IE - can't get to w*ndows*pdate.m*cros*ft.com [Solved]

Geeks to Go Forums > Security > Virus, Spyware, Malware Removal

Today's New Content

IE - can't get to wndowspdate.mcrosft.com [Solved] Every time I try to go to windows update I get error

#1 rdouglas_1965

Group: Member
Posts: 11
Joined: 13-March 10

Posted 14 March 2010 - 03:08 PM

Okay, if I try to go to windows update web-site (or even use the web-site in a search), I get:

Internet Explorer cannot display the webpage

I've gone ahead and tried several virus scan (and gotten several viruses detected and removed), and searched till I'm blue in the face. I went with the output of hijack this and removed anything I could find that I could verify on the web was a virus. I still have the same issue. Not only can't I get to that website, if I type a question on google about it, I get the same error message.

I have followed the steps in the faq and have the required logs. Unfortunately, I could never get a full scan out of gmer without my computer crashing. I have the initial scan that it does however. I've attached these files:

mbam log
qmer output
otl output
extras output from otl

Thanks much. I've been killing myself for a week trying to get rid of this junk!

Rob

Attached File(s)

mbam_log_2010_03_14__09_51_40_.txt (869bytes)
Number of downloads: 57
OTL.Txt (115.2K)
Number of downloads: 53
ark_new.txt.txt (6.08K)
Number of downloads: 86

#2 Rorschach112

Group: Retired Staff
Posts: 47,710
Joined: 23-March 07

Posted 14 March 2010 - 03:11 PM

can you post the logs not attach them

#3 rdouglas_1965

Group: Member
Posts: 11
Joined: 13-March 10

Posted 14 March 2010 - 03:36 PM

I tried to put the logs in the post, but the virus I have is very tricky. It must be keying off some words in the log, and when I hit reply it gives me the same error message about

Internet Explorer cannot display the webpage

Help me! Is there a kind person who can take my attachments and put them in the post? Any text box on IE that I type w*nd*wsupd*te.micros*ft.c*m on gives me this error message.

Thanks in advance!

#4 Rorschach112

Group: Retired Staff
Posts: 47,710
Joined: 23-March 07

Posted 14 March 2010 - 05:22 PM

okie dokie

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
SRV - File not found [Disabled | Stopped] --  -- (Seekdns Service)
O4 - HKLM..\RunOnceEx: []  File not found
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title]  File not found
NetSvcs: SSHNAS -  File not found

:Files
C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys|C:\WINDOWS\ServicePackFiles\i386\atapi.sys /replace

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

Download ComboFix here :

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

#5 rdouglas_1965

Group: Member
Posts: 11
Joined: 13-March 10

Posted 14 March 2010 - 10:55 PM

Got through it all. Here's the log:

ComboFix 10-03-14.04 - Robert 03/14/2010 21:02:42.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.406 [GMT -7:00]
Running from: c:\documents and settings\Robert\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\Flags.dtd
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\SWUPDATE.DLL.del
c:\documents and settings\All Users\Application Data\Seekdns
c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
c:\documents and settings\Brennan\Application Data\alot
c:\documents and settings\Brennan\Application Data\alot\BrowserSearch\BrowserSearch.xml
c:\documents and settings\Brennan\Application Data\alot\BrowserSearch\BrowserSearch.xml.backup
c:\documents and settings\Brennan\Application Data\alot\Button_0\Button_0.xml
c:\documents and settings\Brennan\Application Data\alot\Button_0\Button_0.xml.backup
c:\documents and settings\Brennan\Application Data\alot\Button_1\Button_1.xml
c:\documents and settings\Brennan\Application Data\alot\Button_1\Button_1.xml.backup
c:\documents and settings\Brennan\Application Data\alot\Button_10\Button_10.xml
c:\documents and settings\Brennan\Application Data\alot\Button_10\Button_10.xml.backup
c:\documents and settings\Brennan\Application Data\alot\Button_11\Button_11.xml
c:\documents and settings\Brennan\Application Data\alot\Button_11\Button_11.xml.backup
c:\documents and settings\Brennan\Application Data\alot\Button_2\Button_2.xml
c:\documents and settings\Brennan\Application Data\alot\Button_2\Button_2.xml.backup
c:\documents and settings\Brennan\Application Data\alot\Button_3\Button_3.xml
c:\documents and settings\Brennan\Application Data\alot\Button_3\Button_3.xml.backup
c:\documents and settings\Brennan\Application Data\alot\Button_4\Button_4.xml
c:\documents and settings\Brennan\Application Data\alot\Button_4\Button_4.xml.backup
c:\documents and settings\Brennan\Application Data\alot\Button_5\Button_5.xml
c:\documents and settings\Brennan\Application Data\alot\Button_5\Button_5.xml.backup
c:\documents and settings\Brennan\Application Data\alot\Button_6\Button_6.xml
c:\documents and settings\Brennan\Application Data\alot\Button_6\Button_6.xml.backup
c:\documents and settings\Brennan\Application Data\alot\Button_7\Button_7.xml
c:\documents and settings\Brennan\Application Data\alot\Button_7\Button_7.xml.backup
c:\documents and settings\Brennan\Application Data\alot\Button_8\Button_8.xml
c:\documents and settings\Brennan\Application Data\alot\Button_8\Button_8.xml.backup
c:\documents and settings\Brennan\Application Data\alot\Button_9\Button_9.xml
c:\documents and settings\Brennan\Application Data\alot\Button_9\Button_9.xml.backup
c:\documents and settings\Brennan\Application Data\alot\configurator\configurator.xml
c:\documents and settings\Brennan\Application Data\alot\configurator\configurator.xml.backup
c:\documents and settings\Brennan\Application Data\alot\ErrorSearch\ErrorSearch.xml
c:\documents and settings\Brennan\Application Data\alot\ErrorSearch\ErrorSearch.xml.backup
c:\documents and settings\Brennan\Application Data\alot\postInstallLayout\postInstallLayout.xml
c:\documents and settings\Brennan\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup
c:\documents and settings\Brennan\Application Data\alot\products\products.xml
c:\documents and settings\Brennan\Application Data\alot\products\products.xml.backup
c:\documents and settings\Brennan\Application Data\alot\Resources\Button_0\images\alot_icon_35x16.bmp
c:\documents and settings\Brennan\Application Data\alot\Resources\Button_1\images\alot_search_24x16.bmp
c:\documents and settings\Brennan\Application Data\alot\Resources\Button_2\images\default_261_alot_games_gamecheats.bmp
c:\documents and settings\Brennan\Application Data\alot\Resources\Button_3\images\default_262_alot_games_gamesites.bmp
c:\documents and settings\Brennan\Application Data\alot\Resources\Button_4\images\active_default_263_alot_games_gamenews.bmp
c:\documents and settings\Brennan\Application Data\alot\Resources\Button_4\images\default_263_alot_games_gamenews.bmp
c:\documents and settings\Brennan\Application Data\alot\Resources\Button_5\images\default_264_alot_mrkt_dvd.bmp
c:\documents and settings\Brennan\Application Data\alot\Resources\Button_5\images\default_264_default_288_alot_mrkt_bang.bmp
c:\documents and settings\Brennan\Application Data\alot\Resources\Button_5\images\default_264_lovefilm_316_alot_mrkt_dvd.bmp
c:\documents and settings\Brennan\Application Data\alot\Resources\Button_6\images\default_528_alot_mrkt_180.bmp
c:\documents and settings\Brennan\Application Data\alot\Resources\Shared\images\alot_brand.png
c:\documents and settings\Brennan\Application Data\alot\TimerManager\TimerManager.xml
c:\documents and settings\Brennan\Application Data\alot\TimerManager\TimerManager.xml.backup
c:\documents and settings\Brennan\Application Data\alot\toolbar.xml
c:\documents and settings\Brennan\Application Data\alot\ToolbarSearch\ToolbarSearch.xml
c:\documents and settings\Brennan\Application Data\alot\Updater\Updater.xml
c:\documents and settings\Brennan\Application Data\alot\Updater\Updater.xml.backup
c:\documents and settings\Robert\Application Data\alot
c:\program files\Seekdns
c:\windows\system32\2430056525.dat
c:\windows\system32\tb.dll

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it

c:\windows\system32\drivers\asyncmac.sys was missing
Restored copy from - c:\windows\system32\dllcache\asyncmac.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_IAS
-------\Legacy_IPRIP
-------\Service_6to4
-------\Service_Ias

((((((((((((((((((((((((( Files Created from 2010-02-15 to 2010-03-15 )))))))))))))))))))))))))))))))
.

2010-03-14 01:28 . 2010-03-14 01:28 -------- d-----w- c:\documents and settings\Robert\Application Data\Malwarebytes
2010-03-14 01:27 . 2010-03-14 01:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-13 22:59 . 2010-03-13 22:59 -------- d-----w- c:\documents and settings\Robert\Application Data\Safer Networking
2010-03-10 05:20 . 2010-03-10 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-02-27 00:16 . 2010-02-27 00:16 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-02-25 04:11 . 2010-02-25 04:11 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-02-23 03:20 . 2010-02-23 03:20 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-02-21 02:09 . 2010-02-21 02:09 -------- d-----w- c:\documents and settings\All Users\Application Data\XoftSpySE
2010-02-20 18:52 . 2010-02-20 18:52 -------- d-----w- c:\documents and settings\Brennan\Application Data\Simply Super Software
2010-02-20 07:20 . 2010-03-10 05:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-20 07:15 . 2010-02-20 07:15 -------- d-----w- c:\documents and settings\Robert\Application Data\Simply Super Software
2010-02-19 03:27 . 2010-02-19 03:27 -------- d-----w- c:\documents and settings\Brennan\Application Data\Megaupload

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-15 02:52 . 2002-09-03 16:27 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-03-15 02:52 . 2002-09-03 16:27 96512 ----a-w- c:\windows\system32\drivers\atapi.svs
2010-03-14 17:00 . 2008-02-29 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Retrospect
2010-03-14 15:27 . 2010-03-14 15:27 -------- d-----w- c:\program files\ERUNT
2010-03-14 15:19 . 2010-03-11 01:21 -------- d-----w- c:\program files\UnHackMe
2010-03-14 01:28 . 2010-03-14 01:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-14 00:51 . 2008-08-28 05:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-13 23:20 . 2008-08-28 05:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-13 22:57 . 2010-03-13 22:57 -------- d-----w- c:\program files\Safer Networking
2010-03-13 16:26 . 2009-06-03 05:53 -------- d-----w- c:\program files\WebEx
2010-03-13 06:20 . 2010-03-13 06:19 -------- d-----w- c:\program files\iTunes
2010-03-13 06:19 . 2004-12-30 19:00 -------- d-----w- c:\program files\iPod
2010-03-13 06:19 . 2007-08-27 03:27 -------- d-----w- c:\program files\Common Files\Apple
2010-03-12 04:46 . 2009-11-26 05:55 -------- d-----w- c:\program files\Steam
2010-03-12 01:18 . 2010-03-12 01:18 -------- d-----w- c:\program files\Common Files\Vbox
2010-03-12 01:15 . 2003-03-04 06:41 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-11 05:54 . 2010-03-11 01:23 2 --shatr- c:\windows\winstart.bat
2010-03-11 05:42 . 2010-03-11 05:42 -------- d-----w- c:\program files\Trend Micro
2010-03-11 01:01 . 2010-03-11 01:01 -------- d-----w- c:\program files\Safari
2010-03-11 00:29 . 2008-09-20 18:20 -------- d-----w- c:\program files\Google
2010-03-10 05:44 . 2003-03-19 00:10 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-10 05:28 . 2010-03-10 05:28 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-03-07 17:00 . 2008-09-04 00:07 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-03-05 00:24 . 2008-09-04 00:07 -------- d-----w- c:\documents and settings\Robert\Application Data\SUPERAntiSpyware.com
2010-02-27 00:12 . 2010-02-23 03:19 -------- d-----w- c:\program files\McAfee Security Scan
2010-02-25 05:54 . 2010-01-07 04:55 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-21 02:30 . 2003-05-06 19:51 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-21 02:09 . 2008-08-25 19:48 -------- d-----w- c:\program files\XoftSpySE
2010-02-19 06:42 . 2010-02-06 06:29 -------- d-----w- c:\program files\McAfee
2010-02-19 03:24 . 2010-02-19 03:24 -------- d-----w- c:\program files\Megaupload
2010-02-16 02:11 . 2009-11-01 20:36 -------- d-----w- c:\program files\QuickTime
2010-02-06 06:59 . 2010-02-06 06:59 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2010-02-06 06:36 . 2010-02-06 06:27 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-02-06 06:35 . 2010-02-06 06:35 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2010-02-06 06:31 . 2010-02-06 06:30 -------- d-----w- c:\program files\Common Files\McAfee
2010-02-06 06:30 . 2010-02-06 06:30 -------- d-----w- c:\program files\McAfee.com
2010-02-06 06:22 . 2007-03-02 18:56 -------- d-----w- c:\program files\Norton AntiVirus
2010-02-06 06:17 . 2003-03-04 06:57 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-06 06:17 . 2003-03-04 06:57 -------- d-----w- c:\program files\Symantec
2010-02-06 06:15 . 2003-03-04 06:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-02-05 01:54 . 2010-02-05 01:53 -------- d-----w- c:\program files\Scratch
2010-01-31 16:42 . 2010-01-31 16:42 -------- d-----w- c:\documents and settings\Brennan\Application Data\NCH Software
2010-01-27 05:36 . 2010-01-27 05:36 -------- d-----w- c:\program files\Common Files\Java
2010-01-27 05:32 . 2008-09-20 18:18 -------- d-----w- c:\program files\Java
2010-01-24 19:50 . 2010-01-24 19:50 -------- d-----w- c:\program files\InterActual
2010-01-22 00:11 . 2008-03-21 23:16 284 ----a-w- c:\documents and settings\Robert\Application Data\ViewerApp.dat
2010-01-21 02:11 . 2002-09-03 16:58 11376 ----a-w- c:\windows\system32\drivers\secdrv.sys
2010-01-18 05:36 . 2010-01-18 05:36 -------- d-----r- c:\program files\Norton Support
2010-01-18 04:28 . 2009-02-13 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2010-01-08 00:07 . 2010-03-14 01:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-08 00:07 . 2010-03-14 01:27 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50 . 2002-09-03 17:04 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-30 05:08 . 2009-12-28 23:37 5 ----a-w- c:\windows\system32\SySwmvtoavi.dat
2009-12-25 20:17 . 2008-09-25 00:31 86948 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-22 22:38 . 2010-03-11 01:21 12752 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2009-12-21 19:14 . 2002-09-03 17:12 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-18 01:14 . 2008-12-03 03:57 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-16 18:43 . 2008-08-27 22:52 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-01-28 22:47 . 2009-01-28 22:47 64 --sha-r- c:\windows\42EACBF5AAC0ED3B.bin
.

<pre>
c:\program files\Dell Support Center\bin\sprtcmd .exe
</pre>

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9425B72F40257B45D45D24773273DAD0 . 361600 . . [5.1.2600.5625] . . c:\windows\SYSTEM32\DLLCACHE\tcpip.sys
[-] 2008-06-20 . 9425B72F40257B45D45D24773273DAD0 . 361600 . . [5.1.2600.5625] . . c:\windows\SYSTEM32\DRIVERS\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\SoftwareDistribution\Download\556eb98436b65a8c1ffae674c83d197f\sp2gdr\tcpip.sys
[-] 2006-04-20 . B8158E2A6112C0A5CA67BC158FC70218 . 340480 . . [5.1.2600.1831] . . c:\windows\SoftwareDistribution\Download\556eb98436b65a8c1ffae674c83d197f\sp1qfe\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SetDefaultMIDI"="MIDIDef.exe" [2009-06-23 28672]
"UnHackMe Monitor"="c:\program files\UnHackMe\hackmon.exe" [2009-12-22 594144]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-01-25 315392]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-15 28672]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-10-02 684032]
"Omnipage"="c:\program files\ScanSoft\OmniPageSE\opware32.exe" [2002-02-21 49152]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"RegistryMechanic"="" [N/A]
"CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-09-11 53248]
"CTDVDDet"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 45056]
"Prolific_OneButton"="c:\program files\Prolific\One Button\OneBtn.exe" [2004-06-10 49152]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"AtariBanner"="c:\program files\Infogrames\Atari Anniversary Edition\Volume 2\Banner.exe" [2001-05-23 49152]
"DellTouch"="c:\windows\MMKeybd.exe" [2001-09-05 163840]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-05-22 451896]
"CTHelper"="CTHELPER.EXE" [2009-06-23 19456]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-11-18 623880]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-04-07 642856]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-30 61440]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-16 141608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.EXE" [2009-06-23 28672]

c:\documents and settings\Brennan\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2003-12-27 256000]

c:\documents and settings\Kelly\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2004-12-28 256000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-3-3 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-3-11 984352]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-01-13 22:40 10792 ----a-w- c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\McAfee\\MSC\\mcshell.exe"=
"c:\\Program Files\\Starshine\\100 Arcade Games\\ArcadeGames.exe"=
"c:\\Program Files\\Safari\\Safari.exe"=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Dell Support Center\\bin\\sprtcmd .exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"110:TCP"= 110:TCP:Microsoft Exchange POP3
"25:TCP"= 25:TCP:SMTP
"143:TCP"= 143:TCP:Microsfot Exchange IMAP4

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2/5/2010 11:34 PM 93320]
R2 Nhksrv;Netropa NHK Server;c:\windows\Nhksrv.exe [8/26/2008 10:00 PM 28672]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\SYSTEM32\DRIVERS\commonfx.sys [6/23/2009 1:34 PM 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\SYSTEM32\DRIVERS\ctaudfx.sys [6/23/2009 1:34 PM 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\SYSTEM32\DRIVERS\CTSBLFX.sys [6/23/2009 1:34 PM 566296]
R3 Msikbd2k;DellTouch;c:\windows\SYSTEM32\DRIVERS\Msikbd2k.sys [8/26/2008 10:00 PM 6942]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/1/2010 7:28 PM 135664]
S3 COMMONFX;COMMONFX;c:\windows\SYSTEM32\DRIVERS\commonfx.sys [6/23/2009 1:34 PM 99352]
S3 CTAUDFX;CTAUDFX;c:\windows\SYSTEM32\DRIVERS\ctaudfx.sys [6/23/2009 1:34 PM 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\SYSTEM32\DRIVERS\cterfxfx.sys [6/23/2009 1:35 PM 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\SYSTEM32\DRIVERS\cterfxfx.sys [6/23/2009 1:35 PM 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\SYSTEM32\DRIVERS\CTSBLFX.sys [6/23/2009 1:34 PM 566296]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 5:49 AM 227232]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]

--- Other Services/Drivers In Memory ---

*Deregistered* - UnHackMeDrv
.
Contents of the 'Scheduled Tasks' folder

2010-03-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]

2010-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 02:28]

2010-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 02:28]

2010-02-06 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-02-06 20:22]

2010-02-06 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-02-06 20:22]

2010-03-15 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 21:21]

2009-12-31 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 21:21]

2009-12-29 c:\windows\Tasks\videopadSevenDaysInit.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2009-12-28 00:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = localhost;*.local
Trusted Zone: microsoft.com\windowsupdate
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {D6016EE7-A8FF-11D1-B37E-A4759ECD7909} - hxxp://www.pulse3d.com/players/english/PulsePlayerAxWin.cab
FF - ProfilePath - c:\documents and settings\Robert\Application Data\Mozilla\Firefox\Profiles\togfispm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Sony\Media Go\npmediago.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-14 21:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-716710414-3346885264-2282139730-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-716710414-3346885264-2282139730-1007\Software\SecuROM\License information*]
"datasecu"=hex:36,74,f5,2e,1b,ef,1a,23,41,26,90,4f,b8,24,6e,1d,ff,28,14,ce,22,
44,79,c5,ef,4c,9d,6e,ad,02,72,3e,de,76,a9,c3,6b,bc,4f,fb,94,89,e9,28,25,91,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(724)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll
c:\windows\System32\iac25_32.ax

- - - - - - - > 'explorer.exe'(3440)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE\ophook32.dll
c:\windows\system32\ctagent.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\netdde.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\system32\drivers\dcfssvc.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\SYSTEM32\IoctlSvc.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Retrospect\Retrospect 7.6\retrorun.exe
c:\windows\System32\ScsiAccess.EXE
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\CTHELPER.EXE
c:\program files\Netropa\OSD.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-03-14 21:40:58 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-15 04:40

Pre-Run: 32,218,816,512 bytes free
Post-Run: 35,792,994,304 bytes free

- - End Of File - - F8663BA253AC190F2B6743358239A4D2

#6 Rorschach112

Group: Retired Staff
Posts: 47,710
Joined: 23-March 07

Posted 15 March 2010 - 06:23 AM

hi

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Quote

File::

Folder::

Registry::

RenV::
c:\program files\Dell Support Center\bin\sprtcmd .exe

KillAll::

Driver::

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

#7 rdouglas_1965

Group: Member
Posts: 11
Joined: 13-March 10

Posted 15 March 2010 - 04:55 PM

Went through smoothly.

ComboFix 10-03-15.02 - Robert 03/15/2010 15:14:13.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.501 [GMT -7:00]
Running from: c:\documents and settings\Robert\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Robert\Desktop\CFScript.txt.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((( Files Created from 2010-02-15 to 2010-03-15 )))))))))))))))))))))))))))))))
.

2010-03-14 01:28 . 2010-03-14 01:28 -------- d-----w- c:\documents and settings\Robert\Application Data\Malwarebytes
2010-03-14 01:27 . 2010-03-14 01:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-13 22:59 . 2010-03-13 22:59 -------- d-----w- c:\documents and settings\Robert\Application Data\Safer Networking
2010-03-10 05:20 . 2010-03-10 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-02-27 00:16 . 2010-02-27 00:16 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-02-25 04:11 . 2010-02-25 04:11 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-02-23 03:20 . 2010-02-23 03:20 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-02-21 02:09 . 2010-02-21 02:09 -------- d-----w- c:\documents and settings\All Users\Application Data\XoftSpySE
2010-02-20 18:52 . 2010-02-20 18:52 -------- d-----w- c:\documents and settings\Brennan\Application Data\Simply Super Software
2010-02-20 07:20 . 2010-03-10 05:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-20 07:15 . 2010-02-20 07:15 -------- d-----w- c:\documents and settings\Robert\Application Data\Simply Super Software
2010-02-19 03:27 . 2010-02-19 03:27 -------- d-----w- c:\documents and settings\Brennan\Application Data\Megaupload

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-15 02:52 . 2002-09-03 16:27 96512 ----a-w- c:\windows\system32\drivers\atapi.svs
2010-03-15 02:52 . 2002-09-03 16:27 96512 ------w- c:\windows\system32\drivers\atapi.sys
2010-03-14 17:00 . 2008-02-29 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Retrospect
2010-03-14 15:27 . 2010-03-14 15:27 -------- d-----w- c:\program files\ERUNT
2010-03-14 15:19 . 2010-03-11 01:21 -------- d-----w- c:\program files\UnHackMe
2010-03-14 01:28 . 2010-03-14 01:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-14 00:51 . 2008-08-28 05:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-13 23:20 . 2008-08-28 05:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-13 22:57 . 2010-03-13 22:57 -------- d-----w- c:\program files\Safer Networking
2010-03-13 16:26 . 2009-06-03 05:53 -------- d-----w- c:\program files\WebEx
2010-03-13 06:20 . 2010-03-13 06:19 -------- d-----w- c:\program files\iTunes
2010-03-13 06:19 . 2004-12-30 19:00 -------- d-----w- c:\program files\iPod
2010-03-13 06:19 . 2007-08-27 03:27 -------- d-----w- c:\program files\Common Files\Apple
2010-03-12 04:46 . 2009-11-26 05:55 -------- d-----w- c:\program files\Steam
2010-03-12 01:18 . 2010-03-12 01:18 -------- d-----w- c:\program files\Common Files\Vbox
2010-03-12 01:15 . 2003-03-04 06:41 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-11 05:54 . 2010-03-11 01:23 2 --shatr- c:\windows\winstart.bat
2010-03-11 05:42 . 2010-03-11 05:42 -------- d-----w- c:\program files\Trend Micro
2010-03-11 01:01 . 2010-03-11 01:01 -------- d-----w- c:\program files\Safari
2010-03-11 00:29 . 2008-09-20 18:20 -------- d-----w- c:\program files\Google
2010-03-10 05:44 . 2003-03-19 00:10 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-10 05:29 . 2010-03-10 05:07 18570 ----a-w- c:\windows\Prefetch\CQUVAA.EXE-07FD2048.pf.vir
2010-03-10 05:28 . 2010-03-10 05:28 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-03-07 17:00 . 2008-09-04 00:07 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-03-05 00:24 . 2008-09-04 00:07 -------- d-----w- c:\documents and settings\Robert\Application Data\SUPERAntiSpyware.com
2010-02-27 00:12 . 2010-02-23 03:19 -------- d-----w- c:\program files\McAfee Security Scan
2010-02-25 05:54 . 2010-01-07 04:55 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-21 02:30 . 2003-05-06 19:51 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-21 02:09 . 2008-08-25 19:48 -------- d-----w- c:\program files\XoftSpySE
2010-02-19 06:42 . 2010-02-06 06:29 -------- d-----w- c:\program files\McAfee
2010-02-19 03:24 . 2010-02-19 03:24 -------- d-----w- c:\program files\Megaupload
2010-02-16 02:11 . 2009-11-01 20:36 -------- d-----w- c:\program files\QuickTime
2010-02-06 06:59 . 2010-02-06 06:59 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2010-02-06 06:36 . 2010-02-06 06:27 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-02-06 06:35 . 2010-02-06 06:35 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2010-02-06 06:31 . 2010-02-06 06:30 -------- d-----w- c:\program files\Common Files\McAfee
2010-02-06 06:30 . 2010-02-06 06:30 -------- d-----w- c:\program files\McAfee.com
2010-02-06 06:22 . 2007-03-02 18:56 -------- d-----w- c:\program files\Norton AntiVirus
2010-02-06 06:17 . 2003-03-04 06:57 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-06 06:17 . 2003-03-04 06:57 -------- d-----w- c:\program files\Symantec
2010-02-06 06:15 . 2003-03-04 06:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-02-05 01:54 . 2010-02-05 01:53 -------- d-----w- c:\program files\Scratch
2010-01-31 16:42 . 2010-01-31 16:42 -------- d-----w- c:\documents and settings\Brennan\Application Data\NCH Software
2010-01-27 05:36 . 2010-01-27 05:36 -------- d-----w- c:\program files\Common Files\Java
2010-01-27 05:32 . 2008-09-20 18:18 -------- d-----w- c:\program files\Java
2010-01-24 19:50 . 2010-01-24 19:50 -------- d-----w- c:\program files\InterActual
2010-01-22 00:11 . 2008-03-21 23:16 284 ----a-w- c:\documents and settings\Robert\Application Data\ViewerApp.dat
2010-01-21 02:11 . 2002-09-03 16:58 11376 ----a-w- c:\windows\system32\drivers\secdrv.sys
2010-01-18 05:36 . 2010-01-18 05:36 -------- d-----r- c:\program files\Norton Support
2010-01-18 04:28 . 2009-02-13 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2010-01-08 00:07 . 2010-03-14 01:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-08 00:07 . 2010-03-14 01:27 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50 . 2002-09-03 17:04 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-30 05:08 . 2009-12-28 23:37 5 ----a-w- c:\windows\system32\SySwmvtoavi.dat
2009-12-25 20:17 . 2008-09-25 00:31 86948 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-22 22:38 . 2010-03-11 01:21 12752 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2009-12-21 19:14 . 2002-09-03 17:12 916480 ------w- c:\windows\system32\wininet.dll
2009-12-18 01:14 . 2008-12-03 03:57 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-16 18:43 . 2008-08-27 22:52 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-01-28 22:47 . 2009-01-28 22:47 64 --sha-r- c:\windows\42EACBF5AAC0ED3B.bin
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9425B72F40257B45D45D24773273DAD0 . 361600 . . [5.1.2600.5625] . . c:\windows\SYSTEM32\DLLCACHE\tcpip.sys
[-] 2008-06-20 . 9425B72F40257B45D45D24773273DAD0 . 361600 . . [5.1.2600.5625] . . c:\windows\SYSTEM32\DRIVERS\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\SoftwareDistribution\Download\556eb98436b65a8c1ffae674c83d197f\sp2gdr\tcpip.sys
[-] 2006-04-20 . B8158E2A6112C0A5CA67BC158FC70218 . 340480 . . [5.1.2600.1831] . . c:\windows\SoftwareDistribution\Download\556eb98436b65a8c1ffae674c83d197f\sp1qfe\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SetDefaultMIDI"="MIDIDef.exe" [2009-06-23 28672]
"UnHackMe Monitor"="c:\program files\UnHackMe\hackmon.exe" [2009-12-22 594144]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-01-25 315392]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-15 28672]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-10-02 684032]
"Omnipage"="c:\program files\ScanSoft\OmniPageSE\opware32.exe" [2002-02-21 49152]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-09-11 53248]
"CTDVDDet"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 45056]
"Prolific_OneButton"="c:\program files\Prolific\One Button\OneBtn.exe" [2004-06-10 49152]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"AtariBanner"="c:\program files\Infogrames\Atari Anniversary Edition\Volume 2\Banner.exe" [2001-05-23 49152]
"DellTouch"="c:\windows\MMKeybd.exe" [2001-09-05 163840]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-05-22 451896]
"CTHelper"="CTHELPER.EXE" [2009-06-23 19456]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-11-18 623880]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-04-07 642856]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-30 61440]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-16 141608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.EXE" [2009-06-23 28672]

c:\documents and settings\Brennan\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2003-12-27 256000]

c:\documents and settings\Kelly\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2004-12-28 256000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-3-3 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-3-11 984352]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-01-13 22:40 10792 ----a-w- c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\McAfee\\MSC\\mcshell.exe"=
"c:\\Program Files\\Starshine\\100 Arcade Games\\ArcadeGames.exe"=
"c:\\Program Files\\Safari\\Safari.exe"=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"110:TCP"= 110:TCP:Microsoft Exchange POP3
"25:TCP"= 25:TCP:SMTP
"143:TCP"= 143:TCP:Microsfot Exchange IMAP4

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2/5/2010 11:34 PM 93320]
R2 Nhksrv;Netropa NHK Server;c:\windows\Nhksrv.exe [8/26/2008 10:00 PM 28672]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\SYSTEM32\DRIVERS\commonfx.sys [6/23/2009 1:34 PM 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\SYSTEM32\DRIVERS\ctaudfx.sys [6/23/2009 1:34 PM 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\SYSTEM32\DRIVERS\CTSBLFX.sys [6/23/2009 1:34 PM 566296]
R3 Msikbd2k;DellTouch;c:\windows\SYSTEM32\DRIVERS\Msikbd2k.sys [8/26/2008 10:00 PM 6942]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/1/2010 7:28 PM 135664]
S3 COMMONFX;COMMONFX;c:\windows\SYSTEM32\DRIVERS\commonfx.sys [6/23/2009 1:34 PM 99352]
S3 CTAUDFX;CTAUDFX;c:\windows\SYSTEM32\DRIVERS\ctaudfx.sys [6/23/2009 1:34 PM 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\SYSTEM32\DRIVERS\cterfxfx.sys [6/23/2009 1:35 PM 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\SYSTEM32\DRIVERS\cterfxfx.sys [6/23/2009 1:35 PM 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\SYSTEM32\DRIVERS\CTSBLFX.sys [6/23/2009 1:34 PM 566296]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 5:49 AM 227232]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]

--- Other Services/Drivers In Memory ---

*Deregistered* - UnHackMeDrv
.
Contents of the 'Scheduled Tasks' folder

2010-03-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]

2010-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 02:28]

2010-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 02:28]

2010-02-06 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-02-06 20:22]

2010-02-06 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-02-06 20:22]

2010-03-15 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 21:21]

2009-12-31 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 21:21]

2009-12-29 c:\windows\Tasks\videopadSevenDaysInit.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2009-12-28 00:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = localhost;*.local
Trusted Zone: microsoft.com\windowsupdate
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {D6016EE7-A8FF-11D1-B37E-A4759ECD7909} - hxxp://www.pulse3d.com/players/english/PulsePlayerAxWin.cab
FF - ProfilePath - c:\documents and settings\Robert\Application Data\Mozilla\Firefox\Profiles\togfispm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Sony\Media Go\npmediago.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-15 15:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-716710414-3346885264-2282139730-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-716710414-3346885264-2282139730-1007\Software\SecuROM\License information*]
"datasecu"=hex:36,74,f5,2e,1b,ef,1a,23,41,26,90,4f,b8,24,6e,1d,ff,28,14,ce,22,
44,79,c5,ef,4c,9d,6e,ad,02,72,3e,de,76,a9,c3,6b,bc,4f,fb,94,89,e9,28,25,91,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(736)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll
c:\windows\System32\iac25_32.ax

- - - - - - - > 'explorer.exe'(3992)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE\ophook32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\netdde.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\system32\drivers\dcfssvc.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\SYSTEM32\IoctlSvc.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Retrospect\Retrospect 7.6\retrorun.exe
c:\windows\System32\ScsiAccess.EXE
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\Netropa\OSD.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-03-15 15:50:07 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-15 22:49
ComboFix2.txt 2010-03-15 22:04

Pre-Run: 35,793,313,792 bytes free
Post-Run: 35,742,998,528 bytes free

- - End Of File - - 96533D8B823C148F295E0C9028BE0D59

#8 Rorschach112

Group: Retired Staff
Posts: 47,710
Joined: 23-March 07

Posted 16 March 2010 - 07:39 AM

hi

Please download Dr.Web CureIt . Save it to your desktop:

Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in the pop-up window to allow the scan.
This will scan the files currently running in memory and if something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, select Complete scan.
Click the green arrow at the right, and the scan will start.
Click Yes to all if it asks if you want to cure/move the file.
When the scan has finished, in the menu, click File and choose Save report list
Save the report to your desktop. The report will be called DrWeb.csv
Note:this report may need to be renamed to Dr.Web.txt in order to post it on the forum.
Please post the Dr.Web.txt report in your next reply
Close Dr.Web Cureit.
Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on the X in the upper right corner.

* Go here to run an online scannner from ESET.

Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Check next options: Remove found threats and Scan unwanted applications.
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
Copy and paste that log as a reply to this topic

#9 rdouglas_1965

Group: Member
Posts: 11
Joined: 13-March 10

Posted 17 March 2010 - 08:29 AM

DrWeb went through okay, and I have the log file below. However, whene ESET tried to download the signature database it keeps giving me the error:

Can not get update. Is proxy configured?

Any thoughts on this?

Here's the DrWeb log:

7da2121624292de0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da2121624292de0.bup;Trojan.Packed.2936;;
7da2121624292de0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da21216242a2fd0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da21216242a2fd0.bup;Trojan.Packed.2936;;
7da21216242a2fd0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da2121624303c80.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da2121624303c80.bup;Trojan.Packed.2936;;
7da2121624303c80.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da21216251629f0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da21216251629f0.bup;Trojan.Packed.2936;;
7da21216251629f0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da2121625263a90.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da2121625263a90.bup;Trojan.NtRootKit.5823;;
7da2121625263a90.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da2121625291e40.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da2121625291e40.bup;Trojan.NtRootKit.5823;;
7da2121625291e40.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da21216252e1f0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da21216252e1f0.bup;Trojan.NtRootKit.5823;;
7da21216252e1f0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da2121625371960.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da2121625371960.bup;Trojan.NtRootKit.5823;;
7da2121625371960.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da21216253b1380.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da21216253b1380.bup;Trojan.NtRootKit.5823;;
7da21216253b1380.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da21216253b2130.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da21216253b2130.bup;Trojan.DownLoad1.42224;;
7da21216253b2130.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da212162613a90.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da212162613a90.bup;Trojan.DownLoad1.33536;;
7da212162613a90.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da21216262033c0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da21216262033c0.bup;Trojan.NtRootKit.5823;;
7da21216262033c0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da212162622510.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da212162622510.bup;Trojan.NtRootKit.5823;;
7da212162622510.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da21216262e1190.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da21216262e1190.bup;Trojan.NtRootKit.5823;;
7da21216262e1190.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da21216262eea0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da21216262eea0.bup;Probably Trojan.Packed.Based;;
7da21216262eea0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da2121626301570.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da2121626301570.bup;Trojan.NtRootKit.5823;;
7da2121626301570.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da2121626323990.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da2121626323990.bup;Trojan.NtRootKit.5823;;
7da2121626323990.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da2121626332900.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da2121626332900.bup;Trojan.NtRootKit.5823;;
7da2121626332900.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da2121626361f40.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da2121626361f40.bup;Probably Trojan.Packed.Based;;
7da2121626361f40.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da2121626372030.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da2121626372030.bup;Probably Trojan.Packed.Based;;
7da2121626372030.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da2121626382420.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da2121626382420.bup;Probably Trojan.Packed.Based;;
7da2121626382420.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da2121626f3c80.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da2121626f3c80.bup;Trojan.NtRootKit.5823;;
7da2121626f3c80.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da2121627112e0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da2121627112e0.bup;Trojan.NtRootKit.5823;;
7da2121627112e0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da21216271229f0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da21216271229f0.bup;Trojan.NtRootKit.5823;;
7da21216271229f0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da212162717d0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da212162717d0.bup;Trojan.NtRootKit.5823;;
7da212162717d0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da2121627195d0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da2121627195d0.bup;Trojan.NtRootKit.5823;;
7da2121627195d0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da21216271b2e0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da21216271b2e0.bup;Trojan.NtRootKit.5823;;
7da21216271b2e0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da2121627336b0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da2121627336b0.bup;Trojan.NtRootKit.5823;;
7da2121627336b0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da2121627629f0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da2121627629f0.bup;Trojan.NtRootKit.5823;;
7da2121627629f0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da2121627732c0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da2121627732c0.bup;Trojan.NtRootKit.5823;;
7da2121627732c0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da212162792420.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da212162792420.bup;Trojan.NtRootKit.5823;;
7da212162792420.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da2121627b4e0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da2121627b4e0.bup;Trojan.NtRootKit.5823;;
7da2121627b4e0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da212171502610.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da212171502610.bup;Probably Trojan.Packed.Based;;
7da212171502610.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da2131612241b50.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da2131612241b50.bup;Probably Trojan.Packed.Based;;
7da2131612241b50.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213172727da0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213172727da0.bup;Trojan.Packed.2936;;
7da213172727da0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da21317272c2e0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da21317272c2e0.bup;Trojan.Packed.2936;;
7da21317272c2e0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da2131730372320.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da2131730372320.bup;Trojan.Packed.2936;;
7da2131730372320.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213173821770.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213173821770.bup;Trojan.DownLoad1.40225;;
7da213173821770.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da2131f637a0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da2131f637a0.bup;Probably Trojan.Packed.Based;;
7da2131f637a0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b18392900.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b18392900.bup;Trojan.Packed.2936;;
7da213b18392900.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b183935b0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b183935b0.bup;Trojan.Packed.2936;;
7da213b183935b0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b183937a0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b183937a0.bup;Trojan.Packed.2936;;
7da213b183937a0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b1839fa0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b1839fa0.bup;Trojan.Packed.2936;;
7da213b1839fa0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b1918fa0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b1918fa0.bup;Trojan.Packed.2936;;
7da213b1918fa0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b19221f40.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b19221f40.bup;Trojan.Packed.2936;;
7da213b19221f40.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b192229f0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b192229f0.bup;Trojan.Packed.2936;;
7da213b192229f0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b192c33c0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b192c33c0.bup;Trojan.Packed.2936;;
7da213b192c33c0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b1937ea0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b1937ea0.bup;Trojan.Packed.2936;;
7da213b1937ea0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b19d1570.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b19d1570.bup;Trojan.Packed.2936;;
7da213b19d1570.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b1a191570.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b1a191570.bup;Trojan.Packed.2936;;
7da213b1a191570.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b1a191b50.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b1a191b50.bup;Trojan.Packed.2936;;
7da213b1a191b50.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b1a1e1f40.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b1a1e1f40.bup;Trojan.Packed.2936;;
7da213b1a1e1f40.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b1a2629f0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b1a2629f0.bup;Trojan.Packed.2936;;
7da213b1a2629f0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b1a341d40.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b1a341d40.bup;Trojan.Packed.2936;;
7da213b1a341d40.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b1a3438a0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b1a3438a0.bup;Trojan.Packed.2936;;
7da213b1a3438a0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b1a35da0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b1a35da0.bup;Trojan.Packed.2936;;
7da213b1a35da0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b1a41770.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b1a41770.bup;Trojan.Packed.2936;;
7da213b1a41770.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b1ab2900.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b1ab2900.bup;Trojan.Packed.2936;;
7da213b1ab2900.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b1b181380.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b1b181380.bup;Trojan.Packed.2936;;
7da213b1b181380.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b1b2129f0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b1b2129f0.bup;Trojan.Packed.2936;;
7da213b1b2129f0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b1b25d0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b1b25d0.bup;Trojan.Packed.2936;;
7da213b1b25d0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b1b2a29f0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b1b2a29f0.bup;Trojan.Packed.2936;;
7da213b1b2a29f0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b1b332ee0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b1b332ee0.bup;Trojan.Packed.2936;;
7da213b1b332ee0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b1b62710.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b1b62710.bup;Trojan.Packed.2936;;
7da213b1b62710.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b1bb1480.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b1bb1480.bup;Trojan.Packed.2936;;
7da213b1bb1480.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b1bf2130.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b1bf2130.bup;Trojan.Packed.2936;;
7da213b1bf2130.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b1c02fd0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b1c02fd0.bup;Trojan.Packed.2936;;
7da213b1c02fd0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b1c171860.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b1c171860.bup;Trojan.Packed.2936;;
7da213b1c171860.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b1c1dbb0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b1c1dbb0.bup;Trojan.Packed.2936;;
7da213b1c1dbb0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b1c271380.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b1c271380.bup;Trojan.Packed.2936;;
7da213b1c271380.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b1c301c50.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b1c301c50.bup;Trojan.Packed.2936;;
7da213b1c301c50.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b1c391f40.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b1c391f40.bup;Trojan.Packed.2936;;
7da213b1c391f40.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b1c92800.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b1c92800.bup;Trojan.Packed.2936;;
7da213b1c92800.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b1ce1860.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b1ce1860.bup;Trojan.Packed.2936;;
7da213b1ce1860.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b1d102710.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b1d102710.bup;Trojan.Packed.2936;;
7da213b1d102710.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b1d143c80.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b1d143c80.bup;Trojan.Packed.2936;;
7da213b1d143c80.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b1d192610.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b1d192610.bup;Trojan.Packed.2936;;
7da213b1d192610.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b1d1e1a50.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b1d1e1a50.bup;Trojan.Packed.2936;;
7da213b1d1e1a50.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b1d222610.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b1d222610.bup;Trojan.Packed.2936;;
7da213b1d222610.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b1d272af0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b1d272af0.bup;Trojan.Packed.2936;;
7da213b1d272af0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b1d2b2af0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b1d2b2af0.bup;Trojan.Packed.2936;;
7da213b1d2b2af0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b1d322220.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b1d322220.bup;Trojan.Packed.2936;;
7da213b1d322220.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b1d386d0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b1d386d0.bup;Trojan.Packed.2936;;
7da213b1d386d0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b1d72e0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b1d72e0.bup;Trojan.Packed.2936;;
7da213b1d72e0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b1e1331c0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b1e1331c0.bup;Trojan.Packed.2936;;
7da213b1e1331c0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b1e1335b0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b1e1335b0.bup;Trojan.Packed.2936;;
7da213b1e1335b0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b1e17d0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b1e17d0.bup;Trojan.Packed.2936;;
7da213b1e17d0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b1e203a90.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b1e203a90.bup;Trojan.Packed.2936;;
7da213b1e203a90.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b1e203a91.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b1e203a91.bup;Trojan.Packed.2936;;
7da213b1e203a91.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b1e203c80.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b1e203c80.bup;Trojan.Packed.2936;;
7da213b1e203c80.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b1e2e1380.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b1e2e1380.bup;Trojan.Packed.2936;;
7da213b1e2e1380.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b1e2ecb0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b1e2ecb0.bup;Trojan.Packed.2936;;
7da213b1e2ecb0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b1e372af0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b1e372af0.bup;Trojan.Packed.2936;;
7da213b1e372af0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b1e63b90.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b1e63b90.bup;Trojan.Packed.2936;;
7da213b1e63b90.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b1eb32c0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b1eb32c0.bup;Trojan.Packed.2936;;
7da213b1eb32c0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b1f162610.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b1f162610.bup;Trojan.Packed.2936;;
7da213b1f162610.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b1f1f1b50.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b1f1f1b50.bup;Trojan.Packed.2936;;
7da213b1f1f1b50.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b1f282030.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b1f282030.bup;Trojan.Packed.2936;;
7da213b1f282030.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b1f311f40.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b1f311f40.bup;Trojan.Packed.2936;;
7da213b1f311f40.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b1f3a3d80.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b1f3a3d80.bup;Trojan.Packed.2936;;
7da213b1f3a3d80.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b1f42fd0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b1f42fd0.bup;Trojan.Packed.2936;;
7da213b1f42fd0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b1fd30d0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b1fd30d0.bup;Trojan.Packed.2936;;
7da213b1fd30d0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b20112900.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b20112900.bup;Trojan.Packed.2936;;
7da213b20112900.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b201a2bf0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b201a2bf0.bup;Trojan.Packed.2936;;
7da213b201a2bf0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b20212900.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b20212900.bup;Trojan.Packed.2936;;
7da213b20212900.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b202b2710.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b202b2710.bup;Trojan.Packed.2936;;
7da213b202b2710.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b20342ee0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b20342ee0.bup;Trojan.Packed.2936;;
7da213b20342ee0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b2082320.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b2082320.bup;Trojan.Packed.2936;;
7da213b2082320.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b20d1190.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b20d1190.bup;Trojan.Packed.2936;;
7da213b20d1190.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b211336b0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b211336b0.bup;Trojan.Packed.2936;;
7da213b211336b0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b21182de0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b21182de0.bup;Trojan.Packed.2936;;
7da213b21182de0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b211c38a0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b211c38a0.bup;Trojan.Packed.2936;;
7da213b211c38a0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b21200.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b21200.bup;Trojan.Packed.2936;;
7da213b21200.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b212538a0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b212538a0.bup;Trojan.Packed.2936;;
7da213b212538a0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b212e36b0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b212e36b0.bup;Trojan.Packed.2936;;
7da213b212e36b0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b213737a0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b213737a0.bup;Trojan.Packed.2936;;
7da213b213737a0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b2163e0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b2163e0.bup;Trojan.Packed.2936;;
7da213b2163e0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b21bf0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b21bf0.bup;Trojan.Packed.2936;;
7da213b21bf0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b21f29f0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b21f29f0.bup;Trojan.Packed.2936;;
7da213b21f29f0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b22162ce0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b22162ce0.bup;Trojan.Packed.2936;;
7da213b22162ce0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b22202fd0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b22202fd0.bup;Trojan.Packed.2936;;
7da213b22202fd0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b222432c0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b222432c0.bup;Trojan.Packed.2936;;
7da213b222432c0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b222f1860.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b222f1860.bup;Trojan.Packed.2936;;
7da213b222f1860.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b22382710.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b22382710.bup;Trojan.Packed.2936;;
7da213b22382710.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b2243990.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b2243990.bup;Trojan.Packed.2936;;
7da213b2243990.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b2292130.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b2292130.bup;Trojan.Packed.2936;;
7da213b2292130.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b22d3a90.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b22d3a90.bup;Trojan.Packed.2936;;
7da213b22d3a90.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b231933c0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b231933c0.bup;Trojan.Packed.2936;;
7da213b231933c0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b231a5d0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b231a5d0.bup;Trojan.Packed.2936;;
7da213b231a5d0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b23261770.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b23261770.bup;Trojan.Packed.2936;;
7da213b23261770.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b232636b0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b232636b0.bup;Trojan.Packed.2936;;
7da213b232636b0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b23332130.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b23332130.bup;Trojan.Packed.2936;;
7da213b23332130.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b23332ee0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b23332ee0.bup;Trojan.Packed.2936;;
7da213b23332ee0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b23535b0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b23535b0.bup;Trojan.Packed.2936;;
7da213b23535b0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b23e36b0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b23e36b0.bup;Trojan.Packed.2936;;
7da213b23e36b0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b24182710.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b24182710.bup;Trojan.Packed.2936;;
7da213b24182710.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b241ab0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b241ab0.bup;Trojan.Packed.2936;;
7da213b241ab0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b24252030.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b24252030.bup;Trojan.Packed.2936;;
7da213b24252030.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b24252220.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b24252220.bup;Trojan.Packed.2936;;
7da213b24252220.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b242e1c50.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b242e1c50.bup;Trojan.Packed.2936;;
7da213b242e1c50.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b24372610.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b24372610.bup;Trojan.Packed.2936;;
7da213b24372610.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b24e2320.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b24e2320.bup;Trojan.Packed.2936;;
7da213b24e2320.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b24e34b0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b24e34b0.bup;Trojan.Packed.2936;;
7da213b24e34b0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b251630d0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b251630d0.bup;Trojan.Packed.2936;;
7da213b251630d0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b251f2900.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b251f2900.bup;Trojan.Packed.2936;;
7da213b251f2900.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b25281d40.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b25281d40.bup;Trojan.Packed.2936;;
7da213b25281d40.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b253338a0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b253338a0.bup;Trojan.Packed.2936;;
7da213b253338a0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b25342e0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b25342e0.bup;Trojan.Packed.2936;;
7da213b25342e0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b2543990.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b2543990.bup;Trojan.Packed.2936;;
7da213b2543990.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b25d31c0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b25d31c0.bup;Trojan.Packed.2936;;
7da213b25d31c0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b2611f0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b2611f0.bup;Trojan.Packed.2936;;
7da213b2611f0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b26171090.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b26171090.bup;Trojan.Packed.2936;;
7da213b26171090.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b26201190.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b26201190.bup;Trojan.Packed.2936;;
7da213b26201190.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b26251b50.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b26251b50.bup;Trojan.Packed.2936;;
7da213b26251b50.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b262e1f40.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b262e1f40.bup;Trojan.Packed.2936;;
7da213b262e1f40.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b26372220.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b26372220.bup;Trojan.Packed.2936;;
7da213b26372220.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b26d2af0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b26d2af0.bup;Trojan.Packed.2936;;
7da213b26d2af0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b26d2bf0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b26d2bf0.bup;Trojan.Packed.2936;;
7da213b26d2bf0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b27171190.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b27171190.bup;Trojan.Packed.2936;;
7da213b27171190.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b27201190.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b27201190.bup;Trojan.Packed.2936;;
7da213b27201190.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b272a5d0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b272a5d0.bup;Trojan.Packed.2936;;
7da213b272a5d0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b27332610.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b27332610.bup;Trojan.Packed.2936;;
7da213b27332610.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b27429f0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b27429f0.bup;Trojan.Packed.2936;;
7da213b27429f0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b27d3a90.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b27d3a90.bup;Trojan.Packed.2936;;
7da213b27d3a90.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b2803c80.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b2803c80.bup;Trojan.Packed.2936;;
7da213b2803c80.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b28191d40.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b28191d40.bup;Trojan.Packed.2936;;
7da213b28191d40.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b281a8c0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b281a8c0.bup;Trojan.Packed.2936;;
7da213b281a8c0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b28263a90.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b28263a90.bup;Trojan.Packed.2936;;
7da213b28263a90.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b282700.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b282700.bup;Trojan.Packed.2936;;
7da213b282700.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b282f37a0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b282f37a0.bup;Trojan.Packed.2936;;
7da213b282f37a0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b283430d0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b283430d0.bup;Trojan.Packed.2936;;
7da213b283430d0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b28e1480.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b28e1480.bup;Trojan.Packed.2936;;
7da213b28e1480.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b28e1670.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b28e1670.bup;Trojan.Packed.2936;;
7da213b28e1670.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b291430d0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b291430d0.bup;Trojan.Packed.2936;;
7da213b291430d0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b291eea0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b291eea0.bup;Trojan.Packed.2936;;
7da213b291eea0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b2921e40.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b2921e40.bup;Trojan.Packed.2936;;
7da213b2921e40.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b29271190.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b29271190.bup;Trojan.Packed.2936;;
7da213b29271190.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b29302320.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b29302320.bup;Trojan.Packed.2936;;
7da213b29302320.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b293a9c0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b293a9c0.bup;Trojan.Packed.2936;;
7da213b293a9c0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b29b1f40.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b29b1f40.bup;Trojan.Packed.2936;;
7da213b29b1f40.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b2a102420.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b2a102420.bup;Trojan.Packed.2936;;
7da213b2a102420.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b2a192900.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b2a192900.bup;Trojan.Packed.2936;;
7da213b2a192900.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b2a222de0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b2a222de0.bup;Trojan.Packed.2936;;
7da213b2a222de0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b2a263990.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b2a263990.bup;Trojan.Packed.2936;;
7da213b2a263990.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b2a2f33c0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b2a2f33c0.bup;Trojan.Packed.2936;;
7da213b2a2f33c0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b2a362710.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b2a362710.bup;Trojan.Packed.2936;;
7da213b2a362710.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b2a3a3d80.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b2a3a3d80.bup;Trojan.Packed.2936;;
7da213b2a3a3d80.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b2a71b50.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b2a71b50.bup;Trojan.Packed.2936;;
7da213b2a71b50.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b2acab0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b2acab0.bup;Trojan.Packed.2936;;
7da213b2acab0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b2b111670.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b2b111670.bup;Trojan.Packed.2936;;
7da213b2b111670.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b2b1a1e40.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b2b1a1e40.bup;Trojan.Packed.2936;;
7da213b2b1a1e40.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b2b231480.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b2b231480.bup;Trojan.Packed.2936;;
7da213b2b231480.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b2b2c1960.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b2b2c1960.bup;Trojan.Packed.2936;;
7da213b2b2c1960.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b2b36fa0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b2b36fa0.bup;Trojan.Packed.2936;;
7da213b2b36fa0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b2b81480.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b2b81480.bup;Trojan.Packed.2936;;
7da213b2b81480.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b2c1233c0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b2c1233c0.bup;Trojan.Packed.2936;;
7da213b2c1233c0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b2c132900.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b2c132900.bup;Trojan.Packed.2936;;
7da213b2c132900.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b2c173e0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b2c173e0.bup;Trojan.Siggen1.2283;;
7da213b2c173e0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b2c211570.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b2c211570.bup;Trojan.Packed.2936;;
7da213b2c211570.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b2c281e40.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b2c281e40.bup;Trojan.Packed.2936;;
7da213b2c281e40.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b2c2dda0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b2c2dda0.bup;Trojan.Packed.2936;;
7da213b2c2dda0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b2c311860.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b2c311860.bup;Trojan.Packed.2936;;
7da213b2c311860.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b2c32e0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b2c32e0.bup;Trojan.Packed.2936;;
7da213b2c32e0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b2d1500.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b2d1500.bup;Trojan.Packed.2936;;
7da213b2d1500.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b2d1e1770.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b2d1e1770.bup;Trojan.Packed.2936;;
7da213b2d1e1770.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b2d22800.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b2d22800.bup;Trojan.Packed.2936;;
7da213b2d22800.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b2e101860.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b2e101860.bup;Trojan.Packed.2936;;
7da213b2e101860.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b2e141670.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b2e141670.bup;Trojan.Packed.2936;;
7da213b2e141670.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da213b2e62de0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da213b2e62de0.bup;Trojan.Packed.2936;;
7da213b2e62de0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da214102d43990.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da214102d43990.bup;Probably Trojan.Packed.Based;;
7da214102d43990.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da2141035933c0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da2141035933c0.bup;Probably Trojan.Packed.Based;;
7da2141035933c0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da21411151d7d0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da21411151d7d0.bup;Probably Trojan.Packed.Based;;
7da21411151d7d0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da21411e3a1480.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da21411e3a1480.bup;Probably Trojan.Packed.Based;;
7da21411e3a1480.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da2141391a1190.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da2141391a1190.bup;Probably Trojan.Packed.Based;;
7da2141391a1190.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da214141291860.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da214141291860.bup;Trojan.Packed.2936;;
7da214141291860.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da21414135ab0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da21414135ab0.bup;Trojan.Packed.2936;;
7da21414135ab0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da214142362af0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da214142362af0.bup;Trojan.Packed.2936;;
7da214142362af0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da214144272130.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da214144272130.bup;Trojan.Packed.2936;;
7da214144272130.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da214144321e40.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da214144321e40.bup;Trojan.Packed.2936;;
7da214144321e40.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da214145133d80.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da214145133d80.bup;Trojan.Packed.2936;;
7da214145133d80.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da21471821ab0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da21471821ab0.bup;Probably Trojan.Packed.Based;;
7da21471821ab0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da214877cb0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da214877cb0.bup;Trojan.Packed.2936;;
7da214877cb0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da21487c2bf0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da21487c2bf0.bup;Trojan.Packed.2936;;
7da21487c2bf0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da216121341380.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da216121341380.bup;Trojan.DownLoad1.35695;;
7da216121341380.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da2161213632c0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da2161213632c0.bup;Probably Trojan.Packed.453;;
7da2161213632c0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da21b17281d2900.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da21b17281d2900.bup;Trojan.Winlock.1115;;
7da21b17281d2900.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da21b1729153e0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da21b1729153e0.bup;Trojan.Fakealert.13237;;
7da21b1729153e0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da21b1729233c0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da21b1729233c0.bup;Trojan.Fakealert.13237;;
7da21b1729233c0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da34111e2c1860.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da34111e2c1860.bup;Trojan.DownLoad1.35695;;
7da34111e2c1860.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da36161b192510.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da36161b192510.bup;Probably Trojan.Packed.1147;;
7da36161b192510.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da36161b211d40.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da36161b211d40.bup;Probably Trojan.Packed.1147;;
7da36161b211d40.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da36161f1cf0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da36161f1cf0.bup;Probably Trojan.Packed.1147;;
7da36161f1cf0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da3616201838a0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da3616201838a0.bup;Trojan.NtRootKit.5823;;
7da3616201838a0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da36162536bb0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da36162536bb0.bup;Probably Trojan.Packed.Based;;
7da36162536bb0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da36162653b90.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da36162653b90.bup;Probably Trojan.Packed.Based;;
7da36162653b90.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da36162681f0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da36162681f0.bup;Probably Trojan.Packed.Based;;
7da36162681f0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da36162687d0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da36162687d0.bup;Probably Trojan.Packed.Based;;
7da36162687d0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da3710111634b0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da3710111634b0.bup;Trojan.MulDrop.61213;;
7da3710111634b0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da3710111738a0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da3710111738a0.bup;Trojan.DownLoad1.35695;;
7da3710111738a0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da37101338fa0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da37101338fa0.bup;Trojan.DownLoad1.40225;;
7da37101338fa0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da37101a2b36b0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da37101a2b36b0.bup;Trojan.Siggen.5265;;
7da37101a2b36b0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da37123136bb0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da37123136bb0.bup;Trojan.Packed.2936;;
7da37123136bb0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da371233193c80.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da371233193c80.bup;Trojan.Packed.2936;;
7da371233193c80.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da37123732af0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da37123732af0.bup;Trojan.Packed.2936;;
7da37123732af0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da3712d1f4e0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da3712d1f4e0.bup;Trojan.DownLoad1.42308;;
7da3712d1f4e0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da3712d2029f0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da3712d2029f0.bup;Trojan.MulDrop.61213;;
7da3712d2029f0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da3782b1e1960.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da3782b1e1960.bup;Probably Trojan.Packed.Based;;
7da3782b1e1960.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da3782bb2510.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da3782bb2510.bup;Probably Trojan.Packed.Based;;
7da3782bb2510.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da3d11123a30d0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da3d11123a30d0.bup;Trojan.Fakealert.13719;;
7da3d11123a30d0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da3d1324d3d80.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da3d1324d3d80.bup;Trojan.Fakealert.13719;;
7da3d1324d3d80.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da3d16d2730d0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da3d16d2730d0.bup;Probably Trojan.Packed.453;;
7da3d16d2730d0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da3d16e12bf0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da3d16e12bf0.bup;Trojan.DownLoad1.16994;;
7da3d16e12bf0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da3d170212900.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da3d170212900.bup;Trojan.DownLoad1.42497;;
7da3d170212900.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da3df1a42de0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da3df1a42de0.bup;Probably Trojan.Packed.453;;
7da3df1a42de0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da3df1c24e0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da3df1c24e0.bup;Trojan.Fakealert.13237;;
7da3df1c24e0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da3df20b7d0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da3df20b7d0.bup;Trojan.DownLoad1.16994;;
7da3df20b7d0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da3df34f2320.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da3df34f2320.bup;Trojan.Fakealert.13719;;
7da3df34f2320.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
7da3e1522c1090.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da3e1522c1090.bup;BackDoor.Tdss.2213;;
7da3e1522c1090.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Archive contains infected objects;Moved.;
RegUBP2b-Robert.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;
Quarantine20080923-171828.xpy\data001;C:\Program Files\XoftSpySE\Quarantine\Quarantine20080923-171828.xpy;Trojan.Packed.612;;
Quarantine20080923-171828.xpy;C:\Program Files\XoftSpySE\Quarantine;Container contains infected objects;Moved.;
A0006715.reg;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP21;Trojan.StartPage.1505;Deleted.;
A0007207.reg;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP21;Trojan.StartPage.1505;Deleted.;
A0007231.reg;C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP22;Trojan.StartPage.1505;Deleted.;

#10 rdouglas_1965

Group: Member
Posts: 11
Joined: 13-March 10

Posted 17 March 2010 - 08:35 AM

Ahhh... Turned off spybot and now it's downloading. I'll post the results later.

#11 rdouglas_1965

Group: Member
Posts: 11
Joined: 13-March 10

Posted 17 March 2010 - 10:50 PM

Got the eset log now. Everything found by the two scan seems to be in system restore, or quarentine by another anti-virus.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=5a6a83cafc31504cb6825a05f6d61e8e
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-03-18 03:38:46
# local_time=2010-03-17 08:38:46 (-0800, Pacific Daylight Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=5121 16776533 100 96 1444021 21698846 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=219195
# found=2
# cleaned=2
# scan_time=14213
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\SWUPDATE.DLL.del.vir Win32/Chksyn.AB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP11\A0000651.dll Win32/Chksyn.AB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

#12 Rorschach112

Group: Retired Staff
Posts: 47,710
Joined: 23-March 07

Posted 18 March 2010 - 05:41 AM

[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

#13 rdouglas_1965

Group: Member
Posts: 11
Joined: 13-March 10

Posted 18 March 2010 - 05:22 PM

Here's the OTL Quick Scan Log:

OTL logfile created on: 3/18/2010 4:04:20 PM - Run 2
OTL by OldTimer - Version 3.1.37.1 Folder = C:\Documents and Settings\Robert\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 277.00 Mb Available Physical Memory | 27.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.74 Gb Total Space | 31.80 Gb Free Space | 28.46% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 55.87 Gb Total Space | 12.09 Gb Free Space | 21.64% Space Free | Partition Type: FAT32
Drive F: | 232.88 Gb Total Space | 54.51 Gb Free Space | 23.41% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELL
Current User Name: Robert
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/14 13:16:47 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTL.exe
PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/11/04 17:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/11/04 16:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/29 07:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/07/08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 20:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/06/23 11:48:12 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CtHelper.exe
PRC - [2009/05/21 10:55:38 | 001,025,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\gs_agent\dsc.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/07 15:34:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/04/07 15:34:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/03/11 23:44:02 | 000,984,352 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2009/03/07 10:51:50 | 000,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/12/08 07:40:00 | 000,115,992 | ---- | M] (EMC Corporation) -- C:\Program Files\Retrospect\Retrospect 7.6\retrorun.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/10 05:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/05/21 18:26:10 | 000,451,896 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/05/12 01:33:52 | 000,479,232 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2004/06/09 17:00:52 | 000,049,152 | R--- | M] () -- C:\Program Files\Prolific\One Button\OneBtn.exe
PRC - [2003/02/04 09:22:30 | 000,181,312 | ---- | M] () -- C:\WINDOWS\SYSTEM32\ScsiAccess.EXE
PRC - [2002/10/02 16:41:20 | 000,684,032 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
PRC - [2002/09/30 01:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe
PRC - [2002/09/12 08:28:14 | 000,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2002/09/11 11:04:58 | 000,053,248 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
PRC - [2002/08/14 17:22:52 | 000,028,672 | R--- | M] (Dell - Advanced Desktop Engineering) -- C:\WINDOWS\SYSTEM32\DSentry.exe
PRC - [2002/02/20 21:01:32 | 000,049,152 | ---- | M] (ScanSoft, Inc) -- C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
PRC - [2001/10/09 15:15:42 | 000,159,806 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\SYSTEM32\DRIVERS\dcfssvc.exe
PRC - [2001/09/17 12:48:42 | 000,090,112 | ---- | M] (Netropa Corp.) -- C:\Program Files\Netropa\OSD.exe
PRC - [2001/09/05 13:28:40 | 000,163,840 | ---- | M] (Netropa Corp.) -- C:\WINDOWS\MMKeybd.exe
PRC - [2001/08/06 13:41:48 | 000,028,672 | ---- | M] () -- C:\WINDOWS\Nhksrv.exe

========== Modules (SafeList) ==========

MOD - [2010/03/14 13:16:47 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTL.exe
MOD - [2009/06/23 11:48:10 | 000,008,704 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\ctagent.dll
MOD - [2002/02/27 13:16:50 | 000,167,936 | ---- | M] (ScanSoft, Inc) -- C:\Program Files\ScanSoft\OmniPageSE\ophook32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/11/04 17:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/11/04 16:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/10/29 07:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/10/28 12:50:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/07/08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 20:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/04/07 15:34:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/03/07 10:51:50 | 000,024,576 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/01/24 18:53:27 | 000,088,728 | ---- | M] (INCA Internet Co., Ltd.) [Disabled | Stopped] -- C:\Nexon\MapleStory\npkcmsvc.exe -- (npkcmsvc)
SRV - [2008/12/08 07:40:00 | 000,128,280 | ---- | M] (EMC Corporation) [Auto | Stopped] -- C:\Program Files\Retrospect\Retrospect 7.6\rthlpsvc.exe -- (Retrospect Helper)
SRV - [2008/12/08 07:40:00 | 000,115,992 | ---- | M] (EMC Corporation) [Auto | Running] -- C:\Program Files\Retrospect\Retrospect 7.6\retrorun.exe -- (RetroLauncher)
SRV - [2008/11/18 15:45:28 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/10 05:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/05/21 18:25:30 | 000,012,800 | ---- | M] (Pure Networks, Inc.) [On_Demand | Stopped] -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache)
SRV - [2008/01/13 15:40:14 | 000,016,936 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe -- (GoToAssist)
SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/03/07 16:47:46 | 000,076,848 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2003/03/31 16:34:14 | 000,282,684 | ---- | M] (Eastman Kodak Company) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\KodakCCS.exe -- (KodakCCS)
SRV - [2003/02/04 09:22:30 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SYSTEM32\ScsiAccess.EXE -- (ScsiAccess)
SRV - [2002/10/10 03:18:36 | 001,118,208 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\NMSSvc.Exe -- (NMSSvc) Intel®
SRV - [2001/10/09 15:15:42 | 000,159,806 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dcfssvc.exe -- (Dcfssvc)
SRV - [2001/08/06 13:41:48 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\WINDOWS\Nhksrv.exe -- (Nhksrv)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page = http://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.msn.com/spbasic.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BC 0D 5E 15 84 C2 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..network.proxy.no_proxies_on: "localhost,*.local"

FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/02/18 15:12:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/13 00:08:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/13 00:08:09 | 000,000,000 | ---D | M]

[2010/03/13 00:08:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Mozilla\Extensions
[2010/03/13 15:50:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\togfispm.default\extensions
[2010/03/13 15:50:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\togfispm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/13 00:08:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/03/15 15:31:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AtariBanner] C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Banner.exe (Infogrames )
O4 - HKLM..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe (Netropa Corp.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe (ScanSoft, Inc)
O4 - HKLM..\Run: [Prolific_OneButton] C:\Program Files\Prolific\One Button\OneBtn.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [SetDefaultMIDI] C:\WINDOWS\System32\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe (Greatis Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] https in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} https://support.euro...iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} http://protect.microsoft.com/security/prot...b?1100458888812 (MSSecurityAdvisor Class)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.micros...386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D6016EE7-A8FF-11D1-B37E-A4759ECD7909} http://www.pulse3d.c...PlayerAxWin.cab (AxPulse Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Soap Bubbles.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Soap Bubbles.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/21 15:57:04 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/03/17 07:18:22 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/03/16 14:28:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\DoctorWeb
[2010/03/16 14:23:44 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/03/14 20:32:29 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/03/14 20:29:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/14 20:29:27 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/14 20:29:27 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/14 20:29:27 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/14 20:28:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/14 19:51:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/14 13:16:28 | 000,555,008 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTL.exe
[2010/03/14 10:01:20 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010/03/14 08:27:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/14 08:27:24 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/03/13 18:28:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Application Data\Malwarebytes
[2010/03/13 18:28:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/13 18:27:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/13 18:27:57 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/13 18:27:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/13 15:59:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Application Data\Safer Networking
[2010/03/13 15:57:28 | 000,000,000 | ---D | C] -- C:\Program Files\Safer Networking
[2010/03/13 00:08:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Local Settings\Application Data\Mozilla
[2010/03/13 00:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/03/12 23:19:00 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/03/11 18:18:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Vbox
[2010/03/10 22:42:06 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/03/10 18:22:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\My Documents\RegRun2
[2010/03/10 18:21:54 | 000,012,752 | ---- | C] (Greatis Software, LLC.) -- C:\WINDOWS\System32\drivers\UnHackMeDrv.sys
[2010/03/10 18:21:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\regruninfo
[2010/03/10 18:21:48 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2010/03/10 18:01:12 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2010/03/09 22:28:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/03/09 22:20:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/03/06 23:28:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Macromedia
[2010/03/06 23:27:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Local Settings\Application Data\Windows Server
[2010/02/26 17:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2010/02/24 21:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/02/24 21:11:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/02/23 15:45:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/23 15:45:04 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/02/19 03:21:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Real
[2010/02/19 02:31:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/02/19 02:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/02/18 17:49:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2010/02/18 17:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/02/05 23:59:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/12/10 11:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Yahoo!
[2009/10/25 21:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/10/25 21:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/09/28 21:48:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
[2009/04/03 07:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Intuit
[2009/03/15 21:18:00 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2008/06/07 20:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\SupportSoft
[2008/03/05 18:09:25 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/02/24 14:39:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Creative
[2008/01/08 08:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006/03/18 09:10:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2006/03/18 09:02:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Symantec
[2005/05/12 00:36:48 | 000,012,288 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\Fonts\RandFont.dll
[2005/03/22 21:34:51 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[2005/03/21 07:31:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2003/05/09 20:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ApplicationHistory

========== Files - Modified Within 14 Days ==========

[2010/03/18 16:01:00 | 000,000,269 | ---- | M] () -- C:\WINDOWS\MSIOSD.INI
[2010/03/18 16:00:46 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/03/18 16:00:08 | 000,014,429 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/03/18 15:58:40 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/18 15:58:39 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/03/18 15:58:05 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/18 15:58:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/03/18 15:57:59 | 1072,766,976 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/18 15:36:30 | 000,030,912 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2010/03/18 15:36:30 | 000,030,912 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2010/03/18 15:36:30 | 000,030,120 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2010/03/18 15:36:30 | 000,030,120 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2010/03/18 15:36:30 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2010/03/18 15:13:22 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/03/18 14:44:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/18 14:39:23 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-10031102}.CDF
[2010/03/18 14:39:23 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-10031102}.BAK
[2010/03/18 13:38:38 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/03/17 21:53:31 | 011,010,048 | ---- | M] () -- C:\Documents and Settings\Robert\ntuser.dat
[2010/03/17 21:52:53 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Robert\NTUSER.INI
[2010/03/17 21:52:36 | 000,000,727 | -H-- | M] () -- C:\Documents and Settings\All Users\Documents\os604495.bin
[2010/03/17 06:55:08 | 000,077,465 | ---- | M] () -- C:\Documents and Settings\Robert\My Documents\DrWeb.csv
[2010/03/16 23:48:35 | 000,000,264 | ---- | M] () -- C:\WINDOWS\System32\tmp.files0
[2010/03/16 14:26:51 | 033,938,128 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\drweb-cureit.exe
[2010/03/15 21:48:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/15 15:34:36 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/15 15:31:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2010/03/15 14:22:26 | 003,890,993 | R--- | M] () -- C:\Documents and Settings\Robert\Desktop\ComboFix.exe
[2010/03/14 20:32:41 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/03/14 19:52:12 | 000,096,512 | ---- | M] () -- C:\WINDOWS\System32\dllcache\atapi.sys
[2010/03/14 13:16:47 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert\Desktop\OTL.exe
[2010/03/14 08:27:25 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\NTREGOPT.lnk
[2010/03/14 08:27:25 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\ERUNT.lnk
[2010/03/14 08:20:04 | 000,471,560 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/03/14 08:20:03 | 000,567,428 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/14 08:20:03 | 000,085,146 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/03/13 18:28:11 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/13 17:39:22 | 000,000,675 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/03/13 16:09:11 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\Spybot - Search & Destroy.lnk
[2010/03/13 00:38:19 | 000,001,432 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\DelDomains.inf
[2010/03/13 00:08:15 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/03/10 22:54:33 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/03/10 22:54:33 | 000,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/03/10 22:54:33 | 000,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat
[2010/03/10 22:53:36 | 000,000,640 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\Reanimator.lnk
[2010/03/10 22:42:10 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\HijackThis.lnk
[2010/03/10 18:21:56 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\Robert\Desktop\UnHackMe.lnk
[2010/03/07 17:23:22 | 000,002,469 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dell Support Center.lnk
[2010/03/05 18:01:05 | 000,067,584 | ---- | M] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2010/03/17 06:55:08 | 000,077,465 | ---- | C] () -- C:\Documents and Settings\Robert\My Documents\DrWeb.csv
[2010/03/16 22:22:11 | 000,000,264 | ---- | C] () -- C:\WINDOWS\System32\tmp.files0
[2010/03/16 14:26:48 | 033,938,128 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\drweb-cureit.exe
[2010/03/14 20:32:41 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/03/14 20:32:32 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/03/14 20:29:27 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/14 20:29:27 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/14 20:29:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/14 20:29:27 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/14 20:29:27 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/14 19:48:36 | 003,890,993 | R--- | C] () -- C:\Documents and Settings\Robert\Desktop\ComboFix.exe
[2010/03/14 08:31:28 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\gmer.exe
[2010/03/14 08:27:25 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\NTREGOPT.lnk
[2010/03/14 08:27:25 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\ERUNT.lnk
[2010/03/13 18:28:11 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/13 16:09:11 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\Spybot - Search & Destroy.lnk
[2010/03/13 00:38:19 | 000,001,432 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\DelDomains.inf
[2010/03/13 00:08:15 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/03/12 23:20:53 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/03/11 18:34:36 | 000,000,727 | -H-- | C] () -- C:\Documents and Settings\All Users\Documents\os604495.bin
[2010/03/10 22:53:36 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\Reanimator.lnk
[2010/03/10 22:42:09 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\HijackThis.lnk
[2010/03/10 18:23:05 | 000,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat
[2010/03/10 18:21:56 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\Robert\Desktop\UnHackMe.lnk
[2010/03/10 18:01:41 | 000,002,187 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/03/07 17:23:22 | 000,002,469 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Dell Support Center.lnk
[2010/02/22 19:23:53 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2010/02/20 00:15:56 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2010/02/20 00:15:56 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2010/02/20 00:15:56 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2010/02/20 00:15:55 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2010/01/24 15:52:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009/12/28 16:40:33 | 000,000,161 | ---- | C] () -- C:\WINDOWS\crywmvtoavi.ini
[2009/06/23 12:29:50 | 000,049,719 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2009/06/23 12:29:48 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/06/23 11:51:00 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2009/06/15 16:15:22 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/06/02 22:53:22 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2009/04/02 21:11:36 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/03/15 21:18:16 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2009/02/28 15:53:02 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ttb.dll
[2009/02/04 14:23:16 | 000,000,093 | ---- | C] () -- C:\WINDOWS\kodakPS.Robert.ini
[2009/01/28 17:24:48 | 000,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll
[2008/12/25 14:31:35 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\d3d9caps.dat
[2008/08/26 22:00:04 | 000,000,301 | ---- | C] () -- C:\WINDOWS\MMKEYBD.INI
[2008/08/26 22:00:04 | 000,000,269 | ---- | C] () -- C:\WINDOWS\MSIOSD.INI
[2008/08/26 21:59:52 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\msiosd32.dll
[2008/05/29 19:34:36 | 000,002,094 | ---- | C] () -- C:\Documents and Settings\Robert\Application Data\HPSU_48BitScanUpdate.log
[2008/05/29 19:34:36 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2008/05/29 19:18:08 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Robert\Application Data\HelpFilesUpdatePatch_HELPFILEREPLACE.log
[2008/05/29 19:18:07 | 000,000,351 | ---- | C] () -- C:\Documents and Settings\Robert\Application Data\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log
[2008/05/29 19:18:07 | 000,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2008/05/29 19:16:31 | 000,002,848 | ---- | C] () -- C:\Documents and Settings\Robert\Application Data\PatchUpdate_InstantShareJPG.log
[2008/05/29 19:16:31 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2008/05/29 19:15:16 | 000,003,650 | ---- | C] () -- C:\Documents and Settings\Robert\Application Data\PatchUpdate_IZClosingDiscError.log
[2008/05/29 19:15:16 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2008/05/29 19:14:03 | 000,034,892 | ---- | C] () -- C:\Documents and Settings\Robert\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2008/05/29 19:14:03 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2008/05/17 14:38:06 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/05/17 14:38:06 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/05/17 14:38:06 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/05/17 14:38:06 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/03/23 20:00:30 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\OdiOlDVR.dll
[2008/03/23 20:00:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\OdiAPI.dll
[2008/03/21 16:16:40 | 000,000,284 | ---- | C] () -- C:\Documents and Settings\Robert\Application Data\ViewerApp.dat
[2008/03/21 15:54:38 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2008/02/27 17:53:12 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2008/02/27 17:51:48 | 000,060,034 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2008/02/04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/12/02 08:16:27 | 000,000,827 | ---- | C] () -- C:\WINDOWS\Spiderman.INI
[2007/08/13 20:45:02 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2006/10/19 10:28:27 | 000,000,014 | ---- | C] () -- C:\WINDOWS\kodakPS.Brennan.ini
[2006/10/02 17:25:18 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2006/01/03 19:25:13 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/01/02 17:40:05 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\fusioncache.dat
[2006/01/02 17:21:15 | 000,003,800 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/12/25 10:28:12 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2005/07/15 16:01:58 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Robert.ini
[2005/04/27 12:40:30 | 000,002,572 | ---- | C] () -- C:\WINDOWS\WINDVDBOOTRECDOE.sys
[2005/02/16 20:47:00 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Kelly.ini
[2005/01/31 19:55:02 | 000,000,023 | ---- | C] () -- C:\WINDOWS\kodakpcd.Brennan.ini
[2005/01/22 21:00:55 | 000,009,051 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2003/12/25 19:42:26 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Visitor.ini
[2003/11/16 08:51:32 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/10/04 20:01:25 | 000,000,196 | ---- | C] () -- C:\WINDOWS\cncscore.ini
[2003/10/04 19:56:14 | 000,001,797 | ---- | C] () -- C:\WINDOWS\BCKiller.ini
[2003/10/04 19:54:57 | 000,000,054 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2003/10/04 07:22:30 | 000,000,494 | ---- | C] () -- C:\WINDOWS\Rollemup.ini
[2003/10/04 07:04:17 | 000,271,264 | ---- | C] () -- C:\WINDOWS\System32\VBRUN100.DLL
[2003/10/04 07:04:17 | 000,004,608 | ---- | C] () -- C:\WINDOWS\MTNEWS.DLL
[2003/10/04 07:04:17 | 000,000,078 | ---- | C] () -- C:\WINDOWS\ArcadeGames.ini
[2003/07/01 13:04:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2003/06/03 05:41:36 | 000,000,021 | ---- | C] () -- C:\WINDOWS\FH_setup.ini
[2003/05/30 15:51:28 | 000,000,098 | ---- | C] () -- C:\WINDOWS\kodakPS.Kelly.ini
[2003/05/13 21:52:36 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2003/05/13 21:52:35 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2003/05/13 21:52:35 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2003/05/10 07:04:19 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserNameD.txt
[2003/05/07 14:07:00 | 000,067,584 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/04/29 17:25:15 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2003/04/23 06:55:53 | 000,000,306 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2003/04/22 13:55:58 | 000,001,453 | ---- | C] () -- C:\WINDOWS\disney.ini
[2003/04/21 16:03:07 | 000,000,675 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2003/04/19 15:45:06 | 000,000,145 | ---- | C] () -- C:\WINDOWS\StarryNight.ini
[2003/04/14 17:05:26 | 000,000,038 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2003/04/14 16:48:54 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\ISP2000.dll
[2003/03/30 16:03:14 | 000,000,935 | ---- | C] () -- C:\WINDOWS\SOUNDIT.INI
[2003/03/30 16:03:03 | 000,000,039 | ---- | C] () -- C:\WINDOWS\~TEMP.INI
[2003/03/21 07:30:45 | 000,000,228 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2003/03/19 20:45:06 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[2003/03/18 21:01:17 | 000,000,525 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2003/03/13 17:55:45 | 000,002,307 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2003/03/13 16:22:10 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\gif89.dll
[2003/03/13 16:21:18 | 000,000,224 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2003/03/13 11:46:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2003/03/12 21:45:58 | 000,000,035 | ---- | C] () -- C:\WINDOWS\ERegClnt.INI
[2003/03/04 00:00:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/03/03 23:44:15 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2003/03/03 23:40:20 | 000,000,890 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/03/03 23:16:38 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/09/09 13:58:38 | 000,000,885 | ---- | C] () -- C:\WINDOWS\LRUN32.INI
[2002/09/09 13:54:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/09/03 09:58:49 | 000,011,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2002/02/06 08:04:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll
[2002/01/21 13:17:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll
[2001/08/23 12:00:00 | 000,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/05/22 14:28:08 | 000,161,280 | ---- | C] () -- C:\WINDOWS\System32\ltvid12n.dll
[2000/04/12 16:28:12 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2000/04/12 16:24:10 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[1999/02/22 18:27:36 | 000,280,064 | ---- | C] () -- C:\WINDOWS\System32\Cncs232.dll

========== LOP Check ==========

[2003/03/03 23:43:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2003/03/19 19:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon
[2008/01/13 15:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2009/04/02 21:11:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2008/09/03 17:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dumb pure bind support
[2009/01/09 17:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009/01/28 17:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/10/11 22:18:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2009/10/29 12:14:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2007/01/21 15:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QubeSoft
[2010/03/18 10:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Retrospect
[2009/01/28 15:41:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G5
[2003/04/22 20:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/04/03 09:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2003/04/22 19:18:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2003/03/18 21:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2007/12/15 17:43:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/03/09 22:40:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/07 19:37:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2005/03/29 15:37:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/12/21 21:31:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virtual Mechanics
[2009/03/17 18:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/11/01 13:45:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/02 14:00:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/12/17 15:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Atari
[2008/01/13 23:58:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\DeepBurner
[2003/05/08 21:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Leadertech
[2009/02/07 20:43:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\NCH Swift Sound
[2008/09/11 16:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Nvu
[2008/11/18 18:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\OfficeUpdate12
[2009/01/28 15:57:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Recordpad
[2009/01/26 17:29:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Red Kawa
[2009/01/28 15:22:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\River Past G5
[2010/03/13 15:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Safer Networking
[2003/03/18 21:01:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\ScanSoft
[2010/02/20 00:15:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Simply Super Software
[2009/08/26 16:10:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Softplicity
[2009/10/22 16:27:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Sony
[2009/10/22 16:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Sony Setup
[2008/12/30 23:04:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\SPORE
[2008/11/13 19:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\SPORE Creature Creator
[2003/05/10 07:05:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Ulead Systems
[2008/12/21 21:31:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Virtual Mechanics
[2010/02/05 23:30:57 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/02/05 23:30:55 | 000,000,334 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2010/03/18 15:58:39 | 000,000,440 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2009/12/31 04:00:00 | 000,000,374 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job
[2009/12/28 17:36:48 | 000,000,288 | ---- | M] () -- C:\WINDOWS\Tasks\videopadSevenDaysInit.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
< End of report >

#14 Rorschach112

Group: Retired Staff
Posts: 47,710
Joined: 23-March 07

Posted 18 March 2010 - 05:24 PM

Your logs are clean

Follow these steps to uninstall Combofix and tools used in the removal of malware

Uninstall ComboFix

Remove Combofix now that we're done with it.

Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
Please follow the prompts to uninstall Combofix.
You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

Download OTC to your desktop and run it
Click Yes to beginning the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Below I have included a number of recommendations for how to protect your computer against malware infections.

Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.
SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
Make Internet Explorer more secure
- Click Start > Run
- Type Inetcpl.cpl & click OK
- Click on the Security tab
- Click Reset all zones to default level
- Make sure the Internet Zone is selected & Click Custom level
- In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
- Next Click OK, then Apply button and then OK to exit the Internet Properties page.
TFC - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
- NoScript - for blocking ads and other potential website attacks
- McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling
Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.
Please read my guide on how to prevent malware and about safe computing here

Thank you for your patience, and performing all of the procedures requested.

#15 rdouglas_1965

Group: Member
Posts: 11
Joined: 13-March 10

Posted 19 March 2010 - 11:15 PM

Thank you! I've run all the steps you've suggested. Hopefully I won't have to go through this again. You're amazing, and much appreciated...

Back to Virus, Spyware, Malware Removal

Share this topic:

2 Pages
1
2
→

Please log in to reply

IE - can't get to wndowspdate.mcrosft.com [Solved] - Geeks to Go Forums