moved successfully.
C:\WINDOWS\tasks\At295.job moved successfully.
C:\WINDOWS\tasks\At296.job moved successfully.
C:\WINDOWS\tasks\At297.job moved successfully.
C:\WINDOWS\tasks\At298.job moved successfully.
C:\WINDOWS\tasks\At299.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At30.job moved successfully.
C:\WINDOWS\tasks\At300.job moved successfully.
C:\WINDOWS\tasks\At301.job moved successfully.
C:\WINDOWS\tasks\At302.job moved successfully.
C:\WINDOWS\tasks\At303.job moved successfully.
C:\WINDOWS\tasks\At304.job moved successfully.
C:\WINDOWS\tasks\At305.job moved successfully.
C:\WINDOWS\tasks\At306.job moved successfully.
C:\WINDOWS\tasks\At307.job moved successfully.
C:\WINDOWS\tasks\At308.job moved successfully.
C:\WINDOWS\tasks\At309.job moved successfully.
C:\WINDOWS\tasks\At31.job moved successfully.
C:\WINDOWS\tasks\At310.job moved successfully.
C:\WINDOWS\tasks\At311.job moved successfully.
C:\WINDOWS\tasks\At312.job moved successfully.
C:\WINDOWS\tasks\At313.job moved successfully.
C:\WINDOWS\tasks\At314.job moved successfully.
C:\WINDOWS\tasks\At315.job moved successfully.
C:\WINDOWS\tasks\At316.job moved successfully.
C:\WINDOWS\tasks\At317.job moved successfully.
C:\WINDOWS\tasks\At318.job moved successfully.
C:\WINDOWS\tasks\At319.job moved successfully.
C:\WINDOWS\tasks\At32.job moved successfully.
C:\WINDOWS\tasks\At320.job moved successfully.
C:\WINDOWS\tasks\At321.job moved successfully.
C:\WINDOWS\tasks\At322.job moved successfully.
C:\WINDOWS\tasks\At323.job moved successfully.
C:\WINDOWS\tasks\At324.job moved successfully.
C:\WINDOWS\tasks\At325.job moved successfully.
C:\WINDOWS\tasks\At326.job moved successfully.
C:\WINDOWS\tasks\At327.job moved successfully.
C:\WINDOWS\tasks\At328.job moved successfully.
C:\WINDOWS\tasks\At329.job moved successfully.
C:\WINDOWS\tasks\At33.job moved successfully.
C:\WINDOWS\tasks\At330.job moved successfully.
C:\WINDOWS\tasks\At331.job moved successfully.
C:\WINDOWS\tasks\At332.job moved successfully.
C:\WINDOWS\tasks\At333.job moved successfully.
C:\WINDOWS\tasks\At334.job moved successfully.
C:\WINDOWS\tasks\At335.job moved successfully.
C:\WINDOWS\tasks\At336.job moved successfully.
C:\WINDOWS\tasks\At337.job moved successfully.
C:\WINDOWS\tasks\At338.job moved successfully.
C:\WINDOWS\tasks\At339.job moved successfully.
C:\WINDOWS\tasks\At34.job moved successfully.
C:\WINDOWS\tasks\At340.job moved successfully.
C:\WINDOWS\tasks\At341.job moved successfully.
C:\WINDOWS\tasks\At342.job moved successfully.
C:\WINDOWS\tasks\At343.job moved successfully.
C:\WINDOWS\tasks\At344.job moved successfully.
C:\WINDOWS\tasks\At345.job moved successfully.
C:\WINDOWS\tasks\At346.job moved successfully.
C:\WINDOWS\tasks\At347.job moved successfully.
C:\WINDOWS\tasks\At348.job moved successfully.
C:\WINDOWS\tasks\At349.job moved successfully.
C:\WINDOWS\tasks\At35.job moved successfully.
C:\WINDOWS\tasks\At350.job moved successfully.
C:\WINDOWS\tasks\At351.job moved successfully.
C:\WINDOWS\tasks\At352.job moved successfully.
C:\WINDOWS\tasks\At353.job moved successfully.
C:\WINDOWS\tasks\At354.job moved successfully.
C:\WINDOWS\tasks\At355.job moved successfully.
C:\WINDOWS\tasks\At356.job moved successfully.
C:\WINDOWS\tasks\At357.job moved successfully.
C:\WINDOWS\tasks\At358.job moved successfully.
C:\WINDOWS\tasks\At359.job moved successfully.
C:\WINDOWS\tasks\At36.job moved successfully.
C:\WINDOWS\tasks\At360.job moved successfully.
C:\WINDOWS\tasks\At361.job moved successfully.
C:\WINDOWS\tasks\At362.job moved successfully.
C:\WINDOWS\tasks\At363.job moved successfully.
C:\WINDOWS\tasks\At364.job moved successfully.
C:\WINDOWS\tasks\At365.job moved successfully.
C:\WINDOWS\tasks\At366.job moved successfully.
C:\WINDOWS\tasks\At367.job moved successfully.
C:\WINDOWS\tasks\At368.job moved successfully.
C:\WINDOWS\tasks\At369.job moved successfully.
C:\WINDOWS\tasks\At37.job moved successfully.
C:\WINDOWS\tasks\At370.job moved successfully.
C:\WINDOWS\tasks\At371.job moved successfully.
C:\WINDOWS\tasks\At372.job moved successfully.
C:\WINDOWS\tasks\At373.job moved successfully.
C:\WINDOWS\tasks\At374.job moved successfully.
C:\WINDOWS\tasks\At375.job moved successfully.
C:\WINDOWS\tasks\At376.job moved successfully.
C:\WINDOWS\tasks\At377.job moved successfully.
C:\WINDOWS\tasks\At378.job moved successfully.
C:\WINDOWS\tasks\At379.job moved successfully.
C:\WINDOWS\tasks\At38.job moved successfully.
C:\WINDOWS\tasks\At380.job moved successfully.
C:\WINDOWS\tasks\At381.job moved successfully.
C:\WINDOWS\tasks\At382.job moved successfully.
C:\WINDOWS\tasks\At383.job moved successfully.
C:\WINDOWS\tasks\At384.job moved successfully.
C:\WINDOWS\tasks\At385.job moved successfully.
C:\WINDOWS\tasks\At386.job moved successfully.
C:\WINDOWS\tasks\At387.job moved successfully.
C:\WINDOWS\tasks\At388.job moved successfully.
C:\WINDOWS\tasks\At389.job moved successfully.
C:\WINDOWS\tasks\At39.job moved successfully.
C:\WINDOWS\tasks\At390.job moved successfully.
C:\WINDOWS\tasks\At391.job moved successfully.
C:\WINDOWS\tasks\At392.job moved successfully.
C:\WINDOWS\tasks\At393.job moved successfully.
C:\WINDOWS\tasks\At394.job moved successfully.
C:\WINDOWS\tasks\At395.job moved successfully.
C:\WINDOWS\tasks\At396.job moved successfully.
C:\WINDOWS\tasks\At397.job moved successfully.
C:\WINDOWS\tasks\At398.job moved successfully.
C:\WINDOWS\tasks\At399.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At40.job moved successfully.
C:\WINDOWS\tasks\At400.job moved successfully.
C:\WINDOWS\tasks\At401.job moved successfully.
C:\WINDOWS\tasks\At402.job moved successfully.
C:\WINDOWS\tasks\At403.job moved successfully.
C:\WINDOWS\tasks\At404.job moved successfully.
C:\WINDOWS\tasks\At405.job moved successfully.
C:\WINDOWS\tasks\At406.job moved successfully.
C:\WINDOWS\tasks\At407.job moved successfully.
C:\WINDOWS\tasks\At408.job moved successfully.
C:\WINDOWS\tasks\At409.job moved successfully.
C:\WINDOWS\tasks\At41.job moved successfully.
C:\WINDOWS\tasks\At410.job moved successfully.
C:\WINDOWS\tasks\At411.job moved successfully.
C:\WINDOWS\tasks\At412.job moved successfully.
C:\WINDOWS\tasks\At413.job moved successfully.
C:\WINDOWS\tasks\At414.job moved successfully.
C:\WINDOWS\tasks\At415.job moved successfully.
C:\WINDOWS\tasks\At416.job moved successfully.
C:\WINDOWS\tasks\At417.job moved successfully.
C:\WINDOWS\tasks\At418.job moved successfully.
C:\WINDOWS\tasks\At419.job moved successfully.
C:\WINDOWS\tasks\At42.job moved successfully.
C:\WINDOWS\tasks\At420.job moved successfully.
C:\WINDOWS\tasks\At421.job moved successfully.
C:\WINDOWS\tasks\At422.job moved successfully.
C:\WINDOWS\tasks\At423.job moved successfully.
C:\WINDOWS\tasks\At424.job moved successfully.
C:\WINDOWS\tasks\At425.job moved successfully.
C:\WINDOWS\tasks\At426.job moved successfully.
C:\WINDOWS\tasks\At427.job moved successfully.
C:\WINDOWS\tasks\At428.job moved successfully.
C:\WINDOWS\tasks\At429.job moved successfully.
C:\WINDOWS\tasks\At43.job moved successfully.
C:\WINDOWS\tasks\At430.job moved successfully.
C:\WINDOWS\tasks\At431.job moved successfully.
C:\WINDOWS\tasks\At432.job moved successfully.
C:\WINDOWS\tasks\At433.job moved successfully.
C:\WINDOWS\tasks\At434.job moved successfully.
C:\WINDOWS\tasks\At435.job moved successfully.
C:\WINDOWS\tasks\At436.job moved successfully.
C:\WINDOWS\tasks\At437.job moved successfully.
C:\WINDOWS\tasks\At438.job moved successfully.
C:\WINDOWS\tasks\At439.job moved successfully.
C:\WINDOWS\tasks\At44.job moved successfully.
C:\WINDOWS\tasks\At440.job moved successfully.
C:\WINDOWS\tasks\At441.job moved successfully.
C:\WINDOWS\tasks\At442.job moved successfully.
C:\WINDOWS\tasks\At443.job moved successfully.
C:\WINDOWS\tasks\At444.job moved successfully.
C:\WINDOWS\tasks\At445.job moved successfully.
C:\WINDOWS\tasks\At446.job moved successfully.
C:\WINDOWS\tasks\At447.job moved successfully.
C:\WINDOWS\tasks\At448.job moved successfully.
C:\WINDOWS\tasks\At449.job moved successfully.
C:\WINDOWS\tasks\At45.job moved successfully.
C:\WINDOWS\tasks\At450.job moved successfully.
C:\WINDOWS\tasks\At451.job moved successfully.
C:\WINDOWS\tasks\At452.job moved successfully.
C:\WINDOWS\tasks\At453.job moved successfully.
C:\WINDOWS\tasks\At454.job moved successfully.
C:\WINDOWS\tasks\At455.job moved successfully.
C:\WINDOWS\tasks\At456.job moved successfully.
C:\WINDOWS\tasks\At457.job moved successfully.
C:\WINDOWS\tasks\At458.job moved successfully.
C:\WINDOWS\tasks\At459.job moved successfully.
C:\WINDOWS\tasks\At46.job moved successfully.
C:\WINDOWS\tasks\At460.job moved successfully.
C:\WINDOWS\tasks\At461.job moved successfully.
C:\WINDOWS\tasks\At462.job moved successfully.
C:\WINDOWS\tasks\At463.job moved successfully.
C:\WINDOWS\tasks\At464.job moved successfully.
C:\WINDOWS\tasks\At465.job moved successfully.
C:\WINDOWS\tasks\At466.job moved successfully.
C:\WINDOWS\tasks\At467.job moved successfully.
C:\WINDOWS\tasks\At468.job moved successfully.
C:\WINDOWS\tasks\At469.job moved successfully.
C:\WINDOWS\tasks\At47.job moved successfully.
C:\WINDOWS\tasks\At470.job moved successfully.
C:\WINDOWS\tasks\At471.job moved successfully.
C:\WINDOWS\tasks\At472.job moved successfully.
C:\WINDOWS\tasks\At473.job moved successfully.
C:\WINDOWS\tasks\At474.job moved successfully.
C:\WINDOWS\tasks\At475.job moved successfully.
C:\WINDOWS\tasks\At476.job moved successfully.
C:\WINDOWS\tasks\At477.job moved successfully.
C:\WINDOWS\tasks\At478.job moved successfully.
C:\WINDOWS\tasks\At479.job moved successfully.
C:\WINDOWS\tasks\At48.job moved successfully.
C:\WINDOWS\tasks\At480.job moved successfully.
C:\WINDOWS\tasks\At481.job moved successfully.
C:\WINDOWS\tasks\At482.job moved successfully.
C:\WINDOWS\tasks\At483.job moved successfully.
C:\WINDOWS\tasks\At484.job moved successfully.
C:\WINDOWS\tasks\At485.job moved successfully.
C:\WINDOWS\tasks\At486.job moved successfully.
C:\WINDOWS\tasks\At487.job moved successfully.
C:\WINDOWS\tasks\At488.job moved successfully.
C:\WINDOWS\tasks\At489.job moved successfully.
C:\WINDOWS\tasks\At49.job moved successfully.
C:\WINDOWS\tasks\At490.job moved successfully.
C:\WINDOWS\tasks\At491.job moved successfully.
C:\WINDOWS\tasks\At492.job moved successfully.
C:\WINDOWS\tasks\At493.job moved successfully.
C:\WINDOWS\tasks\At494.job moved successfully.
C:\WINDOWS\tasks\At495.job moved successfully.
C:\WINDOWS\tasks\At496.job moved successfully.
C:\WINDOWS\tasks\At497.job moved successfully.
C:\WINDOWS\tasks\At498.job moved successfully.
C:\WINDOWS\tasks\At499.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At50.job moved successfully.
C:\WINDOWS\tasks\At500.job moved successfully.
C:\WINDOWS\tasks\At501.job moved successfully.
C:\WINDOWS\tasks\At502.job moved successfully.
C:\WINDOWS\tasks\At503.job moved successfully.
C:\WINDOWS\tasks\At504.job moved successfully.
C:\WINDOWS\tasks\At505.job moved successfully.
C:\WINDOWS\tasks\At506.job moved successfully.
C:\WINDOWS\tasks\At507.job moved successfully.
C:\WINDOWS\tasks\At508.job moved successfully.
C:\WINDOWS\tasks\At509.job moved successfully.
C:\WINDOWS\tasks\At51.job moved successfully.
C:\WINDOWS\tasks\At510.job moved successfully.
C:\WINDOWS\tasks\At511.job moved successfully.
C:\WINDOWS\tasks\At512.job moved successfully.
C:\WINDOWS\tasks\At513.job moved successfully.
C:\WINDOWS\tasks\At514.job moved successfully.
C:\WINDOWS\tasks\At515.job moved successfully.
C:\WINDOWS\tasks\At516.job moved successfully.
C:\WINDOWS\tasks\At517.job moved successfully.
C:\WINDOWS\tasks\At518.job moved successfully.
C:\WINDOWS\tasks\At519.job moved successfully.
C:\WINDOWS\tasks\At52.job moved successfully.
C:\WINDOWS\tasks\At520.job moved successfully.
C:\WINDOWS\tasks\At521.job moved successfully.
C:\WINDOWS\tasks\At522.job moved successfully.
C:\WINDOWS\tasks\At523.job moved successfully.
C:\WINDOWS\tasks\At524.job moved successfully.
C:\WINDOWS\tasks\At525.job moved successfully.
C:\WINDOWS\tasks\At526.job moved successfully.
C:\WINDOWS\tasks\At527.job moved successfully.
C:\WINDOWS\tasks\At528.job moved successfully.
C:\WINDOWS\tasks\At529.job moved successfully.
C:\WINDOWS\tasks\At53.job moved successfully.
C:\WINDOWS\tasks\At530.job moved successfully.
C:\WINDOWS\tasks\At531.job moved successfully.
C:\WINDOWS\tasks\At532.job moved successfully.
C:\WINDOWS\tasks\At533.job moved successfully.
C:\WINDOWS\tasks\At534.job moved successfully.
C:\WINDOWS\tasks\At535.job moved successfully.
C:\WINDOWS\tasks\At536.job moved successfully.
C:\WINDOWS\tasks\At537.job moved successfully.
C:\WINDOWS\tasks\At538.job moved successfully.
C:\WINDOWS\tasks\At539.job moved successfully.
C:\WINDOWS\tasks\At54.job moved successfully.
C:\WINDOWS\tasks\At540.job moved successfully.
C:\WINDOWS\tasks\At541.job moved successfully.
C:\WINDOWS\tasks\At542.job moved successfully.
C:\WINDOWS\tasks\At543.job moved successfully.
C:\WINDOWS\tasks\At544.job moved successfully.
C:\WINDOWS\tasks\At545.job moved successfully.
C:\WINDOWS\tasks\At546.job moved successfully.
C:\WINDOWS\tasks\At547.job moved successfully.
C:\WINDOWS\tasks\At548.job moved successfully.
C:\WINDOWS\tasks\At549.job moved successfully.
C:\WINDOWS\tasks\At55.job moved successfully.
C:\WINDOWS\tasks\At550.job moved successfully.
C:\WINDOWS\tasks\At551.job moved successfully.
C:\WINDOWS\tasks\At552.job moved successfully.
C:\WINDOWS\tasks\At553.job moved successfully.
C:\WINDOWS\tasks\At554.job moved successfully.
C:\WINDOWS\tasks\At555.job moved successfully.
C:\WINDOWS\tasks\At556.job moved successfully.
C:\WINDOWS\tasks\At557.job moved successfully.
C:\WINDOWS\tasks\At558.job moved successfully.
C:\WINDOWS\tasks\At559.job moved successfully.
C:\WINDOWS\tasks\At56.job moved successfully.
C:\WINDOWS\tasks\At560.job moved successfully.
C:\WINDOWS\tasks\At561.job moved successfully.
C:\WINDOWS\tasks\At562.job moved successfully.
C:\WINDOWS\tasks\At563.job moved successfully.
C:\WINDOWS\tasks\At564.job moved successfully.
C:\WINDOWS\tasks\At565.job moved successfully.
C:\WINDOWS\tasks\At566.job moved successfully.
C:\WINDOWS\tasks\At567.job moved successfully.
C:\WINDOWS\tasks\At568.job moved successfully.
C:\WINDOWS\tasks\At569.job moved successfully.
C:\WINDOWS\tasks\At57.job moved successfully.
C:\WINDOWS\tasks\At570.job moved successfully.
C:\WINDOWS\tasks\At571.job moved successfully.
C:\WINDOWS\tasks\At572.job moved successfully.
C:\WINDOWS\tasks\At573.job moved successfully.
C:\WINDOWS\tasks\At574.job moved successfully.
C:\WINDOWS\tasks\At575.job moved successfully.
C:\WINDOWS\tasks\At576.job moved successfully.
C:\WINDOWS\tasks\At577.job moved successfully.
C:\WINDOWS\tasks\At578.job moved successfully.
C:\WINDOWS\tasks\At579.job moved successfully.
C:\WINDOWS\tasks\At58.job moved successfully.
C:\WINDOWS\tasks\At580.job moved successfully.
C:\WINDOWS\tasks\At581.job moved successfully.
C:\WINDOWS\tasks\At582.job moved successfully.
C:\WINDOWS\tasks\At583.job moved successfully.
C:\WINDOWS\tasks\At584.job moved successfully.
C:\WINDOWS\tasks\At585.job moved successfully.
C:\WINDOWS\tasks\At586.job moved successfully.
C:\WINDOWS\tasks\At587.job moved successfully.
C:\WINDOWS\tasks\At588.job moved successfully.
C:\WINDOWS\tasks\At589.job moved successfully.
C:\WINDOWS\tasks\At59.job moved successfully.
C:\WINDOWS\tasks\At590.job moved successfully.
C:\WINDOWS\tasks\At591.job moved successfully.
C:\WINDOWS\tasks\At592.job moved successfully.
C:\WINDOWS\tasks\At593.job moved successfully.
C:\WINDOWS\tasks\At594.job moved successfully.
C:\WINDOWS\tasks\At595.job moved successfully.
C:\WINDOWS\tasks\At596.job moved successfully.
C:\WINDOWS\tasks\At597.job moved successfully.
C:\WINDOWS\tasks\At598.job moved successfully.
C:\WINDOWS\tasks\At599.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At60.job moved successfully.
C:\WINDOWS\tasks\At600.job moved successfully.
C:\WINDOWS\tasks\At601.job moved successfully.
C:\WINDOWS\tasks\At602.job moved successfully.
C:\WINDOWS\tasks\At603.job moved successfully.
C:\WINDOWS\tasks\At604.job moved successfully.
C:\WINDOWS\tasks\At605.job moved successfully.
C:\WINDOWS\tasks\At606.job moved successfully.
C:\WINDOWS\tasks\At607.job moved successfully.
C:\WINDOWS\tasks\At608.job moved successfully.
C:\WINDOWS\tasks\At609.job moved successfully.
C:\WINDOWS\tasks\At61.job moved successfully.
C:\WINDOWS\tasks\At610.job moved successfully.
C:\WINDOWS\tasks\At611.job moved successfully.
C:\WINDOWS\tasks\At612.job moved successfully.
C:\WINDOWS\tasks\At613.job moved successfully.
C:\WINDOWS\tasks\At614.job moved successfully.
C:\WINDOWS\tasks\At615.job moved successfully.
C:\WINDOWS\tasks\At616.job moved successfully.
C:\WINDOWS\tasks\At617.job moved successfully.
C:\WINDOWS\tasks\At618.job moved successfully.
C:\WINDOWS\tasks\At619.job moved successfully.
C:\WINDOWS\tasks\At62.job moved successfully.
C:\WINDOWS\tasks\At620.job moved successfully.
C:\WINDOWS\tasks\At621.job moved successfully.
C:\WINDOWS\tasks\At622.job moved successfully.
C:\WINDOWS\tasks\At623.job moved successfully.
C:\WINDOWS\tasks\At624.job moved successfully.
C:\WINDOWS\tasks\At625.job moved successfully.
C:\WINDOWS\tasks\At626.job moved successfully.
C:\WINDOWS\tasks\At627.job moved successfully.
C:\WINDOWS\tasks\At628.job moved successfully.
C:\WINDOWS\tasks\At629.job moved successfully.
C:\WINDOWS\tasks\At63.job moved successfully.
C:\WINDOWS\tasks\At630.job moved successfully.
C:\WINDOWS\tasks\At631.job moved successfully.
C:\WINDOWS\tasks\At632.job moved successfully.
C:\WINDOWS\tasks\At633.job moved successfully.
C:\WINDOWS\tasks\At634.job moved successfully.
C:\WINDOWS\tasks\At635.job moved successfully.
C:\WINDOWS\tasks\At636.job moved successfully.
C:\WINDOWS\tasks\At637.job moved successfully.
C:\WINDOWS\tasks\At638.job moved successfully.
C:\WINDOWS\tasks\At639.job moved successfully.
C:\WINDOWS\tasks\At64.job moved successfully.
C:\WINDOWS\tasks\At640.job moved successfully.
C:\WINDOWS\tasks\At641.job moved successfully.
C:\WINDOWS\tasks\At642.job moved successfully.
C:\WINDOWS\tasks\At643.job moved successfully.
C:\WINDOWS\tasks\At644.job moved successfully.
C:\WINDOWS\tasks\At645.job moved successfully.
C:\WINDOWS\tasks\At646.job moved successfully.
C:\WINDOWS\tasks\At647.job moved successfully.
C:\WINDOWS\tasks\At648.job moved successfully.
C:\WINDOWS\tasks\At649.job moved successfully.
C:\WINDOWS\tasks\At65.job moved successfully.
C:\WINDOWS\tasks\At650.job moved successfully.
C:\WINDOWS\tasks\At651.job moved successfully.
C:\WINDOWS\tasks\At652.job moved successfully.
C:\WINDOWS\tasks\At653.job moved successfully.
C:\WINDOWS\tasks\At654.job moved successfully.
C:\WINDOWS\tasks\At655.job moved successfully.
C:\WINDOWS\tasks\At656.job moved successfully.
C:\WINDOWS\tasks\At657.job moved successfully.
C:\WINDOWS\tasks\At658.job moved successfully.
C:\WINDOWS\tasks\At659.job moved successfully.
C:\WINDOWS\tasks\At66.job moved successfully.
C:\WINDOWS\tasks\At660.job moved successfully.
C:\WINDOWS\tasks\At661.job moved successfully.
C:\WINDOWS\tasks\At662.job moved successfully.
C:\WINDOWS\tasks\At663.job moved successfully.
C:\WINDOWS\tasks\At664.job moved successfully.
C:\WINDOWS\tasks\At665.job moved successfully.
C:\WINDOWS\tasks\At666.job moved successfully.
C:\WINDOWS\tasks\At667.job moved successfully.
C:\WINDOWS\tasks\At668.job moved successfully.
C:\WINDOWS\tasks\At669.job moved successfully.
C:\WINDOWS\tasks\At67.job moved successfully.
C:\WINDOWS\tasks\At670.job moved successfully.
C:\WINDOWS\tasks\At671.job moved successfully.
C:\WINDOWS\tasks\At672.job moved successfully.
C:\WINDOWS\tasks\At673.job moved successfully.
C:\WINDOWS\tasks\At674.job moved successfully.
C:\WINDOWS\tasks\At675.job moved successfully.
C:\WINDOWS\tasks\At676.job moved successfully.
C:\WINDOWS\tasks\At677.job moved successfully.
C:\WINDOWS\tasks\At678.job moved successfully.
C:\WINDOWS\tasks\At679.job moved successfully.
C:\WINDOWS\tasks\At68.job moved successfully.
C:\WINDOWS\tasks\At680.job moved successfully.
C:\WINDOWS\tasks\At681.job moved successfully.
C:\WINDOWS\tasks\At682.job moved successfully.
C:\WINDOWS\tasks\At683.job moved successfully.
C:\WINDOWS\tasks\At684.job moved successfully.
C:\WINDOWS\tasks\At685.job moved successfully.
C:\WINDOWS\tasks\At686.job moved successfully.
C:\WINDOWS\tasks\At687.job moved successfully.
C:\WINDOWS\tasks\At688.job moved successfully.
C:\WINDOWS\tasks\At689.job moved successfully.
C:\WINDOWS\tasks\At69.job moved successfully.
C:\WINDOWS\tasks\At690.job moved successfully.
C:\WINDOWS\tasks\At691.job moved successfully.
C:\WINDOWS\tasks\At692.job moved successfully.
C:\WINDOWS\tasks\At693.job moved successfully.
C:\WINDOWS\tasks\At694.job moved successfully.
C:\WINDOWS\tasks\At695.job moved successfully.
C:\WINDOWS\tasks\At696.job moved successfully.
C:\WINDOWS\tasks\At697.job moved successfully.
C:\WINDOWS\tasks\At698.job moved successfully.
C:\WINDOWS\tasks\At699.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At70.job moved successfully.
C:\WINDOWS\tasks\At700.job moved successfully.
C:\WINDOWS\tasks\At701.job moved successfully.
C:\WINDOWS\tasks\At702.job moved successfully.
C:\WINDOWS\tasks\At703.job moved successfully.
C:\WINDOWS\tasks\At704.job moved successfully.
C:\WINDOWS\tasks\At705.job moved successfully.
C:\WINDOWS\tasks\At706.job moved successfully.
C:\WINDOWS\tasks\At707.job moved successfully.
C:\WINDOWS\tasks\At708.job moved successfully.
C:\WINDOWS\tasks\At709.job moved successfully.
C:\WINDOWS\tasks\At71.job moved successfully.
C:\WINDOWS\tasks\At710.job moved successfully.
C:\WINDOWS\tasks\At711.job moved successfully.
C:\WINDOWS\tasks\At712.job moved successfully.
C:\WINDOWS\tasks\At713.job moved successfully.
C:\WINDOWS\tasks\At714.job moved successfully.
C:\WINDOWS\tasks\At715.job moved successfully.
C:\WINDOWS\tasks\At716.job moved successfully.
C:\WINDOWS\tasks\At717.job moved successfully.
C:\WINDOWS\tasks\At718.job moved successfully.
C:\WINDOWS\tasks\At719.job moved successfully.
C:\WINDOWS\tasks\At72.job moved successfully.
C:\WINDOWS\tasks\At720.job moved successfully.
C:\WINDOWS\tasks\At721.job moved successfully.
C:\WINDOWS\tasks\At722.job moved successfully.
C:\WINDOWS\tasks\At723.job moved successfully.
C:\WINDOWS\tasks\At724.job moved successfully.
C:\WINDOWS\tasks\At725.job moved successfully.
C:\WINDOWS\tasks\At726.job moved successfully.
C:\WINDOWS\tasks\At727.job moved successfully.
C:\WINDOWS\tasks\At728.job moved successfully.
C:\WINDOWS\tasks\At729.job moved successfully.
C:\WINDOWS\tasks\At73.job moved successfully.
C:\WINDOWS\tasks\At730.job moved successfully.
C:\WINDOWS\tasks\At731.job moved successfully.
C:\WINDOWS\tasks\At732.job moved successfully.
C:\WINDOWS\tasks\At733.job moved successfully.
C:\WINDOWS\tasks\At734.job moved successfully.
C:\WINDOWS\tasks\At735.job moved successfully.
C:\WINDOWS\tasks\At736.job moved successfully.
C:\WINDOWS\tasks\At737.job moved successfully.
C:\WINDOWS\tasks\At738.job moved successfully.
C:\WINDOWS\tasks\At739.job moved successfully.
C:\WINDOWS\tasks\At74.job moved successfully.
C:\WINDOWS\tasks\At740.job moved successfully.
C:\WINDOWS\tasks\At741.job moved successfully.
C:\WINDOWS\tasks\At742.job moved successfully.
C:\WINDOWS\tasks\At743.job moved successfully.
C:\WINDOWS\tasks\At744.job moved successfully.
C:\WINDOWS\tasks\At745.job moved successfully.
C:\WINDOWS\tasks\At746.job moved successfully.
C:\WINDOWS\tasks\At747.job moved successfully.
C:\WINDOWS\tasks\At748.job moved successfully.
C:\WINDOWS\tasks\At749.job moved successfully.
C:\WINDOWS\tasks\At75.job moved successfully.
C:\WINDOWS\tasks\At750.job moved successfully.
C:\WINDOWS\tasks\At751.job moved successfully.
C:\WINDOWS\tasks\At752.job moved successfully.
C:\WINDOWS\tasks\At753.job moved successfully.
C:\WINDOWS\tasks\At754.job moved successfully.
C:\WINDOWS\tasks\At755.job moved successfully.
C:\WINDOWS\tasks\At756.job moved successfully.
C:\WINDOWS\tasks\At757.job moved successfully.
C:\WINDOWS\tasks\At758.job moved successfully.
C:\WINDOWS\tasks\At759.job moved successfully.
C:\WINDOWS\tasks\At76.job moved successfully.
C:\WINDOWS\tasks\At760.job moved successfully.
C:\WINDOWS\tasks\At761.job moved successfully.
C:\WINDOWS\tasks\At762.job moved successfully.
C:\WINDOWS\tasks\At763.job moved successfully.
C:\WINDOWS\tasks\At764.job moved successfully.
C:\WINDOWS\tasks\At765.job moved successfully.
C:\WINDOWS\tasks\At766.job moved successfully.
C:\WINDOWS\tasks\At767.job moved successfully.
C:\WINDOWS\tasks\At768.job moved successfully.
C:\WINDOWS\tasks\At769.job moved successfully.
C:\WINDOWS\tasks\At77.job moved successfully.
C:\WINDOWS\tasks\At770.job moved successfully.
C:\WINDOWS\tasks\At771.job moved successfully.
C:\WINDOWS\tasks\At772.job moved successfully.
C:\WINDOWS\tasks\At773.job moved successfully.
C:\WINDOWS\tasks\At774.job moved successfully.
C:\WINDOWS\tasks\At775.job moved successfully.
C:\WINDOWS\tasks\At776.job moved successfully.
C:\WINDOWS\tasks\At777.job moved successfully.
C:\WINDOWS\tasks\At778.job moved successfully.
C:\WINDOWS\tasks\At779.job moved successfully.
C:\WINDOWS\tasks\At78.job moved successfully.
C:\WINDOWS\tasks\At780.job moved successfully.
C:\WINDOWS\tasks\At781.job moved successfully.
C:\WINDOWS\tasks\At782.job moved successfully.
C:\WINDOWS\tasks\At783.job moved successfully.
C:\WINDOWS\tasks\At784.job moved successfully.
C:\WINDOWS\tasks\At785.job moved successfully.
C:\WINDOWS\tasks\At786.job moved successfully.
C:\WINDOWS\tasks\At787.job moved successfully.
C:\WINDOWS\tasks\At788.job moved successfully.
C:\WINDOWS\tasks\At789.job moved successfully.
C:\WINDOWS\tasks\At79.job moved successfully.
C:\WINDOWS\tasks\At790.job moved successfully.
C:\WINDOWS\tasks\At791.job moved successfully.
C:\WINDOWS\tasks\At792.job moved successfully.
C:\WINDOWS\tasks\At793.job moved successfully.
C:\WINDOWS\tasks\At794.job moved successfully.
C:\WINDOWS\tasks\At795.job moved successfully.
C:\WINDOWS\tasks\At796.job moved successfully.
C:\WINDOWS\tasks\At797.job moved successfully.
C:\WINDOWS\tasks\At798.job moved successfully.
C:\WINDOWS\tasks\At799.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At80.job moved successfully.
C:\WINDOWS\tasks\At800.job moved successfully.
C:\WINDOWS\tasks\At801.job moved successfully.
C:\WINDOWS\tasks\At802.job moved successfully.
C:\WINDOWS\tasks\At803.job moved successfully.
C:\WINDOWS\tasks\At804.job moved successfully.
C:\WINDOWS\tasks\At805.job moved successfully.
C:\WINDOWS\tasks\At806.job moved successfully.
C:\WINDOWS\tasks\At807.job moved successfully.
C:\WINDOWS\tasks\At808.job moved successfully.
C:\WINDOWS\tasks\At809.job moved successfully.
C:\WINDOWS\tasks\At81.job moved successfully.
C:\WINDOWS\tasks\At810.job moved successfully.
C:\WINDOWS\tasks\At811.job moved successfully.
C:\WINDOWS\tasks\At812.job moved successfully.
C:\WINDOWS\tasks\At813.job moved successfully.
C:\WINDOWS\tasks\At814.job moved successfully.
C:\WINDOWS\tasks\At815.job moved successfully.
C:\WINDOWS\tasks\At816.job moved successfully.
C:\WINDOWS\tasks\At817.job moved successfully.
C:\WINDOWS\tasks\At818.job moved successfully.
C:\WINDOWS\tasks\At819.job moved successfully.
C:\WINDOWS\tasks\At82.job moved successfully.
C:\WINDOWS\tasks\At820.job moved successfully.
C:\WINDOWS\tasks\At821.job moved successfully.
C:\WINDOWS\tasks\At822.job moved successfully.
C:\WINDOWS\tasks\At823.job moved successfully.
C:\WINDOWS\tasks\At824.job moved successfully.
C:\WINDOWS\tasks\At825.job moved successfully.
C:\WINDOWS\tasks\At826.job moved successfully.
C:\WINDOWS\tasks\At827.job moved successfully.
C:\WINDOWS\tasks\At828.job moved successfully.
C:\WINDOWS\tasks\At829.job moved successfully.
C:\WINDOWS\tasks\At83.job moved successfully.
C:\WINDOWS\tasks\At830.job moved successfully.
C:\WINDOWS\tasks\At831.job moved successfully.
C:\WINDOWS\tasks\At832.job moved successfully.
C:\WINDOWS\tasks\At833.job moved successfully.
C:\WINDOWS\tasks\At834.job moved successfully.
C:\WINDOWS\tasks\At835.job moved successfully.
C:\WINDOWS\tasks\At836.job moved successfully.
C:\WINDOWS\tasks\At837.job moved successfully.
C:\WINDOWS\tasks\At838.job moved successfully.
C:\WINDOWS\tasks\At839.job moved successfully.
C:\WINDOWS\tasks\At84.job moved successfully.
C:\WINDOWS\tasks\At840.job moved successfully.
C:\WINDOWS\tasks\At841.job moved successfully.
C:\WINDOWS\tasks\At842.job moved successfully.
C:\WINDOWS\tasks\At843.job moved successfully.
C:\WINDOWS\tasks\At844.job moved successfully.
C:\WINDOWS\tasks\At845.job moved successfully.
C:\WINDOWS\tasks\At846.job moved successfully.
C:\WINDOWS\tasks\At847.job moved successfully.
C:\WINDOWS\tasks\At848.job moved successfully.
C:\WINDOWS\tasks\At849.job moved successfully.
C:\WINDOWS\tasks\At85.job moved successfully.
C:\WINDOWS\tasks\At850.job moved successfully.
C:\WINDOWS\tasks\At851.job moved successfully.
C:\WINDOWS\tasks\At852.job moved successfully.
C:\WINDOWS\tasks\At853.job moved successfully.
C:\WINDOWS\tasks\At854.job moved successfully.
C:\WINDOWS\tasks\At855.job moved successfully.
C:\WINDOWS\tasks\At856.job moved successfully.
C:\WINDOWS\tasks\At857.job moved successfully.
C:\WINDOWS\tasks\At858.job moved successfully.
C:\WINDOWS\tasks\At859.job moved successfully.
C:\WINDOWS\tasks\At86.job moved successfully.
C:\WINDOWS\tasks\At860.job moved successfully.
C:\WINDOWS\tasks\At861.job moved successfully.
C:\WINDOWS\tasks\At862.job moved successfully.
C:\WINDOWS\tasks\At863.job moved successfully.
C:\WINDOWS\tasks\At864.job moved successfully.
C:\WINDOWS\tasks\At865.job moved successfully.
C:\WINDOWS\tasks\At866.job moved successfully.
C:\WINDOWS\tasks\At867.job moved successfully.
C:\WINDOWS\tasks\At868.job moved successfully.
C:\WINDOWS\tasks\At869.job moved successfully.
C:\WINDOWS\tasks\At87.job moved successfully.
C:\WINDOWS\tasks\At870.job moved successfully.
C:\WINDOWS\tasks\At871.job moved successfully.
C:\WINDOWS\tasks\At872.job moved successfully.
C:\WINDOWS\tasks\At873.job moved successfully.
C:\WINDOWS\tasks\At874.job moved successfully.
C:\WINDOWS\tasks\At875.job moved successfully.
C:\WINDOWS\tasks\At876.job moved successfully.
C:\WINDOWS\tasks\At877.job moved successfully.
C:\WINDOWS\tasks\At878.job moved successfully.
C:\WINDOWS\tasks\At879.job moved successfully.
C:\WINDOWS\tasks\At88.job moved successfully.
C:\WINDOWS\tasks\At880.job moved successfully.
C:\WINDOWS\tasks\At881.job moved successfully.
C:\WINDOWS\tasks\At882.job moved successfully.
C:\WINDOWS\tasks\At883.job moved successfully.
C:\WINDOWS\tasks\At884.job moved successfully.
C:\WINDOWS\tasks\At885.job moved successfully.
C:\WINDOWS\tasks\At886.job moved successfully.
C:\WINDOWS\tasks\At887.job moved successfully.
C:\WINDOWS\tasks\At888.job moved successfully.
C:\WINDOWS\tasks\At889.job moved successfully.
C:\WINDOWS\tasks\At89.job moved successfully.
C:\WINDOWS\tasks\At890.job moved successfully.
C:\WINDOWS\tasks\At891.job moved successfully.
C:\WINDOWS\tasks\At892.job moved successfully.
C:\WINDOWS\tasks\At893.job moved successfully.
C:\WINDOWS\tasks\At894.job moved successfully.
C:\WINDOWS\tasks\At895.job moved successfully.
C:\WINDOWS\tasks\At896.job moved successfully.
C:\WINDOWS\tasks\At897.job moved successfully.
C:\WINDOWS\tasks\At898.job moved successfully.
C:\WINDOWS\tasks\At899.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
C:\WINDOWS\tasks\At90.job moved successfully.
C:\WINDOWS\tasks\At900.job moved successfully.
C:\WINDOWS\tasks\At901.job moved successfully.
C:\WINDOWS\tasks\At902.job moved successfully.
C:\WINDOWS\tasks\At903.job moved successfully.
C:\WINDOWS\tasks\At904.job moved successfully.
C:\WINDOWS\tasks\At905.job moved successfully.
C:\WINDOWS\tasks\At906.job moved successfully.
C:\WINDOWS\tasks\At907.job moved successfully.
C:\WINDOWS\tasks\At908.job moved successfully.
C:\WINDOWS\tasks\At909.job moved successfully.
C:\WINDOWS\tasks\At91.job moved successfully.
C:\WINDOWS\tasks\At910.job moved successfully.
C:\WINDOWS\tasks\At911.job moved successfully.
C:\WINDOWS\tasks\At912.job moved successfully.
C:\WINDOWS\tasks\At913.job moved successfully.
C:\WINDOWS\tasks\At914.job moved successfully.
C:\WINDOWS\tasks\At915.job moved successfully.
C:\WINDOWS\tasks\At916.job moved successfully.
C:\WINDOWS\tasks\At917.job moved successfully.
C:\WINDOWS\tasks\At918.job moved successfully.
C:\WINDOWS\tasks\At919.job moved successfully.
C:\WINDOWS\tasks\At92.job moved successfully.
C:\WINDOWS\tasks\At920.job moved successfully.
C:\WINDOWS\tasks\At921.job moved successfully.
C:\WINDOWS\tasks\At922.job moved successfully.
C:\WINDOWS\tasks\At923.job moved successfully.
C:\WINDOWS\tasks\At924.job moved successfully.
C:\WINDOWS\tasks\At925.job moved successfully.
C:\WINDOWS\tasks\At926.job moved successfully.
C:\WINDOWS\tasks\At927.job moved successfully.
C:\WINDOWS\tasks\At928.job moved successfully.
C:\WINDOWS\tasks\At929.job moved successfully.
C:\WINDOWS\tasks\At93.job moved successfully.
C:\WINDOWS\tasks\At930.job moved successfully.
C:\WINDOWS\tasks\At931.job moved successfully.
C:\WINDOWS\tasks\At932.job moved successfully.
C:\WINDOWS\tasks\At933.job moved successfully.
C:\WINDOWS\tasks\At934.job moved successfully.
C:\WINDOWS\tasks\At935.job moved successfully.
C:\WINDOWS\tasks\At936.job moved successfully.
C:\WINDOWS\tasks\At937.job moved successfully.
C:\WINDOWS\tasks\At938.job moved successfully.
C:\WINDOWS\tasks\At939.job moved successfully.
C:\WINDOWS\tasks\At94.job moved successfully.
C:\WINDOWS\tasks\At940.job moved successfully.
C:\WINDOWS\tasks\At941.job moved successfully.
C:\WINDOWS\tasks\At942.job moved successfully.
C:\WINDOWS\tasks\At943.job moved successfully.
C:\WINDOWS\tasks\At944.job moved successfully.
C:\WINDOWS\tasks\At945.job moved successfully.
C:\WINDOWS\tasks\At946.job moved successfully.
C:\WINDOWS\tasks\At947.job moved successfully.
C:\WINDOWS\tasks\At948.job moved successfully.
C:\WINDOWS\tasks\At949.job moved successfully.
C:\WINDOWS\tasks\At95.job moved successfully.
C:\WINDOWS\tasks\At950.job moved successfully.
C:\WINDOWS\tasks\At951.job moved successfully.
C:\WINDOWS\tasks\At952.job moved successfully.
C:\WINDOWS\tasks\At953.job moved successfully.
C:\WINDOWS\tasks\At954.job moved successfully.
C:\WINDOWS\tasks\At955.job moved successfully.
C:\WINDOWS\tasks\At956.job moved successfully.
C:\WINDOWS\tasks\At957.job moved successfully.
C:\WINDOWS\tasks\At958.job moved successfully.
C:\WINDOWS\tasks\At959.job moved successfully.
C:\WINDOWS\tasks\At96.job moved successfully.
C:\WINDOWS\tasks\At960.job moved successfully.
C:\WINDOWS\tasks\At961.job moved successfully.
C:\WINDOWS\tasks\At962.job moved successfully.
C:\WINDOWS\tasks\At963.job moved successfully.
C:\WINDOWS\tasks\At964.job moved successfully.
C:\WINDOWS\tasks\At965.job moved successfully.
C:\WINDOWS\tasks\At966.job moved successfully.
C:\WINDOWS\tasks\At967.job moved successfully.
C:\WINDOWS\tasks\At968.job moved successfully.
C:\WINDOWS\tasks\At969.job moved successfully.
C:\WINDOWS\tasks\At97.job moved successfully.
C:\WINDOWS\tasks\At970.job moved successfully.
C:\WINDOWS\tasks\At971.job moved successfully.
C:\WINDOWS\tasks\At972.job moved successfully.
C:\WINDOWS\tasks\At973.job moved successfully.
C:\WINDOWS\tasks\At974.job moved successfully.
C:\WINDOWS\tasks\At975.job moved successfully.
C:\WINDOWS\tasks\At976.job moved successfully.
C:\WINDOWS\tasks\At977.job moved successfully.
C:\WINDOWS\tasks\At978.job moved successfully.
C:\WINDOWS\tasks\At979.job moved successfully.
C:\WINDOWS\tasks\At98.job moved successfully.
C:\WINDOWS\tasks\At980.job moved successfully.
C:\WINDOWS\tasks\At981.job moved successfully.
C:\WINDOWS\tasks\At982.job moved successfully.
C:\WINDOWS\tasks\At983.job moved successfully.
C:\WINDOWS\tasks\At984.job moved successfully.
C:\WINDOWS\tasks\At985.job moved successfully.
C:\WINDOWS\tasks\At986.job moved successfully.
C:\WINDOWS\tasks\At987.job moved successfully.
C:\WINDOWS\tasks\At988.job moved successfully.
C:\WINDOWS\tasks\At989.job moved successfully.
C:\WINDOWS\tasks\At99.job moved successfully.
C:\WINDOWS\tasks\At990.job moved successfully.
C:\WINDOWS\tasks\At991.job moved successfully.
C:\WINDOWS\tasks\At992.job moved successfully.
C:\WINDOWS\tasks\At993.job moved successfully.
C:\WINDOWS\tasks\At994.job moved successfully.
C:\WINDOWS\tasks\At995.job moved successfully.
C:\WINDOWS\tasks\At996.job moved successfully.
C:\WINDOWS\tasks\At997.job moved successfully.
C:\WINDOWS\tasks\At998.job moved successfully.
C:\WINDOWS\tasks\At999.job moved successfully.
C:\WINDOWS\tasks\EWFNVHKQG.job moved successfully.
File/Folder C:\WINDOWS\fonts\2EJRGyl.com not found.
C:\WINDOWS\system32\2EJRGyl.com moved successfully.
C:\Documents and Settings\All Users\Application Data\2EJRGyl.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\W334kc1B.exe moved successfully.
C:\WINDOWS\system32\DdXkot3O.dll moved successfully.
C:\827fb91b5755f263d4d041 folder moved successfully.
C:\Program Files\uTorrent folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\uTorrent folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\uTorrent\uTorrent.exe deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 4193875 bytes
->Temporary Internet Files folder emptied: 47745 bytes
->Java cache emptied: 10733944 bytes
->FireFox cache emptied: 34945741 bytes
->Flash cache emptied: 1272 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 42531 bytes
->Java cache emptied: 34379 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402044 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49152 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 34907148 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 17225378 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 100.00 mb


OTM by OldTimer - Version 3.1.15.0 log created on 07242010_210103

Files moved on Reboot...

Registry entries deleted on Reboot...

RSIT Log:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Administrator at 2010-07-24 21:37:53
Microsoft Windows XP Professional Service Pack 3
System drive C: has 97 GB (63%) free of 153 GB
Total RAM: 2047 MB (81% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:37:59 PM, on 7/24/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Java\Java Update\jusched .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [JDK5SWFMZY] C:\WINDOWS\TEMP\Sm2 .exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [JDK5SWFMZY] C:\WINDOWS\TEMP\Sm2 .exe (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 5588 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-27 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-27 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-07-17 36868]
"QuickTime Task"=C:\Program Files\QuickTime\qttask .exe [2010-03-17 421888]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe []
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-07-17 36868]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-07-17 36868]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2010-07-19 36872]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-04 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ClamWin\bin\ClamWin.exe"="C:\Program Files\ClamWin\bin\ClamWin.exe:*:Enabled:Virus Scanner"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Disabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Disabled:Microsoft Office OneNote"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-07-24 21:10:40 ----A---- C:\Documents and Settings\All Users\Application Data\W334kc1B.exe
2010-07-24 21:06:19 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-07-24 21:06:17 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-07-24 21:01:03 ----D---- C:\_OTM
2010-07-24 20:56:57 ----D---- C:\WINDOWS\ERDNT
2010-07-24 20:56:13 ----D---- C:\Program Files\ERUNT
2010-07-23 15:38:55 ----D---- C:\rsit
2010-07-23 14:05:50 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2010-07-23 14:02:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-07-23 14:00:53 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-07-20 04:26:25 ----D---- C:\Program Files\RegScrubXP
2010-07-20 04:19:09 ----D---- C:\Program Files\Trend Micro
2010-07-20 03:17:35 ----D---- C:\VundoFix Backups
2010-07-20 01:59:55 ----A---- C:\WINDOWS\wininit.ini
2010-07-20 00:50:18 ----SHD---- C:\WINDOWS\CSC
2010-07-20 00:26:36 ----A---- C:\WINDOWS\ntbtlog.txt
2010-07-20 00:19:44 ----A---- C:\WINDOWS\IE4 Error Log.txt
2010-07-19 23:38:36 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-07-19 23:38:36 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-18 14:46:00 ----D---- C:\Program Files\ESET
2010-07-18 06:02:07 ----A---- C:\WINDOWS\system32\wmpns.dll
2010-07-16 21:00:20 ----RASH---- C:\WINDOWS\system32\proctexeg.dll
2010-07-16 16:56:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-07-15 18:08:10 ----D---- C:\Program Files\Common Files\Adobe
2010-07-08 03:49:20 ----D---- C:\Documents and Settings\Administrator\Application Data\dBpoweramp
2010-07-05 01:50:02 ----D---- C:\Documents and Settings\Administrator\Application Data\AccurateRip
2010-07-05 01:49:58 ----A---- C:\WINDOWS\system32\SpoonUninstall.exe
2010-07-05 01:49:53 ----D---- C:\Program Files\Illustrate
2010-06-29 01:52:59 ----D---- C:\WINDOWS\Sun
2010-06-28 22:22:14 ----A---- C:\Program Files\vlc-1.1.0-win32.exe
2010-06-27 12:13:11 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee

======List of files/folders modified in the last 1 months======

2010-07-24 21:32:06 ----D---- C:\Program Files\Mozilla Firefox
2010-07-24 21:29:40 ----D---- C:\WINDOWS\Temp
2010-07-24 21:29:02 ----D---- C:\WINDOWS\system32\drivers
2010-07-24 21:28:38 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-24 21:27:41 ----D---- C:\WINDOWS\system32
2010-07-24 21:22:39 ----D---- C:\WINDOWS\Prefetch
2010-07-24 21:10:40 ----SD---- C:\WINDOWS\Tasks
2010-07-24 21:05:27 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-24 21:01:22 ----D---- C:\WINDOWS
2010-07-24 21:01:08 ----RD---- C:\Program Files
2010-07-24 00:16:10 ----D---- C:\Program Files\QuickTime
2010-07-23 15:16:11 ----RSD---- C:\WINDOWS\Fonts
2010-07-23 14:30:52 ----D---- C:\Documents and Settings\Administrator\Application Data\vlc
2010-07-20 05:25:27 ----SHD---- C:\System Volume Information
2010-07-20 05:25:27 ----D---- C:\WINDOWS\system32\Restore
2010-07-20 04:19:09 ----SHD---- C:\WINDOWS\Installer
2010-07-20 04:19:09 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2010-07-20 04:15:52 ----D---- C:\Program Files\Apoint
2010-07-20 00:35:57 ----D---- C:\WINDOWS\system32\drivers\etc
2010-07-19 02:48:39 ----D---- C:\Program Files\Messenger
2010-07-18 06:02:09 ----A---- C:\WINDOWS\OEWABLog.txt
2010-07-17 04:30:01 ----D---- C:\Program Files\iTunes
2010-07-17 03:19:53 ----HD---- C:\WINDOWS\inf
2010-07-17 00:16:49 ----D---- C:\WINDOWS\system32\wbem
2010-07-17 00:16:48 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-07-16 16:56:30 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-07-16 16:56:11 ----HD---- C:\WINDOWS\$hf_mig$
2010-07-16 09:20:16 ----D---- C:\Documents and Settings\Administrator\Application Data\dvdcss
2010-07-15 18:09:12 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-07-15 18:08:10 ----D---- C:\Program Files\Common Files
2010-07-15 18:08:10 ----D---- C:\Program Files\Adobe
2010-07-06 12:30:15 ----D---- C:\Program Files\VLC
2010-07-02 14:39:05 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.6.0.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2010-06-11 21425]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-02-21 12416]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2005-09-28 113847]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-04 1273344]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2004-05-26 44928]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS [2005-05-03 1033728]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2005-05-03 208384]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2009-02-24 116736]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
R3 STAC97;SigmaTel C-Major Audio; C:\WINDOWS\system32\drivers\STAC97.sys [2005-03-10 273168]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-05-03 705408]
S0 cerc6;cerc6; C:\WINDOWS\system32\drivers\cerc6.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\drivers\UIUSys.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2010-04-19 41984]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2007-02-08 2209408]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-04 380928]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-02-21 643072]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2006-06-29 376832]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-02-21 327680]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-02-21 983040]
R2 WLANKEEPER;Intel(R) PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2007-02-21 294912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-06-15 540472]
S2 6to4;Network Security; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Notes: When MBAM was finished scanning, I got 2 popup windows:

1) W334kc1B.exe - Application Error
The instruction at "0x76f29d41" referenced memory at "0x00000001". The memory could not be "read". Click on OK to terminate the program. Click on CANCEL to debug the program.

2) W334kc1B.exe has encountered a problem and needs to close. (Options were "Send Report", "Don't Send", and "Debug". I clicked "Don't Send".)

Also, MBAM couldn't scan for updates, even though I was connected to the internet via my ethernet connection.
misterbanksiii
Active Member
 
Posts: 7
Joined: July 20th, 2010, 6:02 am

Re: Win32.FraudLoad.edt, Virtumonde, Win32.FraudLoad, etc...

Unread postby Airscape » July 25th, 2010, 1:14 pm

Also, MBAM couldn't scan for updates, even though I was connected to the internet via my ethernet connection.

Start Internet Explorer > click on Tools > Internet Options > Connections > Lan Settings

UNcheck the checkbox labeled Use a proxy server for your LAN. Then press OK.

Re-Run Rkill

Now try and update MBAM, do a quick scan, and post the log... let me know if it updates?
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: Win32.FraudLoad.edt, Virtumonde, Win32.FraudLoad, etc...

Unread postby misterbanksiii » July 26th, 2010, 6:54 am

Although I never, ever use Internet Explorer (I use Firefox), I opened it and under LAN settings the "Use a proxy server..." box was NOT checked. So, I went to Firefox>tools>options>advanced>network, clicked the "settings" box, and checked "No Proxy". MBAM then updated fine. Here is the log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4350

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

7/26/2010 5:52:26 AM
mbam-log-2010-07-26 (05-52-26).txt

Scan type: Quick scan
Objects scanned: 132919
Time elapsed: 3 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c6a91056-83e0-4c6e-8dcc-43fc0dfe7a0a} (Trojan.SearchRedir.M) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
misterbanksiii
Active Member
 
Posts: 7
Joined: July 20th, 2010, 6:02 am

Re: Win32.FraudLoad.edt, Virtumonde, Win32.FraudLoad, etc...

Unread postby Airscape » July 26th, 2010, 7:45 pm

Hi misterbanksiii,

Re-run Rkill it should still be on the desktop.

Malwarebytes' Anti-Malware
  • Launch MBAM and click the Update tab >> then Check for Updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <--- Make sure you do this.
  • When completed, a log will open in Notepad. Please post this log in your next reply.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OTL
Please download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scans/Fixes at the bottom, copy/paste the following.
    Code: Select all
    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

So please post back with both OTL logs, and a new MBAM log (making sure you remove what it finds)
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: Win32.FraudLoad.edt, Virtumonde, Win32.FraudLoad, etc...

Unread postby misterbanksiii » July 27th, 2010, 2:01 am

OTL logfile created on: 7/27/2010 12:39:30 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 94.48 Gb Free Space | 63.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 3.73 Gb Total Space | 3.10 Gb Free Space | 83.22% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: X-013126ED881B4
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\All Users\Application Data\W334kc1B.exe ()
PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Messenger\msmsgs.exe ()
PRC - C:\Program Files\iTunes\iTunesHelper .exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Java\Java Update\jusched .exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation)
PRC - C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (6to4) -- C:\WINDOWS\System32\6to4v32.dll File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (WLANKEEPER) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation)
SRV - (S24EventMonitor) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (RegSrvc) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)


========== Driver Services (SafeList) ==========

DRV - (UIUSys) -- C:\WINDOWS\System32\drivers\UIUSys.sys File not found
DRV - (mcdbus) -- C:\WINDOWS\system32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS (Conexant Systems, Inc.)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (STAC97) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/29 15:03:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/15 18:18:55 | 000,000,000 | ---D | M]

[2010/06/11 20:21:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/07/19 04:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dz139qzy.default\extensions
[2010/06/19 06:04:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dz139qzy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/26 05:16:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/13 07:40:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 19:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/07/20 00:35:57 | 000,249,881 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 8710 more lines...
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask .exe (Apple Inc.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe ()
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe ()
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/09 21:22:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - C:\WINDOWS\System32\6to4v32.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17465059307421696)

========== Files/Folders - Created Within 30 Days ==========

[2010/07/27 00:35:44 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/07/24 21:06:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/24 21:06:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/24 21:01:03 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/07/24 20:56:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/24 20:56:13 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/07/24 20:53:42 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.46.exe
[2010/07/24 20:53:42 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Administrator\Desktop\erunt-setup.exe
[2010/07/24 20:53:42 | 000,520,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTM.exe
[2010/07/23 16:00:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Send To Malware Removal
[2010/07/23 15:38:55 | 000,000,000 | ---D | C] -- C:\rsit
[2010/07/23 14:05:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/07/23 14:02:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/23 14:00:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/20 04:26:25 | 000,000,000 | ---D | C] -- C:\Program Files\RegScrubXP
[2010/07/20 04:19:09 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/07/20 03:17:35 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2010/07/20 03:17:15 | 000,119,808 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Administrator\Desktop\VundoFix.exe
[2010/07/20 00:50:18 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/07/19 23:38:36 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/07/19 23:38:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/07/18 14:46:00 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/07/18 06:02:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2010/07/18 06:02:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\.clamwin
[2010/07/18 06:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2010/07/18 04:59:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2010/07/17 03:17:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/17 03:17:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/17 02:29:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/15 18:08:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/07/08 03:49:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\dBpoweramp
[2010/07/05 01:50:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AccurateRip
[2010/07/05 01:49:53 | 000,000,000 | ---D | C] -- C:\Program Files\Illustrate
[2010/06/29 01:52:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/06/27 12:13:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee

========== Files - Modified Within 30 Days ==========

[2010/07/27 00:24:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At49.job
[2010/07/27 00:15:04 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At72.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At71.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At70.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At69.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At68.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At67.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At66.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At65.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At64.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At63.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At62.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At61.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At60.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At59.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At58.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At57.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At56.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At55.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At54.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At53.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At52.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At51.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At50.job
[2010/07/27 00:12:29 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\tbcOv3Rr.dat
[2010/07/27 00:12:26 | 000,071,682 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\W334kc1B.exe
[2010/07/27 00:09:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010/07/27 00:06:34 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/07/27 00:05:57 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/27 00:05:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/26 05:55:44 | 005,242,880 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/07/26 05:55:44 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/07/26 05:00:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/07/26 04:20:03 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/24 22:04:31 | 004,300,202 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/07/24 22:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/07/24 21:10:41 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/07/24 21:10:41 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/07/24 21:10:41 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/07/24 21:10:41 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/07/24 21:10:41 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/07/24 21:10:41 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/07/24 21:10:41 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/07/24 21:10:41 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/07/24 21:10:41 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/07/24 21:10:41 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/07/24 21:10:41 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/07/24 21:10:41 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/07/24 21:10:41 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/07/24 21:10:41 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/07/24 21:10:41 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/07/24 21:10:41 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/07/24 21:10:41 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/07/24 21:10:41 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/07/24 21:10:41 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/07/24 21:10:41 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/07/24 21:10:41 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/07/24 20:45:08 | 000,520,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTM.exe
[2010/07/24 20:44:58 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Administrator\Desktop\erunt-setup.exe
[2010/07/23 14:09:50 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RSIT.exe
[2010/07/23 14:06:28 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\pjgdclff.exe
[2010/07/23 14:06:10 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\rkill.exe
[2010/07/23 13:52:36 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.46.exe
[2010/07/23 06:32:09 | 000,107,008 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/20 04:47:10 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2010/07/20 03:57:13 | 000,000,257 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/07/20 03:48:29 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.msi
[2010/07/20 03:17:16 | 000,119,808 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Administrator\Desktop\VundoFix.exe
[2010/07/20 00:35:57 | 000,249,881 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/18 22:02:55 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/18 14:44:46 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\esetsmartinstaller_enu.exe
[2010/07/17 04:30:01 | 000,036,868 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\2EJRGyl.exe
[2010/07/17 04:30:01 | 000,036,868 | ---- | M] () -- C:\Documents and Settings\Administrator\2EJRGyl.com
[2010/07/17 00:16:49 | 000,435,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/17 00:16:49 | 000,068,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/17 00:16:48 | 000,510,584 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/16 21:00:20 | 000,075,776 | RHS- | M] () -- C:\WINDOWS\System32\proctexeg.dll
[2010/07/12 00:23:54 | 000,003,590 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp m4a Codec.dat
[2010/07/12 00:23:44 | 000,033,846 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp m4a Codec.bmp
[2010/07/12 00:22:26 | 000,003,175 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp m4a Utilities.dat
[2010/07/12 00:22:15 | 000,033,846 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp m4a Utilities.bmp
[2010/07/09 03:56:31 | 000,000,284 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to BIG MOMMA (G).lnk
[2010/07/05 01:53:24 | 000,002,930 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Multi Encoder] Codec.dat
[2010/07/05 01:53:20 | 000,033,846 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Multi Encoder] Codec.bmp
[2010/07/05 01:52:52 | 000,002,951 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp FLAC Codec.dat
[2010/07/05 01:52:34 | 000,033,846 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp FLAC Codec.bmp
[2010/07/05 01:49:58 | 000,013,853 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/07/05 01:49:41 | 000,033,846 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.bmp
[2010/07/05 01:48:33 | 001,070,456 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2010/07/04 14:49:49 | 000,056,136 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/28 22:22:35 | 019,495,102 | ---- | M] () -- C:\Program Files\vlc-1.1.0-win32.exe

========== Files Created - No Company Name ==========

[2010/07/27 00:12:31 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At72.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At71.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At70.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At69.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At68.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At67.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At66.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At65.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At64.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At63.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At62.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At61.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At60.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At59.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At58.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At57.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At56.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At55.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At54.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At53.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At52.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At51.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At50.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At49.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2010/07/24 21:10:40 | 000,071,682 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\W334kc1B.exe
[2010/07/24 21:10:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/07/24 21:10:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/07/24 21:10:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/07/24 21:10:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/07/24 21:10:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/07/24 21:10:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/07/24 21:10:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/07/24 21:10:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/07/24 21:10:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/07/24 21:10:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/07/24 21:10:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/07/24 21:10:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/07/24 21:10:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/07/24 21:10:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/07/24 21:10:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/07/24 21:10:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/07/24 21:10:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/07/24 21:10:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/07/24 21:10:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/07/24 21:10:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/07/24 21:10:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/07/24 21:10:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/07/24 21:10:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/07/24 21:10:40 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/07/23 14:56:43 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\rkill.exe
[2010/07/23 14:56:43 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RSIT.exe
[2010/07/23 14:56:43 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\pjgdclff.exe
[2010/07/23 07:16:11 | 000,036,868 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\2EJRGyl.exe
[2010/07/20 04:19:09 | 000,002,463 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2010/07/20 03:47:53 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.msi
[2010/07/20 01:59:55 | 000,000,257 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/07/18 14:44:11 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\esetsmartinstaller_enu.exe
[2010/07/18 06:01:30 | 000,036,868 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\2EJRGyl.exe
[2010/07/18 06:01:17 | 000,036,868 | ---- | C] () -- C:\Documents and Settings\Administrator\2EJRGyl.com
[2010/07/17 04:32:31 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\tbcOv3Rr.dat
[2010/07/16 21:00:20 | 000,075,776 | RHS- | C] () -- C:\WINDOWS\System32\proctexeg.dll
[2010/07/12 00:23:54 | 000,033,846 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp m4a Codec.bmp
[2010/07/12 00:23:54 | 000,003,590 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp m4a Codec.dat
[2010/07/12 00:22:26 | 000,033,846 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp m4a Utilities.bmp
[2010/07/12 00:22:26 | 000,003,175 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp m4a Utilities.dat
[2010/07/11 04:38:52 | 000,294,328 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/09 03:56:31 | 000,000,284 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to BIG MOMMA (G).lnk
[2010/07/05 01:53:24 | 000,033,846 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Multi Encoder] Codec.bmp
[2010/07/05 01:53:24 | 000,002,930 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Multi Encoder] Codec.dat
[2010/07/05 01:52:52 | 000,033,846 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp FLAC Codec.bmp
[2010/07/05 01:52:52 | 000,002,951 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp FLAC Codec.dat
[2010/07/05 01:49:58 | 001,070,456 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2010/07/05 01:49:58 | 000,033,846 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.bmp
[2010/07/05 01:49:58 | 000,013,853 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/07/04 14:49:49 | 000,056,136 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/28 22:22:14 | 019,495,102 | ---- | C] () -- C:\Program Files\vlc-1.1.0-win32.exe
[2010/06/13 21:34:19 | 000,001,084 | ---- | C] () -- C:\WINDOWS\DKAAP2DD.ini
[2010/06/11 20:02:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2006/04/22 19:00:00 | 000,052,736 | ---- | C] () -- C:\WINDOWS\System32\ernel32.dll

========== LOP Check ==========

[2010/06/13 21:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Carambis
[2010/07/08 03:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\dBpoweramp
[2010/06/21 15:14:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mp3tag
[2010/06/12 05:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/07/27 00:15:04 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/07/24 21:10:41 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/07/24 21:10:41 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/07/24 21:10:41 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/07/24 21:10:41 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/07/24 21:10:41 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/07/24 21:10:41 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/07/24 21:10:41 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/07/24 21:10:41 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/07/24 21:10:41 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/07/24 21:10:41 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/07/24 21:10:41 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/07/24 21:10:41 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/07/24 21:10:41 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/07/24 21:10:41 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/07/24 22:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/07/24 21:10:41 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
[2010/07/24 21:10:41 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
[2010/07/24 21:10:41 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
[2010/07/27 00:09:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
[2010/07/27 00:24:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At49.job
[2010/07/24 21:10:41 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At50.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At51.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At52.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At53.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At54.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At55.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At56.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At57.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At58.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At59.job
[2010/07/26 05:00:58 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At60.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At61.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At62.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At63.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At64.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At65.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At66.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At67.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At68.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At69.job
[2010/07/24 21:10:41 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At70.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At71.job
[2010/07/27 00:12:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At72.job
[2010/07/24 21:10:41 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/07/24 21:10:41 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/06/09 21:22:29 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/06/09 21:17:26 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/06/09 21:22:29 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/06/09 21:22:29 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/06/09 21:22:29 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 07:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/27 00:05:45 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/07/27 00:09:06 | 000,000,385 | ---- | M] () -- C:\rkill.log

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 17:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 16:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 17:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 16:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2010/06/09 21:21:59 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/10/26 21:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 21:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2010/06/28 22:22:35 | 019,495,102 | ---- | M] () -- C:\Program Files\vlc-1.1.0-win32.exe

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/14 07:00:00 | 000,063,488 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\browselc.dll
[2008/04/14 07:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\cabinet.dll
[2008/04/14 07:00:00 | 000,035,328 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\corpol.dll
[2008/04/14 07:00:00 | 000,033,280 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\cryptdll.dll
[2008/04/14 07:00:00 | 000,008,704 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dciman32.dll
[2008/04/14 07:00:00 | 000,279,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ddraw.dll
[2008/04/14 07:00:00 | 000,027,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ddrawex.dll
[2008/04/14 07:00:00 | 000,357,888 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2008/04/14 07:00:00 | 000,205,312 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2008/04/14 07:00:00 | 000,344,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\hnetcfg.dll
[2008/04/14 07:00:00 | 000,251,904 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll
[2008/04/14 07:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\imgutil.dll
[2008/04/14 07:00:00 | 000,094,720 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iphlpapi.dll
[2009/08/13 10:16:05 | 000,512,000 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\jscript.dll
[2008/04/14 07:00:00 | 000,586,240 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mlang.dll
[2008/04/14 07:00:00 | 000,071,680 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msacm32.dll
[2008/04/14 07:00:00 | 000,539,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msftedit.dll
[2008/04/14 07:00:00 | 000,159,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\MSIMTF.dll
[2008/04/14 07:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msls31.dll
[2008/04/14 07:00:00 | 000,061,440 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvcrt40.dll
[2008/04/14 07:00:00 | 000,039,424 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\pngfilt.dll
[2010/07/16 21:00:20 | 000,075,776 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\proctexeg.dll
[2008/04/14 07:00:00 | 000,007,680 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rasadhlp.dll
[2008/04/14 07:00:00 | 000,237,056 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rasapi32.dll
[2008/04/14 07:00:00 | 000,061,440 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rasman.dll
[2008/04/14 07:00:00 | 000,208,384 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rsaenh.dll
[2008/04/14 07:00:00 | 000,044,032 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rtutils.dll
[2008/04/14 07:00:00 | 000,007,168 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sensapi.dll
[2008/04/14 07:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sfc.dll
[2008/04/14 07:00:00 | 000,140,288 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sfc_os.dll
[2008/04/14 07:00:00 | 000,549,376 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shdoclc.dll
[2008/04/14 07:00:00 | 000,713,216 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sxs.dll
[2008/04/14 07:00:00 | 000,181,760 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\tapi32.dll
[2010/03/09 06:09:18 | 000,430,080 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\vbscript.dll
[2008/04/14 07:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\wshtcpip.dll
[2008/04/14 07:00:00 | 000,022,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\wsock32.dll
[2008/04/14 07:00:00 | 002,897,920 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\xpsp2res.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010/06/09 13:45:40 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/06/09 13:45:40 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/06/09 13:45:40 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/14 07:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/14 07:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/14 07:00:00 | 000,019,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-16 21:56:38
< End of report >


OTL Extras logfile created on: 7/27/2010 12:39:30 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 94.48 Gb Free Space | 63.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 3.73 Gb Total Space | 3.10 Gb Free Space | 83.22% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: X-013126ED881B4
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mp3tag] -- "C:\Program Files\Mp3tag\Mp3tag.exe" "/fp:%1" (Florian Heidenreich)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:TCP" = 1900:TCP:LocalSubNet:Enabled:UDP 1900
"80:TCP" = 80:TCP:*:Enabled:clamwin

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\ClamWin\bin\ClamWin.exe" = C:\Program Files\ClamWin\bin\ClamWin.exe:*:Enabled:Virus Scanner -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Disabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Disabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 20
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{626C034B-50B8-47BD-AF93-EEFD0FA78FF4}" = Character Builder
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ASIO4ALL" = ASIO4ALL
"ATI Display Driver" = ATI Display Driver
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.92 Modem
"dBpoweramp [Multi Encoder] Codec" = dBpoweramp [Multi Encoder] Codec
"dBpoweramp FLAC Codec" = dBpoweramp FLAC Codec
"dBpoweramp m4a Codec" = dBpoweramp m4a Codec
"dBpoweramp m4a Utilities" = dBpoweramp m4a Utilities
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"Dell_HostCD" = Dell Printer Software Uninstall
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Mp3tag" = Mp3tag v2.43
"RegScrubXP_is1" = RegScrubXP 5.1
"VLC media player" = VLC media player 1.0.5
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/19/2010 11:10:15 AM | Computer Name = X-013126ED881B4 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/19/2010 11:10:15 AM | Computer Name = X-013126ED881B4 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 897344

Error - 7/19/2010 11:10:15 AM | Computer Name = X-013126ED881B4 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 897344

Error - 7/19/2010 11:10:17 AM | Computer Name = X-013126ED881B4 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/19/2010 11:10:17 AM | Computer Name = X-013126ED881B4 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 899406

Error - 7/19/2010 11:10:17 AM | Computer Name = X-013126ED881B4 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 899406

Error - 7/19/2010 11:10:19 AM | Computer Name = X-013126ED881B4 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/19/2010 11:10:19 AM | Computer Name = X-013126ED881B4 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 901469

Error - 7/19/2010 11:10:19 AM | Computer Name = X-013126ED881B4 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 901469

Error - 7/19/2010 11:10:22 AM | Computer Name = X-013126ED881B4 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

[ System Events ]
Error - 7/24/2010 1:16:01 AM | Computer Name = X-013126ED881B4 | Source = Schedule | ID = 7901
Description = The At122.job command failed to start due to the following error:
%%2147942402

Error - 7/24/2010 1:16:02 AM | Computer Name = X-013126ED881B4 | Source = Schedule | ID = 7901
Description = The At314.job command failed to start due to the following error:
%%2147942402

Error - 7/24/2010 1:16:02 AM | Computer Name = X-013126ED881B4 | Source = Schedule | ID = 7901
Description = The At386.job command failed to start due to the following error:
%%2147942402

Error - 7/24/2010 1:16:03 AM | Computer Name = X-013126ED881B4 | Source = Schedule | ID = 7901
Description = The At458.job command failed to start due to the following error:
%%2147942402

Error - 7/24/2010 1:16:03 AM | Computer Name = X-013126ED881B4 | Source = Schedule | ID = 7901
Description = The At530.job command failed to start due to the following error:
%%2147942402

Error - 7/24/2010 1:16:03 AM | Computer Name = X-013126ED881B4 | Source = Schedule | ID = 7901
Description = The At602.job command failed to start due to the following error:
%%2147942402

Error - 7/24/2010 1:16:03 AM | Computer Name = X-013126ED881B4 | Source = Schedule | ID = 7901
Description = The At650.job command failed to start due to the following error:
%%2147942402

Error - 7/24/2010 1:16:03 AM | Computer Name = X-013126ED881B4 | Source = Schedule | ID = 7901
Description = The At866.job command failed to start due to the following error:
%%2147942402

Error - 7/24/2010 1:16:04 AM | Computer Name = X-013126ED881B4 | Source = Schedule | ID = 7901
Description = The At938.job command failed to start due to the following error:
%%2147942402

Error - 7/24/2010 1:16:04 AM | Computer Name = X-013126ED881B4 | Source = Schedule | ID = 7901
Description = The At939.job command failed to start due to the following error:
%%2147942402


< End of report >


MBAM Log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4356

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

7/27/2010 12:33:23 AM
mbam-log-2010-07-27 (00-33-23).txt

Scan type: Quick scan
Objects scanned: 133087
Time elapsed: 21 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{c6a91056-83e0-4c6e-8dcc-43fc0dfe7a0a} (Trojan.SearchRedir.M) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c6a91056-83e0-4c6e-8dcc-43fc0dfe7a0a} (Trojan.SearchRedir.M) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
misterbanksiii
Active Member
 
Posts: 7
Joined: July 20th, 2010, 6:02 am

Re: Win32.FraudLoad.edt, Virtumonde, Win32.FraudLoad, etc...

Unread postby Airscape » July 29th, 2010, 5:01 pm

Hi misterbanksiii,

Due to the fact no Anti-Virus software has been installed for some time and the malware further identified it is deemed prudent that if this machine has been used for any banking or other financial transactions on or if it should contain any other sensitive information. Please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Then carry out a reformat and reinstallation of the Windows operating system, and that is the course I strongly recommend.

Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

Afterwards install all critical updates and Service Packs:-

Microsoft releases patches for Windows and other products regularly:


Install a Anti-Virus:

Download just one only of the three free anti-virus programs listed below and install:-


WinPatrol:

  • Download it from here
  • You can find information about how WinPatrol works here

Next:

Any questions? if so feel free to ask, if not stay safe!
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: Win32.FraudLoad.edt, Virtumonde, Win32.FraudLoad, etc...

Unread postby Dakeyras » July 31st, 2010, 2:15 pm

Since we have done all we can, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 24 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware