OK, took a while to do all that, we got there though.
SUPERAntiSpyware Report
SUPERAntiSpyware Scan Log
http://www.superantispyware.comGenerated 02/16/2008 at 01:31 PM
Application Version : 3.9.1008
Core Rules Database Version : 3404
Trace Rules Database Version: 1396
Scan type : Complete Scan
Total Scan Time : 00:27:30
Memory items scanned : 505
Memory threats detected : 0
Registry items scanned : 4038
Registry threats detected : 168
File items scanned : 28466
File threats detected : 248
Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{09AED905-7241-4F5D-A6D5-17C3EC445178}
HKCR\CLSID\{09AED905-7241-4F5D-A6D5-17C3EC445178}
HKCR\CLSID\{09AED905-7241-4F5D-A6D5-17C3EC445178}\InprocServer32
HKCR\CLSID\{09AED905-7241-4F5D-A6D5-17C3EC445178}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\GEEDA.DLL
HKLM\Software\Classes\CLSID\{0D1A75BC-DC72-4C03-84D7-47086BCAD6F3}
HKCR\CLSID\{0D1A75BC-DC72-4C03-84D7-47086BCAD6F3}
HKCR\CLSID\{0D1A75BC-DC72-4C03-84D7-47086BCAD6F3}\InprocServer32
HKCR\CLSID\{0D1A75BC-DC72-4C03-84D7-47086BCAD6F3}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{0DC961A2-8566-410D-AA6C-920C98AD2D5D}
HKCR\CLSID\{0DC961A2-8566-410D-AA6C-920C98AD2D5D}
HKCR\CLSID\{0DC961A2-8566-410D-AA6C-920C98AD2D5D}\InprocServer32
HKCR\CLSID\{0DC961A2-8566-410D-AA6C-920C98AD2D5D}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{10A9CB94-EE35-4853-9E6F-4D0FF91776D2}
HKCR\CLSID\{10A9CB94-EE35-4853-9E6F-4D0FF91776D2}
HKCR\CLSID\{10A9CB94-EE35-4853-9E6F-4D0FF91776D2}\InprocServer32
HKCR\CLSID\{10A9CB94-EE35-4853-9E6F-4D0FF91776D2}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{1A196359-D84A-4A27-AA57-ECA4FC550F58}
HKCR\CLSID\{1A196359-D84A-4A27-AA57-ECA4FC550F58}
HKCR\CLSID\{1A196359-D84A-4A27-AA57-ECA4FC550F58}\InprocServer32
HKCR\CLSID\{1A196359-D84A-4A27-AA57-ECA4FC550F58}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{1DC88ECD-C2BB-4F9C-9B4A-79C28A2B98AE}
HKCR\CLSID\{1DC88ECD-C2BB-4F9C-9B4A-79C28A2B98AE}
HKCR\CLSID\{1DC88ECD-C2BB-4F9C-9B4A-79C28A2B98AE}\InprocServer32
HKCR\CLSID\{1DC88ECD-C2BB-4F9C-9B4A-79C28A2B98AE}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{28849629-4D97-4B60-989F-34DECD5FB0B8}
HKCR\CLSID\{28849629-4D97-4B60-989F-34DECD5FB0B8}
HKCR\CLSID\{28849629-4D97-4B60-989F-34DECD5FB0B8}\InprocServer32
HKCR\CLSID\{28849629-4D97-4B60-989F-34DECD5FB0B8}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{2EEB281E-1816-4E30-9076-AB2E7459EF4C}
HKCR\CLSID\{2EEB281E-1816-4E30-9076-AB2E7459EF4C}
HKCR\CLSID\{2EEB281E-1816-4E30-9076-AB2E7459EF4C}\InprocServer32
HKCR\CLSID\{2EEB281E-1816-4E30-9076-AB2E7459EF4C}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{46FAA16B-64AA-4B8A-B0E4-845ABABF9DBA}
HKCR\CLSID\{46FAA16B-64AA-4B8A-B0E4-845ABABF9DBA}
HKCR\CLSID\{46FAA16B-64AA-4B8A-B0E4-845ABABF9DBA}\InprocServer32
HKCR\CLSID\{46FAA16B-64AA-4B8A-B0E4-845ABABF9DBA}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{4ED06F81-67E4-448E-BF84-64BC5CEAA7A4}
HKCR\CLSID\{4ED06F81-67E4-448E-BF84-64BC5CEAA7A4}
HKCR\CLSID\{4ED06F81-67E4-448E-BF84-64BC5CEAA7A4}\InprocServer32
HKCR\CLSID\{4ED06F81-67E4-448E-BF84-64BC5CEAA7A4}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{4F14857D-6446-4859-9E3E-5F650EDEC28E}
HKCR\CLSID\{4F14857D-6446-4859-9E3E-5F650EDEC28E}
HKCR\CLSID\{4F14857D-6446-4859-9E3E-5F650EDEC28E}\InprocServer32
HKCR\CLSID\{4F14857D-6446-4859-9E3E-5F650EDEC28E}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{5102E64C-0059-41A7-94D7-0BE45E574C4B}
HKCR\CLSID\{5102E64C-0059-41A7-94D7-0BE45E574C4B}
HKCR\CLSID\{5102E64C-0059-41A7-94D7-0BE45E574C4B}\InprocServer32
HKCR\CLSID\{5102E64C-0059-41A7-94D7-0BE45E574C4B}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{54D891DA-FF56-49D8-B4F3-6FF214DC189E}
HKCR\CLSID\{54D891DA-FF56-49D8-B4F3-6FF214DC189E}
HKCR\CLSID\{54D891DA-FF56-49D8-B4F3-6FF214DC189E}\InprocServer32
HKCR\CLSID\{54D891DA-FF56-49D8-B4F3-6FF214DC189E}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{56FC09D7-7C4E-42D7-9FBF-53E1D41896C4}
HKCR\CLSID\{56FC09D7-7C4E-42D7-9FBF-53E1D41896C4}
HKCR\CLSID\{56FC09D7-7C4E-42D7-9FBF-53E1D41896C4}\InprocServer32
HKCR\CLSID\{56FC09D7-7C4E-42D7-9FBF-53E1D41896C4}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{5AC33DCA-054D-4BD5-ABE3-AC55F0F19453}
HKCR\CLSID\{5AC33DCA-054D-4BD5-ABE3-AC55F0F19453}
HKCR\CLSID\{5AC33DCA-054D-4BD5-ABE3-AC55F0F19453}\InprocServer32
HKCR\CLSID\{5AC33DCA-054D-4BD5-ABE3-AC55F0F19453}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{623FC868-0810-4195-98E1-B70018078AFA}
HKCR\CLSID\{623FC868-0810-4195-98E1-B70018078AFA}
HKCR\CLSID\{623FC868-0810-4195-98E1-B70018078AFA}\InprocServer32
HKCR\CLSID\{623FC868-0810-4195-98E1-B70018078AFA}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{65211F90-0E6E-4F2C-9C26-85F5B47E6F2E}
HKCR\CLSID\{65211F90-0E6E-4F2C-9C26-85F5B47E6F2E}
HKCR\CLSID\{65211F90-0E6E-4F2C-9C26-85F5B47E6F2E}\InprocServer32
HKCR\CLSID\{65211F90-0E6E-4F2C-9C26-85F5B47E6F2E}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\AWTQQ.DLL
HKLM\Software\Classes\CLSID\{69C57F44-EA81-4C52-A5B8-9CA85A2C31F1}
HKCR\CLSID\{69C57F44-EA81-4C52-A5B8-9CA85A2C31F1}
HKCR\CLSID\{69C57F44-EA81-4C52-A5B8-9CA85A2C31F1}\InprocServer32
HKCR\CLSID\{69C57F44-EA81-4C52-A5B8-9CA85A2C31F1}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{6AB6709F-F0F9-4376-B288-51ABE5009ACD}
HKCR\CLSID\{6AB6709F-F0F9-4376-B288-51ABE5009ACD}
HKCR\CLSID\{6AB6709F-F0F9-4376-B288-51ABE5009ACD}\InprocServer32
HKCR\CLSID\{6AB6709F-F0F9-4376-B288-51ABE5009ACD}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{7884D0D9-12BE-420C-AB09-A3F451A93647}
HKCR\CLSID\{7884D0D9-12BE-420C-AB09-A3F451A93647}
HKCR\CLSID\{7884D0D9-12BE-420C-AB09-A3F451A93647}\InprocServer32
HKCR\CLSID\{7884D0D9-12BE-420C-AB09-A3F451A93647}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{85D68BB1-4F5E-4683-B997-67620A665028}
HKCR\CLSID\{85D68BB1-4F5E-4683-B997-67620A665028}
HKCR\CLSID\{85D68BB1-4F5E-4683-B997-67620A665028}\InprocServer32
HKCR\CLSID\{85D68BB1-4F5E-4683-B997-67620A665028}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{973EAAFE-39ED-40CF-B9AA-2B650D568E54}
HKCR\CLSID\{973EAAFE-39ED-40CF-B9AA-2B650D568E54}
HKCR\CLSID\{973EAAFE-39ED-40CF-B9AA-2B650D568E54}\InprocServer32
HKCR\CLSID\{973EAAFE-39ED-40CF-B9AA-2B650D568E54}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{9B1BFEB8-E8F6-4464-B65F-DF94E9EE7738}
HKCR\CLSID\{9B1BFEB8-E8F6-4464-B65F-DF94E9EE7738}
HKCR\CLSID\{9B1BFEB8-E8F6-4464-B65F-DF94E9EE7738}\InprocServer32
HKCR\CLSID\{9B1BFEB8-E8F6-4464-B65F-DF94E9EE7738}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{9D1BD279-DCEE-43B3-9C98-15666338CDAD}
HKCR\CLSID\{9D1BD279-DCEE-43B3-9C98-15666338CDAD}
HKCR\CLSID\{9D1BD279-DCEE-43B3-9C98-15666338CDAD}\InprocServer32
HKCR\CLSID\{9D1BD279-DCEE-43B3-9C98-15666338CDAD}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{A1AD7F4F-4285-4BA9-84C9-ED517AB73DD4}
HKCR\CLSID\{A1AD7F4F-4285-4BA9-84C9-ED517AB73DD4}
HKCR\CLSID\{A1AD7F4F-4285-4BA9-84C9-ED517AB73DD4}\InprocServer32
HKCR\CLSID\{A1AD7F4F-4285-4BA9-84C9-ED517AB73DD4}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{A27EC9F5-E3B9-43EF-B30E-BC3B04FDE94B}
HKCR\CLSID\{A27EC9F5-E3B9-43EF-B30E-BC3B04FDE94B}
HKCR\CLSID\{A27EC9F5-E3B9-43EF-B30E-BC3B04FDE94B}\InprocServer32
HKCR\CLSID\{A27EC9F5-E3B9-43EF-B30E-BC3B04FDE94B}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{B008C1F9-B9B6-4469-82A5-86C47B858843}
HKCR\CLSID\{B008C1F9-B9B6-4469-82A5-86C47B858843}
HKCR\CLSID\{B008C1F9-B9B6-4469-82A5-86C47B858843}\InprocServer32
HKCR\CLSID\{B008C1F9-B9B6-4469-82A5-86C47B858843}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{C41A44E2-9813-4E8B-9EFA-8C19ED6FED7B}
HKCR\CLSID\{C41A44E2-9813-4E8B-9EFA-8C19ED6FED7B}
HKCR\CLSID\{C41A44E2-9813-4E8B-9EFA-8C19ED6FED7B}\InprocServer32
HKCR\CLSID\{C41A44E2-9813-4E8B-9EFA-8C19ED6FED7B}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{C8502F78-F6FF-49D1-A2DF-429B775E414B}
HKCR\CLSID\{C8502F78-F6FF-49D1-A2DF-429B775E414B}
HKCR\CLSID\{C8502F78-F6FF-49D1-A2DF-429B775E414B}\InprocServer32
HKCR\CLSID\{C8502F78-F6FF-49D1-A2DF-429B775E414B}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{D63F0156-747A-4093-BFD3-71229D96348C}
HKCR\CLSID\{D63F0156-747A-4093-BFD3-71229D96348C}
HKCR\CLSID\{D63F0156-747A-4093-BFD3-71229D96348C}\InprocServer32
HKCR\CLSID\{D63F0156-747A-4093-BFD3-71229D96348C}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{D8579DC0-08AF-4C16-B81A-81E801956B74}
HKCR\CLSID\{D8579DC0-08AF-4C16-B81A-81E801956B74}
HKCR\CLSID\{D8579DC0-08AF-4C16-B81A-81E801956B74}\InprocServer32
HKCR\CLSID\{D8579DC0-08AF-4C16-B81A-81E801956B74}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{DFBBE4EE-F3C7-4108-9110-86057DAE05DD}
HKCR\CLSID\{DFBBE4EE-F3C7-4108-9110-86057DAE05DD}
HKCR\CLSID\{DFBBE4EE-F3C7-4108-9110-86057DAE05DD}\InprocServer32
HKCR\CLSID\{DFBBE4EE-F3C7-4108-9110-86057DAE05DD}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{E19BAB6A-834B-4330-AB22-2791989BF549}
HKCR\CLSID\{E19BAB6A-834B-4330-AB22-2791989BF549}
HKCR\CLSID\{E19BAB6A-834B-4330-AB22-2791989BF549}\InprocServer32
HKCR\CLSID\{E19BAB6A-834B-4330-AB22-2791989BF549}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{E9C2E4F4-112F-4357-B6B1-4ACFF6A4272A}
HKCR\CLSID\{E9C2E4F4-112F-4357-B6B1-4ACFF6A4272A}
HKCR\CLSID\{E9C2E4F4-112F-4357-B6B1-4ACFF6A4272A}\InprocServer32
HKCR\CLSID\{E9C2E4F4-112F-4357-B6B1-4ACFF6A4272A}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{EE4C9C93-4A0D-472C-AFE1-B4DB4EAB14EA}
HKCR\CLSID\{EE4C9C93-4A0D-472C-AFE1-B4DB4EAB14EA}
HKCR\CLSID\{EE4C9C93-4A0D-472C-AFE1-B4DB4EAB14EA}\InprocServer32
HKCR\CLSID\{EE4C9C93-4A0D-472C-AFE1-B4DB4EAB14EA}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{F0264302-D54F-4359-A8A7-D341032239A5}
HKCR\CLSID\{F0264302-D54F-4359-A8A7-D341032239A5}
HKCR\CLSID\{F0264302-D54F-4359-A8A7-D341032239A5}\InprocServer32
HKCR\CLSID\{F0264302-D54F-4359-A8A7-D341032239A5}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{F87176CE-2A4B-4C40-9336-8C519C0897FE}
HKCR\CLSID\{F87176CE-2A4B-4C40-9336-8C519C0897FE}
HKCR\CLSID\{F87176CE-2A4B-4C40-9336-8C519C0897FE}\InprocServer32
HKCR\CLSID\{F87176CE-2A4B-4C40-9336-8C519C0897FE}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{F8EB5C79-F751-4335-89D4-052B7583EC19}
HKCR\CLSID\{F8EB5C79-F751-4335-89D4-052B7583EC19}
HKCR\CLSID\{F8EB5C79-F751-4335-89D4-052B7583EC19}\InprocServer32
HKCR\CLSID\{F8EB5C79-F751-4335-89D4-052B7583EC19}\InprocServer32#ThreadingModel
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP157\A0057283.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP157\A0057284.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP166\A0072094.DLL
C:\VUNDOFIX BACKUPS\HGGEBBC.DLL.BAD
Adware.AdSponsor/ISM
HKLM\Software\Classes\CLSID\{12DA1BC4-5384-42fd-A119-3C99D2D146A2}
HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}
HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}
HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}#AppID
HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}\Implemented Categories
HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}\InprocServer32
HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}\InprocServer32#ThreadingModel
HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}\ProgID
HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}\TypeLib
HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}\VersionIndependentProgID
C:\PROGRAM FILES\ISM\BNDDRIVE3.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8B27CC68-110C-46a9-80D3-F3107DE6EB98}
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{12DA1BC4-5384-42fd-A119-3C99D2D146A2}
HKU\S-1-5-21-515967899-1972579041-725345543-1003\Software\QdrModule
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\QDRDRIVE\QDRDRIVE9.DLL.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\QDRMODULE\QDRMODULE12.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\QDRPACK\QDRPACK12.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP157\A0057286.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP166\A0072068.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP166\A0072070.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP166\A0072071.EXE
Adware.Tracking Cookie
C:\Documents and Settings\Pat\Cookies\pat@findwhat[1].txt
C:\Documents and Settings\Pat\Cookies\pat@mediaplex[2].txt
C:\Documents and Settings\Pat\Cookies\pat@adultadworld[1].txt
C:\Documents and Settings\Pat\Cookies\
[email protected][2].txt
C:\Documents and Settings\Pat\Cookies\pat@adbrite[2].txt
C:\Documents and Settings\Pat\Cookies\pat@tacoda[2].txt
C:\Documents and Settings\Pat\Cookies\
[email protected][1].txt
C:\Documents and Settings\Pat\Cookies\pat@tribalfusion[2].txt
C:\Documents and Settings\Pat\Cookies\pat@advertising[4].txt
C:\Documents and Settings\Pat\Cookies\pat@2o7[1].txt
C:\Documents and Settings\Pat\Cookies\
[email protected][4].txt
C:\Documents and Settings\Pat\Cookies\
[email protected][2].txt
C:\Documents and Settings\Pat\Cookies\pat@interclick[1].txt
C:\Documents and Settings\Pat\Cookies\pat@qnsr[1].txt
C:\Documents and Settings\Pat\Cookies\
[email protected][1].txt
C:\Documents and Settings\Pat\Cookies\
[email protected][1].txt
C:\Documents and Settings\Pat\Cookies\pat@mediatraffic[1].txt
C:\Documents and Settings\Pat\Cookies\pat@indiads[1].txt
C:\Documents and Settings\Pat\Cookies\pat@revsci[4].txt
C:\Documents and Settings\Pat\Cookies\
[email protected][2].txt
C:\Documents and Settings\Pat\Cookies\
[email protected][2].txt
C:\Documents and Settings\Pat\Cookies\pat@adultfriendfinder[1].txt
C:\Documents and Settings\Pat\Cookies\
[email protected][2].txt
C:\Documents and Settings\Pat\Cookies\
[email protected][1].txt
C:\Documents and Settings\Pat\Cookies\
[email protected][1].txt
C:\Documents and Settings\Pat\Cookies\pat@html[2].txt
C:\Documents and Settings\Pat\Cookies\pat@drivecleaner[3].txt
C:\Documents and Settings\Pat\Cookies\
[email protected][2].txt
C:\Documents and Settings\Pat\Cookies\pat@enhance[3].txt
C:\Documents and Settings\Pat\Cookies\
[email protected][1].txt
C:\Documents and Settings\Pat\Cookies\
[email protected][1].txt
C:\Documents and Settings\Pat\Cookies\pat@a[1].txt
C:\Documents and Settings\Pat\Cookies\
[email protected][1].txt
C:\Documents and Settings\Pat\Cookies\pat@redorbit[1].txt
C:\Documents and Settings\Pat\Cookies\
[email protected][2].txt
C:\Documents and Settings\Pat\Cookies\pat@partner2profit[2].txt
C:\Documents and Settings\Pat\Cookies\pat@emarketmakers[2].txt
C:\Documents and Settings\Pat\Cookies\pat@specificclick[2].txt
C:\Documents and Settings\Pat\Cookies\
[email protected][1].txt
C:\Documents and Settings\Pat\Cookies\
[email protected][3].txt
C:\Documents and Settings\Pat\Cookies\
[email protected][1].txt
C:\Documents and Settings\Pat\Cookies\pat@atdmt[2].txt
C:\Documents and Settings\Pat\Cookies\
[email protected][1].txt
C:\Documents and Settings\Pat\Cookies\
[email protected][1].txt
C:\Documents and Settings\Pat\Cookies\
[email protected][1].txt
C:\Documents and Settings\Pat\Cookies\
[email protected][2].txt
C:\Documents and Settings\Pat\Cookies\
[email protected][1].txt
C:\Documents and Settings\Pat\Cookies\pat@trafficmp[1].txt
C:\Documents and Settings\Pat\Cookies\pat@serving-sys[1].txt
C:\Documents and Settings\Pat\Cookies\pat@atwola[1].txt
C:\Documents and Settings\Pat\Cookies\
[email protected][1].txt
C:\Documents and Settings\Pat\Cookies\
[email protected][1].txt
C:\Documents and Settings\Pat\Cookies\
[email protected][1].txt
C:\Documents and Settings\Pat\Cookies\
[email protected][1].txt
C:\Documents and Settings\Pat\Cookies\
[email protected][1].txt
C:\Documents and Settings\Pat\Cookies\pat@exitexchange[2].txt
C:\Documents and Settings\Pat\Cookies\
[email protected][1].txt
C:\Documents and Settings\Pat\Cookies\
[email protected][2].txt
C:\Documents and Settings\Pat\Cookies\
[email protected][1].txt
C:\Documents and Settings\Pat\Cookies\pat@ad[2].txt
C:\Documents and Settings\Pat\Cookies\
[email protected][1].txt
C:\Documents and Settings\Pat\Cookies\pat@realmedia[1].txt
C:\Documents and Settings\Pat\Cookies\
[email protected][2].txt
C:\Documents and Settings\Pat\Cookies\pat@adlegend[1].txt
C:\Documents and Settings\Pat\Cookies\
[email protected][1].txt
C:\Documents and Settings\Pat\Cookies\
[email protected][1].txt
C:\Documents and Settings\Pat\Cookies\pat@zedo[1].txt
C:\Documents and Settings\Pat\Cookies\
[email protected][3].txt
C:\Documents and Settings\Pat\Cookies\pat@doubleclick[1].txt
C:\Documents and Settings\Pat\Cookies\
[email protected][2].txt
C:\Documents and Settings\Pat\Cookies\
[email protected][1].txt
C:\Documents and Settings\Pat\Cookies\pat@directtrack[1].txt
C:\Documents and Settings\Pat\Cookies\
[email protected][1].txt
C:\Documents and Settings\Pat\Cookies\
[email protected][2].txt
C:\Documents and Settings\Pat\Cookies\pat@adprofile[1].txt
C:\Documents and Settings\Pat\Cookies\
[email protected][2].txt
C:\Documents and Settings\Pat\Cookies\
[email protected][1].txt
C:\Documents and Settings\Pat\Cookies\
[email protected][1].txt
C:\Documents and Settings\Pat\Cookies\
[email protected][2].txt
C:\Documents and Settings\Pat\Cookies\pat@cpvfeed[2].txt
C:\Documents and Settings\Pat\Cookies\pat@enhance[1].txt
C:\Documents and Settings\Pat\Cookies\pat@entrepreneur[1].txt
C:\Documents and Settings\Pat\Cookies\pat@findology[1].txt
C:\Documents and Settings\Pat\Cookies\pat@redorbit[2].txt
C:\Documents and Settings\Pat\Cookies\pat@revsci[1].txt
C:\Documents and Settings\Pat\Cookies\pat@revsci[3].txt
C:\Documents and Settings\Pat\Cookies\pat@specificclick[1].txt
C:\Documents and Settings\Pat\Cookies\pat@tacoda[1].txt
Trojan.Unknown Origin
HKLM\Software\xpre
HKLM\Software\xpre#execount
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP157\A0057285.EXE
Adware.WebBuying Assistant
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\OTFMJBG.DLL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP166\A0072082.DLL
Adware.WebBuying Assistant-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP138\A0029264.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP138\A0029265.EXE
Trojan.Rootkit-TnCore
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP138\A0029324.SYS
Adware.Vundo-Variant/Small-A
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP152\A0047878.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP152\A0047906.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP152\A0048931.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP152\A0048932.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP153\A0049981.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP153\A0049982.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP153\A0050010.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP153\A0050011.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP154\A0050041.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP154\A0050042.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP154\A0050043.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP154\A0050044.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP154\A0050065.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP154\A0050066.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP155\A0050096.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP155\A0050097.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP155\A0050112.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP155\A0050113.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP155\A0053149.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP155\A0053150.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP156\A0056190.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP156\A0056191.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP156\A0056236.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP156\A0056237.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP156\A0056238.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP156\A0056239.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP156\A0056254.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP156\A0056255.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP157\A0057349.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP157\A0057350.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP157\A0058359.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP157\A0058360.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP158\A0060390.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP158\A0060391.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP158\A0061416.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP158\A0061417.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP160\A0064484.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP160\A0064485.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP160\A0064486.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP160\A0066498.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP161\A0066530.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP161\A0066531.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP162\A0067641.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP162\A0067642.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP162\A0067643.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP162\A0067656.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP162\A0067657.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP162\A0067658.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP162\A0067659.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP163\A0068751.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP163\A0068752.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP163\A0069812.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP163\A0069813.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069860.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069861.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069875.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069876.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069877.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069878.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069879.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069880.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069881.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069882.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069884.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069885.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069886.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069887.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069888.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069889.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069890.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069891.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069892.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069894.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069895.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069896.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069897.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069898.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069899.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069900.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069901.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069902.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069903.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069904.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069905.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069906.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069907.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069908.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069909.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069910.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069911.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069912.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069913.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069914.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069915.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069916.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069917.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069918.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069919.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069920.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069921.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069922.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069923.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069924.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069925.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069926.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069927.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069929.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069930.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069931.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069932.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069933.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069934.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069935.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069936.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069937.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069938.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069939.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069940.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069941.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069942.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069943.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069944.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069945.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069954.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069984.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP165\A0072019.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP165\A0072035.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP165\A0072036.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP165\A0072037.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP165\A0072047.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP166\A0072084.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP166\A0072085.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP166\A0072086.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP166\A0072087.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP167\A0072273.DLL
Adware.Vundo-Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP163\A0069833.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP164\A0069928.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F1F679AB-52DF-4DFD-9BF9-F3760C7C4A7C}\RP165\A0072034.DLL
Adware.ClickSpring/Yazzle
C:\WINDOWS\PREFETCH\YAZZLE1281OINADMIN.EXE-2D8F7800.PF
Trojan.Downloader-Gen/TaLDrv
C:\WINDOWS\SYSTEM32\DJ2\AXEBMBRPL6.EXE
ComboFix
ComboFix 08-02-14.2 - Pat 2008-02-17 13:15:25.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1409 [GMT -8:00]
Running from: C:\Documents and Settings\Pat\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Pat\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((( Files Created from 2008-01-17 to 2008-02-17 )))))))))))))))))))))))))))))))
.
2008-02-16 12:58 . 2008-02-16 12:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-16 12:57 . 2008-02-16 13:39 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-16 12:57 . 2008-02-16 12:57 <DIR> d-------- C:\Documents and Settings\Pat\Application Data\SUPERAntiSpyware.com
2008-02-15 21:43 . 2008-02-15 21:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-02-15 20:55 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-15 20:39 . 2008-02-15 20:46 <DIR> d-------- C:\Documents and Settings\Pat\.SunDownloadManager
2008-02-15 17:44 . 2008-02-15 17:44 <DIR> d--h----- C:\WINDOWS\PIF
2008-02-15 14:56 . 2008-02-15 14:56 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-15 14:46 . 2008-02-15 14:46 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-02-13 22:46 . 2008-02-15 14:46 <DIR> d-------- C:\VundoFix Backups
2008-02-13 17:08 . 2008-02-13 17:07 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-13 17:08 . 2008-02-13 17:08 3,442 --a------ C:\WINDOWS\unins000.dat
2008-02-04 17:33 . 2008-02-04 17:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2008-01-30 16:08 . 2006-09-11 10:56 526,184 --a------ C:\WINDOWS\system32\XceedCry.dll
2008-01-30 16:08 . 2006-12-21 14:18 497,496 --a------ C:\WINDOWS\system32\XceedZip.dll
2008-01-30 16:08 . 2003-05-14 21:07 389,120 --a------ C:\WINDOWS\system32\actskn43.ocx
2008-01-30 16:08 . 2004-12-07 09:11 258,352 --a------ C:\WINDOWS\system32\unicows.dll
2008-01-30 15:14 . 2004-03-09 01:00 1,081,616 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-16 20:57 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-16 05:45 --------- d-----w C:\Program Files\AIM6
2008-02-16 05:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-16 05:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-02-16 04:55 --------- d-----w C:\Program Files\Java
2008-02-16 01:47 --------- d-----w C:\Program Files\QuickTime
2008-02-16 01:11 --------- d-----w C:\Program Files\MSN Messenger
2008-02-16 01:09 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-02-16 01:09 --------- d-----w C:\Program Files\SpyCatcher
2008-02-16 01:09 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-14 01:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-14 01:11 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-13 21:47 --------- d-----w C:\Program Files\World of Warcraft
2008-02-10 21:36 --------- d-----w C:\Documents and Settings\Pat\Application Data\LimeWire
2008-01-10 06:58 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-01-07 10:20 --------- d-----w C:\Program Files\Starcraft
2007-12-28 03:52 0 ----a-w C:\info.exe
2007-12-28 03:39 --------- d-----w C:\Program Files\RcvSystem
2007-12-24 04:42 --------- d-----w C:\Program Files\BitComet
2007-12-24 04:33 --------- d-----w C:\Program Files\Symantec
2007-12-24 04:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-19 23:11 --------- d-----w C:\Documents and Settings\Pat\Application Data\Skype
2007-12-19 07:13 --------- d-----w C:\Documents and Settings\Pat\Application Data\acccore
2007-12-19 07:12 --------- d-----w C:\Program Files\Viewpoint
2007-12-19 07:11 --------- d-----w C:\Program Files\Common Files\AOL
2007-12-19 07:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 08:15 50528]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-12-29 22:37 5674352]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2007-12-29 22:37 1694208]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 11:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 11:22 86016]
"SoundMan"="SOUNDMAN.EXE" [2006-06-21 04:42 577536 C:\WINDOWS\soundman.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"SpyCatcher Reminder"="C:\Program Files\SpyCatcher\SpyCatcher.exe" [2007-12-29 22:36 103864]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 05:00 79224]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-12-29 22:37 88024]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask .exe" [ ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-12-29 22:37 52896]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-12-29 22:37 125168]
C:\Documents and Settings\Pat\Start Menu\Programs\Startup\
Scheduler.lnk - C:\Program Files\SpyCatcher\Scheduler daemon.exe [2007-08-21 02:06:15 86133]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 00:48:20 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 23:01:50 734872]
SpyCatcher Protector.lnk - C:\Program Files\SpyCatcher\Protector.exe [2007-08-21 02:06:15 91576]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\evenmgr]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=secuload.dll
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 13:38]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-02-17 13:16:30
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-17 13:17:02
ComboFix-quarantined-files.txt 2008-02-17 21:16:47
ComboFix2.txt 2008-02-16 01:48:51
ComboFix3.txt 2008-02-16 01:17:22
ComboFix4.txt 2008-02-15 23:37:44
.
2008-02-14 02:06:44 --- E O F ---