1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Anti virus 2009 and Trojan.Awax virus, help.

Discussion in 'Virus & Other Malware Removal' started by Jareth, Aug 25, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. Jareth

    Jareth Thread Starter

    Joined:
    Aug 25, 2008
    Messages:
    10
    Hi everyone
    Ive got a virus on my pc (window vista just so you all know) which cant be removed by Norton virus scan.
    Its showing up on norton as 'Trojan.Awax' also ive got three 'downloaders'.
    Also when I am connected to the internet i get popups warning me i have a virus and taken me to a page asking
    me to buy 'Anti-virus 2009' which ive closed straight away (looks verrrrry dodgy)
    Hope this can be solved, its stressing me out to no end (stupid virus)
    Thanks...
    Heres my Hijack this log.
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:07:03, on 22/08/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16711)
    Boot mode: Normal
    Running processes:
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Kontiki\KHost.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Windows\VM_STI.EXE
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Users\Dan Brown\Program Files\DNA\btdna.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Bethesda Softworks\GameSpot\GameSpotDownloadManager_Win32.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    c:\PROGRA~1\mcafee\msc\mcuimgr.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files\Norton Security Scan\Nss.exe
    C:\Program Files\Norton Security Scan\Nss.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\SearchFilterHost.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: PRODEGETOOLBAR574 - {A057A204-BACC-4D26-B6F3-4BF8CCAB3ED4} - C:\PROGRA~1\PRODEG~1\PRODEG~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O3 - Toolbar: PRODEGETOOLBAR574 - {A057A204-BACC-4D26-B6F3-4BF8CCAB3ED4} - C:\PROGRA~1\PRODEG~1\PRODEG~1.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [BigDogPath] C:\Windows\VM_STI.EXE HP Premium Starter Camera
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\pmnllkIx.dll,#1
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Dan Brown\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\DANBRO~1\AppData\Local\Temp\cbXRkKef.dll,#1
    O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\DANBRO~1\AppData\Local\Temp\awtrRhIC.dll,c
    O4 - HKCU\..\Run: [32adbf66] rundll32.exe "C:\Users\DANBRO~1\AppData\Local\Temp\vqenrahe.dll",b
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\Bethesda Softworks\GameSpot\GameSpotDownloadManager_Win32.exe
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
    O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    --
    End of file - 10995 bytes
     
  2. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Welcome to TSG :)

    Please download Malwarebytes Anti-Malware from Here or Here
    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform Quick Scan, then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply with a fresh Hijackthis log too.
    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer, please do so immediately.
     
  3. Jareth

    Jareth Thread Starter

    Joined:
    Aug 25, 2008
    Messages:
    10
    Thanks! Im real greatful for your help

    heres my malwarescan log

    Malwarebytes' Anti-Malware 1.25
    Database version: 1087
    Windows 6.0.6000
    10:51:58 26/08/2008
    mbam-log-08-26-2008 (10-51-58).txt
    Scan type: Quick Scan
    Objects scanned: 44471
    Time elapsed: 14 minute(s), 47 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 2
    Registry Keys Infected: 6
    Registry Values Infected: 6
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 32
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    C:\Users\Dan Brown\AppData\Local\Temp\awtrRhIC.dll (Trojan.Vundo) -> Delete on reboot.
    C:\Users\Dan Brown\AppData\Local\Temp\edmplcwi.dll (Trojan.Vundo) -> Delete on reboot.
    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{c3f6f4fe-85f6-4d0c-98de-15324b09f149} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} (Trojan.BHO) -> Quarantined and deleted successfully.
    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msserver (Trojan.Vundo) -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Vundo) -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\32adbf66 (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{c3f6f4fe-85f6-4d0c-98de-15324b09f149} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msserver (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm319e8cfa (Trojan.Agent) -> Delete on reboot.
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    C:\Users\Dan Brown\AppData\Local\Temp\hgGyaxyW.dll (Trojan.Vundo) -> Delete on reboot.
    C:\Users\Dan Brown\AppData\Local\Temp\awtrRhIC.dll (Trojan.Vundo) -> Delete on reboot.
    C:\Users\Dan Brown\AppData\Local\Temp\edmplcwi.dll (Trojan.Vundo) -> Delete on reboot.
    C:\Windows\System32\pmnllkIx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Windows\System32\ssqPjjJd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Dan Brown\AppData\Local\Temp\geBqPFXO.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Dan Brown\AppData\Local\Temp\geBtstuS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Dan Brown\AppData\Local\Temp\pmnnMcDS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Dan Brown\AppData\Local\Temp\pymalrad.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Dan Brown\AppData\Local\Temp\vhcbvgrb.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Dan Brown\AppData\Local\Temp\vqenrahe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Dan Brown\AppData\Local\Temp\vtanxvax.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Dan Brown\AppData\Local\Temp\emnnsasv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Dan Brown\AppData\Local\Temp\fccccBQK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Dan Brown\AppData\Local\Temp\wvUmllLC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Dan Brown\AppData\Local\Temp\xxyaxYqq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Dan Brown\AppData\Local\Temp\iifdefde.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Dan Brown\AppData\Local\Temp\khfCrPjI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Dan Brown\AppData\Local\Temp\chmyndfh.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Dan Brown\AppData\Local\Temp\mwjkqcyd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Dan Brown\AppData\Local\Temp\tmp0000a746 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Dan Brown\AppData\Local\Temp\tmp0000b95f (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Dan Brown\AppData\Local\Temp\tmp0000be6e (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Dan Brown\AppData\Local\Temp\tmp0000bf96 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Dan Brown\AppData\Local\Temp\tmp0000e0cc (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Dan Brown\AppData\Local\Temp\tmp0000eb38 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Dan Brown\AppData\Local\Temp\tmp00012902 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Dan Brown\AppData\Local\Temp\tmp002a5669 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Dan Brown\AppData\Local\Temp\tmp02a0aadc (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Dan Brown\AppData\Local\Temp\ssqrpooM.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Users\Dan Brown\AppData\Local\Temp\pgdlaibq.dll (Trojan.Agent) -> Delete on reboot.
    C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (Trojan.BHO) -> Delete on reboot.

    And heres my hijack this log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:02:07, on 26/08/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16711)
    Boot mode: Normal
    Running processes:
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Kontiki\KHost.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Windows\VM_STI.EXE
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Users\Dan Brown\Program Files\DNA\btdna.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Bethesda Softworks\GameSpot\GameSpotDownloadManager_Win32.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    c:\PROGRA~1\mcafee\msc\mcuimgr.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\Taskmgr.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: PRODEGETOOLBAR574 - {A057A204-BACC-4D26-B6F3-4BF8CCAB3ED4} - C:\PROGRA~1\PRODEG~1\PRODEG~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O3 - Toolbar: PRODEGETOOLBAR574 - {A057A204-BACC-4D26-B6F3-4BF8CCAB3ED4} - C:\PROGRA~1\PRODEG~1\PRODEG~1.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [BigDogPath] C:\Windows\VM_STI.EXE HP Premium Starter Camera
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Dan Brown\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\DANBRO~1\AppData\Local\Temp\hgGyaxyW.dll,#1
    O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\DANBRO~1\AppData\Local\Temp\awtrRhIC.dll,c
    O4 - HKCU\..\Run: [BM319e8cfa] Rundll32.exe "C:\Users\DANBRO~1\AppData\Local\Temp\pgdlaibq.dll",s
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\Bethesda Softworks\GameSpot\GameSpotDownloadManager_Win32.exe
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
    O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    --
    End of file - 10689 bytes
     
  4. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    1. Go HERE and download TempFix.
    Save it to your Desktop (but do not run it yet)

    2. Reboot into Safe Mode
    This can be done by
    • Restart your PC, and after it starts, but before you see the Windows Splash screen
      Begin tapping the F8 key twice a second untill you reach another menu screen (black background with white menu choices)
      Use your arrow keys and select Safe Mode and then Enter
    3. Rt Click TempFix.zip ->> Extract all ->> And extract it to your Desktop
    Additional help on extracting zip files can be found HERE
    • Open the TempFix Folder.
      Rt Click TempFix.vbe ->>Select Open Then Open to confirm.
      As the program runs, it will appear that nothing is happening.
      When the program is fnished it will produce a log for you C:\TempFix.txt
      Copy and paste the contents of that log in your reply.
      Note: if your root drive is something other thatn C:\ then the log will default to your designated root drive
    4. Then reboot your PC into Normal Windows Mode->> Rerun Hijackthis and post a fresh Hiajckthis log.
    As well as the C:\TempFix.txt log
     
  5. Jareth

    Jareth Thread Starter

    Joined:
    Aug 25, 2008
    Messages:
    10
    here is my TempFix log


    ========================================
    TempFix
    Version 1.0.3
    By bamajim @ bamajim.com
    ========================================

    Report ran on --->>> 26/08/2008 23:34:20

    ======== Files created in (System32) last 30 days ========
    14/08/2008 17:46:14 124928 32 C:\Windows\System32\advpack.dll
    12/08/2008 19:55:34 98304 32 C:\Windows\System32\CmdLineExt.dll
    10/08/2008 20:01:58 2388176 32 C:\Windows\System32\d3dx9_30.dll
    14/08/2008 17:46:11 347136 32 C:\Windows\System32\dxtmsft.dll
    14/08/2008 17:46:12 214528 32 C:\Windows\System32\dxtrans.dll
    14/08/2008 17:46:24 268800 32 C:\Windows\System32\es.dll
    14/08/2008 17:46:29 28672 32 C:\Windows\System32\FwRemoteSvr.dll
    14/08/2008 17:46:11 63488 32 C:\Windows\System32\icardie.dll
    14/08/2008 17:46:12 70656 32 C:\Windows\System32\ie4uinit.exe
    14/08/2008 17:46:15 383488 32 C:\Windows\System32\ieapfltr.dll
    14/08/2008 17:46:18 6066176 32 C:\Windows\System32\ieframe.dll
    14/08/2008 17:46:12 44544 32 C:\Windows\System32\iernonce.dll
    14/08/2008 17:46:12 56320 32 C:\Windows\System32\iesetup.dll
    14/08/2008 17:46:12 180736 32 C:\Windows\System32\ieui.dll
    14/08/2008 17:46:11 26624 32 C:\Windows\System32\ieUnatt.exe
    14/08/2008 17:45:49 737792 32 C:\Windows\System32\inetcomm.dll
    14/08/2008 17:46:15 1831424 32 C:\Windows\System32\inetcpl.cpl
    14/08/2008 17:45:49 84480 32 C:\Windows\System32\INETRES.dll
    14/08/2008 17:46:29 361984 32 C:\Windows\System32\IPSECSVC.DLL
    14/08/2008 17:46:11 27648 32 C:\Windows\System32\jsproxy.dll
    14/08/2008 17:46:19 3592192 32 C:\Windows\System32\mshtml.dll
    14/08/2008 17:46:08 1383424 32 C:\Windows\System32\mshtml.tlb
    14/08/2008 17:46:15 477696 32 C:\Windows\System32\mshtmled.dll
    14/08/2008 17:46:15 671232 32 C:\Windows\System32\mstime.dll
    14/08/2008 17:46:09 44544 32 C:\Windows\System32\pngfilt.dll
    14/08/2008 17:46:29 272896 32 C:\Windows\System32\polstore.dll
    15/08/2008 03:03:56 2048 32 C:\Windows\System32\tzres.dll
    14/08/2008 17:46:17 1159680 32 C:\Windows\System32\urlmon.dll
    14/08/2008 17:46:17 826368 32 C:\Windows\System32\wininet.dll
    14/08/2008 17:46:28 61440 32 C:\Windows\System32\winipsec.dll
    10/08/2008 20:02:14 229584 32 C:\Windows\System32\xactengine2_1.dll
    10/08/2008 20:02:17 230168 32 C:\Windows\System32\xactengine2_2.dll
    10/08/2008 20:02:19 236824 32 C:\Windows\System32\xactengine2_3.dll
    10/08/2008 20:02:15 62672 32 C:\Windows\System32\xinput1_1.dll
    10/08/2008 20:02:18 62744 32 C:\Windows\System32\xinput1_2.dll
    ========= Temp Files Deleted ========
    C:\Users\DANBRO~1\AppData\Local\Temp\2e20e27.mst
    C:\Users\DANBRO~1\AppData\Local\Temp\4oD.log
    C:\Users\DANBRO~1\AppData\Local\Temp\547dff3.mst
    C:\Users\DANBRO~1\AppData\Local\Temp\5bc422c.mst
    C:\Users\DANBRO~1\AppData\Local\Temp\AutoRun.exe
    C:\Users\DANBRO~1\AppData\Local\Temp\AutoRunGUI.dll
    C:\Users\DANBRO~1\AppData\Local\Temp\b120x240.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\b120x600.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\b120x90.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\b125x125.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\b160x600.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\b180x150.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\b234x60.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\b240x400.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\b250x250.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\b300x100.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\b300x250.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\b336x280.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\b468x60.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\b720x300.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\b728x90.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\Bad.fxV2_Q30_MESH_STANDARD_BlendEnabled_ZBUFFERWRITE
    C:\Users\DANBRO~1\AppData\Local\Temp\BJlknnpo.ini2
    C:\Users\DANBRO~1\AppData\Local\Temp\CIhRrtwa.ini
    C:\Users\DANBRO~1\AppData\Local\Temp\CIhRrtwa.ini2
    C:\Users\DANBRO~1\AppData\Local\Temp\Cloth30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_RIMLIGHTING_SPECULAR
    C:\Users\DANBRO~1\AppData\Local\Temp\Cloth30.fxV2_Q30_MESH_WEIGHTED_BlendEnabled_BLEND_BUMP_RIMLIGHTING_SPECULAR
    C:\Users\DANBRO~1\AppData\Local\Temp\Cloth30.fxV2_Q30_MESH_WEIGHTED_BlendEnabled_BUMP_PARALLAX_RIMLIGHTING_SPECULAR
    C:\Users\DANBRO~1\AppData\Local\Temp\Cloth30.fxV2_Q30_MESH_WEIGHTED_BlendEnabled_BUMP_RIMLIGHTING_SPECULAR
    C:\Users\DANBRO~1\AppData\Local\Temp\CojLauncher.exe
    C:\Users\DANBRO~1\AppData\Local\Temp\cre2648.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\cre2E08.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\cre30AE.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\cre48E2.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\cre5A41.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\cre6348.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\cre70A0.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\cre744D.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\cre7F4C.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\cre9C91.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\creA9FD.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\creCDFA.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\creD17.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\creFBDB.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\cres.dll
    C:\Users\DANBRO~1\AppData\Local\Temp\cshell.dll
    C:\Users\DANBRO~1\AppData\Local\Temp\cwbsjrce.dll
    C:\Users\DANBRO~1\AppData\Local\Temp\Dan Brown.bmp
    C:\Users\DANBRO~1\AppData\Local\Temp\dc91f4c.mst
    C:\Users\DANBRO~1\AppData\Local\Temp\DelUS.bat
    C:\Users\DANBRO~1\AppData\Local\Temp\DIO2BB5.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\DIO33BC.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\DIO368A.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\DIO3E76.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\DIO4D69.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\DIO588C.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\DIO9BB7.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\DIOC784.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\DIOD150.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\DIOEC30.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\DIOF2FB.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\DMI2263.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\DMI563D.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\DMI8853.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\drm_dialogs.dll
    C:\Users\DANBRO~1\AppData\Local\Temp\dtsfbdul.dll
    C:\Users\DANBRO~1\AppData\Local\Temp\DW2579.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\DW25A8.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\DW2952.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\DW2981.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\DW2DBCB.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\DW2DCB7.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\dycqkjwm.ini
    C:\Users\DANBRO~1\AppData\Local\Temp\eauninstall.exe
    C:\Users\DANBRO~1\AppData\Local\Temp\eharneqv.ini
    C:\Users\DANBRO~1\AppData\Local\Temp\eve.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\external.txt
    C:\Users\DANBRO~1\AppData\Local\Temp\First15.exe
    C:\Users\DANBRO~1\AppData\Local\Temp\gd_weather_cloudy.png
    C:\Users\DANBRO~1\AppData\Local\Temp\gd_weather_flurries.png
    C:\Users\DANBRO~1\AppData\Local\Temp\gd_weather_fog.png
    C:\Users\DANBRO~1\AppData\Local\Temp\gd_weather_haze.png
    C:\Users\DANBRO~1\AppData\Local\Temp\gd_weather_icy.png
    C:\Users\DANBRO~1\AppData\Local\Temp\gd_weather_mostlyCloudyDay.png
    C:\Users\DANBRO~1\AppData\Local\Temp\gd_weather_mostlyCloudyNight.png
    C:\Users\DANBRO~1\AppData\Local\Temp\gd_weather_mostlySunnyDay.png
    C:\Users\DANBRO~1\AppData\Local\Temp\gd_weather_mostlySunnyNight.png
    C:\Users\DANBRO~1\AppData\Local\Temp\gd_weather_rain.png
    C:\Users\DANBRO~1\AppData\Local\Temp\gd_weather_sleet.png
    C:\Users\DANBRO~1\AppData\Local\Temp\gd_weather_snow.png
    C:\Users\DANBRO~1\AppData\Local\Temp\gd_weather_storm.png
    C:\Users\DANBRO~1\AppData\Local\Temp\gd_weather_sunnyNight.png
    C:\Users\DANBRO~1\AppData\Local\Temp\gd_weather_thunderstorm.png
    C:\Users\DANBRO~1\AppData\Local\Temp\Glass.fxV2_Q30_MESH_RIGID_BlendEnabled_BUMP_SPECULAR_REFLECTION_REFRACTION2D
    C:\Users\DANBRO~1\AppData\Local\Temp\Glass.fxV2_Q30_MESH_WEIGHTED_BlendEnabled_REFLECTION_REFRACTION2D
    C:\Users\DANBRO~1\AppData\Local\Temp\Glow20.fxV2_Q30_MESH_RIGID_BlendEnabled
    C:\Users\DANBRO~1\AppData\Local\Temp\Glow20.fxV2_Q30_MESH_RIGID_BlendEnabled_BLEND
    C:\Users\DANBRO~1\AppData\Local\Temp\Glow20.fxV2_Q30_MESH_STANDARD_BlendEnabled
    C:\Users\DANBRO~1\AppData\Local\Temp\Glow20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND
    C:\Users\DANBRO~1\AppData\Local\Temp\Glow20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_ALPHAFADE
    C:\Users\DANBRO~1\AppData\Local\Temp\Glow20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_ALPHAFADE_SCROLL
    C:\Users\DANBRO~1\AppData\Local\Temp\Glow20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_REFLECTION
    C:\Users\DANBRO~1\AppData\Local\Temp\Glow20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_SCROLL
    C:\Users\DANBRO~1\AppData\Local\Temp\Glow20.fxV2_Q30_MESH_STANDARD_BlendEnabled_REFLECTION
    C:\Users\DANBRO~1\AppData\Local\Temp\Glow20.fxV2_Q30_MESH_TWEENED_BlendEnabled_BLEND
    C:\Users\DANBRO~1\AppData\Local\Temp\hover_glow.png
    C:\Users\DANBRO~1\AppData\Local\Temp\hppldcoi.log
    C:\Users\DANBRO~1\AppData\Local\Temp\hpqddusr.log
    C:\Users\DANBRO~1\AppData\Local\Temp\icon_chanceofrain.png
    C:\Users\DANBRO~1\AppData\Local\Temp\icon_chanceofsleet.png
    C:\Users\DANBRO~1\AppData\Local\Temp\icon_chanceofsnow.png
    C:\Users\DANBRO~1\AppData\Local\Temp\icon_chanceofstorm.png
    C:\Users\DANBRO~1\AppData\Local\Temp\icon_chanceofthunderstorm.png
    C:\Users\DANBRO~1\AppData\Local\Temp\icon_clear_night.png
    C:\Users\DANBRO~1\AppData\Local\Temp\icon_cloudy.png
    C:\Users\DANBRO~1\AppData\Local\Temp\icon_flurries.png
    C:\Users\DANBRO~1\AppData\Local\Temp\icon_fog.png
    C:\Users\DANBRO~1\AppData\Local\Temp\icon_haze.png
    C:\Users\DANBRO~1\AppData\Local\Temp\icon_icy.png
    C:\Users\DANBRO~1\AppData\Local\Temp\icon_mostlyclear_night.png
    C:\Users\DANBRO~1\AppData\Local\Temp\icon_mostlycloudy.png
    C:\Users\DANBRO~1\AppData\Local\Temp\icon_mostlycloudy_night.png
    C:\Users\DANBRO~1\AppData\Local\Temp\icon_mostlysunny.png
    C:\Users\DANBRO~1\AppData\Local\Temp\icon_rain.png
    C:\Users\DANBRO~1\AppData\Local\Temp\icon_snow.png
    C:\Users\DANBRO~1\AppData\Local\Temp\icon_storm.png
    C:\Users\DANBRO~1\AppData\Local\Temp\icon_sunny.png
    C:\Users\DANBRO~1\AppData\Local\Temp\icon_thunderstorm.png
    C:\Users\DANBRO~1\AppData\Local\Temp\insD5BF.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\iwclpmde.ini
    C:\Users\DANBRO~1\AppData\Local\Temp\jusched.log
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR1.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR1258.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR145B.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR1532.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR1726.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR257C.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR2867.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR2B57.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR32A4.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR3469.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR3515.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR40C7.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR42D9.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR4386.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR48F2.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR4BFD.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR4F87.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR5D8A.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR5F7E.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR60AF.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR633F.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR64DA.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR6631.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR67C7.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR67E7.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR692D.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR699B.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR6BCC.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR6D3.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR6D72.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR6EF7.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR6F94.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR709E.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR74CA.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR758C.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR76F4.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR77A8.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR7953.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR7A1E.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR7B86.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR7CDD.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR7DB7.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR7DF5.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR7E72.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR7F0E.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR7FF9.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR8018.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR8076.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR81E8.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR81FB.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR824A.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR82D6.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR8371.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR84E8.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR8516.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR85F1.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR866B.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR87A5.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR897A.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR8A25.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR8B3E.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR8C29.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR8CB4.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR8D42.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR8DCD.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR8E79.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR8ED7.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR9000.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR909C.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR909D.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR9118.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR9471.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR95B4.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR95D8.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR9859.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR99FE.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR9B7F.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR9C8C.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR9CAB.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR9CF.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR9E71.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MAR9EA0.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MARA5CC.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MARA9D2.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MARACE2.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MARAD65.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MARAF78.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MARAFBE.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MARB0EA.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MARB200.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MARB2D3.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MARB2EE.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MARB589.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MARB5E6.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MARB828.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MARB830.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MARBA2A.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MARBC7C.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MARBD4A.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MARBE30.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MARBEEB.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MARC0A5.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MARC19A.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MARC414.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MARC4F3.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MARC8FA.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MARCA1E.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MARCAD.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MARCE84.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MARD2F8.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MARDEF8.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MARDF85.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MARE2E0.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MARE4EE.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MARE7C0.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MARE887.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MARF362.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MARF69E.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MARF70A.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MARF712.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MARF907.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MARF9D8.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\mcrh.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\mdfix012.log
    C:\Users\DANBRO~1\AppData\Local\Temp\Mirror.fxV2_Q30_MESH_STANDARD_BlendEnabled_MIRROR
    C:\Users\DANBRO~1\AppData\Local\Temp\Mirror.fxV2_Q30_MESH_STANDARD_BlendEnabled_MIRROR_MIRRORMASK
    C:\Users\DANBRO~1\AppData\Local\Temp\mjdcqyqg.dll
    C:\Users\DANBRO~1\AppData\Local\Temp\MsiExe000.log
    C:\Users\DANBRO~1\AppData\Local\Temp\MSW6F97.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MSWA365.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\MSWA36E.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\neykbidt.dll
    C:\Users\DANBRO~1\AppData\Local\Temp\object.lto
    C:\Users\DANBRO~1\AppData\Local\Temp\ose00000.exe
    C:\Users\DANBRO~1\AppData\Local\Temp\pfwxxcks.dll
    C:\Users\DANBRO~1\AppData\Local\Temp\plugin_small[0].png
    C:\Users\DANBRO~1\AppData\Local\Temp\plugin_small[10].png
    C:\Users\DANBRO~1\AppData\Local\Temp\plugin_small[11].png
    C:\Users\DANBRO~1\AppData\Local\Temp\plugin_small[12].png
    C:\Users\DANBRO~1\AppData\Local\Temp\plugin_small[13].png
    C:\Users\DANBRO~1\AppData\Local\Temp\plugin_small[14].png
    C:\Users\DANBRO~1\AppData\Local\Temp\plugin_small[15].png
    C:\Users\DANBRO~1\AppData\Local\Temp\plugin_small[16].png
    C:\Users\DANBRO~1\AppData\Local\Temp\plugin_small[17].png
    C:\Users\DANBRO~1\AppData\Local\Temp\plugin_small[18].png
    C:\Users\DANBRO~1\AppData\Local\Temp\plugin_small[1].png
    C:\Users\DANBRO~1\AppData\Local\Temp\plugin_small[2].png
    C:\Users\DANBRO~1\AppData\Local\Temp\plugin_small[3].png
    C:\Users\DANBRO~1\AppData\Local\Temp\plugin_small[4].png
    C:\Users\DANBRO~1\AppData\Local\Temp\plugin_small[5].png
    C:\Users\DANBRO~1\AppData\Local\Temp\plugin_small[6].png
    C:\Users\DANBRO~1\AppData\Local\Temp\plugin_small[7].png
    C:\Users\DANBRO~1\AppData\Local\Temp\plugin_small[8].png
    C:\Users\DANBRO~1\AppData\Local\Temp\plugin_small[9].png
    C:\Users\DANBRO~1\AppData\Local\Temp\removalfile.bat
    C:\Users\DANBRO~1\AppData\Local\Temp\ScatterBillboard.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND
    C:\Users\DANBRO~1\AppData\Local\Temp\set2E0C.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\Set510B.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\Set601.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\Set792D.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\Set8425.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\set946A.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\set95A0.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\setA3BD.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\SetA687.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\setCD87.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\SetE02D.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\SetEF13.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\Setup Log 2008-08-10 #001.txt
    C:\Users\DANBRO~1\AppData\Local\Temp\SetupExe(2008051717262910CC).log
     
  6. Jareth

    Jareth Thread Starter

    Joined:
    Aug 25, 2008
    Messages:
    10
    Continued...

    C:\Users\DANBRO~1\AppData\Local\Temp\Sims2Logo.jpg
    C:\Users\DANBRO~1\AppData\Local\Temp\SIntf16.dll
    C:\Users\DANBRO~1\AppData\Local\Temp\SIntf32.dll
    C:\Users\DANBRO~1\AppData\Local\Temp\SIntfNT.dll
    C:\Users\DANBRO~1\AppData\Local\Temp\Skin20.fxV2_Q30_MESH_WEIGHTED_BlendEnabled_BLEND_BUMP_RIMLIGHTING_SPECULAR
    C:\Users\DANBRO~1\AppData\Local\Temp\Skin20.fxV2_Q30_MESH_WEIGHTED_BlendEnabled_BUMP_PARALLAX_RIMLIGHTING_SPECULAR
    C:\Users\DANBRO~1\AppData\Local\Temp\Skin20.fxV2_Q30_MESH_WEIGHTED_BlendEnabled_BUMP_RIMLIGHTING_SPECULAR
    C:\Users\DANBRO~1\AppData\Local\Temp\Skin20.fxV2_Q30_MESH_WEIGHTED_BlendEnabled_BUMP_RIMLIGHTING_SUBSURFACE_SPECULAR
    C:\Users\DANBRO~1\AppData\Local\Temp\Skin30.fxV2_Q30_MESH_WEIGHTED_BlendEnabled_BLEND_BUMP_RIMLIGHTING_SPECULAR
    C:\Users\DANBRO~1\AppData\Local\Temp\Skin30.fxV2_Q30_MESH_WEIGHTED_BlendEnabled_BUMP_PARALLAX_RIMLIGHTING_SPECULAR
    C:\Users\DANBRO~1\AppData\Local\Temp\Skin30.fxV2_Q30_MESH_WEIGHTED_BlendEnabled_BUMP_RIMLIGHTING_SPECULAR
    C:\Users\DANBRO~1\AppData\Local\Temp\Skin30.fxV2_Q30_MESH_WEIGHTED_BlendEnabled_BUMP_RIMLIGHTING_SUBSURFACE_SPECULAR
    C:\Users\DANBRO~1\AppData\Local\Temp\slate_closed.png
    C:\Users\DANBRO~1\AppData\Local\Temp\slate_main.png
    C:\Users\DANBRO~1\AppData\Local\Temp\slate_open.png
    C:\Users\DANBRO~1\AppData\Local\Temp\Sprite.fxV2_Q30_SPRITES_BlendEnabled
    C:\Users\DANBRO~1\AppData\Local\Temp\sqlite_JBZIeXX29PIv3rY
    C:\Users\DANBRO~1\AppData\Local\Temp\sqlite_QFCSjzF4pWWzKma
    C:\Users\DANBRO~1\AppData\Local\Temp\sqlite_syizVb1kwerDO0y
    C:\Users\DANBRO~1\AppData\Local\Temp\sres.dll
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard13.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_SPECULAR_REFLECTION2D_REFRACTION2D_SCROLL
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard13.fxV2_Q30_MESH_STANDARD_BlendEnabled_MIRROR
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard13.fxV2_Q30_MESH_STANDARD_BlendEnabled_MIRROR_MIRRORMASK
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_RIGID_BlendEnabled
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_RIGID_BlendEnabled_BLEND
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_RIGID_BlendEnabled_BLEND_BUMP
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_RIGID_BlendEnabled_BLEND_BUMP_SPECULAR
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_RIGID_BlendEnabled_BLEND_SPECULAR
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_RIGID_BlendEnabled_BUMP
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_RIGID_BlendEnabled_BUMP_PARALLAX_SPECULAR
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_RIGID_BlendEnabled_BUMP_SPECULAR
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_RIGID_BlendEnabled_BUMP_SPECULAR_REFLECTION
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_RIGID_BlendEnabled_BUMP_SPECULAR_REFLECTION_REFRACTION2D
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_RIGID_BlendEnabled_SPECULAR
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_RIGID_BlendEnabled_SPECULAR_REFLECTION
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_ALPHAFADE
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_ALPHAFADE_SCROLL
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_BUMP
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_BUMP_BUMPDETAIL
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_BUMP_BUMPDETAIL_SPECULAR
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_BUMP_PARALLAX_SPECULAR
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_BUMP_SPECULAR
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_BUMP_SPECULAR_ILLUMINATION
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_BUMP_SPECULAR_REFLECTION
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_ILLUMINATION
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_REFLECTION
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_SCROLL
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_SPECULAR
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_SPECULAR_ILLUMINATION_SCROLL
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_SPECULAR_REFLECTION
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_BUMPDETAIL_PARALLAX_SPECULAR
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_BUMPDETAIL_PARALLAX_SPECULAR_REFLECTION
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_BUMPDETAIL_SPECULAR
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_PARALLAX_SPECULAR
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_PARALLAX_SPECULAR_ILLUMINATION
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_PARALLAX_SPECULAR_REFLECTION
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_REFLECTION
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_RIMLIGHTING_SPECULAR
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_SPECULAR
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_SPECULAR_REFLECTION
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_SPECULAR_REFLECTION2D_REFRACTION2D_SCROLL
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_SPECULAR_REFLECTION_ILLUMINATION
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_ILLUMINATION
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_MIRROR
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_MIRROR_MIRRORMASK
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_REFLECTION
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_SPECULAR
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_SPECULAR_ILLUMINATION
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_SPECULAR_REFLECTION
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_SPECULAR_REFLECTION_ILLUMINATION
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_TWEENED_BlendEnabled_BLEND
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_WEIGHTED_BlendEnabled_BLEND
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_WEIGHTED_BlendEnabled_BLEND_BUMP_RIMLIGHTING_SPECULAR
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_WEIGHTED_BlendEnabled_BLEND_BUMP_SPECULAR
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_WEIGHTED_BlendEnabled_BUMP_PARALLAX_RIMLIGHTING_SPECULAR
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_WEIGHTED_BlendEnabled_BUMP_RIMLIGHTING_SPECULAR
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_WEIGHTED_BlendEnabled_BUMP_RIMLIGHTING_SUBSURFACE_SPECULAR
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_WEIGHTED_BlendEnabled_BUMP_SPECULAR
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_WEIGHTED_BlendEnabled_BUMP_SPECULAR_REFLECTION
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard20.fxV2_Q30_MESH_WEIGHTED_BlendEnabled_REFLECTION_REFRACTION2D
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_RIGID_BlendEnabled
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_RIGID_BlendEnabled_BLEND
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_RIGID_BlendEnabled_BLEND_BUMP
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_RIGID_BlendEnabled_BLEND_BUMP_SPECULAR
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_RIGID_BlendEnabled_BLEND_SPECULAR
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_RIGID_BlendEnabled_BUMP
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_RIGID_BlendEnabled_BUMP_PARALLAX_SPECULAR
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_RIGID_BlendEnabled_BUMP_SPECULAR
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_RIGID_BlendEnabled_BUMP_SPECULAR_REFLECTION
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_RIGID_BlendEnabled_BUMP_SPECULAR_REFLECTION_REFRACTION2D
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_RIGID_BlendEnabled_SPECULAR
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_RIGID_BlendEnabled_SPECULAR_REFLECTION
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_ALPHAFADE
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_ALPHAFADE_SCROLL
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_BUMP
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_BUMP_BUMPDETAIL
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_BUMP_BUMPDETAIL_SPECULAR
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_BUMP_PARALLAX_SPECULAR
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_BUMP_SPECULAR
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_BUMP_SPECULAR_ILLUMINATION
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_BUMP_SPECULAR_REFLECTION
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_ILLUMINATION
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_REFLECTION
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_SCROLL
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_SPECULAR
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_SPECULAR_ILLUMINATION_SCROLL
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_SPECULAR_REFLECTION
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_BUMPDETAIL_PARALLAX_SPECULAR
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_BUMPDETAIL_PARALLAX_SPECULAR_REFLECTION
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_BUMPDETAIL_SPECULAR
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_PARALLAX_SPECULAR
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_PARALLAX_SPECULAR_ILLUMINATION
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_PARALLAX_SPECULAR_REFLECTION
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_REFLECTION
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_RIMLIGHTING_SPECULAR
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_SPECULAR
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_SPECULAR_REFLECTION
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_SPECULAR_REFLECTION2D_REFRACTION2D_SCROLL
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_SPECULAR_REFLECTION_ILLUMINATION
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_ILLUMINATION
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_MIRROR
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_MIRROR_MIRRORMASK
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_REFLECTION
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_SPECULAR
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_SPECULAR_ILLUMINATION
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_SPECULAR_REFLECTION
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_SPECULAR_REFLECTION_ILLUMINATION
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_TWEENED_BlendEnabled_BLEND
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_WEIGHTED_BlendEnabled_BLEND
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_WEIGHTED_BlendEnabled_BLEND_BUMP_RIMLIGHTING_SPECULAR
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_WEIGHTED_BlendEnabled_BLEND_BUMP_SPECULAR
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_WEIGHTED_BlendEnabled_BUMP_PARALLAX_RIMLIGHTING_SPECULAR
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_WEIGHTED_BlendEnabled_BUMP_RIMLIGHTING_SPECULAR
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_WEIGHTED_BlendEnabled_BUMP_RIMLIGHTING_SUBSURFACE_SPECULAR
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_WEIGHTED_BlendEnabled_BUMP_SPECULAR
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_WEIGHTED_BlendEnabled_BUMP_SPECULAR_REFLECTION
    C:\Users\DANBRO~1\AppData\Local\Temp\Standard30.fxV2_Q30_MESH_WEIGHTED_BlendEnabled_REFLECTION_REFRACTION2D
    C:\Users\DANBRO~1\AppData\Local\Temp\StaticShadow.fxV2_Q30_MESH_STANDARD_BlendEnabled
    C:\Users\DANBRO~1\AppData\Local\Temp\StaticShadow.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND
    C:\Users\DANBRO~1\AppData\Local\Temp\StaticShadowTextureShadow.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND
    C:\Users\DANBRO~1\AppData\Local\Temp\status.txt
    C:\Users\DANBRO~1\AppData\Local\Temp\STS1268.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STS18BE.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STS246A.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STS3AAD.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STS3C31.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STS47D9.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STS4ECB.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STS5226.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STS5238.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STS583D.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STS5A41.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STS5E17.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STS5E37.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STS7639.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STS7C70.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STS7FC.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STS8303.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STS8A8.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STS8B00.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STS8C48.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STS8CF4.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STS8D22.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STS9147.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STS9289.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STS929E.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STS92AE.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STS9398.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STS9C4F.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STS9D26.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STS9D96.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STSA1FA.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STSA257.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STSA276.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STSA51E.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STSAA34.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STSAB49.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STSAF42.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STSAFEE.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STSB200.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STSB625.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STSBA0C.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STSBCCA.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STSBCF8.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STSC00D.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STSC0EE.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STSC246.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STSC2E2.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STSCB98.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STSCC82.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STSCED3.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STSD66A.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STSDB90.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STSDC94.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STSDCD7.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STSE550.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STSE5CD.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STSE7A8.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STSE839.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STSE90C.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STSEE45.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\STSF585.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\temp.ani
    C:\Users\DANBRO~1\AppData\Local\Temp\TFR2027.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\TFR2086.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\TFR20F8.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\TFR212A.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\TFR215A.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\TFR21A0.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\TFR21C3.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\TFR21E5.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\The Sims 2_uninst.exe
    C:\Users\DANBRO~1\AppData\Local\Temp\undocked-sunny.png
    C:\Users\DANBRO~1\AppData\Local\Temp\undocked-sunny[0].png
    C:\Users\DANBRO~1\AppData\Local\Temp\VP6.reg
    C:\Users\DANBRO~1\AppData\Local\Temp\VP6Install.exe
    C:\Users\DANBRO~1\AppData\Local\Temp\VP6VFW.dll
    C:\Users\DANBRO~1\AppData\Local\Temp\WaterSurface.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_SPECULAR_REFLECTION2D_REFRACTION2D_SCROLL
    C:\Users\DANBRO~1\AppData\Local\Temp\WER38CB.tmp.version.txt
    C:\Users\DANBRO~1\AppData\Local\Temp\WERE4A4.tmp.version.txt
    C:\Users\DANBRO~1\AppData\Local\Temp\wmplog00.sqm
    C:\Users\DANBRO~1\AppData\Local\Temp\wmsetup.log
    C:\Users\DANBRO~1\AppData\Local\Temp\_add_ds.log
    C:\Users\DANBRO~1\AppData\Local\Temp\_isA84B.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\_isDA37.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\_isdelet.ini
    C:\Users\DANBRO~1\AppData\Local\Temp\{AC76BA86-7AD7-1033-7B44-A81000000003}.ini
    C:\Users\DANBRO~1\AppData\Local\Temp\{AC76BA86-7AD7-1033-7B44-A81200000003}.ini
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF131B.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF1360.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF13E4.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF13F2.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF1823.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF1888.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF1961.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF19EC.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF1A7A.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF1AA5.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF1DDF.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF1DFE.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF1FE.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF2220.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF22F2.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF236A.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF23A6.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF29A4.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF29BD.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF2A89.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF2A8F.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF2B07.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF2B51.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF2BAA.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF2C21.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF2CA7.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF2EDF.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF35.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF352E.tmp
     
  7. Jareth

    Jareth Thread Starter

    Joined:
    Aug 25, 2008
    Messages:
    10
    Continued...


    C:\Users\DANBRO~1\AppData\Local\Temp\~DF35E6.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF35ED.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF36BB.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF36F1.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF3BDF.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF3C94.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF412A.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF422.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF43B3.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF46D2.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF4721.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF47B3.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF483.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF492C.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF49CA.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF4A5F.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF504A.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF5212.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF534E.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF5468.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF54AE.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF56D9.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF57CB.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF5815.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF5A0B.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF5C30.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF629.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF64A1.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF673B.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF68BF.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF68DD.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF69D3.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF6A11.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF6A7A.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF6D30.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF6E21.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF6E7F.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF6FF0.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF7012.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF7178.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF72F9.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF783B.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF7984.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF79E0.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF7FED.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF8027.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF8083.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF81FE.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF8233.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF8254.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF839A.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF83FA.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF842E.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF8509.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF8676.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF8715.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF8838.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF8D7C.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF8ECA.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF8FC.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF90BE.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF916A.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF92C7.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF92F3.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF970A.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF9718.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF97E0.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF9841.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DF9B1F.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFA317.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFA390.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFA3F2.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFA4CE.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFA729.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFA766.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFA924.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFABD0.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFAE07.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFB252.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFB4B6.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFB55B.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFB7ED.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFB8ED.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFBA3D.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFBAE.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFBB99.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFBC55.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFBD0F.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFBD61.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFBF04.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFC0E1.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFC121.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFC174.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFC3F9.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFC695.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFC79D.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFC812.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFC9AA.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFCB14.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFCB73.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFCBCD.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFCC38.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFCD39.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFCE0C.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFCEAD.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFCFA1.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFD0B9.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFD0FF.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFD1A1.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFD237.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFD53B.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFD56F.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFD7A2.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFDA41.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFDB9A.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFDC67.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFDD1B.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFDE40.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFDFC7.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFE079.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFE55A.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFE5BB.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFE7CF.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFE8EB.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFE911.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFED46.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFEE39.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFF174.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFF452.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFF467.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFF562.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFF803.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~DFFE81.tmp
    C:\Users\DANBRO~1\AppData\Local\Temp\~e5.0001
    C:\Users\DANBRO~1\AppData\Local\Temp\~e5d141.tmp
    699 Files deleted


    and the hijack this log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:43:16, on 26/08/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16711)
    Boot mode: Normal
    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Kontiki\KHost.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Windows\VM_STI.EXE
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Users\Dan Brown\Program Files\DNA\btdna.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Bethesda Softworks\GameSpot\GameSpotDownloadManager_Win32.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    c:\PROGRA~1\mcafee\msc\mcuimgr.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: PRODEGETOOLBAR574 - {A057A204-BACC-4D26-B6F3-4BF8CCAB3ED4} - C:\PROGRA~1\PRODEG~1\PRODEG~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O3 - Toolbar: PRODEGETOOLBAR574 - {A057A204-BACC-4D26-B6F3-4BF8CCAB3ED4} - C:\PROGRA~1\PRODEG~1\PRODEG~1.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [BigDogPath] C:\Windows\VM_STI.EXE HP Premium Starter Camera
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Dan Brown\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [BM319e8cfa] Rundll32.exe "C:\Users\DANBRO~1\AppData\Local\Temp\pgdlaibq.dll",s
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\Bethesda Softworks\GameSpot\GameSpotDownloadManager_Win32.exe
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
    O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    --
    End of file - 10401 bytes


    Thanks!
     
  8. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Run HijackThis, and press "Do a System Scan Only".
    1. When the scan is complete place a check mark next to the following entries:

    O4 - HKCU\..\Run: [BM319e8cfa] Rundll32.exe "C:\Users\DANBRO~1\AppData\Local\Temp\pgdlaibq.dll",s

    2. After checking these items CLOSE ALL open windows EXCEPT HijackThis and click "Fix Checked." Then, reboot your computer...


    Please open Malwarebytes Anti-Malware, update to the latest definitions, and run a quick scan. In your next reply, please include a fresh HIjackthis log and MBAM log. thanks
     
  9. Jareth

    Jareth Thread Starter

    Joined:
    Aug 25, 2008
    Messages:
    10
    When i ran Malwarebytes anti-malware scan 1 virus has shown up, should i select 'remove selected'?

    ill post the hijack this log and the other log anyway, if i was ment to remove selected (i havnt yet) sorry for wasting a post.


    Malwarebytes' Anti-Malware 1.25
    Database version: 1087
    Windows 6.0.6000
    11:23:38 28/08/2008
    mbam-log-08-28-2008 (11-23-33).txt
    Scan type: Quick Scan
    Objects scanned: 43317
    Time elapsed: 4 minute(s), 47 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    (No malicious items detected)



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:29:48, on 28/08/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16711)
    Boot mode: Normal
    Running processes:
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Kontiki\KHost.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Windows\VM_STI.EXE
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Users\Dan Brown\Program Files\DNA\btdna.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Bethesda Softworks\GameSpot\GameSpotDownloadManager_Win32.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
    c:\PROGRA~1\mcafee\msc\mcuimgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: PRODEGETOOLBAR574 - {A057A204-BACC-4D26-B6F3-4BF8CCAB3ED4} - C:\PROGRA~1\PRODEG~1\PRODEG~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O3 - Toolbar: PRODEGETOOLBAR574 - {A057A204-BACC-4D26-B6F3-4BF8CCAB3ED4} - C:\PROGRA~1\PRODEG~1\PRODEG~1.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [BigDogPath] C:\Windows\VM_STI.EXE HP Premium Starter Camera
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Dan Brown\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\Bethesda Softworks\GameSpot\GameSpotDownloadManager_Win32.exe
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
    O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    --
    End of file - 10370 bytes


    Thanks!
     
  10. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Please reboot your computer and post a fresh Hijackthis log. For some reason the script for mbam didn't finish. Thanks
     
  11. Jareth

    Jareth Thread Starter

    Joined:
    Aug 25, 2008
    Messages:
    10
    heres a fresh hijackthis log...



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:29:48, on 28/08/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16711)
    Boot mode: Normal
    Running processes:
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Kontiki\KHost.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Windows\VM_STI.EXE
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Users\Dan Brown\Program Files\DNA\btdna.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Bethesda Softworks\GameSpot\GameSpotDownloadManager_Win32.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
    c:\PROGRA~1\mcafee\msc\mcuimgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: PRODEGETOOLBAR574 - {A057A204-BACC-4D26-B6F3-4BF8CCAB3ED4} - C:\PROGRA~1\PRODEG~1\PRODEG~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O3 - Toolbar: PRODEGETOOLBAR574 - {A057A204-BACC-4D26-B6F3-4BF8CCAB3ED4} - C:\PROGRA~1\PRODEG~1\PRODEG~1.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [BigDogPath] C:\Windows\VM_STI.EXE HP Premium Starter Camera
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Dan Brown\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\Bethesda Softworks\GameSpot\GameSpotDownloadManager_Win32.exe
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
    O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    --
    End of file - 10370 bytes
     
  12. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Okay, i'm not sure why you keep posting old logs. Please open Hijackthis and click on Run Hijackthis and Save Log file. Please re-post. Thanks
     
  13. Jareth

    Jareth Thread Starter

    Joined:
    Aug 25, 2008
    Messages:
    10
    Sorry bout that, not sure how/why i re-posted a hijackthis log, ok ive done it again and here is the (hopefully) fresh hijackthis log...


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:00:15, on 02/09/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16711)
    Boot mode: Normal
    Running processes:
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\Kontiki\KHost.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Windows\VM_STI.EXE
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Bethesda Softworks\GameSpot\GameSpotDownloadManager_Win32.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    c:\PROGRA~1\mcafee\msc\mcuimgr.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: PRODEGETOOLBAR574 - {A057A204-BACC-4D26-B6F3-4BF8CCAB3ED4} - C:\PROGRA~1\PRODEG~1\PRODEG~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O3 - Toolbar: PRODEGETOOLBAR574 - {A057A204-BACC-4D26-B6F3-4BF8CCAB3ED4} - C:\PROGRA~1\PRODEG~1\PRODEG~1.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [BigDogPath] C:\Windows\VM_STI.EXE HP Premium Starter Camera
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\Bethesda Softworks\GameSpot\GameSpotDownloadManager_Win32.exe
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
    O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    --
    End of file - 10183 bytes


    Thanks alot, and sorry for the mix up
     
  14. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    No problem. How is everything running?
     
  15. Jareth

    Jareth Thread Starter

    Joined:
    Aug 25, 2008
    Messages:
    10
    Every thing is running perfectly thanks for all your help!
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/743492

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice