Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Specific malware unknown but symptoms not uncommon [Solved]

Started by Clubshub , Apr 13 2009 05:57 AM

This topic is locked

#1
Clubshub

Posted 13 April 2009 - 05:57 AM

Member

Member
10 posts

Hi all,

Thanks for looking at this. In the past I've managed to ferret these things out on my own but since bringing in my sister's HD into my machine as part of a re-OS I've been infected with one of the many things that were plaguing her (including Virtumonde). I also suspect a crack for some Palm sw I was trying out.

As stated above, I have been able to download and install MBAM and other spyware catchers but they won't launch. Google results and Yahoo results redirect to ad pages (or fake pages) and even addresses put directly into the address bar get redirected if related to spyware/malware/virus topics. This site was only accessible by hitting "STOP" before the page fully loads. I have read the Malware Removal Guide (BTW that's a stellar piece of work) but unfortunately I'm clueless when it comes to reading these logs. If someone can identify the problem as one of the beasties listed at the start of the Removal Guide I'll follow the recommended methods there. I'm sure you're all very busy

Your assistance is much appreciated...

Here's ROOTER.TXT
~~~~~~~~~~~~~~~

Microsoft Windows XP Professional (5.1.2600) Service Pack 2

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:286173 Mo/Free:1719 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
G:\ [Removable] (Total:0 Mo/Free:0 Mo)
H:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
I:\ [Removable] (Total:0 Mo/Free:0 Mo)
X:\ [Fixed] - NTFS - (Total:476938 Mo/Free:2801 Mo)

Mon 04/13/2009| 1:38

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
---------- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
---------- C:\WINDOWS\system32\nvsvc32.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
---------- C:\WINDOWS\system32\wdfmgr.exe
---------- C:\Program Files\Canon\CAL\CALMAIN.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\SOUNDMAN.EXE
---------- C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
---------- C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
---------- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
---------- C:\Program Files\Nero\Nero 7\InCD\InCD.exe
---------- C:\WINDOWS\system32\RUNDLL32.EXE
---------- C:\WINDOWS\system32\dla\tfswctrl.exe
---------- C:\Program Files\Bret Taylor\Stickies\Stickies.exe
---------- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
---------- C:\Program Files\Palm\Hotsync.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Java\jre6\bin\jucheck.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.112.227,85.255.112.166
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.112.227,85.255.112.166
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.112.227,85.255.112.166
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{ACDA1449-1CD4-4CB2-BB84-6B005881B2DC}]
NameServer REG_SZ 85.255.112.227,85.255.112.166
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\..\{ACDA1449-1CD4-4CB2-BB84-6B005881B2DC}]
NameServer REG_SZ 85.255.112.227,85.255.112.166
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{ACDA1449-1CD4-4CB2-BB84-6B005881B2DC}]
NameServer REG_SZ 85.255.112.227,85.255.112.166
==> WAREOUT <==

----------------------\\ ROOTKIT !!

----------------------\\ Cracks & Keygens..

C:\DOCUME~1\Boris\Application Data\uTorrent\resco.explorer.palm.os.5.02.keygen.rar.torrent
C:\DOCUME~1\Boris\Desktop\All (15) Popcap Games With Keygens 2004.05.04.rar
C:\DOCUME~1\Boris\Desktop\Downers\Card Recovery + Crack.zip
C:\DOCUME~1\Boris\Desktop\Palm\resco.explorer.palm.os.5.02.keygen.rar
C:\DOCUME~1\Boris\Desktop\Syncbox\Astraware.Hexic.v1.02.XScale.WM2003.WM05.Cracked-COREPDA.rar
C:\DOCUME~1\Boris\Desktop\Syncbox\Bzzz crack-arm.exe
C:\DOCUME~1\Boris\Desktop\Torrent Downers\Corel WinDVD 9\Corel WinDVD 9\Keygen.exe

1 - "C:\Rooter$\Rooter_1.txt" - Mon 04/13/2009| 1:39

----------------------\\ Scan completed at 1:39

OTListIt logfile created on: 4/13/2009 1:42:25 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Boris\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 449.43 Mb Available Physical Memory | 43.91% Memory free
2.40 Gb Paging File | 2.02 Gb Available in Paging File | 84.15% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279.47 Gb Total Space | 17.68 Gb Free Space | 6.33% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 465.76 Gb Total Space | 390.74 Gb Free Space | 83.89% Space Free | Partition Type: NTFS

Computer Name: CENTRAAL
Current User Name: Boris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe (NVIDIA Corporation)
PRC - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
PRC - C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
PRC - C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
PRC - C:\Program Files\Bret Taylor\Stickies\Stickies.exe (Bret Taylor)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Boris\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (CCALib8 [Auto | Running]) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DefWatch [Auto | Running]) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (InCDsrv [Auto | Running]) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (NMIndexingService [On_Demand | Stopped]) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (Norton AntiVirus Server [Auto | Running]) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (UleadBurningHelper [Auto | Running]) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (61883 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\61883.sys (Microsoft Corporation)
DRV - (ALCXWDM [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (Avc [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\avc.sys (Microsoft Corporation)
DRV - (axwhisky [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\axwhisky.sys ( )
DRV - (axwskbus [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\axwskbus.sys ( )
DRV - (BrScnUsb [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\BrScnUsb.sys (Brother Industries Ltd.)
DRV - (Cinemsup [System | Running]) -- C:\WINDOWS\System32\drivers\cinemsup.sys (Sonic Solutions)
DRV - (drvmcdb [Boot | Running]) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm [Auto | Running]) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (gameenum [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (InCDfs [Disabled | Running]) -- C:\WINDOWS\system32\drivers\InCDFs.sys (Nero AG)
DRV - (InCDPass [System | Running]) -- C:\WINDOWS\system32\drivers\InCDPass.sys (Nero AG)
DRV - (incdrm [System | Running]) -- C:\WINDOWS\system32\drivers\InCDRm.sys (Nero AG)
DRV - (MSDV [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\msdv.sys (Microsoft Corporation)
DRV - (ms_mpu401 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (MTsensor [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ASACPI.sys ()
DRV - (NAVAP [On_Demand | Running]) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navap.sys (Symantec Corporation)
DRV - (NAVAPEL [Auto | Running]) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS (Symantec Corporation)
DRV - (NAVENG [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090410.003\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090410.003\NAVEX15.SYS (Symantec Corporation)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (nvata [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (nvax [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\nvax.sys (NVIDIA Corporation)
DRV - (NVENETFD [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvnetbus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys (NVIDIA Corporation)
DRV - (nvnforce [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\nvapu.sys (NVIDIA Corporation)
DRV - (PalmUSBD [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (PalmSource, Inc.)
DRV - (pcouffin [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\pcouffin.sys (VSO Software)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sscdbhk5 [System | Running]) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln [System | Running]) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (SymEvent [On_Demand | Running]) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (tfsnboio [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsncofs [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsndrct [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (tfsnifs [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsnopio [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsnudf [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnudfa [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (usb_rndisx [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usb8023x.sys (Microsoft Corporation)
DRV - (vcdrom [System | Running]) -- C:\WINDOWS\system32\VCdRom.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.goodsearch.com/"

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/12/11 23:55:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/28 23:02:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/28 23:02:08 | 00,000,000 | ---D | M]

[2008/07/09 19:17:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Boris\Application Data\mozilla\Extensions
[2008/07/09 19:17:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Boris\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/07/09 19:17:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Boris\Application Data\mozilla\Firefox\Profiles\htjz5xmr.default\extensions
[2009/04/09 01:21:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/28 23:02:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/08/05 00:13:38 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/12/11 23:55:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/03/28 23:02:04 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/28 23:02:04 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/09/27 03:34:33 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/09/27 03:34:33 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/09/27 03:34:33 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/14 09:37:34 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/09/27 03:34:33 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/09/27 03:34:33 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/09/27 03:34:33 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (767 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 q4master.idsoftware.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - Reg Error: Key error. File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun (Brother Industries, Ltd.)
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [HotSync] "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers File not found
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (Scansoft, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r (Sonic Solutions)
O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe (Symantec Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [Stickies] C:\Program Files\Bret Taylor\Stickies\Stickies.exe (Bret Taylor)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\Boris\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.co.../sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.227,85.255.112.166
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{ACDA1449-1CD4-4CB2-BB84-6B005881B2DC}\\NameServer = 85.255.112.227,85.255.112.166
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O33 - MountPoints2\{327e9c1a-cefe-11dd-b695-0013d4f77916}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\svchost.exe
O33 - MountPoints2\{327e9c1a-cefe-11dd-b695-0013d4f77916}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\svchost.exe
O33 - MountPoints2\{7e994ec2-4da2-11dd-b231-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{7e994ec2-4da2-11dd-b231-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7e994ec2-4da2-11dd-b231-806d6172696f}\Shell\AutoRun\command - "" = D:\ASUSACPI.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS\*.tmp files]
[2009/04/13 01:40:11 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\Boris\Desktop\OTListIt2.exe
[2009/04/13 01:38:55 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/13 01:38:38 | 00,267,612 | ---- | C] () -- C:\DOCUME~1\Boris\Desktop\Rooter.exe
[2009/04/13 01:36:01 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\DOCUME~1\Boris\Desktop\gooble.exe
[2009/04/13 01:34:07 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/13 01:34:07 | 00,000,696 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/13 01:34:05 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/13 01:34:04 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/13 01:34:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/13 01:33:29 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\DOCUME~1\Boris\Desktop\mbam-setup.exe
[2009/04/13 01:06:10 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Boris\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/04/13 01:05:49 | 00,000,611 | ---- | C] () -- C:\DOCUME~1\Boris\Desktop\NTREGOPT.lnk
[2009/04/13 01:05:49 | 00,000,592 | ---- | C] () -- C:\DOCUME~1\Boris\Desktop\ERUNT.lnk
[2009/04/13 01:05:49 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/13 01:05:09 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\DOCUME~1\Boris\Desktop\erunt_setup.exe
[2009/04/13 01:02:42 | 00,021,504 | ---- | C] (Doug Knox) -- C:\DOCUME~1\Boris\Desktop\SysRestorePoint.exe
[2009/04/11 00:00:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/04/10 23:52:46 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2009/04/10 21:26:17 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/04/10 21:26:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/04/10 09:47:32 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Boris\Desktop\Palm
[2009/04/10 09:45:52 | 00,000,000 | ---- | C] () -- C:\DOCUME~1\Boris\Desktop\Ad-AwareAE.exe
[2009/04/10 09:45:49 | 10,677,120 | ---- | C] (Lavasoft ) -- C:\DOCUME~1\Boris\Desktop\Ad-AwareAE.exe.part
[2009/04/10 09:43:49 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\DOCUME~1\Boris\Desktop\spybotsd162.exe
[2009/04/10 02:05:58 | 00,000,582 | ---- | C] () -- C:\DOCUME~1\Boris\Desktop\tdtetris.jad
[2009/04/10 02:00:12 | 00,006,414 | ---- | C] () -- C:\DOCUME~1\Boris\Desktop\corrhack.zip
[2009/04/10 01:55:08 | 00,044,616 | ---- | C] () -- C:\DOCUME~1\Boris\Desktop\vexed.zip
[2009/04/09 23:00:08 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gxvxcserv.sys
[2009/04/08 01:23:02 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/04/08 00:57:01 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Boris\Desktop\Palm SW
[2009/04/07 22:31:16 | 00,016,640 | R--- | C] (PalmSource, Inc.) -- C:\WINDOWS\System32\drivers\PalmUSBD.sys
[2009/04/07 22:26:41 | 00,001,513 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
[2009/04/07 22:26:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Boris\Application Data\Arcsoft
[2009/04/07 22:26:27 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Boris\My Documents\My Albums
[2009/04/07 22:26:08 | 00,001,478 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Palm Desktop.lnk
[2009/04/07 22:24:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Boris\Application Data\HotSync
[2009/04/07 22:24:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2009/04/07 22:24:21 | 00,000,000 | ---D | C] -- C:\Program Files\Palm
[2009/04/07 22:07:14 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Boris\My Documents\Palm OS Desktop
[2009/04/03 08:09:10 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Boris\Desktop\Rickle
[2009/04/03 07:57:03 | 00,000,384 | ---- | C] () -- C:\DOCUME~1\Boris\Desktop\Shortcut to amboo.lnk
[2009/03/31 08:04:35 | 00,013,824 | ---- | C] () -- C:\DOCUME~1\Boris\Desktop\Movie List.xls
[2009/03/27 08:03:36 | 03,702,784 | ---- | C] () -- C:\DOCUME~1\Boris\Desktop\cd080802.iso
[2009/03/22 10:35:57 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Boris\Desktop\Nav8Client
[2009/03/18 18:42:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Boris\Local Settings\Application Data\WMTools Downloaded Files
[2009/03/17 21:52:20 | 00,000,000 | ---D | C] -- C:\Program Files\StoneHeads
[2009/03/17 21:52:14 | 00,000,196 | ---- | C] () -- C:\WINDOWS\STONEHDS.INI
[2009/03/14 22:43:29 | 01,138,688 | ---- | C] () -- C:\DOCUME~1\Boris\Desktop\Memtest86_3.5.iso
[2009/03/11 07:55:20 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/15 00:49:55 | 00,000,316 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/11/09 12:06:04 | 00,000,079 | ---- | C] () -- C:\WINDOWS\SW_Win2000X1.DLL
[2008/11/09 12:05:27 | 00,000,027 | ---- | C] () -- C:\WINDOWS\SW_Win2146X32.DLL
[2008/11/09 11:53:09 | 00,003,774 | ---- | C] () -- C:\WINDOWS\CX_SearchHistory.INI
[2008/11/09 11:53:03 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\CSVSpecialProcessing.dll
[2008/11/09 11:53:03 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\SARzilla.dll
[2008/11/09 11:53:03 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\DVM.dll
[2008/11/09 11:53:03 | 00,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx13_ic.ini
[2008/07/24 08:59:00 | 00,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/07/24 08:57:34 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2008/07/24 08:57:27 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2008/07/24 08:55:52 | 00,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/07/13 21:08:07 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/13 11:59:05 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/07/11 00:52:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2008/07/09 14:51:16 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2008/07/09 14:51:13 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2008/07/09 14:43:53 | 00,000,266 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2008/07/09 14:43:41 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/07/09 14:43:40 | 00,005,700 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/07/09 14:43:37 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/10/12 23:20:06 | 00,151,417 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2006/02/09 10:06:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/02/09 10:06:00 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/02/09 10:06:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/02/09 10:06:00 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/02/09 10:06:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/02/09 10:06:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004/12/20 22:26:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/03 21:07:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/03 21:07:00 | 00,000,573 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/03 21:07:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/12/19 02:00:00 | 00,013,387 | ---- | C] () -- C:\WINDOWS\System32\CinemSup.sys
[2003/07/02 17:41:42 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\axwhisky.sys
[2003/07/02 16:49:52 | 00,124,160 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\axwskbus.sys
[2003/04/26 01:16:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2002/03/04 10:16:34 | 00,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[1999/01/22 14:46:56 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/04/13 01:40:11 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\Boris\Desktop\OTListIt2.exe
[2009/04/13 01:38:38 | 00,267,612 | ---- | M] () -- C:\DOCUME~1\Boris\Desktop\Rooter.exe
[2009/04/13 01:36:01 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\DOCUME~1\Boris\Desktop\gooble.exe
[2009/04/13 01:34:07 | 00,000,696 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/13 01:33:35 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\DOCUME~1\Boris\Desktop\mbam-setup.exe
[2009/04/13 01:06:10 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Boris\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/04/13 01:05:49 | 00,000,611 | ---- | M] () -- C:\DOCUME~1\Boris\Desktop\NTREGOPT.lnk
[2009/04/13 01:05:49 | 00,000,592 | ---- | M] () -- C:\DOCUME~1\Boris\Desktop\ERUNT.lnk
[2009/04/13 01:05:09 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\DOCUME~1\Boris\Desktop\erunt_setup.exe
[2009/04/13 01:02:42 | 00,021,504 | ---- | M] (Doug Knox) -- C:\DOCUME~1\Boris\Desktop\SysRestorePoint.exe
[2009/04/12 23:07:12 | 00,000,312 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2009/04/12 23:07:08 | 00,194,593 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/04/12 23:06:09 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/12 23:06:08 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/12 23:06:07 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/11 00:02:37 | 00,056,320 | ---- | M] () -- C:\Documents and Settings\Boris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/11 00:02:37 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/10 09:46:15 | 10,677,120 | ---- | M] (Lavasoft ) -- C:\DOCUME~1\Boris\Desktop\Ad-AwareAE.exe.part
[2009/04/10 09:45:52 | 00,000,000 | ---- | M] () -- C:\DOCUME~1\Boris\Desktop\Ad-AwareAE.exe
[2009/04/10 09:44:43 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\DOCUME~1\Boris\Desktop\spybotsd162.exe
[2009/04/10 02:05:58 | 00,000,582 | ---- | M] () -- C:\DOCUME~1\Boris\Desktop\tdtetris.jad
[2009/04/10 02:00:12 | 00,006,414 | ---- | M] () -- C:\DOCUME~1\Boris\Desktop\corrhack.zip
[2009/04/10 01:55:08 | 00,044,616 | ---- | M] () -- C:\DOCUME~1\Boris\Desktop\vexed.zip
[2009/04/09 23:00:08 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gxvxcserv.sys
[2009/04/08 01:10:41 | 00,234,368 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/07 22:34:22 | 00,068,920 | ---- | M] () -- C:\Documents and Settings\Boris\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/04/07 22:26:41 | 00,001,513 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
[2009/04/07 22:26:08 | 00,001,478 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Palm Desktop.lnk
[2009/04/07 22:22:12 | 00,000,010 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2009/04/07 21:30:27 | 00,458,340 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/07 21:30:27 | 00,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/07 21:30:27 | 00,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/07 21:23:50 | 00,000,573 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/07 08:29:25 | 00,000,668 | ---- | M] () -- C:\Documents and Settings\Boris\Application Data\vso_ts_preview.xml
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/03 07:57:04 | 00,000,384 | ---- | M] () -- C:\DOCUME~1\Boris\Desktop\Shortcut to amboo.lnk
[2009/04/03 07:50:18 | 02,106,246 | -H-- | M] () -- C:\Documents and Settings\Boris\Local Settings\Application Data\IconCache.db
[2009/03/31 08:04:35 | 00,013,824 | ---- | M] () -- C:\DOCUME~1\Boris\Desktop\Movie List.xls
[2009/03/17 21:54:12 | 00,000,196 | ---- | M] () -- C:\WINDOWS\STONEHDS.INI
[2009/03/14 01:59:57 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Alternate Data Streams ==========

@Alternate Data Stream - 304 bytes -> C:\DOCUME~1\Boris\Desktop\retrospect.jpg:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\DOCUME~1\Boris\Desktop\retrospect b.jpg:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\DOCUME~1\Boris\Desktop\Retropair A.jpg:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\DOCUME~1\Boris\Desktop\card 004.JPG:SummaryInformation
< End of report >

Here's OTListIT.TXT
~~~~~~~~~~~~~~~

OTListIt logfile created on: 4/13/2009 1:42:25 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Boris\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 449.43 Mb Available Physical Memory | 43.91% Memory free
2.40 Gb Paging File | 2.02 Gb Available in Paging File | 84.15% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279.47 Gb Total Space | 17.68 Gb Free Space | 6.33% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 465.76 Gb Total Space | 390.74 Gb Free Space | 83.89% Space Free | Partition Type: NTFS

Computer Name: CENTRAAL
Current User Name: Boris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe (NVIDIA Corporation)
PRC - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
PRC - C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
PRC - C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
PRC - C:\Program Files\Bret Taylor\Stickies\Stickies.exe (Bret Taylor)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Boris\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (CCALib8 [Auto | Running]) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DefWatch [Auto | Running]) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (InCDsrv [Auto | Running]) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (NMIndexingService [On_Demand | Stopped]) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (Norton AntiVirus Server [Auto | Running]) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (UleadBurningHelper [Auto | Running]) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (61883 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\61883.sys (Microsoft Corporation)
DRV - (ALCXWDM [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (Avc [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\avc.sys (Microsoft Corporation)
DRV - (axwhisky [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\axwhisky.sys ( )
DRV - (axwskbus [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\axwskbus.sys ( )
DRV - (BrScnUsb [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\BrScnUsb.sys (Brother Industries Ltd.)
DRV - (Cinemsup [System | Running]) -- C:\WINDOWS\System32\drivers\cinemsup.sys (Sonic Solutions)
DRV - (drvmcdb [Boot | Running]) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm [Auto | Running]) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (gameenum [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (InCDfs [Disabled | Running]) -- C:\WINDOWS\system32\drivers\InCDFs.sys (Nero AG)
DRV - (InCDPass [System | Running]) -- C:\WINDOWS\system32\drivers\InCDPass.sys (Nero AG)
DRV - (incdrm [System | Running]) -- C:\WINDOWS\system32\drivers\InCDRm.sys (Nero AG)
DRV - (MSDV [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\msdv.sys (Microsoft Corporation)
DRV - (ms_mpu401 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (MTsensor [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ASACPI.sys ()
DRV - (NAVAP [On_Demand | Running]) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navap.sys (Symantec Corporation)
DRV - (NAVAPEL [Auto | Running]) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS (Symantec Corporation)
DRV - (NAVENG [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090410.003\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090410.003\NAVEX15.SYS (Symantec Corporation)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (nvata [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (nvax [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\nvax.sys (NVIDIA Corporation)
DRV - (NVENETFD [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvnetbus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys (NVIDIA Corporation)
DRV - (nvnforce [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\nvapu.sys (NVIDIA Corporation)
DRV - (PalmUSBD [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (PalmSource, Inc.)
DRV - (pcouffin [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\pcouffin.sys (VSO Software)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sscdbhk5 [System | Running]) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln [System | Running]) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (SymEvent [On_Demand | Running]) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (tfsnboio [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsncofs [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsndrct [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (tfsnifs [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsnopio [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsnudf [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnudfa [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (usb_rndisx [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usb8023x.sys (Microsoft Corporation)
DRV - (vcdrom [System | Running]) -- C:\WINDOWS\system32\VCdRom.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.goodsearch.com/"

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/12/11 23:55:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/28 23:02:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/28 23:02:08 | 00,000,000 | ---D | M]

[2008/07/09 19:17:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Boris\Application Data\mozilla\Extensions
[2008/07/09 19:17:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Boris\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/07/09 19:17:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Boris\Application Data\mozilla\Firefox\Profiles\htjz5xmr.default\extensions
[2009/04/09 01:21:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/28 23:02:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/08/05 00:13:38 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/12/11 23:55:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/03/28 23:02:04 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/28 23:02:04 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/09/27 03:34:33 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/09/27 03:34:33 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/09/27 03:34:33 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/14 09:37:34 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/09/27 03:34:33 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/09/27 03:34:33 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/09/27 03:34:33 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (767 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 q4master.idsoftware.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - Reg Error: Key error. File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun (Brother Industries, Ltd.)
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [HotSync] "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers File not found
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (Scansoft, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r (Sonic Solutions)
O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe (Symantec Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [Stickies] C:\Program Files\Bret Taylor\Stickies\Stickies.exe (Bret Taylor)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\Boris\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.co.../sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.227,85.255.112.166
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{ACDA1449-1CD4-4CB2-BB84-6B005881B2DC}\\NameServer = 85.255.112.227,85.255.112.166
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O33 - MountPoints2\{327e9c1a-cefe-11dd-b695-0013d4f77916}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\svchost.exe
O33 - MountPoints2\{327e9c1a-cefe-11dd-b695-0013d4f77916}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\svchost.exe
O33 - MountPoints2\{7e994ec2-4da2-11dd-b231-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{7e994ec2-4da2-11dd-b231-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7e994ec2-4da2-11dd-b231-806d6172696f}\Shell\AutoRun\command - "" = D:\ASUSACPI.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS\*.tmp files]
[2009/04/13 01:40:11 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\Boris\Desktop\OTListIt2.exe
[2009/04/13 01:38:55 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/13 01:38:38 | 00,267,612 | ---- | C] () -- C:\DOCUME~1\Boris\Desktop\Rooter.exe
[2009/04/13 01:36:01 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\DOCUME~1\Boris\Desktop\gooble.exe
[2009/04/13 01:34:07 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/13 01:34:07 | 00,000,696 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/13 01:34:05 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/13 01:34:04 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/13 01:34:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/13 01:33:29 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\DOCUME~1\Boris\Desktop\mbam-setup.exe
[2009/04/13 01:06:10 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Boris\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/04/13 01:05:49 | 00,000,611 | ---- | C] () -- C:\DOCUME~1\Boris\Desktop\NTREGOPT.lnk
[2009/04/13 01:05:49 | 00,000,592 | ---- | C] () -- C:\DOCUME~1\Boris\Desktop\ERUNT.lnk
[2009/04/13 01:05:49 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/13 01:05:09 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\DOCUME~1\Boris\Desktop\erunt_setup.exe
[2009/04/13 01:02:42 | 00,021,504 | ---- | C] (Doug Knox) -- C:\DOCUME~1\Boris\Desktop\SysRestorePoint.exe
[2009/04/11 00:00:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/04/10 23:52:46 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2009/04/10 21:26:17 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/04/10 21:26:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/04/10 09:47:32 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Boris\Desktop\Palm
[2009/04/10 09:45:52 | 00,000,000 | ---- | C] () -- C:\DOCUME~1\Boris\Desktop\Ad-AwareAE.exe
[2009/04/10 09:45:49 | 10,677,120 | ---- | C] (Lavasoft ) -- C:\DOCUME~1\Boris\Desktop\Ad-AwareAE.exe.part
[2009/04/10 09:43:49 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\DOCUME~1\Boris\Desktop\spybotsd162.exe
[2009/04/10 02:05:58 | 00,000,582 | ---- | C] () -- C:\DOCUME~1\Boris\Desktop\tdtetris.jad
[2009/04/10 02:00:12 | 00,006,414 | ---- | C] () -- C:\DOCUME~1\Boris\Desktop\corrhack.zip
[2009/04/10 01:55:08 | 00,044,616 | ---- | C] () -- C:\DOCUME~1\Boris\Desktop\vexed.zip
[2009/04/09 23:00:08 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gxvxcserv.sys
[2009/04/08 01:23:02 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/04/08 00:57:01 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Boris\Desktop\Palm SW
[2009/04/07 22:31:16 | 00,016,640 | R--- | C] (PalmSource, Inc.) -- C:\WINDOWS\System32\drivers\PalmUSBD.sys
[2009/04/07 22:26:41 | 00,001,513 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
[2009/04/07 22:26:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Boris\Application Data\Arcsoft
[2009/04/07 22:26:27 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Boris\My Documents\My Albums
[2009/04/07 22:26:08 | 00,001,478 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Palm Desktop.lnk
[2009/04/07 22:24:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Boris\Application Data\HotSync
[2009/04/07 22:24:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2009/04/07 22:24:21 | 00,000,000 | ---D | C] -- C:\Program Files\Palm
[2009/04/07 22:07:14 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Boris\My Documents\Palm OS Desktop
[2009/04/03 08:09:10 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Boris\Desktop\Rickle
[2009/04/03 07:57:03 | 00,000,384 | ---- | C] () -- C:\DOCUME~1\Boris\Desktop\Shortcut to amboo.lnk
[2009/03/31 08:04:35 | 00,013,824 | ---- | C] () -- C:\DOCUME~1\Boris\Desktop\Movie List.xls
[2009/03/27 08:03:36 | 03,702,784 | ---- | C] () -- C:\DOCUME~1\Boris\Desktop\cd080802.iso
[2009/03/22 10:35:57 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Boris\Desktop\Nav8Client
[2009/03/18 18:42:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Boris\Local Settings\Application Data\WMTools Downloaded Files
[2009/03/17 21:52:20 | 00,000,000 | ---D | C] -- C:\Program Files\StoneHeads
[2009/03/17 21:52:14 | 00,000,196 | ---- | C] () -- C:\WINDOWS\STONEHDS.INI
[2009/03/14 22:43:29 | 01,138,688 | ---- | C] () -- C:\DOCUME~1\Boris\Desktop\Memtest86_3.5.iso
[2009/03/11 07:55:20 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/15 00:49:55 | 00,000,316 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/11/09 12:06:04 | 00,000,079 | ---- | C] () -- C:\WINDOWS\SW_Win2000X1.DLL
[2008/11/09 12:05:27 | 00,000,027 | ---- | C] () -- C:\WINDOWS\SW_Win2146X32.DLL
[2008/11/09 11:53:09 | 00,003,774 | ---- | C] () -- C:\WINDOWS\CX_SearchHistory.INI
[2008/11/09 11:53:03 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\CSVSpecialProcessing.dll
[2008/11/09 11:53:03 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\SARzilla.dll
[2008/11/09 11:53:03 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\DVM.dll
[2008/11/09 11:53:03 | 00,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx13_ic.ini
[2008/07/24 08:59:00 | 00,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/07/24 08:57:34 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2008/07/24 08:57:27 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2008/07/24 08:55:52 | 00,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/07/13 21:08:07 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/13 11:59:05 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/07/11 00:52:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2008/07/09 14:51:16 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2008/07/09 14:51:13 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2008/07/09 14:43:53 | 00,000,266 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2008/07/09 14:43:41 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/07/09 14:43:40 | 00,005,700 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/07/09 14:43:37 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/10/12 23:20:06 | 00,151,417 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2006/02/09 10:06:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/02/09 10:06:00 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/02/09 10:06:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/02/09 10:06:00 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/02/09 10:06:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/02/09 10:06:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004/12/20 22:26:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/03 21:07:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/03 21:07:00 | 00,000,573 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/03 21:07:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/12/19 02:00:00 | 00,013,387 | ---- | C] () -- C:\WINDOWS\System32\CinemSup.sys
[2003/07/02 17:41:42 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\axwhisky.sys
[2003/07/02 16:49:52 | 00,124,160 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\axwskbus.sys
[2003/04/26 01:16:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2002/03/04 10:16:34 | 00,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[1999/01/22 14:46:56 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/04/13 01:40:11 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\Boris\Desktop\OTListIt2.exe
[2009/04/13 01:38:38 | 00,267,612 | ---- | M] () -- C:\DOCUME~1\Boris\Desktop\Rooter.exe
[2009/04/13 01:36:01 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\DOCUME~1\Boris\Desktop\gooble.exe
[2009/04/13 01:34:07 | 00,000,696 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/13 01:33:35 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\DOCUME~1\Boris\Desktop\mbam-setup.exe
[2009/04/13 01:06:10 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Boris\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/04/13 01:05:49 | 00,000,611 | ---- | M] () -- C:\DOCUME~1\Boris\Desktop\NTREGOPT.lnk
[2009/04/13 01:05:49 | 00,000,592 | ---- | M] () -- C:\DOCUME~1\Boris\Desktop\ERUNT.lnk
[2009/04/13 01:05:09 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\DOCUME~1\Boris\Desktop\erunt_setup.exe
[2009/04/13 01:02:42 | 00,021,504 | ---- | M] (Doug Knox) -- C:\DOCUME~1\Boris\Desktop\SysRestorePoint.exe
[2009/04/12 23:07:12 | 00,000,312 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2009/04/12 23:07:08 | 00,194,593 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/04/12 23:06:09 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/12 23:06:08 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/12 23:06:07 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/11 00:02:37 | 00,056,320 | ---- | M] () -- C:\Documents and Settings\Boris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/11 00:02:37 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/10 09:46:15 | 10,677,120 | ---- | M] (Lavasoft ) -- C:\DOCUME~1\Boris\Desktop\Ad-AwareAE.exe.part
[2009/04/10 09:45:52 | 00,000,000 | ---- | M] () -- C:\DOCUME~1\Boris\Desktop\Ad-AwareAE.exe
[2009/04/10 09:44:43 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\DOCUME~1\Boris\Desktop\spybotsd162.exe
[2009/04/10 02:05:58 | 00,000,582 | ---- | M] () -- C:\DOCUME~1\Boris\Desktop\tdtetris.jad
[2009/04/10 02:00:12 | 00,006,414 | ---- | M] () -- C:\DOCUME~1\Boris\Desktop\corrhack.zip
[2009/04/10 01:55:08 | 00,044,616 | ---- | M] () -- C:\DOCUME~1\Boris\Desktop\vexed.zip
[2009/04/09 23:00:08 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gxvxcserv.sys
[2009/04/08 01:10:41 | 00,234,368 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/07 22:34:22 | 00,068,920 | ---- | M] () -- C:\Documents and Settings\Boris\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/04/07 22:26:41 | 00,001,513 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
[2009/04/07 22:26:08 | 00,001,478 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Palm Desktop.lnk
[2009/04/07 22:22:12 | 00,000,010 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2009/04/07 21:30:27 | 00,458,340 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/07 21:30:27 | 00,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/07 21:30:27 | 00,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/07 21:23:50 | 00,000,573 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/07 08:29:25 | 00,000,668 | ---- | M] () -- C:\Documents and Settings\Boris\Application Data\vso_ts_preview.xml
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/03 07:57:04 | 00,000,384 | ---- | M] () -- C:\DOCUME~1\Boris\Desktop\Shortcut to amboo.lnk
[2009/04/03 07:50:18 | 02,106,246 | -H-- | M] () -- C:\Documents and Settings\Boris\Local Settings\Application Data\IconCache.db
[2009/03/31 08:04:35 | 00,013,824 | ---- | M] () -- C:\DOCUME~1\Boris\Desktop\Movie List.xls
[2009/03/17 21:54:12 | 00,000,196 | ---- | M] () -- C:\WINDOWS\STONEHDS.INI
[2009/03/14 01:59:57 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Alternate Data Streams ==========

@Alternate Data Stream - 304 bytes -> C:\DOCUME~1\Boris\Desktop\retrospect.jpg:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\DOCUME~1\Boris\Desktop\retrospect b.jpg:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\DOCUME~1\Boris\Desktop\Retropair A.jpg:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\DOCUME~1\Boris\Desktop\card 004.JPG:SummaryInformation
< End of report >

Here's Extras.txt
~~~~~~~~~~~~~~~

OTListIt Extras logfile created on: 4/13/2009 1:42:25 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Boris\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 449.43 Mb Available Physical Memory | 43.91% Memory free
2.40 Gb Paging File | 2.02 Gb Available in Paging File | 84.15% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279.47 Gb Total Space | 17.68 Gb Free Space | 6.33% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 465.76 Gb Total Space | 390.74 Gb Free Space | 83.89% Space Free | Partition Type: NTFS

Computer Name: CENTRAAL
Current User Name: Boris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent ()
D:\CDS\Nero\Installation\SetupX.exe:*:Enabled:Nero ProductSetup File not found
C:\Program Files\Wild Hare\Instinct\instinct.exe:*:Disabled:ds2main File not found
C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe:*:Disabled:BF1942 File not found
C:\Program Files\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game (BioWare)
C:\Program Files\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher (BioWare)
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire (Lime Wire, LLC)
C:\Program Files\Corel\DVD9\WinDVD.exe:*:Disabled:WinDVD File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0A770EE2-905F-4DBD-8963-2E4F0FAFD66F}" = Stickies
"{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}" = Symantec AntiVirus Client
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1596098A-FCEC-48F0-B7C7-08A31B771033}" = Nero 7 Essentials
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Studio Deluxe Suite
"{26792CA7-D87A-4DBE-896B-C2F66B344511}" = Sonic CinePlayer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It! Library 10
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Photo Premium 10
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4F1DA6BF-3614-48A1-9970-9E90F646789E}" = Ulead VideoStudio 8.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.1.2.34
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{8809BF72-C693-44B6-8B2A-B689A00059D5}" = Eudora
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95C42225-F0E2-4480-AD65-560D854F252E}" = Palm Desktop by ACCESS
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BB47D7EA-7EF1-475C-9C14-AF5B8FCA45E2}" = Condemned - Criminal Origins
"{D1B01DC9-CBAF-45F9-A387-7D00C11B630E}" = Microsoft Games for Windows - LIVE Redistributable
"{D7A6C517-11F2-419F-B5BB-27772B939698}" = NvMixer
"{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}" = Brother MFL-Pro Suite
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" = Alcohol 120%
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"ACDSee 32" = ACDSee 32
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Convert XLS_is1" = Convert XLS
"CSCLIB" = Canon Camera Support Core Library
"DVD Shrink_is1" = DVD Shrink 3.2
"EOS Utility" = Canon Utilities EOS Utility
"ERUNT_is1" = ERUNT 1.1j
"Forte Agent" = Forté Agent
"GameBox Classics" = GameBox Classics
"Glary Utilities_is1" = Glary Utilities 2.7.268
"Handmark® Tetris 2 for Pocket PC" = Handmark® Tetris 2 for Pocket PC
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"LimeWire" = LimeWire 4.18.8
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MatrixEngine 1.0" = MatrixEngine
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mihov Blank Screen" = Mihov Blank Screen 1.3 (remove only)
"Mihov Image Resizer" = Mihov Image Resizer 1.1 (remove only)
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PhotoStitch" = Canon Utilities PhotoStitch
"PictureItPrem_v10" = Microsoft Photo Premium 10
"PocketSuspendFX" = PocketSuspendFX
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"SystemRequirementsLab" = System Requirements Lab
"Tweak UI 2.10" = Tweak UI
"VLC media player" = VideoLAN VLC media player 0.8.6h
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinRAR archiver" = WinRAR archiver
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"Zuma Deluxe 1.0" = Zuma Deluxe 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/3/2009 9:58:43 AM | Computer Name = CENTRAAL | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: W32.Virut.CF in File: F:\System Volume Information\_restore{F70FD2AA-EC40-4AE9-B5B7-6564DAB007DF}\RP306\A0032719.exe
by: Realtime Protection scan. Action: Delete succeeded : Access denied

Error - 4/3/2009 10:58:43 AM | Computer Name = CENTRAAL | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: W32.Virut.CF in File: F:\System Volume Information\_restore{F70FD2AA-EC40-4AE9-B5B7-6564DAB007DF}\RP306\A0032720.exe
by: Realtime Protection scan. Action: Delete succeeded : Access denied

Error - 4/3/2009 11:58:43 AM | Computer Name = CENTRAAL | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: W32.Virut.CF in File: F:\System Volume Information\_restore{F70FD2AA-EC40-4AE9-B5B7-6564DAB007DF}\RP306\A0032721.exe
by: Realtime Protection scan. Action: Delete succeeded : Access denied

Error - 4/3/2009 12:58:43 PM | Computer Name = CENTRAAL | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: W32.Virut.CF in File: F:\System Volume Information\_restore{F70FD2AA-EC40-4AE9-B5B7-6564DAB007DF}\RP306\A0032722.exe
by: Realtime Protection scan. Action: Delete succeeded : Access denied

Error - 4/3/2009 1:58:43 PM | Computer Name = CENTRAAL | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: W32.Virut.CF in File: F:\System Volume Information\_restore{F70FD2AA-EC40-4AE9-B5B7-6564DAB007DF}\RP306\A0032723.exe
by: Realtime Protection scan. Action: Delete succeeded : Access denied

Error - 4/7/2009 10:38:52 PM | Computer Name = CENTRAAL | Source = Application Error | ID = 1000
Description = Faulting application outlook.exe, version 9.0.0.2416, faulting module
outllib.dll, version 9.0.0.3821, fault address 0x00078081.

Error - 4/10/2009 9:25:26 PM | Computer Name = CENTRAAL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: A connection with the server could not be established

Error - 4/10/2009 9:25:27 PM | Computer Name = CENTRAAL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 4/10/2009 11:53:28 PM | Computer Name = CENTRAAL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: A connection with the server could not be established

Error - 4/10/2009 11:53:28 PM | Computer Name = CENTRAAL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 4/11/2009 12:01:30 AM | Computer Name = CENTRAAL | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 4/11/2009 12:04:34 AM | Computer Name = CENTRAAL | Source = Service Control Manager | ID = 7031
Description = The DCOM Server Process Launcher service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Reboot the machine.

Error - 4/11/2009 12:04:34 AM | Computer Name = CENTRAAL | Source = Service Control Manager | ID = 7034
Description = The Terminal Services service terminated unexpectedly. It has done
this 1 time(s).

Error - 4/11/2009 12:04:45 AM | Computer Name = CENTRAAL | Source = Service Control Manager | ID = 7031
Description = The Remote Procedure Call (RPC) service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Reboot the machine.

Error - 4/11/2009 12:06:59 AM | Computer Name = CENTRAAL | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/11/2009 12:08:15 AM | Computer Name = CENTRAAL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Cinemsup Fips Processor

Error - 4/11/2009 12:15:52 AM | Computer Name = CENTRAAL | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/11/2009 12:20:36 AM | Computer Name = CENTRAAL | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/11/2009 12:20:41 AM | Computer Name = CENTRAAL | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/12/2009 11:07:45 PM | Computer Name = CENTRAAL | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

< End of report >

#2
heir

Posted 13 April 2009 - 09:14 AM

Trusted Helper

Malware Removal
5,427 posts

Hello Clubshub !

Welcome to the site!

My nickname is heir and I'll be helping clean up your computer.

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:

To make sure that you receive an email when I reply to this topic, please click here and check that this topic is listed under Malware Removal and Spyware Removal.
Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry!
When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad in the menubar click on Format and make sure that Word Wrap is unchecked)
Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask!
Make sure you reply to this thread using the Add Reply button:

Please read my posts completely before following the instructions.
It may be easier for you if you copy and paste a post to a new text document or print it for reference later.
This is required when you won't have access to Internet.

The source of your infections is likely related to all the cracks and keygens that I found on your computer. If you are truly interested in staying clean in the future, I strongly recommend that you stay away from Cracks and Keygens. Failure to heed my warning may result in the reinfection of your computer. If you choose to continue down this path, we may not be able to help you here in the future.

Step 1.
ComboFix:

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Step 2.
Lop S&D:

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here and save it to the desktop

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

Step 3.
Things I would like to see in your reply:

The content of C:\ComboFix.txt from step 1.
The content of C:\lopR.txt from step 2.

#3
Clubshub

Posted 13 April 2009 - 04:36 PM

Member

Topic Starter
Member
10 posts

Hi heir,

Here are the logs as specified. I haven't deleted anything yet (i.e. cracks that are sitting on my system) but will wipe them as soon as I get your green light to do so.

Thanks!

ComboFix.txt
~~~~~~~~~~

ComboFix 09-04-13.A2 - Boris 2009-04-13 18:23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.765 [GMT -4:00]
Running from: c:\documents and settings\Boris\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Boris\Application Data\inst.exe
c:\windows\system32\drivers\gaopdxxparrwuqwxwuxjfsswxyomddnikxkbqt.sys
c:\windows\system32\drivers\gxvxcserv.sys
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxlixqcxarvclqfcaayosxmnqqjyoaytox.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys

((((((((((((((((((((((((( Files Created from 2009-03-13 to 2009-04-13 )))))))))))))))))))))))))))))))
.

2009-04-13 05:38 . 2009-04-13 05:39 -------- d-----w C:\Rooter$
2009-04-13 05:34 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-13 05:34 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-13 05:34 . 2009-04-13 05:34 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-11 04:15 . 2009-04-11 04:15 -------- d-----w c:\documents and settings\Administrator\Application Data\Qualcomm
2009-04-11 04:07 . 2009-04-11 04:07 68920 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-11 04:00 . 2009-04-11 04:00 -------- dc----w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-11 01:26 . 2009-04-11 03:54 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-08 02:31 . 2007-12-04 21:10 16640 ----a-r c:\windows\system32\drivers\PalmUSBD.sys
2009-04-08 02:26 . 2009-04-08 02:26 -------- d-----w c:\documents and settings\Boris\Application Data\Arcsoft
2009-04-08 02:24 . 2009-04-08 02:24 -------- d-----w c:\documents and settings\Boris\Application Data\HotSync
2009-04-08 02:24 . 2009-04-08 02:24 -------- d-----w c:\documents and settings\All Users\Application Data\HotSync
2009-03-18 22:42 . 2009-03-28 14:51 -------- d-----w c:\documents and settings\Boris\Local Settings\Application Data\WMTools Downloaded Files
2009-03-18 01:52 . 2009-03-18 01:54 196 ----a-w c:\windows\STONEHDS.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-13 05:39 . 2009-04-13 05:39 3975 ----a-w C:\Rooter.txt
2009-04-13 05:37 . 2009-04-13 05:34 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-13 05:06 . 2009-04-13 05:05 -------- d-----w c:\program files\ERUNT
2009-04-11 03:54 . 2009-04-11 01:26 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-11 03:51 . 2008-07-10 01:35 -------- d-----w c:\documents and settings\Boris\Application Data\uTorrent
2009-04-10 06:11 . 2009-04-08 02:24 -------- d-----w c:\program files\Palm
2009-04-08 05:23 . 2008-08-25 02:14 -------- d-----w c:\program files\Microsoft ActiveSync
2009-04-08 02:34 . 2008-07-09 18:39 68920 ----a-w c:\documents and settings\Boris\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-08 02:03 . 2009-04-08 01:57 23682 ----a-w C:\ASLog.txt
2009-04-07 12:29 . 2008-07-28 12:44 -------- d-----w c:\documents and settings\Boris\Application Data\Vso
2009-04-07 05:08 . 2008-07-13 14:43 -------- d-----w c:\documents and settings\Boris\Application Data\dvdcss
2009-03-30 14:52 . 2008-07-10 01:35 -------- d-----w c:\program files\uTorrent
2009-03-28 15:29 . 2008-08-14 02:13 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-18 01:52 . 2009-03-18 01:52 -------- d-----w c:\program files\StoneHeads
2009-03-17 06:12 . 2008-11-27 01:53 -------- d-----w c:\documents and settings\Boris\Application Data\LimeWire
2009-03-11 12:23 . 2009-03-11 12:23 -------- d-----w c:\documents and settings\Boris\Application Data\Sonic
2009-03-11 12:22 . 2009-03-11 12:22 -------- d-----w c:\documents and settings\Boris\Application Data\Leadertech
2009-03-11 11:57 . 2009-03-11 11:57 -------- d-----w c:\program files\Common Files\Sonic
2009-03-11 11:56 . 2009-03-11 11:55 -------- d-----w c:\program files\Common Files\SureThing Shared
2009-03-11 11:56 . 2009-03-11 11:54 -------- d-----w c:\program files\Common Files\Sonic Shared
2009-03-11 11:55 . 2009-03-11 11:55 -------- d-----w c:\program files\Sonic
2009-03-11 11:45 . 2009-03-11 11:33 -------- d-----w c:\program files\Corel
2009-03-11 11:45 . 2008-07-09 18:47 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-11 11:34 . 2009-03-11 11:34 -------- d-----w c:\documents and settings\Boris\Application Data\Corel
2009-03-11 11:34 . 2009-03-11 11:34 3140 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-03-11 11:34 . 2009-03-11 11:34 88 --sh--r c:\documents and settings\All Users\Application Data\C794E518D8.sys
2009-03-11 11:31 . 2009-03-11 11:31 496952 ----a-w C:\vcredist_x86.log
2009-03-10 20:01 . 2009-03-10 20:01 -------- d-----w c:\documents and settings\Boris\Application Data\Ulead Systems
2009-03-10 20:01 . 2009-03-10 19:53 -------- d-----w c:\documents and settings\All Users\Application Data\Ulead Systems
2009-03-10 19:57 . 2009-03-10 19:57 -------- d-----w c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2009-03-10 19:57 . 2009-03-10 19:57 -------- d-----w c:\program files\SmartSound Software
2009-03-10 19:56 . 2009-03-10 19:56 -------- d-----w c:\documents and settings\All Users\Application Data\QuickTime
2009-03-10 19:55 . 2009-03-10 19:55 -------- d-----w c:\program files\Common Files\SONY Digital Images
2009-03-10 19:54 . 2009-03-10 19:54 -------- d-----w c:\program files\Windows Media Components
2009-03-10 19:53 . 2009-03-10 19:53 -------- d-----w c:\program files\Common Files\Ulead Systems
2009-03-10 19:53 . 2009-03-10 19:53 -------- d-----w c:\program files\Ulead Systems
2009-03-09 04:31 . 2008-07-09 20:03 -------- d-----w c:\program files\Agent
2009-03-01 06:17 . 2009-03-01 06:17 -------- d-----w c:\documents and settings\All Users\Application Data\2DBoy
2009-03-01 06:17 . 2009-03-01 06:17 -------- d-----w c:\program files\WorldOfGooDemo
2009-02-24 04:55 . 2009-02-24 04:24 -------- d-----w c:\program files\Mass Effect
2009-02-24 04:53 . 2009-02-24 04:53 -------- d-----w c:\program files\Common Files\BioWare
2009-02-24 04:07 . 2009-02-19 05:14 -------- d-----w c:\program files\Darkness Within
2009-02-19 01:25 . 2008-11-14 23:15 -------- d-----w c:\program files\Ubisoft
2009-02-16 06:01 . 2008-12-23 03:24 -------- d-----w c:\program files\Doom 3
2009-02-09 10:19 . 2004-08-04 01:07 1846272 ----a-w c:\windows\system32\win32k.sys
2008-07-28 12:44 . 2008-07-28 12:44 47360 ----a-w c:\documents and settings\Boris\Application Data\pcouffin.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Stickies"="c:\program files\Bret Taylor\Stickies\Stickies.exe" [2007-03-14 335872]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072]
"vptray"="c:\progra~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-04-26 90112]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl04g\BrStDvPt.exe" [2004-11-11 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-01-07 864256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-11 136600]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-11-26 1629480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-11-26 1057064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-25 122939]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 c:\windows\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-04-06 401040]

c:\documents and settings\Boris\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2008-01-03 1392640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=

S0 axwhisky;axwhisky;c:\windows\system32\DRIVERS\axwhisky.sys [2003-07-02 5248]
S0 axwskbus;axwskbus;c:\windows\system32\DRIVERS\axwskbus.sys [2003-07-02 124160]
S1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\VCdRom.sys [2001-12-19 8576]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e994ec2-4da2-11dd-b231-806d6172696f}]
\Shell\AutoRun\command - D:\ASUSACPI.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-13 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-09-17 16:35]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-HotSync - c:\program files\PalmSource\Desktop\HotSync.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
FF - ProfilePath - c:\documents and settings\Boris\Application Data\Mozilla\Firefox\Profiles\htjz5xmr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.goodsearch.com/
FF - plugin: c:\progra~1\Palm\PACKAG~1\NPInstal.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMXENG.DLL
FF - plugin: c:\program files\VLC\npvlc.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-13 18:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-04-13 18:26
ComboFix-quarantined-files.txt 2009-04-13 22:26

Pre-Run: 18,895,290,368 bytes free
Post-Run: 19,842,666,496 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

169 --- E O F --- 2009-03-16 22:35

LopR.txt
~~~~~~~~~
\

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon™ 64 Processor 3000+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Boris ( Administrator )
BOOT : Normal boot
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:279 Go (Free:18 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (USB) - FAT32 - Total:7731 Mo (Free:2 Go)
G:\ (USB)
H:\ (CD or DVD)
I:\ (USB)
X:\ (Local Disk) - NTFS - Total:465 Go (Free:390 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Mon 04/13/2009|18:30 )

--------------------\\ Listing folders in APPLIC~1

[07/09/2008|02:34] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[04/11/2009|12:15] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Qualcomm

[04/11/2009|12:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[03/01/2009|02:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> 2DBoy
[07/24/2008|06:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[07/12/2008|09:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ahead
[07/24/2008|08:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Brother
[11/06/2008|09:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> DVD Shrink
[04/07/2009|10:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HotSync
[04/13/2009|01:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[03/10/2009|04:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[12/22/2008|11:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> MumboJumbo
[09/11/2008|11:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Nero
[07/27/2008|10:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NOS
[03/10/2009|03:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[07/24/2008|08:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ScanSoft
[03/10/2009|03:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SmartSound Software Inc
[04/10/2009|11:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[07/10/2008|09:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Symantec
[11/14/2008|07:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trymedia
[03/10/2009|04:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ulead Systems
[09/14/2008|01:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ZoomBrowser

[07/24/2008|06:33] C:\DOCUME~1\Boris\APPLIC~1\<DIR> Adobe
[11/06/2008|09:58] C:\DOCUME~1\Boris\APPLIC~1\<DIR> Ahead
[04/07/2009|10:26] C:\DOCUME~1\Boris\APPLIC~1\<DIR> Arcsoft
[09/26/2008|05:50] C:\DOCUME~1\Boris\APPLIC~1\<DIR> Bret Taylor
[07/24/2008|09:02] C:\DOCUME~1\Boris\APPLIC~1\<DIR> Brother
[03/11/2009|07:34] C:\DOCUME~1\Boris\APPLIC~1\<DIR> Corel
[04/07/2009|01:08] C:\DOCUME~1\Boris\APPLIC~1\<DIR> dvdcss
[10/03/2008|09:48] C:\DOCUME~1\Boris\APPLIC~1\<DIR> Fujitsu
[10/07/2008|08:09] C:\DOCUME~1\Boris\APPLIC~1\<DIR> GlarySoft
[10/03/2008|09:28] C:\DOCUME~1\Boris\APPLIC~1\<DIR> Help
[04/07/2009|10:24] C:\DOCUME~1\Boris\APPLIC~1\<DIR> HotSync
[07/09/2008|02:39] C:\DOCUME~1\Boris\APPLIC~1\<DIR> Identities
[03/11/2009|08:22] C:\DOCUME~1\Boris\APPLIC~1\<DIR> Leadertech
[03/17/2009|02:12] C:\DOCUME~1\Boris\APPLIC~1\<DIR> LimeWire
[07/09/2008|07:26] C:\DOCUME~1\Boris\APPLIC~1\<DIR> Macromedia
[04/08/2009|01:23] C:\DOCUME~1\Boris\APPLIC~1\<DIR> Microsoft
[07/13/2008|09:05] C:\DOCUME~1\Boris\APPLIC~1\<DIR> Microsoft Web Folders
[07/09/2008|07:17] C:\DOCUME~1\Boris\APPLIC~1\<DIR> Mozilla
[07/09/2008|04:18] C:\DOCUME~1\Boris\APPLIC~1\<DIR> Qualcomm
[09/27/2008|01:12] C:\DOCUME~1\Boris\APPLIC~1\<DIR> SecuROM
[03/11/2009|08:23] C:\DOCUME~1\Boris\APPLIC~1\<DIR> Sonic
[08/24/2008|01:31] C:\DOCUME~1\Boris\APPLIC~1\<DIR> Sun
[12/01/2008|09:11] C:\DOCUME~1\Boris\APPLIC~1\<DIR> SystemRequirementsLab
[03/10/2009|04:01] C:\DOCUME~1\Boris\APPLIC~1\<DIR> Ulead Systems
[04/10/2009|11:51] C:\DOCUME~1\Boris\APPLIC~1\<DIR> uTorrent
[07/09/2008|11:02] C:\DOCUME~1\Boris\APPLIC~1\<DIR> vlc
[04/07/2009|08:29] C:\DOCUME~1\Boris\APPLIC~1\<DIR> Vso
[07/10/2008|12:34] C:\DOCUME~1\Boris\APPLIC~1\<DIR> Winamp
[11/11/2008|09:24] C:\DOCUME~1\Boris\APPLIC~1\<DIR> WinRAR
[09/14/2008|01:51] C:\DOCUME~1\Boris\APPLIC~1\<DIR> ZoomBrowser EX

[07/09/2008|02:34] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[07/09/2008|02:34] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[07/09/2008|02:34] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[04/13/2009 06:22 PM][--a------] C:\WINDOWS\tasks\GlaryInitialize.job
[04/13/2009 06:26 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/03/2004 09:07 PM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[11/20/2008|02:44] C:\Program Files\<DIR> ACDSee32
[07/24/2008|06:31] C:\Program Files\<DIR> Adobe
[03/09/2009|12:31] C:\Program Files\<DIR> Agent
[08/26/2008|12:30] C:\Program Files\<DIR> Alcohol Soft
[09/25/2008|11:57] C:\Program Files\<DIR> Astraware
[07/09/2008|02:51] C:\Program Files\<DIR> AvRack
[09/26/2008|05:50] C:\Program Files\<DIR> Bret Taylor
[07/24/2008|08:57] C:\Program Files\<DIR> Brother
[09/14/2008|01:42] C:\Program Files\<DIR> Canon
[04/13/2009|06:25] C:\Program Files\<DIR> Common Files
[07/09/2008|02:31] C:\Program Files\<DIR> ComPlus Applications
[09/06/2008|12:49] C:\Program Files\<DIR> Condemned - Criminal Origins
[11/09/2008|11:53] C:\Program Files\<DIR> Convert XLS
[03/11/2009|07:45] C:\Program Files\<DIR> Corel
[02/24/2009|12:07] C:\Program Files\<DIR> Darkness Within
[02/16/2009|02:01] C:\Program Files\<DIR> Doom 3
[07/14/2008|08:44] C:\Program Files\<DIR> DVD Shrink
[11/14/2008|12:58] C:\Program Files\<DIR> EA GAMES
[04/13/2009|01:06] C:\Program Files\<DIR> ERUNT
[10/07/2008|08:07] C:\Program Files\<DIR> Glary Utilities
[08/25/2008|08:37] C:\Program Files\<DIR> Handmark
[08/11/2008|05:44] C:\Program Files\<DIR> HP Photosmart R717
[11/15/2008|11:50] C:\Program Files\<DIR> id Software
[03/11/2009|07:45] C:\Program Files\<DIR> InstallShield Installation Information
[12/10/2008|09:47] C:\Program Files\<DIR> Internet Explorer
[12/11/2008|11:55] C:\Program Files\<DIR> Java
[11/26/2008|09:53] C:\Program Files\<DIR> LimeWire
[11/12/2008|07:49] C:\Program Files\<DIR> Macrovision Downloaded Files
[04/13/2009|01:37] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[02/24/2009|12:55] C:\Program Files\<DIR> Mass Effect
[08/26/2008|11:11] C:\Program Files\<DIR> MatrixEngine 1.0
[08/18/2008|02:15] C:\Program Files\<DIR> Messenger
[04/08/2009|01:23] C:\Program Files\<DIR> Microsoft ActiveSync
[07/09/2008|02:35] C:\Program Files\<DIR> microsoft frontpage
[07/13/2008|09:05] C:\Program Files\<DIR> Microsoft Office
[08/25/2008|06:41] C:\Program Files\<DIR> Microsoft Picture It! 10
[03/28/2009|11:29] C:\Program Files\<DIR> Microsoft Silverlight
[07/09/2008|09:34] C:\Program Files\<DIR> Mihov Blank Screen
[07/09/2008|09:34] C:\Program Files\<DIR> Mihov Image Resizer
[07/09/2008|02:32] C:\Program Files\<DIR> Movie Maker
[04/13/2009|06:29] C:\Program Files\<DIR> Mozilla Firefox
[07/09/2008|02:30] C:\Program Files\<DIR> MSN
[07/09/2008|02:31] C:\Program Files\<DIR> MSN Gaming Zone
[07/14/2008|12:14] C:\Program Files\<DIR> MSXML 4.0
[12/22/2008|11:18] C:\Program Files\<DIR> MumboJumbo
[09/11/2008|11:09] C:\Program Files\<DIR> Nero
[07/09/2008|02:32] C:\Program Files\<DIR> NetMeeting
[07/09/2008|10:21] C:\Program Files\<DIR> NVIDIA Corporation
[07/09/2008|02:31] C:\Program Files\<DIR> Online Services
[10/07/2008|10:29] C:\Program Files\<DIR> OpenAL
[07/11/2008|10:55] C:\Program Files\<DIR> Outlook Express
[04/10/2009|02:11] C:\Program Files\<DIR> Palm
[07/19/2008|10:28] C:\Program Files\<DIR> PopCap Games
[07/09/2008|04:18] C:\Program Files\<DIR> Qualcomm
[07/09/2008|02:51] C:\Program Files\<DIR> Realtek Sound Manager
[07/24/2008|08:55] C:\Program Files\<DIR> ScanSoft
[03/10/2009|03:57] C:\Program Files\<DIR> SmartSound Software
[03/11/2009|07:55] C:\Program Files\<DIR> Sonic
[04/10/2009|11:54] C:\Program Files\<DIR> Spybot - Search & Destroy
[03/17/2009|09:52] C:\Program Files\<DIR> StoneHeads
[07/10/2008|09:31] C:\Program Files\<DIR> Symantec
[07/10/2008|09:31] C:\Program Files\<DIR> Symantec_Client_Security
[12/01/2008|09:11] C:\Program Files\<DIR> SystemRequirementsLab
[02/18/2009|09:25] C:\Program Files\<DIR> Ubisoft
[03/10/2009|03:53] C:\Program Files\<DIR> Ulead Systems
[07/09/2008|02:39] C:\Program Files\<DIR> Uninstall Information
[03/30/2009|10:52] C:\Program Files\<DIR> uTorrent
[07/09/2008|11:01] C:\Program Files\<DIR> VLC
[07/28/2008|08:44] C:\Program Files\<DIR> VSO
[10/07/2008|10:25] C:\Program Files\<DIR> Wild Hare
[07/09/2008|11:15] C:\Program Files\<DIR> Winamp
[09/27/2008|12:41] C:\Program Files\<DIR> WinDirStat
[03/10/2009|03:54] C:\Program Files\<DIR> Windows Media Components
[07/11/2008|10:55] C:\Program Files\<DIR> Windows Media Player
[07/09/2008|02:31] C:\Program Files\<DIR> Windows NT
[07/09/2008|02:33] C:\Program Files\<DIR> WindowsUpdate
[11/13/2008|08:35] C:\Program Files\<DIR> WinRAR
[03/01/2009|02:17] C:\Program Files\<DIR> WorldOfGooDemo
[07/09/2008|02:35] C:\Program Files\<DIR> xerox

--------------------\\ Listing Folders in C:\Program Files\Common Files

[07/24/2008|06:30] C:\Program Files\Common Files\<DIR> Adobe
[07/24/2008|06:31] C:\Program Files\Common Files\<DIR> Adobe AIR
[09/11/2008|11:10] C:\Program Files\Common Files\<DIR> Ahead
[02/24/2009|12:53] C:\Program Files\Common Files\<DIR> BioWare
[09/14/2008|01:40] C:\Program Files\Common Files\<DIR> Canon
[07/13/2008|09:07] C:\Program Files\Common Files\<DIR> Designer
[07/24/2008|08:57] C:\Program Files\Common Files\<DIR> InstallShield
[08/05/2008|12:12] C:\Program Files\Common Files\<DIR> Java
[11/15/2008|12:49] C:\Program Files\Common Files\<DIR> Microsoft Shared
[07/09/2008|02:32] C:\Program Files\Common Files\<DIR> MSSoap
[07/09/2008|03:42] C:\Program Files\Common Files\<DIR> NVIDIA Shared
[07/09/2008|06:35] C:\Program Files\Common Files\<DIR> ODBC
[07/24/2008|08:55] C:\Program Files\Common Files\<DIR> ScanSoft Shared
[07/09/2008|02:32] C:\Program Files\Common Files\<DIR> Services
[03/11/2009|07:57] C:\Program Files\Common Files\<DIR> Sonic
[03/11/2009|07:56] C:\Program Files\Common Files\<DIR> Sonic Shared
[03/10/2009|03:55] C:\Program Files\Common Files\<DIR> SONY Digital Images
[07/09/2008|06:34] C:\Program Files\Common Files\<DIR> SpeechEngines
[03/11/2009|07:56] C:\Program Files\Common Files\<DIR> SureThing Shared
[07/10/2008|09:31] C:\Program Files\Common Files\<DIR> Symantec Shared
[04/07/2009|09:23] C:\Program Files\Common Files\<DIR> System
[03/10/2009|03:53] C:\Program Files\Common Files\<DIR> Ulead Systems

--------------------\\ Process

( 22 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN

--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-13 18:31:10
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.112.227,85.255.112.166
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\..\{ACDA1449-1CD4-4CB2-BB84-6B005881B2DC}]
NameServer REG_SZ 85.255.112.227,85.255.112.166
==> WAREOUT <==

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Boris\Application Data\uTorrent\resco.explorer.palm.os.5.02.keygen.rar.torrent
C:\DOCUME~1\Boris\Desktop\All (15) Popcap Games With Keygens 2004.05.04.rar
C:\DOCUME~1\Boris\Desktop\Downers\Card Recovery + Crack.zip
C:\DOCUME~1\Boris\Desktop\MP3\#Bloodhound Gang - Pacman On Crack.mp3
C:\DOCUME~1\Boris\Desktop\Palm\resco.explorer.palm.os.5.02.keygen.rar
C:\DOCUME~1\Boris\Desktop\Palm\Mapopolis_Navigator\CD1\US maps AK-MN\KY\MCCRACKENKYNGM.pdb
C:\DOCUME~1\Boris\Desktop\Syncbox\Bzzz crack-arm.exe
C:\DOCUME~1\Boris\Desktop\Torrent Downers\Corel WinDVD 9\Corel WinDVD 9\Keygen.exe

[F:1][D:0]-> C:\DOCUME~1\Boris\Cookies
[F:6][D:4]-> C:\DOCUME~1\Boris\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Mon 04/13/2009|18:31 - Option : [1]

--------------------\\ Scan completed at 18:31:33

#4
Clubshub

Posted 13 April 2009 - 09:31 PM

Member

Topic Starter
Member
10 posts

BTW I now no longer have internet access on the infected machine. I have network but web pages won't load (server not found) and my mail client just spins.

ideas? Thanks!
Boris

#5
Clubshub

Posted 13 April 2009 - 10:05 PM

Member

Topic Starter
Member
10 posts

Ok, I figured that one out myself: for some reason my DNS entries in my network setup got erased. Problem solved.

No back to the malware...

#6
heir

Posted 14 April 2009 - 10:05 AM

Trusted Helper

Malware Removal
5,427 posts

So let's remove the baddies then and do some more scanning.

Step 1.
Filescans:

Using Internet Explorer please go to VirSCAN.org FREE on-line scan service
Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
- C:\WINDOWS\SW_Win2000X1.DLL
Click on the Upload button
Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
Paste the contents of the Clipboard in your next reply.

Do the same with this one:C:\WINDOWS\SW_Win2146X32.DLL

Step 2.
Uninstall unwanted software:

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

LimeWire 4.18.8
µTorrent

Optional removals
Limewire, µTorrent and P2P programs in general are legal themselves, but much of the content downloaded with them is downloaded illegally. They are also a great way to infect yourself with malware.
It's up to you if you want to remove the above programs, however I recommend you do.

Step 3.
OTL-fix:

Run OTListIt2.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTLI
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O2 - BHO: (no name) - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - Reg Error: Key error. File not found
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.227,85.255.112.166
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{ACDA1449-1CD4-4CB2-BB84-6B005881B2DC}\\NameServer = 85.255.112.227,85.255.112.166
O33 - MountPoints2\{327e9c1a-cefe-11dd-b695-0013d4f77916}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\svchost.exe
O33 - MountPoints2\{327e9c1a-cefe-11dd-b695-0013d4f77916}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\svchost.exe
O33 - MountPoints2\{7e994ec2-4da2-11dd-b231-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{7e994ec2-4da2-11dd-b231-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7e994ec2-4da2-11dd-b231-806d6172696f}\Shell\AutoRun\command - "" = D:\ASUSACPI.exe -- File not found
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\uTorrent\uTorrent.exe=-
C:\Program Files\LimeWire\LimeWire.exe=-
:Files
C:\DOCUME~1\Boris\Application Data\uTorrent\resco.explorer.palm.os.5.02.keygen.rar.torrent
C:\DOCUME~1\Boris\Desktop\All (15) Popcap Games With Keygens 2004.05.04.rar
C:\DOCUME~1\Boris\Desktop\Downers\Card Recovery + Crack.zip
C:\DOCUME~1\Boris\Desktop\MP3\#Bloodhound Gang - Pacman On Crack.mp3
C:\DOCUME~1\Boris\Desktop\Palm\resco.explorer.palm.os.5.02.keygen.rar
C:\DOCUME~1\Boris\Desktop\Palm\Mapopolis_Navigator\CD1\US maps AK-MN\KY\MCCRACKENKYNGM.pdb
C:\DOCUME~1\Boris\Desktop\Syncbox\Bzzz crack-arm.exe
C:\DOCUME~1\Boris\Desktop\Torrent Downers\Corel WinDVD 9\Corel WinDVD 9\Keygen.exe
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post a new OTL2 log

Step 4.
OTL-scan:

Download OTListIt2 to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open a notepad window with OTListIt.Txt that's saved in the same location as OTListIt2.
Please copy (Edit->Select All, Edit->Copy) the contents of that file and post it with your next reply.

Step 5.
Things I would like to see in your reply:

The results from the filescans in step 1.
Which P2P softwares that were uninstalled in step 2.
The content of the fixlog from OTL2 in step 3.
The content of OTListIt.txt from step 4.

#7
Clubshub

Posted 15 April 2009 - 05:49 AM

Member

Topic Starter
Member
10 posts

Hello heir,

All requested actions (including uninstalling uTorrent and Limewire) have been performed and logfiles are posted below. Of some possible interest:

1. redirection from websites to ads has stopped
2. running OTListit erases my DNS entries and some file associations
3. overnight Norton encountered and deleted files attributed to W32.Tidserv:
C:\System Volume Information\_restore{F70FD2AA-EC40-4AE9-B5B7-6564DAB007DF}\RP320\A0038634.dll
C:\System Volume Information\_restore{F70FD2AA-EC40-4AE9-B5B7-6564DAB007DF}\RP320\A0038633.sys

I await your reply.

Thanks very much,
Boris

Here's the result of Virscan for C:\WINDOWS\SW_Win2000X1.DLL:
~~~~~~~~~~~~~~~~~~~

VirSCAN.org Scanned Report :
Scanned time : 2009/04/14 22:40:56 (CDT)
Scanner results: All Scanners reported not find malware!
File Name : SW_Win2000X1.DLL
File Size : 79 byte
File Type : ASCII text, with CRLF line terminators
MD5 : 46fb7a1b8361b98a028c8a415459aefd
SHA1 : 8c852afa5a101663e8cc830c9da1ec76885a3afd
Online report : http://virscan.org/r...2686153bdc.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 20090415043116 2009-04-15 2.33 -
AhnLab V3 2009.04.15.00 2009.04.15 2009-04-15 0.60 -
AntiVir 7.9.0.143 7.1.3.50 2009-04-14 2.01 -
Antiy 2.0.18 20090414.2296457 2009-04-14 0.12 -
Authentium 5.1.1 200904141852 2009-04-14 1.09 -
AVAST! 3.0.1 090414-0 2009-04-14 0.91 -
AVG 7.5.52.442 270.11.57/2059 2009-04-14 2.01 -
BitDefender 7.81008.2846489 7.24807 2009-04-15 2.61 -
CA (VET) 9.0.0.143 31.6.6435 2009-04-14 7.07 -
ClamAV 0.95 9236 2009-04-15 0.00 -
Comodo 3.8 1113 2009-04-14 0.55 -
CP Secure 1.1.0.715 2009.04.15 2009-04-15 8.22 -
Dr.Web 4.44.0.9170 2009.04.15 2009-04-15 4.38 -
F-Prot 4.4.4.56 20090414 2009-04-14 1.11 -
F-Secure 5.51.6100 2009.04.15.03 2009-04-15 0.05 -
Fortinet 2.81-3.117 10.283 2009-04-14 0.14 -
GData 19.4626/19.299 20090415 2009-04-15 4.27 -
ViRobot 20090414 2009.04.14 2009-04-14 0.41 -
Ikarus T3.1.01.49 2009.04.14.72579 2009-04-14 2.88 -
JiangMin 11.0.706 2009.04.14 2009-04-14 1.66 -
Kaspersky 5.5.10 2009.04.15 2009-04-15 0.02 -
KingSoft 2009.2.5.15 2009.4.14.21 2009-04-14 0.57 -
McAfee 5.3.00 5584 2009-04-14 2.73 -
Microsoft 1.4502 2009.04.15 2009-04-15 4.35 -
mks_vir 2.01 2009.04.14 2009-04-14 2.70 -
Norman 6.00.06 6.00.00 2009-04-14 10.01 -
Panda 9.05.01 2009.04.14 2009-04-14 1.55 -
Trend Micro 8.700-1004 5.966.22 2009-04-14 0.02 -
Quick Heal 10.00 2009.04.14 2009-04-14 1.74 -
Rising 20.0 21.25.14.00 2009-04-14 0.52 -
Sophos 2.85.0 4.40 2009-04-15 2.12 -
Sunbelt 5091 5091 2009-04-13 0.60 -
Symantec 1.3.0.24 20090414.020 2009-04-14 0.22 -
nProtect 20090414.03 3468730 2009-04-14 4.27 -
The Hacker 6.3.4.0 v00308 2009-04-14 0.52 -
VBA32 3.12.10.2 20090413.1221 2009-04-13 1.70 -
VirusBuster 4.5.11.10 10.102.40/1228619 2009-04-09 1.49 -

And here it is for C:\WINDOWS\SW_Win2146X32.DLL:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

VirSCAN.org Scanned Report :
Scanned time : 2009/04/14 22:46:42 (CDT)
Scanner results: All Scanners reported not find malware!
File Name : SW_Win2146X32.DLL
File Size : 27 byte
File Type : ASCII text, with CRLF line terminators
MD5 : c6a5941b4b252d969f3331e99a1f6961
SHA1 : 83c5eb712ef48f89578d24a1049f42135275c8da
Online report : http://virscan.org/r...2686153bdc.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 20090415043116 2009-04-15 1.91 -
AhnLab V3 2009.04.15.00 2009.04.15 2009-04-15 0.74 -
AntiVir 7.9.0.143 7.1.3.50 2009-04-14 2.02 -
Antiy 2.0.18 20090414.2296457 2009-04-14 0.12 -
Authentium 5.1.1 200904141852 2009-04-14 1.12 -
AVAST! 3.0.1 090414-0 2009-04-14 0.93 -
AVG 7.5.52.442 270.11.57/2059 2009-04-14 2.09 -
BitDefender 7.81008.2846489 7.24807 2009-04-15 2.62 -
CA (VET) 9.0.0.143 31.6.6435 2009-04-14 6.52 -
ClamAV 0.95 9236 2009-04-15 0.01 -
Comodo 3.8 1113 2009-04-14 0.56 -
CP Secure 1.1.0.715 2009.04.15 2009-04-15 8.23 -
Dr.Web 4.44.0.9170 2009.04.15 2009-04-15 4.35 -
F-Prot 4.4.4.56 20090414 2009-04-14 1.10 -
F-Secure 5.51.6100 2009.04.15.03 2009-04-15 5.14 -
Fortinet 2.81-3.117 10.283 2009-04-14 0.14 -
GData 19.4626/19.299 20090415 2009-04-15 3.54 -
ViRobot 20090414 2009.04.14 2009-04-14 0.41 -
Ikarus T3.1.01.49 2009.04.14.72579 2009-04-14 2.85 -
JiangMin 11.0.706 2009.04.14 2009-04-14 1.79 -
Kaspersky 5.5.10 2009.04.15 2009-04-15 0.02 -
KingSoft 2009.2.5.15 2009.4.14.21 2009-04-14 0.58 -
McAfee 5.3.00 5584 2009-04-14 2.75 -
Microsoft 1.4502 2009.04.15 2009-04-15 4.29 -
mks_vir 2.01 2009.04.14 2009-04-14 2.80 -
Norman 6.00.06 6.00.00 2009-04-14 10.01 -
Panda 9.05.01 2009.04.14 2009-04-14 1.77 -
Trend Micro 8.700-1004 5.966.22 2009-04-14 0.02 -
Quick Heal 10.00 2009.04.14 2009-04-14 1.05 -
Rising 20.0 21.25.14.00 2009-04-14 0.34 -
Sophos 2.85.0 4.40 2009-04-15 2.13 -
Sunbelt 5091 5091 2009-04-13 0.61 -
Symantec 1.3.0.24 20090414.020 2009-04-14 0.22 -
nProtect 20090414.03 3468730 2009-04-14 4.47 -
The Hacker 6.3.4.0 v00308 2009-04-14 0.51 -
VBA32 3.12.10.2 20090413.1221 2009-04-13 1.81 -
VirusBuster 4.5.11.10 10.102.40/1228619 2009-04-09 1.52 -

OTListit FixLog File (OTListit again deleted my DNS server info from my network config):
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

========== OTLISTIT ==========
Process explorer.exe killed successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C6301ED-0F78-4AF2-8150-D9C052361A8E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C6301ED-0F78-4AF2-8150-D9C052361A8E}\ not found.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ACDA1449-1CD4-4CB2-BB84-6B005881B2DC}\\NameServer| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{327e9c1a-cefe-11dd-b695-0013d4f77916}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{327e9c1a-cefe-11dd-b695-0013d4f77916}\ not found.
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{327e9c1a-cefe-11dd-b695-0013d4f77916}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{327e9c1a-cefe-11dd-b695-0013d4f77916}\ not found.
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e994ec2-4da2-11dd-b231-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e994ec2-4da2-11dd-b231-806d6172696f}\ not found.
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e994ec2-4da2-11dd-b231-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e994ec2-4da2-11dd-b231-806d6172696f}\ not found.
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e994ec2-4da2-11dd-b231-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e994ec2-4da2-11dd-b231-806d6172696f}\ not found.
File D:\ASUSACPI.exe not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe deleted successfully.
========== FILES ==========
C:\DOCUME~1\Boris\Application Data\uTorrent\resco.explorer.palm.os.5.02.keygen.rar.torrent moved successfully.
C:\DOCUME~1\Boris\Desktop\All (15) Popcap Games With Keygens 2004.05.04.rar moved successfully.
C:\DOCUME~1\Boris\Desktop\Downers\Card Recovery + Crack.zip moved successfully.
C:\DOCUME~1\Boris\Desktop\MP3\#Bloodhound Gang - Pacman On Crack.mp3 moved successfully.
C:\DOCUME~1\Boris\Desktop\Palm\resco.explorer.palm.os.5.02.keygen.rar moved successfully.
C:\DOCUME~1\Boris\Desktop\Palm\Mapopolis_Navigator\CD1\US maps AK-MN\KY\MCCRACKENKYNGM.pdb moved successfully.
C:\DOCUME~1\Boris\Desktop\Syncbox\Bzzz crack-arm.exe moved successfully.
C:\DOCUME~1\Boris\Desktop\Torrent Downers\Corel WinDVD 9\Corel WinDVD 9\Keygen.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Boris\Local Settings\temp\etilqs_8f4to5eK2hbmFiEDXSrU scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Boris\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_a48.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Boris\Local Settings\Application Data\Mozilla\Firefox\Profiles\htjz5xmr.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Boris\Local Settings\Application Data\Mozilla\Firefox\Profiles\htjz5xmr.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Boris\Local Settings\Application Data\Mozilla\Firefox\Profiles\htjz5xmr.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Boris\Local Settings\Application Data\Mozilla\Firefox\Profiles\htjz5xmr.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Boris\Local Settings\Application Data\Mozilla\Firefox\Profiles\htjz5xmr.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Boris\Local Settings\Application Data\Mozilla\Firefox\Profiles\htjz5xmr.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.14.0 log created on 04152009_072632

Files moved on Reboot...
File C:\Documents and Settings\Boris\Local Settings\temp\etilqs_8f4to5eK2hbmFiEDXSrU not found!
File C:\WINDOWS\temp\Perflib_Perfdata_a48.dat not found!
C:\Documents and Settings\Boris\Local Settings\Application Data\Mozilla\Firefox\Profiles\htjz5xmr.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Boris\Local Settings\Application Data\Mozilla\Firefox\Profiles\htjz5xmr.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Boris\Local Settings\Application Data\Mozilla\Firefox\Profiles\htjz5xmr.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Boris\Local Settings\Application Data\Mozilla\Firefox\Profiles\htjz5xmr.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Boris\Local Settings\Application Data\Mozilla\Firefox\Profiles\htjz5xmr.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Boris\Local Settings\Application Data\Mozilla\Firefox\Profiles\htjz5xmr.default\XUL.mfl moved successfully.

Registry entries deleted on Reboot...

OTListit scan results:
~~~~~~~~~~~~~~~~~

OTListIt logfile created on: 4/15/2009 7:38:30 AM - Run 2
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Boris\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 696.77 Mb Available Physical Memory | 68.08% Memory free
2.40 Gb Paging File | 2.18 Gb Available in Paging File | 90.85% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279.47 Gb Total Space | 18.45 Gb Free Space | 6.60% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 465.76 Gb Total Space | 390.74 Gb Free Space | 83.89% Space Free | Partition Type: NTFS

Computer Name: CENTRAAL
Current User Name: Boris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe (NVIDIA Corporation)
PRC - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
PRC - C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
PRC - C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
PRC - C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Bret Taylor\Stickies\Stickies.exe (Bret Taylor)
PRC - C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
PRC - C:\Documents and Settings\Boris\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (CCALib8 [Auto | Running]) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DefWatch [Auto | Running]) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (InCDsrv [Auto | Running]) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (NMIndexingService [On_Demand | Stopped]) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (Norton AntiVirus Server [Auto | Running]) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (UleadBurningHelper [Auto | Running]) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (61883 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\61883.sys (Microsoft Corporation)
DRV - (ALCXWDM [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (Avc [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\avc.sys (Microsoft Corporation)
DRV - (axwhisky [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\axwhisky.sys ( )
DRV - (axwskbus [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\axwskbus.sys ( )
DRV - (BrScnUsb [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\BrScnUsb.sys (Brother Industries Ltd.)
DRV - (Cinemsup [System | Running]) -- C:\WINDOWS\System32\drivers\cinemsup.sys (Sonic Solutions)
DRV - (drvmcdb [Boot | Running]) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm [Auto | Running]) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (gameenum [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (InCDfs [Disabled | Running]) -- C:\WINDOWS\system32\drivers\InCDFs.sys (Nero AG)
DRV - (InCDPass [System | Running]) -- C:\WINDOWS\system32\drivers\InCDPass.sys (Nero AG)
DRV - (incdrm [System | Running]) -- C:\WINDOWS\system32\drivers\InCDRm.sys (Nero AG)
DRV - (MSDV [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\msdv.sys (Microsoft Corporation)
DRV - (ms_mpu401 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (MTsensor [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ASACPI.sys ()
DRV - (NAVAP [On_Demand | Stopped]) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navap.sys (Symantec Corporation)
DRV - (NAVAPEL [Auto | Running]) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS (Symantec Corporation)
DRV - (NAVENG [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090410.003\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090410.003\NAVEX15.SYS (Symantec Corporation)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (nvata [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (nvax [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\nvax.sys (NVIDIA Corporation)
DRV - (NVENETFD [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvnetbus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys (NVIDIA Corporation)
DRV - (nvnforce [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\nvapu.sys (NVIDIA Corporation)
DRV - (PalmUSBD [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (PalmSource, Inc.)
DRV - (pcouffin [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\pcouffin.sys (VSO Software)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sscdbhk5 [System | Running]) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln [System | Running]) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (SymEvent [On_Demand | Running]) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (tfsnboio [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsncofs [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsndrct [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (tfsnifs [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsnopio [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsnudf [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnudfa [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (usb_rndisx [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usb8023x.sys (Microsoft Corporation)
DRV - (vcdrom [System | Running]) -- C:\WINDOWS\system32\VCdRom.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.1.9
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/12/11 23:55:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/28 23:02:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/28 23:02:08 | 00,000,000 | ---D | M]

[2008/07/09 19:17:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Boris\Application Data\mozilla\Extensions
[2008/07/09 19:17:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Boris\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/15 07:30:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Boris\Application Data\mozilla\Firefox\Profiles\htjz5xmr.default\extensions
[2009/04/13 01:59:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Boris\Application Data\mozilla\Firefox\Profiles\htjz5xmr.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/04/15 07:30:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/28 23:02:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/08/05 00:13:38 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/12/11 23:55:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/14 08:08:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/03/28 23:02:04 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/28 23:02:04 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/09/27 03:34:33 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/09/27 03:34:33 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/09/27 03:34:33 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/14 09:37:34 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/09/27 03:34:33 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/09/27 03:34:33 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/09/27 03:34:33 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (767 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 q4master.idsoftware.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun (Brother Industries, Ltd.)
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (Scansoft, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r (Sonic Solutions)
O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe (Symantec Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [Stickies] C:\Program Files\Bret Taylor\Stickies\Stickies.exe (Bret Taylor)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\Boris\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.co.../sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{ACDA1449-1CD4-4CB2-BB84-6B005881B2DC}\\NameServer = 216.254.141.13,209.90.160.220
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS\*.tmp files]
[2009/04/15 07:26:32 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/04/13 23:20:35 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/04/13 18:29:59 | 00,000,000 | ---D | C] -- C:\Lop SD
[2009/04/13 18:15:12 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/04/13 18:15:11 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/04/13 18:15:06 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/04/13 18:13:16 | 00,219,648 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/04/13 18:13:16 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/04/13 18:13:16 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/04/13 18:13:16 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/04/13 18:13:16 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/04/13 18:13:16 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/04/13 18:13:16 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/04/13 18:13:16 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/04/13 18:13:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/13 18:13:11 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/04/13 18:12:46 | 00,530,106 | ---- | C] () -- C:\Documents and Settings\Boris\Desktop\LopSD.exe
[2009/04/13 18:12:43 | 03,081,643 | R--- | C] () -- C:\Documents and Settings\Boris\Desktop\ComboFix.exe
[2009/04/13 07:54:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Boris\Desktop\battle
[2009/04/13 01:40:11 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Boris\Desktop\OTListIt2.exe
[2009/04/13 01:38:55 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/13 01:38:38 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\Boris\Desktop\Rooter.exe
[2009/04/13 01:34:07 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/13 01:34:07 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/13 01:34:05 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/13 01:34:04 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/13 01:34:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/13 01:06:10 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Boris\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/04/13 01:05:49 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Boris\Desktop\ERUNT.lnk
[2009/04/13 01:05:49 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/11 00:00:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/04/10 23:52:46 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2009/04/10 21:26:17 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/04/10 21:26:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/04/10 09:47:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Boris\Desktop\Palm
[2009/04/10 09:45:52 | 00,090,769 | ---- | C] () -- C:\Documents and Settings\Boris\Desktop\Ad-AwareAE.exe
[2009/04/10 09:45:49 | 10,677,120 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\Boris\Desktop\Ad-AwareAE.exe.part
[2009/04/10 09:43:49 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Boris\Desktop\spybotsd162.exe
[2009/04/10 02:05:58 | 00,000,582 | ---- | C] () -- C:\Documents and Settings\Boris\Desktop\tdtetris.jad
[2009/04/10 02:00:12 | 00,006,414 | ---- | C] () -- C:\Documents and Settings\Boris\Desktop\corrhack.zip
[2009/04/10 01:55:08 | 00,044,616 | ---- | C] () -- C:\Documents and Settings\Boris\Desktop\vexed.zip
[2009/04/08 00:57:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Boris\Desktop\Palm SW
[2009/04/07 22:31:16 | 00,016,640 | R--- | C] (PalmSource, Inc.) -- C:\WINDOWS\System32\drivers\PalmUSBD.sys
[2009/04/07 22:26:41 | 00,001,513 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
[2009/04/07 22:26:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Boris\My Documents\My Albums
[2009/04/07 22:26:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Boris\Application Data\Arcsoft
[2009/04/07 22:26:08 | 00,001,478 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Palm Desktop.lnk
[2009/04/07 22:24:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Boris\Application Data\HotSync
[2009/04/07 22:24:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2009/04/07 22:24:21 | 00,000,000 | ---D | C] -- C:\Program Files\Palm
[2009/04/07 22:07:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Boris\My Documents\Palm OS Desktop
[2009/04/03 08:09:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Boris\Desktop\Rickle
[2009/04/03 07:57:03 | 00,000,384 | ---- | C] () -- C:\Documents and Settings\Boris\Desktop\Shortcut to amboo.lnk
[2009/03/31 08:04:35 | 00,013,824 | ---- | C] () -- C:\Documents and Settings\Boris\Desktop\Movie List.xls
[2009/03/27 08:03:36 | 03,702,784 | ---- | C] () -- C:\Documents and Settings\Boris\Desktop\cd080802.iso
[2009/03/22 10:35:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Boris\Desktop\Nav8Client
[2009/03/18 18:42:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Boris\Local Settings\Application Data\WMTools Downloaded Files
[2009/03/17 21:52:20 | 00,000,000 | ---D | C] -- C:\Program Files\StoneHeads
[2009/03/17 21:52:14 | 00,000,196 | ---- | C] () -- C:\WINDOWS\STONEHDS.INI
[2009/03/11 07:55:20 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/15 00:49:55 | 00,000,316 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/11/09 12:06:04 | 00,000,079 | ---- | C] () -- C:\WINDOWS\SW_Win2000X1.DLL
[2008/11/09 12:05:27 | 00,000,027 | ---- | C] () -- C:\WINDOWS\SW_Win2146X32.DLL
[2008/11/09 11:53:09 | 00,003,774 | ---- | C] () -- C:\WINDOWS\CX_SearchHistory.INI
[2008/11/09 11:53:03 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\CSVSpecialProcessing.dll
[2008/11/09 11:53:03 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\SARzilla.dll
[2008/11/09 11:53:03 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\DVM.dll
[2008/11/09 11:53:03 | 00,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx13_ic.ini
[2008/07/24 08:59:00 | 00,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/07/24 08:57:34 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2008/07/24 08:57:27 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2008/07/24 08:55:52 | 00,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/07/13 21:08:07 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/13 11:59:05 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/07/11 00:52:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2008/07/09 14:51:16 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2008/07/09 14:51:13 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2008/07/09 14:43:53 | 00,000,266 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2008/07/09 14:43:41 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/07/09 14:43:40 | 00,005,700 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/07/09 14:43:37 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/10/12 23:20:06 | 00,151,417 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2006/02/09 10:06:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/02/09 10:06:00 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/02/09 10:06:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/02/09 10:06:00 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/02/09 10:06:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/02/09 10:06:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004/12/20 22:26:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/03 21:07:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/03 21:07:00 | 00,000,573 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/03 21:07:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/12/19 02:00:00 | 00,013,387 | ---- | C] () -- C:\WINDOWS\System32\CinemSup.sys
[2003/07/02 17:41:42 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\axwhisky.sys
[2003/07/02 16:49:52 | 00,124,160 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\axwskbus.sys
[2003/04/26 01:16:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2002/03/04 10:16:34 | 00,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[1999/01/22 14:46:56 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/04/15 07:28:53 | 00,194,593 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/04/15 07:28:04 | 00,000,312 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2009/04/15 07:27:46 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/15 07:27:46 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/15 07:27:45 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/13 18:25:43 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/13 18:15:12 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/04/13 11:57:24 | 00,530,106 | ---- | M] () -- C:\Documents and Settings\Boris\Desktop\LopSD.exe
[2009/04/13 11:55:46 | 03,081,643 | R--- | M] () -- C:\Documents and Settings\Boris\Desktop\ComboFix.exe
[2009/04/13 07:55:10 | 00,090,769 | ---- | M] () -- C:\Documents and Settings\Boris\Desktop\Ad-AwareAE.exe
[2009/04/13 01:40:11 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Boris\Desktop\OTListIt2.exe
[2009/04/13 01:38:38 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\Boris\Desktop\Rooter.exe
[2009/04/13 01:34:07 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/13 01:06:10 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Boris\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/04/13 01:05:49 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Boris\Desktop\ERUNT.lnk
[2009/04/11 00:02:37 | 00,056,320 | ---- | M] () -- C:\Documents and Settings\Boris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/11 00:02:37 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/10 09:46:15 | 10,677,120 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Boris\Desktop\Ad-AwareAE.exe.part
[2009/04/10 09:44:43 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Boris\Desktop\spybotsd162.exe
[2009/04/10 02:05:58 | 00,000,582 | ---- | M] () -- C:\Documents and Settings\Boris\Desktop\tdtetris.jad
[2009/04/10 02:00:12 | 00,006,414 | ---- | M] () -- C:\Documents and Settings\Boris\Desktop\corrhack.zip
[2009/04/10 01:55:08 | 00,044,616 | ---- | M] () -- C:\Documents and Settings\Boris\Desktop\vexed.zip
[2009/04/08 01:10:41 | 00,234,368 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/07 22:34:22 | 00,068,920 | ---- | M] () -- C:\Documents and Settings\Boris\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/04/07 22:26:41 | 00,001,513 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
[2009/04/07 22:26:08 | 00,001,478 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Palm Desktop.lnk
[2009/04/07 22:22:12 | 00,000,010 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2009/04/07 21:30:27 | 00,458,340 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/07 21:30:27 | 00,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/07 21:30:27 | 00,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/07 21:23:50 | 00,000,573 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/07 08:29:25 | 00,000,668 | ---- | M] () -- C:\Documents and Settings\Boris\Application Data\vso_ts_preview.xml
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/03 07:57:04 | 00,000,384 | ---- | M] () -- C:\Documents and Settings\Boris\Desktop\Shortcut to amboo.lnk
[2009/04/03 07:50:18 | 02,106,246 | -H-- | M] () -- C:\Documents and Settings\Boris\Local Settings\Application Data\IconCache.db
[2009/03/31 08:04:35 | 00,013,824 | ---- | M] () -- C:\Documents and Settings\Boris\Desktop\Movie List.xls
[2009/03/17 21:54:12 | 00,000,196 | ---- | M] () -- C:\WINDOWS\STONEHDS.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Boris\Desktop\retrospect.jpg:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Boris\Desktop\retrospect b.jpg:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Boris\Desktop\Retropair A.jpg:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Boris\Desktop\card 004.JPG:SummaryInformation
< End of report >

#8
heir

Posted 15 April 2009 - 06:47 AM

Trusted Helper

Malware Removal
5,427 posts

2. running OTListit erases my DNS entries and some file associations

When running the fix it was on purpose cause the entries where to an inappropriate name server that the malware had set for you. Now it looks OK

Which file associations where changed?
Because nothing in the fix where designed to do that.

Let's do a couple of filescans and remove leftovers from the P2P softwares.

Step 1.
Filescans:

Using Internet Explorer please go to VirSCAN.org FREE on-line scan service
Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
- C:\Documents and Settings\Boris\Desktop\tdtetris.jad
Click on the Upload button
Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
Paste the contents of the Clipboard in your next reply.

Do the same with these:C:\Documents and Settings\Boris\Desktop\corrhack.zip
C:\Documents and Settings\Boris\Desktop\vexed.zip

Step 2.
OTL-fix:

Run OTListIt2.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTLI
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
:Files
C:\DOCUME~1\Boris\APPLIC~1\LimeWire
C:\DOCUME~1\Boris\APPLIC~1\uTorrent
C:\Program Files\LimeWire
C:\Program Files\uTorrent
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post The OTL2 fixlog

Step 3.
Things I would like to see in your reply:

Answer to my question in the beginning of the post.
The results from the filescans in step 1.
The content of the fixlog from OTL2 in step 2.

#9
Clubshub

Posted 16 April 2009 - 06:09 AM

Member

Topic Starter
Member
10 posts

Hi heir,

I guess we're coming to the end of this! The file association I was referring to was for .jpg files. I don't know why it changed bnut I was able to change it back and it's been stable since.

Here are the logfiles from the latest actions:

Viruscan Results for C:\Documents and Settings\Boris\Desktop\tdtetris.jad:

VirSCAN.org Scanned Report :
Scanned time : 2009/04/15 23:23:19 (CDT)
Scanner results: All Scanners reported not find malware!
File Name : tdtetris.jad
File Size : 582 byte
File Type : ASCII text
MD5 : eda8f0bd5ed931cff4608b64825c5f5a
SHA1 : c05bce15a4387e28b58d634ede97d0a9f7eb9939
Online report : http://virscan.org/r...decd456220.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 20090415043116 2009-04-15 2.28 -
AhnLab V3 2009.04.16.00 2009.04.16 2009-04-16 0.65 -
AntiVir 7.9.0.143 7.1.3.57 2009-04-15 2.02 -
Antiy 2.0.18 20090415.2296744 2009-04-15 0.12 -
Authentium 5.1.1 200904152122 2009-04-15 1.10 -
AVAST! 3.0.1 090415-0 2009-04-15 0.00 -
AVG 7.5.52.442 270.11.58/2061 2009-04-15 2.03 -
BitDefender 7.81008.2846650 7.24826 2009-04-16 2.60 -
CA (VET) 9.0.0.143 31.6.6435 2009-04-14 14.05 -
ClamAV 0.95 9241 2009-04-16 0.00 -
Comodo 3.8 1115 2009-04-15 1.26 -
CP Secure 1.1.0.715 2009.04.16 2009-04-16 8.29 -
Dr.Web 4.44.0.9170 2009.04.16 2009-04-16 4.42 -
F-Prot 4.4.4.56 20090415 2009-04-15 1.10 -
F-Secure 5.51.6100 2009.04.16.01 2009-04-16 0.05 -
Fortinet 2.81-3.117 10.286 2009-04-15 0.31 -
GData 19.4650/19.300 20090416 2009-04-16 8.22 -
ViRobot 20090414 2009.04.14 2009-04-14 1.37 -
Ikarus T3.1.01.49 2009.04.15.72584 2009-04-15 2.85 -
JiangMin 11.0.706 2009.04.15 2009-04-15 4.10 -
Kaspersky 5.5.10 2009.04.16 2009-04-16 0.02 -
KingSoft 2009.2.5.15 2009.4.15.18 2009-04-15 3.58 -
McAfee 5.3.00 5585 2009-04-15 2.79 -
Microsoft 1.4502 2009.04.15 2009-04-15 10.67 -
mks_vir 2.01 2009.04.15 2009-04-15 2.68 -
Norman 6.00.06 6.00.00 2009-04-15 10.01 -
Panda 9.05.01 2009.04.15 2009-04-15 7.00 -
Trend Micro 8.700-1004 5.968.11 2009-04-15 0.02 -
Quick Heal 10.00 2009.04.16 2009-04-16 1.62 -
Rising 20.0 21.25.30.00 2009-04-16 0.34 -
Sophos 2.85.0 4.40 2009-04-16 2.16 -
Sunbelt 5094 5094 2009-04-15 7.12 -
Symantec 1.3.0.24 20090415.003 2009-04-15 0.23 -
nProtect 20090415.02 3471338 2009-04-15 8.58 -
The Hacker 6.3.4.0 v00309 2009-04-15 2.07 -
VBA32 3.12.10.2 20090415.0958 2009-04-15 1.70 -
VirusBuster 4.5.11.10 10.102.40/1228619 2009-04-09 1.49 -

Viruscan Results for C:\Documents and Settings\Boris\Desktop\corrhack.zip:

VirSCAN.org Scanned Report :
Scanned time : 2009/04/15 23:28:48 (CDT)
Scanner results: All Scanners reported not find malware!
File Name : corrhack.zip
File Size : 6414 byte
File Type : Zip archive data, at least v2.0 to extract
MD5 : 3e7b2f49b9a83d9a49e3dc35628aacae
SHA1 : 1f789e98f7da81cb3f522d2587ef580b811ccb96
Online report : http://virscan.org/r...3d3d77afaa.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 20090415043116 2009-04-15 1.99 -
AhnLab V3 2009.04.16.00 2009.04.16 2009-04-16 0.61 -
AntiVir 7.9.0.143 7.1.3.57 2009-04-15 2.00 -
Antiy 2.0.18 20090415.2296744 2009-04-15 0.17 -
Authentium 5.1.1 200904152122 2009-04-15 1.10 -
AVAST! 3.0.1 090415-0 2009-04-15 0.00 -
AVG 7.5.52.442 270.11.58/2061 2009-04-15 2.06 -
BitDefender 7.81008.2846650 7.24826 2009-04-16 2.63 -
CA (VET) 9.0.0.143 31.6.6435 2009-04-14 5.85 -
ClamAV 0.95 9241 2009-04-16 0.01 -
Comodo 3.8 1115 2009-04-15 1.37 -
CP Secure 1.1.0.715 2009.04.16 2009-04-16 8.21 -
Dr.Web 4.44.0.9170 2009.04.16 2009-04-16 4.37 -
F-Prot 4.4.4.56 20090415 2009-04-15 1.12 -
F-Secure 5.51.6100 2009.04.16.01 2009-04-16 5.14 -
Fortinet 2.81-3.117 10.286 2009-04-15 0.18 -
GData 19.4650/19.300 20090416 2009-04-16 3.48 -
ViRobot 20090414 2009.04.14 2009-04-14 0.41 -
Ikarus T3.1.01.49 2009.04.15.72584 2009-04-15 2.82 -
JiangMin 11.0.706 2009.04.15 2009-04-15 1.82 -
Kaspersky 5.5.10 2009.04.16 2009-04-16 0.03 -
KingSoft 2009.2.5.15 2009.4.15.18 2009-04-15 0.57 -
McAfee 5.3.00 5585 2009-04-15 2.75 -
Microsoft 1.4502 2009.04.15 2009-04-15 4.29 -
mks_vir 2.01 2009.04.15 2009-04-15 2.71 -
Norman 6.00.06 6.00.00 2009-04-15 10.01 -
Panda 9.05.01 2009.04.15 2009-04-15 1.61 -
Trend Micro 8.700-1004 5.968.11 2009-04-15 0.03 -
Quick Heal 10.00 2009.04.16 2009-04-16 1.08 -
Rising 20.0 21.25.30.00 2009-04-16 0.60 -
Sophos 2.85.0 4.40 2009-04-16 2.16 -
Sunbelt 5094 5094 2009-04-15 1.08 -
Symantec 1.3.0.24 20090415.003 2009-04-15 0.05 -
nProtect 20090415.02 3471338 2009-04-15 5.39 -
The Hacker 6.3.4.0 v00309 2009-04-15 0.55 -
VBA32 3.12.10.2 20090415.0958 2009-04-15 3.88 -
VirusBuster 4.5.11.10 10.102.40/1228619 2009-04-09 1.50 -

Viruscan Results for C:\Documents and Settings\Boris\Desktop\vexed.zip:

VirSCAN.org Scanned Report :
Scanned time : 2009/04/15 23:38:10 (CDT)
Scanner results: All Scanners reported not find malware!
File Name : vexed.zip
File Size : 44616 byte
File Type : Zip archive data, at least v2.0 to extract
MD5 : b94dbf8146ffbe4302aaf9710fe2b678
SHA1 : 8bb65492fa6b1b0caf65cdc1c762ce6cf0c3b57b
Online report : http://virscan.org/r...c409a034e3.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 20090415043116 2009-04-15 2.27 -
AhnLab V3 2009.04.16.00 2009.04.16 2009-04-16 0.60 -
AntiVir 7.9.0.143 7.1.3.57 2009-04-15 2.07 -
Antiy 2.0.18 20090415.2296744 2009-04-15 0.28 -
Authentium 5.1.1 200904152122 2009-04-15 1.14 -
AVAST! 3.0.1 090415-0 2009-04-15 0.93 -
AVG 7.5.52.442 270.11.58/2061 2009-04-15 2.47 -
BitDefender 7.81008.2846650 7.24826 2009-04-16 2.65 -
CA (VET) 9.0.0.143 31.6.6435 2009-04-14 8.51 -
ClamAV 0.95 9241 2009-04-16 0.03 -
Comodo 3.8 1115 2009-04-15 1.23 -
CP Secure 1.1.0.715 2009.04.16 2009-04-16 8.23 -
Dr.Web 4.44.0.9170 2009.04.16 2009-04-16 4.65 -
F-Prot 4.4.4.56 20090415 2009-04-15 1.10 -
F-Secure 5.51.6100 2009.04.16.01 2009-04-16 0.44 -
Fortinet 2.81-3.117 10.286 2009-04-15 0.71 -
GData 19.4650/19.300 20090416 2009-04-16 3.93 -
ViRobot 20090414 2009.04.14 2009-04-14 0.40 -
Ikarus T3.1.01.49 2009.04.15.72584 2009-04-15 2.87 -
JiangMin 11.0.706 2009.04.15 2009-04-15 1.74 -
Kaspersky 5.5.10 2009.04.16 2009-04-16 0.14 -
KingSoft 2009.2.5.15 2009.4.15.18 2009-04-15 0.59 -
McAfee 5.3.00 5585 2009-04-15 2.87 -
Microsoft 1.4502 2009.04.15 2009-04-15 4.49 -
mks_vir 2.01 2009.04.15 2009-04-15 2.83 -
Norman 6.00.06 6.00.00 2009-04-15 10.01 -
Panda 9.05.01 2009.04.15 2009-04-15 1.54 -
Trend Micro 8.700-1004 5.968.11 2009-04-15 0.07 -
Quick Heal 10.00 2009.04.16 2009-04-16 1.20 -
Rising 20.0 21.25.30.00 2009-04-16 0.40 -
Sophos 2.85.0 4.40 2009-04-16 2.19 -
Sunbelt 5094 5094 2009-04-15 0.94 -
Symantec 1.3.0.24 20090415.003 2009-04-15 0.41 -
nProtect 20090415.02 3471338 2009-04-15 4.39 -
The Hacker 6.3.4.0 v00309 2009-04-15 0.58 -
VBA32 3.12.10.2 20090415.0958 2009-04-15 1.65 -
VirusBuster 4.5.11.10 10.102.40/1228619 2009-04-09 1.54 -

OTListit Fixlog:

========== OTLISTIT ==========
Process explorer.exe killed successfully!
========== FILES ==========
C:\DOCUME~1\Boris\APPLIC~1\LimeWire\xml\data moved successfully.
C:\DOCUME~1\Boris\APPLIC~1\LimeWire\xml moved successfully.
C:\DOCUME~1\Boris\APPLIC~1\LimeWire\themes\windows_theme moved successfully.
C:\DOCUME~1\Boris\APPLIC~1\LimeWire\themes moved successfully.
C:\DOCUME~1\Boris\APPLIC~1\LimeWire\promotion moved successfully.
C:\DOCUME~1\Boris\APPLIC~1\LimeWire\certificate moved successfully.
C:\DOCUME~1\Boris\APPLIC~1\LimeWire\.AppSpecialShare moved successfully.
C:\DOCUME~1\Boris\APPLIC~1\LimeWire moved successfully.
C:\DOCUME~1\Boris\APPLIC~1\uTorrent moved successfully.
File/Folder C:\Program Files\LimeWire not found.
C:\Program Files\uTorrent moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Boris\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6d4.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.14.0 log created on 04162009_080358

Files moved on Reboot...
File C:\WINDOWS\temp\Perflib_Perfdata_6d4.dat not found!

Registry entries deleted on Reboot...

#10
heir

Posted 16 April 2009 - 10:09 AM

Trusted Helper

Malware Removal
5,427 posts

I guess we're coming to the end of this!

We might

The file association I was referring to was for .jpg files. I don't know why it changed bnut I was able to change it back and it's been stable since.

Good

Let's do a couple of scans in case something is still hiding in there.

Step 1.
Clean temp locations:

Please download ATF Cleaner by Atribune.
Caution: This program is for Windows 2000, XP and Vista onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Step 2.
Scan with MBAM:

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Step 3.
Scan with Kaspersky Online Scanner:

Please do an online scan with Kaspersky Online Scanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure the following is checked.
- Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
  Mail databases
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.

Upgrading Java:

Posted Image

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:

Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 13.
Click the "Download" button to the right.
Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
Click on Continue.
Click on the link to download Windows Offline Installation (jre-6u13-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u13-windows-i586-p.exe and select "Run as an Administrator.")

Step 4.
Things I would like to see in your reply:

The content of the report from MBAM from Step 2.
The content of the report from Kaspersky Online Scanner from Step 3.

#11
Clubshub

Posted 17 April 2009 - 06:38 AM

Member

Topic Starter
Member
10 posts

Hi heir,

This post will have to be in two parts as I left Kaspersky doing its thing when I went to bed and this morning the window was closed so there's no log for that and I'm running it again

Here's MBAM's logfile:

Malwarebytes' Anti-Malware 1.36
Database version: 1992
Windows 5.1.2600 Service Pack 2

4/16/2009 10:40:25 PM
mbam-log-2009-04-16 (22-40-25).txt

Scan type: Quick Scan
Objects scanned: 72404
Time elapsed: 2 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Convert2PlaySoft (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Boris\Start Menu\Programs\Convert2Play (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)

I'll post Kaspersky's as soon as I get it.

Cheers!

#12
heir

Posted 17 April 2009 - 09:14 AM

Trusted Helper

Malware Removal
5,427 posts

That's OK!
Kaspersky takes a while

#13
Clubshub

Posted 17 April 2009 - 10:00 PM

Member

Topic Starter
Member
10 posts

Hi heir,

Ok, here's Kaspersky's report. It seems to have found a fair number of infections but not all. I say this because after the scan was finished my Norton reactivated and caught W32.Tidserv again but that doesn't seem to come up on the Kaspersky report.

In fact, Kaspersky only found the stuff that was either already known (quarantined items) or stuff that was no threat (viral email attachments that would never have been launched). I always suspected that Norton was as weak as McAfee and I was one of Kaspersky's first customers before they even had a Canadian distributor, so that's a bit of a disappointment.

Anyway, here it is:

KASPERSKY ONLINE SCANNER 7.0 REPORT
Friday, April 17, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Friday, April 17, 2009 14:11:05
Records in database: 2053751
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
A:\
C:\
D:\
E:\
G:\
H:\
I:\
X:\
Scan statistics
Files scanned 92566
Threat name 15
Infected objects 367
Suspicious objects 0
Duration of the scan 05:59:46

File name Threat name Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980000.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980001.VBN Infected: Trojan-Downloader.Win32.Agent.bpuk 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980003.VBN Infected: Trojan.Win32.Agent2.fsa 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980005.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980006.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980007.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980008.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980009.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98000A.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98000B.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98000C.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98000D.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98000E.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98000F.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980010.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980011.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980012.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980013.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980014.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980015.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980016.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980017.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980018.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980019.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98001A.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98001B.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98001C.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98001D.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98001E.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98001F.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980020.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980021.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980022.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980023.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980024.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980025.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980026.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980027.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980028.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980029.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98002A.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98002B.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98002C.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98002D.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98002E.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98002F.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980030.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980031.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980032.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980033.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980034.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980035.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980036.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980037.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980038.VBN Infected: Packed.Win32.Koblu.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98003A.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98003B.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98003C.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98003D.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98003E.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98003F.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980040.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980041.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980042.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980043.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980044.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980045.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980046.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980047.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980048.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980049.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98004A.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98004B.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98004C.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98004D.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98004E.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98004F.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980050.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980051.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980052.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980053.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980054.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980055.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980056.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980057.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980058.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980059.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98005A.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98005B.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98005C.VBN Infected: Backdoor.Win32.KeyStart.cb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98005E.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98005F.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980060.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980061.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980062.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980063.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980064.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980065.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980066.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980067.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980068.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980069.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98006A.VBN Infected: Rootkit.Win32.Agent.ily 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98006B.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98006C.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98006D.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98006E.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98006F.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980070.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980071.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980072.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980073.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980074.VBN Infected: Rootkit.Win32.Protector.cd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980076.VBN Infected: Trojan.Win32.Pakes.myw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980078.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980079.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98007A.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98007B.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98007C.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98007D.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98007E.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98007F.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980080.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980081.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980082.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980083.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980084.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980085.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980086.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980087.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980088.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980089.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98008A.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98008B.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98008C.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98008D.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98008E.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980091.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980092.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980093.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980094.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980095.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980096.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980097.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980098.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980099.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98009A.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98009B.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98009C.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98009D.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98009E.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98009F.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800A0.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800A1.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800A2.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800A3.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800A4.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800A5.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800A6.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800A7.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800A8.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800A9.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800AA.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800AB.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800AC.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800AD.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800AE.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800AF.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800B0.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800B1.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800B2.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800B3.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800B4.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800B5.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800B6.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800B7.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800B8.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800B9.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800BA.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800BB.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800BC.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800BD.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800BE.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800BF.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800C0.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800C1.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800C2.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800C3.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800C4.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800C5.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800C6.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800C7.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800C8.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800C9.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800CA.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800CB.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800CC.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800CD.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800CE.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800CF.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800D0.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800D1.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800D2.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800D3.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800D4.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800D5.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800D6.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800D7.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800D8.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800D9.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800DA.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800DB.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800DC.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800DD.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800DE.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800DF.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800E0.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800E1.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800E2.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800E3.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800E4.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800E5.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800E6.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800E7.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800E8.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800E9.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800EA.VBN Infected: Trojan.Win32.Agent2.fsa 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800EC.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800ED.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800EE.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800EF.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800F0.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800F1.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800F2.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800F3.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800F4.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800F5.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800F6.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800F7.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800F8.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800F9.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800FA.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800FB.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800FC.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800FD.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800FE.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9800FF.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980100.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980101.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980102.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980103.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980104.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980105.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980106.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980107.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980108.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980109.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98010A.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98010B.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98010C.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98010D.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98010E.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98010F.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980110.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980111.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980112.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980113.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980114.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980115.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980116.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980117.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980118.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980119.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98011A.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98011B.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98011C.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98011D.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98011E.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98011F.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980120.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980121.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980122.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980123.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980124.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980125.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980126.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980127.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980128.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980129.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98012A.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98012B.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98012C.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98012D.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98012E.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98012F.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980130.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980131.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980132.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980133.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980134.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980135.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980136.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980137.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980138.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980139.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98013A.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98013B.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98013C.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98013D.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98013E.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98013F.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980140.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980141.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980142.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980143.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980144.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980145.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980146.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980147.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980148.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980149.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98014A.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98014B.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98014C.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98014D.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98014E.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98014F.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980150.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980151.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980152.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980153.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980154.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980155.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980156.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980157.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980158.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980159.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98015A.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98015B.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98015C.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98015D.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98015E.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98015F.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980160.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980161.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980162.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980163.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980164.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980165.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980166.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980167.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980168.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980169.VBN Infected: Trojan.Win32.Monderb.aolf 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98016D.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98016E.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A98016F.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A980170.VBN Infected: Trojan-Spy.Win32.Pophot.hef 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0DD00000.VBN Infected: Trojan-Spy.Win32.Zbot.fql 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0DD00002.VBN Infected: Trojan.Win32.Crypt.hz 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0DD00004.VBN Infected: Trojan-Spy.Win32.Zbot.egs 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0DD00006.VBN Infected: Trojan-Dropper.Win32.Agent.zdw 1
C:\Documents and Settings\Boris\Application Data\Qualcomm\Eudora\attach\Angelina_Jolie.rar Infected: Trojan-Downloader.Win32.Small.aafc 1
C:\Documents and Settings\Boris\Application Data\Qualcomm\Eudora\attach\Angelina_Jolie1.rar Infected: Trojan-Downloader.Win32.Small.aafc 1
C:\Documents and Settings\Boris\Application Data\Qualcomm\Eudora\attach\Angelina_Jolie2.rar Infected: Trojan-Downloader.Win32.Small.aafc 1
C:\Documents and Settings\Boris\Application Data\Qualcomm\Eudora\attach\Angelina_Jolie3.rar Infected: Trojan-Downloader.Win32.Small.aafc 1
C:\Documents and Settings\Boris\Application Data\Qualcomm\Eudora\attach\Angelina_Jolie4.rar Infected: Trojan-Downloader.Win32.Small.aafc 1
C:\Documents and Settings\Boris\Application Data\Qualcomm\Eudora\attach\Angelina_Jolie5.rar Infected: Trojan-Downloader.Win32.Small.aafc 1
The selected area was scanned.

#14
heir

Posted 18 April 2009 - 01:58 AM

Trusted Helper

Malware Removal
5,427 posts

Hmm... Virut that's a nasty one.

Let's remove the attachments in Eudora.

Run OTListIt2.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTLI
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
:Files
C:\Documents and Settings\Boris\Application Data\Qualcomm\Eudora\attach\Angelina_Jolie.rar
C:\Documents and Settings\Boris\Application Data\Qualcomm\Eudora\attach\Angelina_Jolie1.rar
C:\Documents and Settings\Boris\Application Data\Qualcomm\Eudora\attach\Angelina_Jolie2.rar
C:\Documents and Settings\Boris\Application Data\Qualcomm\Eudora\attach\Angelina_Jolie3.rar
C:\Documents and Settings\Boris\Application Data\Qualcomm\Eudora\attach\Angelina_Jolie4.rar
C:\Documents and Settings\Boris\Application Data\Qualcomm\Eudora\attach\Angelina_Jolie5.rar
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post the OTL2 fixlog

As you've had Virut, let's run DrWeb CureIt.

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, in the menu, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.

Edited by heir, 18 April 2009 - 02:01 AM.

#15
Clubshub

Posted 20 April 2009 - 07:29 PM

Member

Topic Starter
Member
10 posts

Hi heir,

Dr. Web has changed its layout and its procedures so some of your instructions might confuse a novice. I simply chose "Complete Scan" and it autoselected the fixed disks. Also, Dr.Web caused the "System Settings Protector" to crash. never seen that before. And it didn't like ComboFix and removed it from my desktop.

Here's the OTListit fixlog (erasing dormant email attachment files):

========== OTLISTIT ==========
Process explorer.exe killed successfully!
========== FILES ==========
C:\Documents and Settings\Boris\Application Data\Qualcomm\Eudora\attach\Angelina_Jolie.rar moved successfully.
C:\Documents and Settings\Boris\Application Data\Qualcomm\Eudora\attach\Angelina_Jolie1.rar moved successfully.
C:\Documents and Settings\Boris\Application Data\Qualcomm\Eudora\attach\Angelina_Jolie2.rar moved successfully.
C:\Documents and Settings\Boris\Application Data\Qualcomm\Eudora\attach\Angelina_Jolie3.rar moved successfully.
C:\Documents and Settings\Boris\Application Data\Qualcomm\Eudora\attach\Angelina_Jolie4.rar moved successfully.
C:\Documents and Settings\Boris\Application Data\Qualcomm\Eudora\attach\Angelina_Jolie5.rar moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Boris\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_d98.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.14.0 log created on 04202009_082531

Files moved on Reboot...
File C:\WINDOWS\temp\Perflib_Perfdata_d98.dat not found!

Registry entries deleted on Reboot...

And here's Dr. Web's report:

RegUBP2b-Boris.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;
0A980000.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980003.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Trojan.DownLoad.29459;Deleted.;
0A980005.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980006.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980007.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980008.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980009.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98000A.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98000B.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98000C.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98000D.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98000E.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98000F.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980010.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980011.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980012.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980013.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980014.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980015.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980016.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980017.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980018.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980019.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98001A.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98001B.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98001C.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98001D.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98001E.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98001F.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980020.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980021.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980022.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980023.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980024.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980025.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980026.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980027.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980028.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980029.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98002A.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98002B.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98002C.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98002D.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98002E.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98002F.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980030.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980031.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980032.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980033.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980034.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980035.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980036.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980037.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98003A.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98003B.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98003C.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98003D.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98003E.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98003F.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980040.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980041.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980042.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980043.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980044.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980045.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980046.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980047.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980048.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980049.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98004A.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98004B.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98004C.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98004D.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98004E.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98004F.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980050.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980051.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980052.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980053.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980054.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980055.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980056.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980057.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980058.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980059.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98005A.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98005B.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98005C.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Trojan.DownLoad.31797;Deleted.;
0A98005E.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98005F.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980060.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980061.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980062.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980063.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980064.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980065.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980066.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980067.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980068.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980069.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98006A.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.2670;Deleted.;
0A98006B.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98006C.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98006D.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98006E.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98006F.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980070.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980071.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980072.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980073.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980074.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;BackDoor.Bulknet.240;Deleted.;
0A980076.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.2561;Deleted.;
0A980078.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980079.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98007A.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98007B.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98007C.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98007D.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98007E.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98007F.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980080.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980081.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980082.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980083.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980084.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980085.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980086.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980087.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980088.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980089.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98008A.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98008B.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98008C.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98008D.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98008E.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98008F.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Trojan.Virtumod.1622;Deleted.;
0A980091.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980092.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980093.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980094.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980095.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980096.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980097.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980098.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980099.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98009A.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98009B.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98009C.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98009D.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98009E.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98009F.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800A0.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800A1.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800A2.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800A3.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800A4.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800A5.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800A6.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800A7.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800A8.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800A9.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800AA.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800AB.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800AC.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800AD.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800AE.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800AF.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800B0.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800B1.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800B2.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800B3.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800B4.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800B5.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800B6.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800B7.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800B8.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800B9.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800BA.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800BB.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800BC.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800BD.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800BE.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800BF.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800C0.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800C1.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800C2.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800C3.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800C4.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800C5.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800C6.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800C7.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800C8.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800C9.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800CA.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800CB.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800CC.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800CD.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800CE.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800CF.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800D0.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800D1.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800D2.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800D3.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800D4.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800D5.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800D6.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800D7.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800D8.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800D9.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800DA.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800DB.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800DC.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800DD.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800DE.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800DF.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800E0.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800E1.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800E2.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800E3.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800E4.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800E5.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800E6.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800E7.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800E8.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800E9.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800EA.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Trojan.DownLoad.29459;Deleted.;
0A9800EC.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800ED.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800EE.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800EF.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800F0.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800F1.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800F2.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800F3.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800F4.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800F5.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800F6.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800F7.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800F8.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800F9.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800FA.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800FB.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800FC.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800FD.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800FE.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A9800FF.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980100.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980101.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980102.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980103.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980104.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980105.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980106.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980107.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980108.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980109.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98010A.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98010B.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98010C.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98010D.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98010E.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98010F.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980110.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980111.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980112.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980113.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980114.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980115.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980116.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980117.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980118.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980119.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98011A.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98011B.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98011C.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98011D.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98011E.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98011F.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980120.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980121.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980122.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980123.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980124.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980125.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980126.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980127.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980128.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980129.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98012A.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98012B.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98012C.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98012D.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98012E.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98012F.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980130.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980131.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980132.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980133.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980134.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980135.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980136.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980137.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980138.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980139.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98013A.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98013B.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98013C.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98013D.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98013E.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98013F.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980140.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980141.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980142.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980143.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980144.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980145.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980146.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980147.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980148.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980149.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98014A.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98014B.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98014C.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98014D.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98014E.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98014F.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980150.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980151.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980152.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980153.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980154.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980155.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980156.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980157.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980158.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980159.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98015A.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98015B.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98015C.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98015D.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98015E.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98015F.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980160.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980161.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980162.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980163.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980164.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980165.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980166.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980167.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980168.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980169.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Trojan.Virtumod.1465;Deleted.;
0A98016B.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Trojan.Virtumod.1622;Deleted.;
0A98016D.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98016E.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A98016F.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Win32.Virut.56;Incurable.Moved.;
0A980170.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine;Trojan.Hitpop.2005;Deleted.;
ComboFix.exe/data002\32788R22FWJFW\c.bat;C:\Documents and Settings\Boris\Desktop\ComboFix.exe/data002;Probably BATCH.Virus;;
ComboFix.exe/data002\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\Boris\Desktop\ComboFix.exe/data002;Program.PsExec.171;;
data002;C:\Documents and Settings\Boris\Desktop;Archive contains infected objects;;
ComboFix.exe;C:\Documents and Settings\Boris\Desktop;Container contains infected objects;Moved.;
gxvxcserv.sys.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers;Trojan.Packed.444;Deleted.;
A0038652.sys;C:\System Volume Information\_restore{F70FD2AA-EC40-4AE9-B5B7-6564DAB007DF}\RP320;Trojan.Packed.444;Deleted.;
A0038655.bat;C:\System Volume Information\_restore{F70FD2AA-EC40-4AE9-B5B7-6564DAB007DF}\RP320;Probably BATCH.Virus;;
A0039015.reg;C:\System Volume Information\_restore{F70FD2AA-EC40-4AE9-B5B7-6564DAB007DF}\RP324;Trojan.StartPage.1505;Deleted.;
A0039402.reg;C:\System Volume Information\_restore{F70FD2AA-EC40-4AE9-B5B7-6564DAB007DF}\RP326;Trojan.StartPage.1505;Deleted.;
A0039512.reg;C:\System Volume Information\_restore{F70FD2AA-EC40-4AE9-B5B7-6564DAB007DF}\RP330;Trojan.StartPage.1505;Deleted.;
10 - Let The Beat Build (Produced By Kanye West & Deezle).mp3;X:\amboo\Desktop\Bitcomet Downloads\Lil Wayne - Tha Carter III (Explicit)(2008);Trojan.WMALoader;Cured.;