Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - Everlasting Death

Pages: [1] 2 3 ... 49

General Discussion / Greetings and Salutations!

« on: April 09, 2011, 01:09:09 PM »

http://www.engadget.com/2011/04/09/world-bank-report-finds-selling-virtual-goods-in-games-more-prof/

That is all...

Tech Clinic / Some issues

« on: April 20, 2010, 10:46:26 PM »

Here's the OTL log...Everything seems ok, and the virus file isn't in it's normal place anymore, so I think it may be all good now

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' /> thanks a ton

OTL logfile created on: 4/20/2010 10:40:13 PM - Run 3
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\h\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 584.00 Mb Available Physical Memory | 58.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 23.14 Gb Free Space | 62.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loadeda
Drive E: | 968.65 Mb Total Space | 933.91 Mb Free Space | 96.41% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RLCHS-838196
Current User Name: HSLaptop
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=\"#E56717\"]========== Processes (SafeList) ==========[/color]

PRC - [2010/04/05 16:39:32 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\h\Desktop\OTL.exe
PRC - [2010/01/29 16:19:33 | 000,297,240 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\SCClient.exe
PRC - [2010/01/29 16:19:32 | 000,128,280 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\scManager.sys
PRC - [2009/10/02 10:58:10 | 000,185,776 | ---- | M] (Absolute Software Corp.) -- C:\Documents and Settings\All Users\Application Data\rpcnet\Bin\rpcld.exe
PRC - [2009/07/08 12:55:23 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\system32\rpcnet.exe
PRC - [2009/04/29 13:36:49 | 000,192,512 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\InoRPC.exe
PRC - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/02/25 16:35:34 | 000,208,896 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\InoRT.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/05 07:57:24 | 000,106,496 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
PRC - [2006/10/18 18:05:18 | 000,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006/10/18 18:01:34 | 000,290,816 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2006/10/18 17:56:52 | 000,946,176 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2006/10/18 17:49:52 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2006/06/29 03:19:03 | 002,371,584 | ---- | M] (Motive, Inc.) -- C:\Program Files\SBC Self Support Tool\bin\mad.exe
PRC - [2006/03/24 17:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2003/10/10 09:06:12 | 000,245,760 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\SBC Self Support Tool\AsstCommon\MotiveDirectory.exe
PRC - [2003/10/10 09:06:10 | 000,192,512 | ---- | M] () -- C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
PRC - [2002/09/19 19:29:28 | 000,053,248 | ---- | M] (Computer Associates) -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe

[color=\"#E56717\"]========== Modules (SafeList) ==========[/color]

MOD - [2010/04/05 16:39:32 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\h\Desktop\OTL.exe

[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [On_Demand | Stopped] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/01/29 16:19:32 | 000,128,280 | ---- | M] (Impulse Point, LLC) [Auto | Running] -- C:\Program Files\SafeConnect\scManager.sys -- (SCManager)
SRV - [2009/10/02 10:58:10 | 000,185,776 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\rpcnet\Bin\rpcld.exe -- (rpcld) Remote Procedure Call (RPC)
SRV - [2009/07/08 12:55:23 | 000,056,680 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\WINDOWS\system32\rpcnet.exe -- (Rpcnet) Remote Procedure Call (RPC)
SRV - [2009/04/29 13:36:49 | 000,380,928 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CA\eTrustITM\InoTask.exe -- (InoTask)
SRV - [2009/04/29 13:36:49 | 000,192,512 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\eTrustITM\InoRpc.exe -- (InoRPC)
SRV - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/02/25 16:35:34 | 000,208,896 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\eTrustITM\InoRT.exe -- (InoRT)
SRV - [2009/02/06 18:08:58 | 000,533,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2007/02/05 07:57:24 | 000,106,496 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe -- (iGateway)
SRV - [2006/10/18 18:05:18 | 000,434,176 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2006/10/18 18:01:34 | 000,290,816 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2006/10/18 17:56:52 | 000,946,176 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2006/10/18 17:49:52 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2002/09/19 19:41:00 | 000,077,824 | ---- | M] (Computer Associates) [On_Demand | Stopped] -- C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe -- (CA_LIC_SRVR)
SRV - [2002/09/19 19:29:28 | 000,053,248 | ---- | M] (Computer Associates) [Auto | Running] -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe -- (LogWatch)
SRV - [2002/09/19 19:27:04 | 000,077,824 | ---- | M] (Computer Associates) [On_Demand | Stopped] -- C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe -- (CA_LIC_CLNT)

[color=\"#E56717\"]========== Driver Services (SafeList) ==========[/color]

DRV - [2009/02/06 18:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/10/18 21:14:32 | 000,184,080 | ---- | M] (Computer Associates) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\ino_fltr.sys -- (INO_FLTR)
DRV - [2007/08/06 22:07:02 | 000,027,536 | ---- | M] (Computer Associates) [File_System | Boot | Running] -- C:\WINDOWS\system32\Drivers\ino_flpy.sys -- (INO_FLPY)
DRV - [2007/03/30 21:34:14 | 005,704,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/10/19 09:29:22 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/10/17 11:55:28 | 001,711,104 | ---- | M] (IntelÂ® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32) Intel®
DRV - [2006/04/05 19:38:22 | 002,208,512 | ---- | M] (IntelÂ® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2006/04/04 03:17:24 | 001,429,632 | ---- | M] (IntelÂ® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2006/03/24 17:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/07/22 11:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 11:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/22 11:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/10 16:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2004/05/26 15:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]

[color=\"#E56717\"]========== Internet Explorer ==========[/color]

IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)

IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=\"#E56717\"]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.Email Removed/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.9.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.7.1
FF - prefs.js..keyword.URL: "http://slirsredirect.search.Email Removed/slirs_http/sredir?invocationType=bu10aiminstabie7&sredir=2706&query="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/07 22:56:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/07 22:56:00 | 000,000,000 | ---D | M]

[2010/02/07 22:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\h\Application Data\Mozilla\Extensions
[2010/04/10 17:55:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\x2uxm7cb.default\extensions
[2009/08/22 12:44:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\x2uxm7cb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/05 16:38:17 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\x2uxm7cb.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/27 21:03:31 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\x2uxm7cb.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/04/05 16:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\x2uxm7cb.default\extensions\[email protected]
[2010/03/18 23:31:39 | 000,001,490 | ---- | M] () -- C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\x2uxm7cb.default\searchplugins\AIM Search.xml
[2010/01/28 00:59:11 | 000,004,546 | ---- | M] () -- C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\x2uxm7cb.default\searchplugins\aim-search.xml
[2010/04/10 17:55:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/18 23:31:39 | 000,001,490 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\AIM Search.xml

O1 HOSTS File: ([2010/03/30 23:29:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [Yahoo! Pager] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SafeConnect.lnk = C:\Program Files\SafeConnect\SCClient.exe (Impulse Point, LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe (Motive Communications, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1150832924960 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1228863417765 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=\"#E56717\"]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010/04/17 12:50:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\h\Recent
[2010/04/17 12:50:40 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/06 22:19:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/04/05 16:40:05 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\h\Desktop\OTL.exe
[2010/04/01 21:46:09 | 000,000,000 | ---D | C] -- C:\TrendMicro
[2010/03/30 23:50:23 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\rpcnet
[2010/03/30 23:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ivvipl
[2010/03/30 23:21:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/30 23:21:51 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/30 23:21:51 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/30 23:21:51 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/28 22:22:49 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2010/03/18 10:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2010/03/07 20:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2010/03/06 20:29:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\AIM Toolbar
[2010/03/06 20:29:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2010/03/06 20:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
[2010/03/06 18:22:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/03/04 10:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/03/03 15:48:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\AIM Toolbar
[2010/03/03 15:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Google
[2010/03/02 21:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/03/02 21:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/03/02 21:52:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/03/01 21:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/03/01 21:24:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/02/27 18:20:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/02/27 18:15:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/02/01 15:36:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/08/31 14:06:39 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/07/15 11:54:17 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/04/29 13:40:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/04/20 11:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2007/07/24 10:53:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intel
[2007/07/24 10:52:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=\"#E56717\"]========== Files - Modified Within 30 Days ==========[/color]

[2010/04/20 22:39:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/20 22:38:56 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/04/20 22:38:54 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.exe
[2010/04/20 22:38:52 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.dll
[2010/04/20 22:38:52 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/20 22:38:50 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/20 22:38:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/17 15:10:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/17 15:07:30 | 009,437,184 | -H-- | M] () -- C:\Documents and Settings\h\NTUSER.DAT
[2010/04/17 15:07:30 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\h\ntuser.ini
[2010/04/17 15:07:19 | 005,363,516 | -H-- | M] () -- C:\Documents and Settings\h\Local Settings\Application Data\IconCache.db
[2010/04/17 14:36:00 | 000,000,976 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1992757637-737350535-4160918168-1003UA.job
[2010/04/17 14:30:04 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/14 20:10:48 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/14 20:02:14 | 003,915,740 | R--- | M] () -- C:\Documents and Settings\h\Desktop\ComboFix.exe
[2010/04/05 16:39:32 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\h\Desktop\OTL.exe
[2010/04/01 21:46:10 | 000,001,946 | ---- | M] () -- C:\Documents and Settings\h\Desktop\HiJackThis.lnk
[2010/04/01 18:01:31 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.dll
[2010/03/30 23:29:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/29 22:37:32 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\h\Desktop\iExplore.exe
[2010/03/29 22:36:00 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\h\Desktop\rkill.com
[2010/03/29 22:18:15 | 000,000,373 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/03/28 14:11:26 | 000,000,124 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Control Panel.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=\"#E56717\"]========== Files Created - No Company Name ==========[/color]

[2010/04/17 12:51:05 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/04/01 21:46:10 | 000,001,946 | ---- | C] () -- C:\Documents and Settings\h\Desktop\HiJackThis.lnk
[2010/03/30 23:21:51 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/30 23:21:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/30 23:21:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/30 23:21:51 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/30 23:21:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/30 23:15:20 | 003,915,740 | R--- | C] () -- C:\Documents and Settings\h\Desktop\ComboFix.exe
[2010/03/29 22:39:43 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\h\Desktop\rkill.com
[2010/03/29 22:39:43 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\h\Desktop\iExplore.exe
[2010/03/28 14:11:26 | 000,000,124 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Control Panel.lnk
[2010/03/04 12:42:01 | 000,000,373 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/08/12 22:52:09 | 000,095,232 | ---- | C] () -- C:\Documents and Settings\h\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/08/14 11:32:56 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.dll
[2007/07/24 14:09:57 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2007/07/24 14:05:59 | 000,000,605 | ---- | C] () -- C:\WINDOWS\PCalcpro.ini
[2007/07/24 14:05:59 | 000,000,543 | ---- | C] () -- C:\WINDOWS\asc_sys.ini
[2007/07/24 14:05:58 | 000,000,182 | ---- | C] () -- C:\WINDOWS\medlrng.ini
[2007/07/24 14:05:51 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[2007/07/24 14:03:49 | 000,050,688 | ---- | C] () -- C:\WINDOWS\System32\iproc.dll
[2007/07/24 14:03:49 | 000,041,984 | ---- | C] () -- C:\WINDOWS\System32\iprocnt.dll
[2007/07/24 14:03:00 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\twdll.dll
[2007/07/24 14:03:00 | 000,000,134 | ---- | C] () -- C:\WINDOWS\awshkwv.ini
[2007/07/24 10:50:16 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2006/07/20 13:51:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/07/13 10:35:10 | 000,001,767 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/07/12 16:20:28 | 000,000,047 | ---- | C] () -- C:\WINDOWS\InoSetup.ini
[2006/06/21 13:42:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/20 15:24:01 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\ntuser.dat
[2006/06/20 15:24:01 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\ntuser.dat.LOG
[2006/06/20 14:11:33 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/06/20 14:11:32 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/06/20 14:04:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\Stac97co.dll
[2006/06/20 13:52:11 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\h\ntuser.ini
[2006/06/20 13:52:10 | 009,437,184 | -H-- | C] () -- C:\Documents and Settings\h\NTUSER.DAT
[2006/06/20 13:52:10 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\h\ntuser.dat.LOG

[color=\"#E56717\"]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 266944 bytes -> C:\WINDOWS\Temp:temp
< End of report >

Tech Clinic / Some issues

« on: April 17, 2010, 03:05:34 PM »

I'll post the otl later, kinda in a rush >.<
It looks like the wmpcfg whatever is gone

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/ohmy.gif\' class=\'bbc_emoticon\' alt=\'

\' /> but again, I was in a rush

ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=cd6f8d4a8e430743991ed5e192b0fdcd
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-04-07 06:01:23
# local_time=2010-04-07 01:01:23 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=76464
# found=61
# cleaned=0
# scan_time=6172
C:\Documents and Settings\h\Local Settings\Application Data\Google\Update\googleupdate.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Documents and Settings\h\Local Settings\temp\wmpscfgs.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Documents and Settings\NetworkService\jfufiwg.exe   a variant of Win32/Kryptik.CQG trojan   00000000000000000000000000000000   I
C:\Documents and Settings\NetworkService\Local Settings\Application Data\ivvipl\vodysftav .exe   a variant of Win32/Kryptik.DHW trojan   00000000000000000000000000000000   I
C:\Program Files\Adobe\315781.old   a variant of Win32/Kryptik.CZR trojan   00000000000000000000000000000000   I
C:\Program Files\Adobe\320718.old   a variant of Win32/Kryptik.CZR trojan   00000000000000000000000000000000   I
C:\Program Files\Adobe\733968.old   a variant of Win32/Kryptik.CZR trojan   00000000000000000000000000000000   I
C:\Program Files\Adobe\80870343.old   a variant of Win32/Kryptik.CZR trojan   00000000000000000000000000000000   I
C:\Program Files\AIM\aim .exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\AIM\aim .exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\BroadJump\Client Foundation\cfd.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\CA\eTrustITM\realmon.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\Creative\Sync Manager Unicode\ctsyncu.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\Google\GoogleToolbarNotifier\googletoolbarnotifier.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\Intel\Wireless\Bin\zcfgsvc.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\Internet Explorer\js.mui   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\Internet Explorer\wmpscfgs.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\iTunes\ituneshelper.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\SBC Self Support Tool\SmartBridge\motivesb.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\Spybot - Search & Destroy\rundll32.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\Spybot - Search & Destroy\stsystra.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\Spybot - Search & Destroy\teatimer.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\Spybot - Search & Destroy\teatimer.exe.delme136   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\Washer\washer.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\Documents and Settings\h\rundll32 .exe.vir   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\Documents and Settings\h\rundll32.exe.vir   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\Documents and Settings\h\stsystra .exe.vir   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\Documents and Settings\h\stsystra.exe.vir   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\Documents and Settings\h\Local Settings\Application Data\xpqubr\nvtvsftav.exe.vir   Win32/Adware.SpywareProtect2009 application   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\twhto.exe.vir   Win32/Agent.OSE trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Local Settings\Application Data\ivvipl\vodysftav.exe.vir   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\Program Files\Adobe\acrotray .exe.vir   a variant of Win32/Kryptik.CZR trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\js.mui.vir   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\wmpscfgs.exe.vir   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\Program Files\Windows Police Pro\tmp\wispex.html.vir   Win32/Adware.WinAntiVirus application   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\ivrnsftav .exe.vir   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\0034.DLL.vir   Win32/Witkinat.A trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\0037.DLL.vir   a variant of Win32/Witkinat.A trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\0038.DLL.vir   Win32/Witkinat.A trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\app_dll.dll.vir   Win32/TrojanDownloader.Unruy.BI trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\critical_warning.html.vir   Win32/TrojanDownloader.FakeAlert.ADG trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\fui .exe.vir   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\meseleru.dll.vir   a variant of Win32/Kryptik.AJK trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\msiinfo32 .exe.vir   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\rotscxputowehw.dll.vir   a variant of Win32/Kryptik.AHG trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\rotscxrmhfttqi.dll.vir   a variant of Win32/Kryptik.AHG trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\stsystra .exe.vir   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACptrapxmlto.dll.vir   a variant of Win32/Kryptik.BKV trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\wexe.exe.vir   probably a variant of Win32/Witkinat.A trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\WORK.DAT.vir   Win32/Witkinat.A trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\~.exe.vir   a variant of Win32/Kryptik.BVA trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir   Win32/Olmarik.VM trojan   00000000000000000000000000000000   I
C:\WINDOWS\ivrnsftav .exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\WINDOWS\ivrnsftav.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\WINDOWS\system32\fui .exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\WINDOWS\system32\fui.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\WINDOWS\system32\msiinfo32 .exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\WINDOWS\system32\msiinfo32.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\WINDOWS\system32\stsystra.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
${Memory}   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=cd6f8d4a8e430743991ed5e192b0fdcd
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-04-17 08:01:17
# local_time=2010-04-17 03:01:17 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=80807
# found=1075
# cleaned=1075
# scan_time=7304
C:\Documents and Settings\h\rundll32.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\h\stsystra.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\h\Local Settings\Application Data\Google\Update\googleupdate.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\h\Local Settings\temp\wmpscfgs.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\NetworkService\Local Settings\Application Data\ivvipl\vodysftav .exe   a variant of Win32/Kryptik.DHW trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Program Files\Adobe\315781.old   a variant of Win32/Kryptik.CZR trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Program Files\Adobe\320718.old   a variant of Win32/Kryptik.CZR trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Program Files\Adobe\733968.old   a variant of Win32/Kryptik.CZR trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Program Files\Adobe\80870343.old   a variant of Win32/Kryptik.CZR trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Program Files\AIM\aim.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Program Files\CA\eTrustITM\realmon.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Program Files\Creative\Sync Manager Unicode\ctsyncu.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Program Files\Google\GoogleToolbarNotifier\googletoolbarnotifier.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Program Files\Intel\Wireless\Bin\zcfgsvc.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Program Files\Internet Explorer\js.mui   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Program Files\Internet Explorer\wmpscfgs.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Program Files\iTunes\ituneshelper.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Program Files\SBC Self Support Tool\SmartBridge\motivesb.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Program Files\Washer\washer.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\[4]-Submit_2010-04-14_20.05.32.zip   multiple threats (deleted - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\Documents and Settings\h\rundll32 .exe.vir   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\Documents and Settings\h\rundll32.exe.vir   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\Documents and Settings\h\stsystra .exe.vir   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\Documents and Settings\h\stsystra.exe.vir   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\Documents and Settings\h\Local Settings\Application Data\xpqubr\nvtvsftav.exe.vir   Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\twhto.exe.vir   Win32/Agent.OSE trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Local Settings\Application Data\ivvipl\vodysftav.exe.vir   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\Program Files\Adobe\acrotray .exe.vir   a variant of Win32/Kryptik.CZR trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\js.mui.vir   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\wmpscfgs.exe.vir   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\Program Files\Windows Police Pro\tmp\wispex.html.vir   Win32/Adware.WinAntiVirus application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\WINDOWS\ivrnsftav .exe.vir   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\WINDOWS\system32\0034.DLL.vir   Win32/Witkinat.A trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\WINDOWS\system32\0037.DLL.vir   a variant of Win32/Witkinat.A trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\WINDOWS\system32\0038.DLL.vir   Win32/Witkinat.A trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\WINDOWS\system32\app_dll.dll.vir   Win32/TrojanDownloader.Unruy.BI trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\WINDOWS\system32\critical_warning.html.vir   Win32/TrojanDownloader.FakeAlert.ADG trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\WINDOWS\system32\fui .exe.vir   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\WINDOWS\system32\meseleru.dll.vir   a variant of Win32/Kryptik.AJK trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\WINDOWS\system32\msiinfo32 .exe.vir   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\WINDOWS\system32\rotscxputowehw.dll.vir   a variant of Win32/Kryptik.AHG trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\WINDOWS\system32\rotscxrmhfttqi.dll.vir   a variant of Win32/Kryptik.AHG trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\WINDOWS\system32\stsystra .exe.vir   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACptrapxmlto.dll.vir   a variant of Win32/Kryptik.BKV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\WINDOWS\system32\wexe.exe.vir   probably a variant of Win32/Witkinat.A trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\WINDOWS\system32\WORK.DAT.vir   Win32/Witkinat.A trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\WINDOWS\system32\~.exe.vir   a variant of Win32/Kryptik.BVA trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir   Win32/Olmarik.VM trojan (cleaned - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000076.exe   Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000077.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000078.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000079.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000080.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000081.exe   Win32/Agent.OSE trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000082.exe   a variant of Win32/Kryptik.CZR trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000083.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000084.DLL   Win32/Witkinat.A trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000085.DLL   a variant of Win32/Witkinat.A trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000086.DLL   Win32/Witkinat.A trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000087.dll   Win32/TrojanDownloader.Unruy.BI trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000090.exe   Win32/Agent.NWL trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000091.exe   a variant of Win32/Injector.ASA trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000095.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000096.exe   probably a variant of Win32/Witkinat.A trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000117.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000118.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000120.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000122.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000123.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000126.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000127.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000128.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000129.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000130.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000264.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000265.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000266.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000267.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000268.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000269.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000270.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000271.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000272.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000273.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP11\A0013994.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP11\A0014009.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP11\A0014010.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP11\A0014011.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP11\A0014012.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP11\A0014013.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP11\A0014015.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP11\A0014016.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP11\A0014135.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP11\A0014136.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP11\A0014137.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP11\A0014138.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP11\A0014139.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP11\A0014140.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP11\A0014141.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP11\A0014142.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP11\A0014143.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP11\A0014144.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP11\A0014145.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP12\A0014345.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP12\A0014354.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP12\A0014355.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP12\A0014356.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP12\A0014357.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP12\A0014358.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP12\A0014359.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP12\A0014360.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP12\A0014361.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP12\A0014362.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP12\A0014363.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP12\A0014364.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP12\A0014365.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP12\A0014366.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP12\A0014367.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP12\A0014382.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP12\A0014383.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP12\A0014407.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP12\A0014408.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP12\A0014411.exe   Win32/Agent.NWL trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP12\A0014412.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP12\A0014413.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP12\A0014414.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP13\A0014570.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP13\A0014573.exe   a variant of Win32/Kryptik.DHW trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP13\A0014574.old   a variant of Win32/Kryptik.CZR trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP13\A0014575.old   a variant of Win32/Kryptik.CZR trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP13\A0014576.old   a variant of Win32/Kryptik.CZR trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP13\A0014577.old   a variant of Win32/Kryptik.CZR trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP13\A0014578.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0000544.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0000545.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0000546.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0000547.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0000548.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0000549.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0000550.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0000551.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0000552.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0000553.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0000554.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0000555.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0000556.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0000557.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0000558.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0000559.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0000560.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0000561.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0000562.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0000563.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0000564.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0000565.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0000566.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0000567.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0000568.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0000569.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0001409.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0001410.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0001412.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0001415.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0001416.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0001417.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0001418.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0001419.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001477.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001478.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001479.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001480.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001481.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001482.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001483.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001484.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001485.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001486.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001487.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001488.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001489.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001490.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001491.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001502.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001503.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001504.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001505.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001506.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001507.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001508.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001509.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001510.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001511.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001512.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001513.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001514.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001515.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001516.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001534.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001535.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001536.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001537.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001538.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001539.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001540.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001541.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001542.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001543.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001544.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001545.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001546.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001547.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001548.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001562.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001563.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001564.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001565.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001566.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001567.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001568.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001569.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001570.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001571.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001572.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001573.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001574.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001575.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001576.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001713.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001714.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001715.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001716.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001717.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001718.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001719.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001720.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001721.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001722.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001723.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001724.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001725.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001726.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001727.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001747.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001748.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001749.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001750.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001751.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001752.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001753.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001754.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deletin

Tech Clinic / Some issues

« on: April 14, 2010, 08:14:57 PM »

ComboFix 10-04-14.01 - HSLaptop 04/14/2010 20:05:43.6.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.510 [GMT -5:00]
Running from: c:\documents and settings\h\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\h\Desktop\CFScript.txt
AV: eTrust ITM *On-access scanning enabled* (Outdated) {33EA71EA-56CF-40B5-A06B-BD3A27397C44}

FILE ::
"c:\documents and settings\NetworkService\jfufiwg.exe"
"c:\program files\1632406.dat"
"c:\program files\1719718.dat"
"c:\program files\19239796.dat"
"c:\program files\2000765.dat"
"c:\program files\267531.dat"
"c:\program files\2978281.dat"
"c:\program files\5031437.dat"
"c:\program files\5034578.dat"
"c:\program files\512703.dat"
"c:\program files\542703.dat"
"c:\program files\5983640.dat"
"c:\program files\6578718.dat"
"c:\program files\6884187.dat"
"c:\windows\Asufirol.dat"
"c:\windows\ivrnsftav.exe"
"c:\windows\system32\fui.exe"
"c:\windows\system32\msiinfo32.exe"
"c:\windows\system32\stsystra.exe"
"c:\windows\Wkexaduj.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\h\rundll32.exe
c:\documents and settings\h\stsystra.exe
c:\documents and settings\NetworkService\jfufiwg.exe
c:\program files\1632406.dat
c:\program files\1719718.dat
c:\program files\19239796.dat
c:\program files\2000765.dat
c:\program files\267531.dat
c:\program files\2978281.dat
c:\program files\5031437.dat
c:\program files\5034578.dat
c:\program files\512703.dat
c:\program files\542703.dat
c:\program files\5983640.dat
c:\program files\6578718.dat
c:\program files\6884187.dat
c:\program files\Internet Explorer\js.mui
c:\program files\Internet Explorer\wmpscfgs.exe
c:\windows\Asufirol.dat
c:\windows\ivrnsftav .exe
c:\windows\ivrnsftav.exe
c:\windows\system32\fui .exe
c:\windows\system32\fui.exe
c:\windows\system32\msiinfo32 .exe
c:\windows\system32\msiinfo32.exe
c:\windows\system32\stsystra.exe
c:\windows\Wkexaduj.bin

.
((((((((((((((((((((((((( Files Created from 2010-03-15 to 2010-04-15 )))))))))))))))))))))))))))))))
.

2010-04-15 01:02 . 2010-04-15 01:02   --------   d-----w-   c:\windows\LastGood
2010-04-07 03:19 . 2010-04-07 03:19   --------   d-----w-   c:\program files\ESET
2010-04-02 02:46 . 2010-04-02 02:46   388096   ----a-r-   c:\documents and settings\h\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-04-02 02:46 . 2010-04-02 02:46   --------   d-----w-   C:\TrendMicro
2010-03-31 04:50 . 2010-03-31 04:51   --------   d--h--w-   c:\documents and settings\All Users\Application Data\rpcnet
2010-03-29 03:22 . 2010-03-29 03:22   --------   d-----w-   C:\VundoFix Backups
2010-03-21 04:07 . 2010-03-31 04:27   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\ivvipl
2010-03-19 15:53 . 2010-03-19 15:53   --------   d-sh--w-   c:\windows\system32\config\systemprofile\PrivacIE
2010-03-19 15:52 . 2010-03-19 15:52   --------   d-sh--w-   c:\windows\system32\config\systemprofile\IECompatCache
2010-03-19 04:31 . 2010-04-15 01:05   --------   d-----w-   c:\program files\AIM
2010-03-19 04:31 . 2010-03-19 04:31   --------   d-----w-   c:\program files\Common Files\Software Update Utility

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-15 01:05 . 2009-08-12 23:45   --------   d-----w-   c:\program files\Washer
2010-04-15 01:05 . 2006-06-20 21:16   --------   d-----w-   c:\program files\QuickTime
2010-04-15 01:05 . 2010-01-30 19:50   --------   d-----w-   c:\program files\iTunes
2010-04-15 00:58 . 2008-08-14 16:29   17408   ----a-w-   c:\windows\system32\rpcnetp.exe
2010-04-15 00:58 . 2007-07-26 14:46   56680   ----a-w-   c:\windows\system32\rpcnet.dll
2010-04-15 00:55 . 2007-07-24 16:24   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-02 00:05 . 2010-01-22 23:35   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-04-01 23:01 . 2008-08-14 16:32   17408   ----a-w-   c:\windows\system32\rpcnetp.dll
2010-03-21 03:39 . 2009-08-12 23:53   --------   d-----w-   c:\program files\CCleaner
2010-03-19 04:31 . 2010-01-28 02:03   --------   d-----w-   c:\program files\Common Files\AOL
2010-03-13 22:39 . 2009-07-20 21:56   --------   d-----w-   c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-13 18:19 . 2009-08-20 22:44   581   ----a-w-   c:\windows\eReg.dat
2010-03-13 18:09 . 2009-08-20 22:34   --------   d-----w-   c:\program files\Maxis
2010-03-12 19:41 . 2010-03-12 19:41   --------   d-----w-   c:\program files\VS Revo Group
2010-03-11 23:25 . 2010-01-29 21:19   --------   d-----w-   c:\program files\SafeConnect
2010-03-11 00:56 . 2006-06-20 19:08   96512   ------w-   c:\windows\system32\drivers\atapi.sys
2010-03-03 20:47 . 2010-03-03 20:47   552   ----a-w-   c:\windows\system32\d3d8caps.dat
2010-03-03 20:47 . 2010-03-03 20:47   664   ----a-w-   c:\windows\system32\d3d9caps.dat
2010-02-27 23:14 . 2010-02-27 18:42   --------   d-----w-   c:\program files\Google
2010-02-25 06:24 . 2001-08-23 12:00   916480   ------w-   c:\windows\system32\wininet.dll
2010-02-17 00:37 . 2006-07-12 21:31   --------   d-----w-   c:\program files\Java
2010-02-17 00:36 . 2010-02-17 00:36   152576   ----a-w-   c:\documents and settings\h\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-02-17 00:36 . 2010-01-24 04:20   79488   ----a-w-   c:\documents and settings\h\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-30 19:55 . 2010-01-30 19:55   57588   ---ha-w-   c:\windows\system32\mlfcache.dat
2010-01-28 23:52 . 2008-10-10 14:57   52120   ----a-w-   c:\windows\system32\pkgmgr.dll
2010-01-26 15:37 . 2010-01-26 15:37   102400   ----a-w-   c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\aimtbres.dll
2010-01-17 23:20 . 2008-10-10 14:57   46488   ----a-w-   c:\windows\system32\pkgslv.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-04-07_02.34.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-15 00:58 . 2010-04-15 00:58   16384 c:\windows\Temp\Perflib_Perfdata_1bc.dat
+ 2008-12-09 21:27 . 2010-04-10 22:56   84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2008-12-09 21:27 . 2009-08-22 18:24   84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2010-01-27 01:07 . 2010-01-27 01:07   256280 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2010-01-27 01:07 . 2010-01-27 01:07   3884312 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="1" [X]
"Google Update"="c:\documents and settings\h\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-04-15 40960]
"Washer"="c:\program files\Washer\washer.exe" [2002-08-15 428544]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-09-29 700416]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-27 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"Realtime Monitor"="c:\program files\CA\eTrustITM\realmon.exe" [2007-01-17 407632]
"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 442455]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
SafeConnect.lnk - c:\program files\SafeConnect\scClient.exe [2007-11-13 297240]
SBC Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2009-8-12 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2005-12-19 14:08   1347584   ----a-w-   c:\windows\system32\WLTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CA\\eTrustITM\\InoRpc.exe"=
"c:\\Program Files\\CA\\eTrustITM\\Realmon.exe"=
"c:\\Program Files\\CA\\eTrustITM\\Shellscn.exe"=
"c:\\Program Files\\CA\\SharedComponents\\iTechnology\\igateway.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 LogWatch;Event Log Watch;c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe [9/19/2002 7:29 PM 53248]
R2 rpcld;Remote Procedure Call (RPC) LD;c:\documents and settings\All Users\Application Data\rpcnet\Bin\rpcld.exe [3/30/2010 11:50 PM 185776]
R2 SCManager;SafeConnect Manager;c:\program files\SafeConnect\scManager.sys servicestart --> c:\program files\SafeConnect\scManager.sys servicestart [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/27/2010 6:14 PM 135664]
S3 CA_LIC_CLNT;CA License Client;c:\program files\CA\SharedComponents\CA_LIC\lic98rmt.exe [9/19/2002 7:27 PM 77824]
S3 CA_LIC_SRVR;CA License Server;c:\program files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [9/19/2002 7:41 PM 77824]
.
Contents of the 'Scheduled Tasks' folder

2010-02-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 23:14]

2010-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 23:14]

2010-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1992757637-737350535-4160918168-1003Core.job
- c:\documents and settings\h\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-09 01:00]

2010-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1992757637-737350535-4160918168-1003UA.job
- c:\documents and settings\h\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-09 01:00]

2010-04-15 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\h\Application Data\Mozilla\Firefox\Profiles\x2uxm7cb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.Email Removed/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.Email Removed/slirs_http/sredir?invocationType=bu10aiminstabie7&sredir=2706&query=
FF - plugin: c:\documents and settings\h\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim - c:\program files\aim\aim .exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-14 20:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,85,8f,5a,fd,53,c2,c6,4c,bc,ef,ec,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,85,8f,5a,fd,53,c2,c6,4c,bc,ef,ec,\

[HKEY_LOCAL_MACHINE\software\INTEL\Wireless\Folders\*& 2*]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
Completion time: 2010-04-14 20:12:45
ComboFix-quarantined-files.txt 2010-04-15 01:12
ComboFix2.txt 2010-04-07 02:36
ComboFix3.txt 2010-03-31 04:35
ComboFix4.txt 2010-03-12 14:14
ComboFix5.txt 2010-04-15 01:04

Pre-Run: 25,166,462,976 bytes free
Post-Run: 25,129,775,104 bytes free

- - End Of File - - E2DCE5F05565CE8E3611B46E48F104B5

Tech Clinic / Some issues

« on: April 12, 2010, 11:06:49 AM »

I do still require some assistance

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' /> I really don't notice any physical symptoms of a virus, although the files are still there.

Anti-Scammers Forum / Hi

« on: April 08, 2010, 10:44:08 PM »

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/ohmy.gif\' class=\'bbc_emoticon\' alt=\'

\' /> that's amazing, a true, thought out, descent answer! amazing!

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/ohmy.gif\' class=\'bbc_emoticon\' alt=\'

\' />

Tech Clinic / Some issues

« on: April 07, 2010, 05:37:08 PM »

wmpscfg.exe still shows up in "C:/Program Files/Internet Explorer"

ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=cd6f8d4a8e430743991ed5e192b0fdcd
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-04-07 06:01:23
# local_time=2010-04-07 01:01:23 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=76464
# found=61
# cleaned=0
# scan_time=6172
C:\Documents and Settings\h\Local Settings\Application Data\Google\Update\googleupdate.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Documents and Settings\h\Local Settings\temp\wmpscfgs.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Documents and Settings\NetworkService\jfufiwg.exe   a variant of Win32/Kryptik.CQG trojan   00000000000000000000000000000000   I
C:\Documents and Settings\NetworkService\Local Settings\Application Data\ivvipl\vodysftav .exe   a variant of Win32/Kryptik.DHW trojan   00000000000000000000000000000000   I
C:\Program Files\Adobe\315781.old   a variant of Win32/Kryptik.CZR trojan   00000000000000000000000000000000   I
C:\Program Files\Adobe\320718.old   a variant of Win32/Kryptik.CZR trojan   00000000000000000000000000000000   I
C:\Program Files\Adobe\733968.old   a variant of Win32/Kryptik.CZR trojan   00000000000000000000000000000000   I
C:\Program Files\Adobe\80870343.old   a variant of Win32/Kryptik.CZR trojan   00000000000000000000000000000000   I
C:\Program Files\AIM\aim .exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\AIM\aim .exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\BroadJump\Client Foundation\cfd.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\CA\eTrustITM\realmon.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\Creative\Sync Manager Unicode\ctsyncu.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\Google\GoogleToolbarNotifier\googletoolbarnotifier.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\Intel\Wireless\Bin\zcfgsvc.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\Internet Explorer\js.mui   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\Internet Explorer\wmpscfgs.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\iTunes\ituneshelper.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\SBC Self Support Tool\SmartBridge\motivesb.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\Spybot - Search & Destroy\rundll32.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\Spybot - Search & Destroy\stsystra.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\Spybot - Search & Destroy\teatimer.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\Spybot - Search & Destroy\teatimer.exe.delme136   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\Washer\washer.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\Documents and Settings\h\rundll32 .exe.vir   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\Documents and Settings\h\rundll32.exe.vir   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\Documents and Settings\h\stsystra .exe.vir   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\Documents and Settings\h\stsystra.exe.vir   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\Documents and Settings\h\Local Settings\Application Data\xpqubr\nvtvsftav.exe.vir   Win32/Adware.SpywareProtect2009 application   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\twhto.exe.vir   Win32/Agent.OSE trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Local Settings\Application Data\ivvipl\vodysftav.exe.vir   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\Program Files\Adobe\acrotray .exe.vir   a variant of Win32/Kryptik.CZR trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\js.mui.vir   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\wmpscfgs.exe.vir   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\Program Files\Windows Police Pro\tmp\wispex.html.vir   Win32/Adware.WinAntiVirus application   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\ivrnsftav .exe.vir   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\0034.DLL.vir   Win32/Witkinat.A trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\0037.DLL.vir   a variant of Win32/Witkinat.A trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\0038.DLL.vir   Win32/Witkinat.A trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\app_dll.dll.vir   Win32/TrojanDownloader.Unruy.BI trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\critical_warning.html.vir   Win32/TrojanDownloader.FakeAlert.ADG trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\fui .exe.vir   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\meseleru.dll.vir   a variant of Win32/Kryptik.AJK trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\msiinfo32 .exe.vir   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\rotscxputowehw.dll.vir   a variant of Win32/Kryptik.AHG trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\rotscxrmhfttqi.dll.vir   a variant of Win32/Kryptik.AHG trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\stsystra .exe.vir   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACptrapxmlto.dll.vir   a variant of Win32/Kryptik.BKV trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\wexe.exe.vir   probably a variant of Win32/Witkinat.A trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\WORK.DAT.vir   Win32/Witkinat.A trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\~.exe.vir   a variant of Win32/Kryptik.BVA trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir   Win32/Olmarik.VM trojan   00000000000000000000000000000000   I
C:\WINDOWS\ivrnsftav .exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\WINDOWS\ivrnsftav.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\WINDOWS\system32\fui .exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\WINDOWS\system32\fui.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\WINDOWS\system32\msiinfo32 .exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\WINDOWS\system32\msiinfo32.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\WINDOWS\system32\stsystra.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
${Memory}   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I

OTL logfile created on: 4/7/2010 5:35:00 PM - Run 2
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\h\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 425.00 Mb Available Physical Memory | 42.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 23.42 Gb Free Space | 62.88% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 968.65 Mb Total Space | 933.91 Mb Free Space | 96.41% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RLCHS-838196
Current User Name: HSLaptop
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=\"#E56717\"]========== Processes (SafeList) ==========[/color]

PRC - [2010/04/05 16:39:32 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\h\Desktop\OTL.exe
PRC - [2010/04/05 16:38:16 | 000,040,960 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy\teatimer.exe
PRC - [2010/02/27 13:42:55 | 000,039,408 | ---- | M] (Google Inc.) -- c:\Program Files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
PRC - [2010/01/29 16:19:33 | 000,297,240 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\SCClient.exe
PRC - [2010/01/29 16:19:32 | 000,128,280 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\scManager.sys
PRC - [2010/01/15 22:09:37 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/12 17:33:10 | 000,141,600 | ---- | M] (Apple Inc.) -- c:\Program Files\iTunes\ituneshelper .exe
PRC - [2009/10/02 10:58:10 | 000,185,776 | ---- | M] (Absolute Software Corp.) -- C:\Documents and Settings\All Users\Application Data\rpcnet\Bin\rpcld.exe
PRC - [2009/07/08 12:55:23 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\system32\rpcnet.exe
PRC - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/05 07:57:24 | 000,106,496 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
PRC - [2006/10/18 18:05:18 | 000,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006/10/18 18:04:28 | 000,802,816 | ---- | M] (Intel Corporation) -- c:\Program Files\Intel\Wireless\Bin\zcfgsvc .exe
PRC - [2006/10/18 18:01:34 | 000,290,816 | ---- | M] (IntelÂ® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2006/10/18 17:58:16 | 000,696,320 | ---- | M] (Intel Corporation) -- c:\Program Files\Intel\Wireless\Bin\ifrmewrk .exe
PRC - [2006/10/18 17:56:52 | 000,946,176 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2006/10/18 17:53:24 | 000,479,232 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/10/18 17:49:52 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2006/09/28 20:09:14 | 000,700,416 | ---- | M] () -- c:\Program Files\Creative\Sync Manager Unicode\ctsyncu .exe
PRC - [2006/06/29 03:19:03 | 002,371,584 | ---- | M] (Motive, Inc.) -- C:\Program Files\SBC Self Support Tool\bin\mad.exe
PRC - [2005/08/24 07:51:18 | 000,442,455 | ---- | M] (Motive, Inc.) -- c:\Program Files\SBC Self Support Tool\SmartBridge\motivesb .exe
PRC - [2003/10/10 09:06:12 | 000,245,760 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\SBC Self Support Tool\AsstCommon\MotiveDirectory.exe
PRC - [2002/09/19 19:29:28 | 000,053,248 | ---- | M] (Computer Associates) -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
PRC - [2002/09/10 21:26:26 | 000,368,706 | ---- | M] () -- c:\Program Files\BroadJump\Client Foundation\cfd .exe
PRC - [2002/08/15 04:07:02 | 000,428,544 | ---- | M] (Webroot Software, Inc.) -- c:\Program Files\Washer\washer .exe

[color=\"#E56717\"]========== Modules (SafeList) ==========[/color]

MOD - [2010/04/05 16:39:32 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\h\Desktop\OTL.exe
MOD - [2005/06/03 09:23:28 | 000,122,880 | ---- | M] (Motive Communications, Inc.) -- c:\Program Files\SBC Self Support Tool\SmartBridge\SBHook.dll

[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [On_Demand | Stopped] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/01/29 16:19:32 | 000,128,280 | ---- | M] (Impulse Point, LLC) [Auto | Running] -- C:\Program Files\SafeConnect\scManager.sys -- (SCManager)
SRV - [2009/10/02 10:58:10 | 000,185,776 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\rpcnet\Bin\rpcld.exe -- (rpcld) Remote Procedure Call (RPC)
SRV - [2009/07/08 12:55:23 | 000,056,680 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\WINDOWS\system32\rpcnet.exe -- (Rpcnet) Remote Procedure Call (RPC)
SRV - [2009/04/29 13:36:49 | 000,380,928 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CA\eTrustITM\InoTask.exe -- (InoTask)
SRV - [2009/04/29 13:36:49 | 000,192,512 | ---- | M] (CA) [Auto | Stopped] -- C:\Program Files\CA\eTrustITM\InoRpc.exe -- (InoRPC)
SRV - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/02/25 16:35:34 | 000,208,896 | ---- | M] (CA) [Auto | Stopped] -- C:\Program Files\CA\eTrustITM\InoRT.exe -- (InoRT)
SRV - [2009/02/06 18:08:58 | 000,533,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2007/02/05 07:57:24 | 000,106,496 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe -- (iGateway)
SRV - [2006/10/18 18:05:18 | 000,434,176 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) IntelÂ®
SRV - [2006/10/18 18:01:34 | 000,290,816 | ---- | M] (IntelÂ® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) IntelÂ®
SRV - [2006/10/18 17:56:52 | 000,946,176 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) IntelÂ®
SRV - [2006/10/18 17:49:52 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) IntelÂ®
SRV - [2002/09/19 19:41:00 | 000,077,824 | ---- | M] (Computer Associates) [On_Demand | Stopped] -- C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe -- (CA_LIC_SRVR)
SRV - [2002/09/19 19:29:28 | 000,053,248 | ---- | M] (Computer Associates) [Auto | Running] -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe -- (LogWatch)
SRV - [2002/09/19 19:27:04 | 000,077,824 | ---- | M] (Computer Associates) [On_Demand | Stopped] -- C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe -- (CA_LIC_CLNT)

[color=\"#E56717\"]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2009/02/06 18:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows Â® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/10/18 21:14:32 | 000,184,080 | ---- | M] (Computer Associates) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\ino_fltr.sys -- (INO_FLTR)
DRV - [2007/08/06 22:07:02 | 000,027,536 | ---- | M] (Computer Associates) [File_System | Boot | Running] -- C:\WINDOWS\system32\Drivers\ino_flpy.sys -- (INO_FLPY)
DRV - [2007/03/30 21:34:14 | 005,704,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/10/19 09:29:22 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/10/17 11:55:28 | 001,711,104 | ---- | M] (IntelÂ® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32) IntelÂ®
DRV - [2006/04/05 19:38:22 | 002,208,512 | ---- | M] (IntelÂ® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) IntelÂ®
DRV - [2006/04/04 03:17:24 | 001,429,632 | ---- | M] (IntelÂ® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) IntelÂ®
DRV - [2006/03/24 17:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/07/22 11:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 11:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/22 11:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/10 16:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2004/05/26 15:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]

[color=\"#E56717\"]========== Internet Explorer ==========[/color]

IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)

IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=\"#E56717\"]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.Email Removed/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.selectedEngine: "AIM Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.9.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.7.1
FF - prefs.js..keyword.URL: "http://slirsredirect.search.Email Removed/slirs_http/sredir?invocationType=bu10aiminstabie7&sredir=2706&query="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/07 22:56:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/07 22:56:00 | 000,000,000 | ---D | M]

[2010/02/07 22:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\h\Application Data\Mozilla\Extensions
[2010/04/06 21:47:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\x2uxm7cb.default\extensions
[2009/08/22 12:44:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\x2uxm7cb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/05 16:38:17 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\x2uxm7cb.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/27 21:03:31 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\x2uxm7cb.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/04/05 16:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\x2uxm7cb.default\extensions\[email protected]
[2010/03/18 23:31:39 | 000,001,490 | ---- | M] () -- C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\x2uxm7cb.default\searchplugins\AIM Search.xml
[2010/01/28 00:59:11 | 000,004,546 | ---- | M] () -- C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\x2uxm7cb.default\searchplugins\aim-search.xml
[2010/04/06 21:47:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/18 23:31:39 | 000,001,490 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\AIM Search.xml

O1 HOSTS File: ([2010/03/30 23:29:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\cfd.exe ()
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [fui] C:\WINDOWS\System32\fui.exe ()
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe ()
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe ()
O4 - HKLM..\Run: [Motive SmartBridge] C:\Program Files\SBC Self Support Tool\SmartBridge\motivesb.exe ()
O4 - HKLM..\Run: [msiinfo32] C:\WINDOWS\system32\msiinfo32.exe ()
O4 - HKLM..\Run: [Realtime Monitor] C:\Program Files\CA\eTrustITM\realmon.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\System32\stsystra.exe ()
O4 - HKCU..\Run: [Aim] c:\program files\aim\aim .exe ()
O4 - HKCU..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKCU..\Run: [hqtulted] C:\WINDOWS\ivrnsftav.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\teatimer.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ()
O4 - HKCU..\Run: [Washer] C:\Program Files\Washer\washer.exe ()
O4 - HKCU..\Run: [Yahoo! Pager] File not found
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SafeConnect.lnk = C:\Program Files\SafeConnect\SCClient.exe (Impulse Point, LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe (Motive Communications, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1150832924960 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1228863417765 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=\"#E56717\"]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010/04/06 23:10:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\h\Recent
[2010/04/06 23:10:05 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/06 22:19:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/04/06 21:28:16 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/04/05 16:57:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/04/05 16:40:05 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\h\Desktop\OTL.exe
[2010/04/01 21:46:09 | 000,000,000 | ---D | C] -- C:\TrendMicro
[2010/03/30 23:50:23 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\rpcnet
[2010/03/30 23:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ivvipl
[2010/03/30 23:21:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/30 23:21:51 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/30 23:21:51 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/30 23:21:51 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/28 22:22:49 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2010/03/18 23:31:31 | 000,000,000 | ---D | C] -- C:\Program Files\AIM
[2010/03/18 23:31:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/03/18 10:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2010/03/12 14:41:21 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2010/03/10 18:21:01 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/03/07 20:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2010/03/06 20:29:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\AIM Toolbar
[2010/03/06 20:29:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2010/03/06 20:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
[2010/03/06 18:22:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/03/04 10:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/03/03 15:48:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\AIM Toolbar
[2010/03/03 15:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Google
[2010/03/02 21:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/03/02 21:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/03/02 21:52:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/03/01 21:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/03/01 21:24:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/02/27 18:20:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/02/27 18:15:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/02/01 15:36:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/08/31 14:06:39 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/07/15 11:54:17 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/04/29 13:40:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/04/20 11:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2007/07/24 10:53:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intel
[2007/07/24 10:52:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=\"#E56717\"]========== Files - Modified Within 30 Days ==========[/color]

[2010/04/07 17:36:33 | 000,000,976 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1992757637-737350535-4160918168-1003UA.job
[2010/04/07 17:31:54 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.exe
[2010/04/07 01:00:32 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/04/07 00:30:04 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/07 00:02:37 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/04/06 23:00:31 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/04/06 21:38:29 | 000,040,960 | ---- | M] () -- C:\WINDOWS\System32\fui.exe
[2010/04/06 21:38:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/04/06 21:38:27 | 000,040,960 | ---- | M] () -- C:\WINDOWS\System32\msiinfo32.exe
[2010/04/06 21:38:10 | 000,040,960 | ---- | M] () -- C:\WINDOWS\ivrnsftav.exe
[2010/04/06 21:36:25 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/06 21:34:25 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/06 21:25:31 | 003,908,251 | R--- | M] () -- C:\Documents and Settings\h\Desktop\ComboFix.exe
[2010/04/05 16:39:32 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\h\Desktop\OTL.exe
[2010/04/05 16:39:03 | 000,040,960 | ---- | M] () -- C:\WINDOWS\System32\fui .exe
[2010/04/05 16:39:01 | 000,040,960 | ---- | M] () -- C:\WINDOWS\System32\msiinfo32 .exe
[2010/04/05 16:38:45 | 000,040,960 | ---- | M] () -- C:\WINDOWS\ivrnsftav .exe
[2010/04/05 16:36:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/05 16:36:34 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/05 16:36:34 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/04/05 16:36:31 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.dll
[2010/04/05 16:36:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/01 22:30:16 | 009,437,184 | -H-- | M] () -- C:\Documents and Settings\h\NTUSER.DAT
[2010/04/01 22:30:16 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\h\ntuser.ini
[2010/04/01 22:29:59 | 004,303,472 | -H-- | M] () -- C:\Documents and Settings\h\Local Settings\Application Data\IconCache.db
[2010/04/01 21:46:10 | 000,001,946 | ---- | M] () -- C:\Documents and Settings\h\Desktop\HiJackThis.lnk
[2010/04/01 19:38:02 | 000,040,960 | ---- | M] () -- C:\WINDOWS\System32\stsystra.exe
[2010/04/01 18:01:31 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.dll
[2010/03/30 23:29:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/29 22:37:32 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\h\Desktop\iExplore.exe
[2010/03/29 22:36:00 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\h\Desktop\rkill.com
[2010/03/29 22:18:15 | 000,000,373 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/03/28 14:11:26 | 000,000,124 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Control Panel.lnk
[2010/03/23 23:31:15 | 000,000,004 | ---- | M] () -- C:\Program Files\5034578.dat
[2010/03/23 23:31:11 | 000,000,004 | ---- | M] () -- C:\Program Files\5031437.dat
[2010/03/23 22:36:00 | 000,000,004 | ---- | M] () -- C:\Program Files\1719718.dat
[2010/03/23 21:36:00 | 000,000,004 | ---- | M] () -- C:\Program Files\1632406.dat
[2010/03/22 23:36:00 | 000,000,004 | ---- | M] () -- C:\Program Files\2000765.dat
[2010/03/21 21:36:00 | 000,000,004 | ---- | M] () -- C:\Program Files\5983640.dat
[2010/03/21 17:22:30 | 000,000,004 | ---- | M] () -- C:\Program Files\267531.dat
[2010/03/21 16:36:00 | 000,000,004 | ---- | M] () -- C:\Program Files\19239796.dat
[2010/03/21 02:41:06 | 000,000,004 | ---- | M] () -- C:\Program Files\6884187.dat
[2010/03/21 02:36:01 | 000,000,004 | ---- | M] () -- C:\Program Files\6578718.dat
[2010/03/21 01:36:00 | 000,000,004 | ---- | M] () -- C:\Program Files\2978281.dat
[2010/03/21 00:55:25 | 000,000,004 | ---- | M] () -- C:\Program Files\542703.dat
[2010/03/21 00:54:55 | 000,000,004 | ---- | M] () -- C:\Program Files\512703.dat
[2010/03/20 22:39:39 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\h\Desktop\CCleaner.lnk
[2010/03/19 10:36:01 | 000,000,924 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1992757637-737350535-4160918168-1003Core.job
[2010/03/19 09:50:17 | 000,528,518 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/19 09:50:17 | 000,446,158 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/19 09:50:17 | 000,073,884 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/18 23:32:11 | 000,000,722 | -H-- | M] () -- C:\IPH.PH
[2010/03/18 23:31:38 | 000,001,574 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/03/13 13:19:29 | 000,000,581 | ---- | M] () -- C:\WINDOWS\eReg.dat
[2010/03/12 18:02:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/03/12 14:41:22 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\h\Desktop\Revo Uninstaller.lnk
[2010/03/12 09:07:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100319-003403.backup
[2010/03/10 19:56:18 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2010/03/09 09:22:07 | 000,095,232 | ---- | M] () -- C:\Documents and Settings\h\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/09 05:42:00 | 000,016,605 | ---- | M] () -- C:\Documents and Settings\h\Desktop\CHAPTER 14 Mendel and the Gene Idea.docx
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=\"#E56717\"]========== Files Created - No Company Name ==========[/color]

[2010/04/06 21:38:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/04/01 21:46:10 | 000,001,946 | ---- | C] () -- C:\Documents and Settings\h\Desktop\HiJackThis.lnk
[2010/04/01 19:38:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fui.exe
[2010/04/01 19:38:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fui .exe
[2010/04/01 19:38:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\msiinfo32.exe
[2010/04/01 19:38:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\msiinfo32 .exe
[2010/04/01 19:38:02 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\stsystra.exe
[2010/03/30 23:21:51 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/30 23:21:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/30 23:21:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/30 23:21:51 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/30 23:21:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/30 23:15:20 | 003,908,251 | R--- | C] () -- C:\Documents and Settings\h\Desktop\ComboFix.exe
[2010/03/29 22:39:43 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\h\Desktop\rkill.com
[2010/03/29 22:39:43 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\h\Desktop\iExplore.exe
[2010/03/28 14:11:26 | 000,000,124 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Control Panel.lnk
[2010/03/23 23:31:15 | 000,000,004 | ---- | C] () -- C:\Program Files\5034578.dat
[2010/03/23 23:31:11 | 000,000,004 | ---- | C] () -- C:\Program Files\5031437.dat
[2010/03/23 22:36:00 | 000,000,004 | ---- | C] () -- C:\Program Files\1719718.dat
[2010/03/23 22:13:31 | 000,040,960 | ---- | C] () -- C:\WINDOWS\ivrnsftav.exe
[2010/03/23 22:13:31 | 000,040,960 | ---- | C] () -- C:\WINDOWS\ivrnsftav .exe
[2010/03/23 21:36:00 | 000,000,004 | ---- | C] () -- C:\Program Files\1632406.dat
[2010/03/22 23:36:00 | 000,000,004 | ---- | C] () -- C:\Program Files\2000765.dat
[2010/03/21 21:36:00 | 000,000,004 | ---- | C] () -- C:\Program Files\5983640.dat
[2010/03/21 17:22:30 | 000,000,004 | ---- | C] () -- C:\Program Files\267531.dat
[2010/03/21 16:36:00 | 000,000,004 | ---- | C] () -- C:\Program Files\19239796.dat
[2010/03/21 02:41:06 | 000,000,004 | ---- | C] () -- C:\Program Files\6884187.dat
[2010/03/21 02:36:01 | 000,000,004 | ---- | C] () -- C:\Program Files\6578718.dat
[2010/03/21 01:36:00 | 000,000,004 | ---- | C] () -- C:\Program Files\2978281.dat
[2010/03/21 00:55:25 | 000,000,004 | ---- | C] () -- C:\Program Files\542703.dat
[2010/03/21 00:54:55 | 000,000,004 | ---- | C] () -- C:\Program Files\512703.dat
[2010/03/18 23:31:38 | 000,001,574 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/03/12 14:41:22 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\h\Desktop\Revo Uninstaller.lnk
[2010/03/09 09:22:25 | 000,016,605 | ---- | C] () -- C:\Documents and Settings\h\Desktop\CHAPTER 14 Mendel and the Gene Idea.docx
[2010/03/04 12:42:01 | 000,000,373 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/08/12 22:52:09 | 000,095,232 | ---- | C] () -- C:\Documents and Settings\h\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/08/14 11:32:56 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.dll
[2007/07/24 14:09:57 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2007/07/24 14:05:59 | 000,000,605 | ---- | C] () -- C:\WINDOWS\PCalcpro.ini
[2007/07/24 14:05:59 | 000,000,543 | ---- | C] () -- C:\WINDOWS\asc_sys.ini
[2007/07/24 14:05:58 | 000,000,182 | ---- | C] () -- C:\WINDOWS\medlrng.ini
[2007/07/24 14:05:51 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[2007/07/24 14:03:49 | 000,050,688 | ---- | C] () -- C:\WINDOWS\System32\iproc.dll
[2007/07/24 14:03:49 | 000,041,984 | ---- | C] () -- C:\WINDOWS\System32\iprocnt.dll
[2007/07/24 14:03:00 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\twdll.dll
[2007/07/24 14:03:00 | 000,000,134 | ---- | C] () -- C:\WINDOWS\awshkwv.ini
[2007/07/24 10:50:16 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2006/07/20 13:51:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/07/13 10:35:10 | 000,001,767 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/07/12 16:20:28 | 000,000,047 | ---- | C] () -- C:\WINDOWS\InoSetup.ini
[2006/06/21 13:42:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/20 15:24:01 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\ntuser.dat
[2006/06/20 15:24:01 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\ntuser.dat.LOG
[2006/06/20 14:11:33 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/06/20 14:11:32 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/06/20 14:04:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\Stac97co.dll
[2006/06/20 13:52:11 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\h\ntuser.ini
[2006/06/20 13:52:10 | 009,437,184 | -H-- | C] () -- C:\Documents and Settings\h\NTUSER.DAT
[2006/06/20 13:52:10 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\h\ntuser.dat.LOG

[color=\"#E56717\"]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 266944 bytes -> C:\WINDOWS\Temp:temp
< End of report >

Tech Clinic / Some issues

« on: April 06, 2010, 10:39:07 PM »

I tried both in IE and with the installer. Now, it's magically working

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/ohmy.gif\' class=\'bbc_emoticon\' alt=\'

\' />

It made it to 100% in downloading, then said "Unexpected error 2002"

and if I retry, it gives me the proxy error again

Tech Clinic / Some issues

« on: April 06, 2010, 10:31:05 PM »

It says "Can not get update. Is proxy configured?"
I already disabled the proxy on IE

Also, when I ran combofix it kept saying eTrust ITM was running, but I disabled it (with some struggle might I add)

Tech Clinic / Some issues

« on: April 06, 2010, 09:40:13 PM »

ComboFix 10-04-05.06 - HSLaptop 04/06/2010 21:29:14.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.423 [GMT -5:00]
Running from: c:\documents and settings\h\Desktop\ComboFix.exe
AV: eTrust ITM *On-access scanning enabled* (Outdated) {33EA71EA-56CF-40B5-A06B-BD3A27397C44}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\h\rundll32.exe
c:\documents and settings\h\stsystra .exe
c:\documents and settings\h\stsystra.exe
c:\program files\Internet Explorer\js.mui
c:\program files\Internet Explorer\wmpscfgs.exe
c:\windows\ivrnsftav .exe
c:\windows\system32\ctfmon .exe
c:\windows\system32\fui .exe
c:\windows\system32\msiinfo32 .exe
c:\windows\system32\rundll32 .exe

.
((((((((((((((((((((((((( Files Created from 2010-03-07 to 2010-04-07 )))))))))))))))))))))))))))))))
.

2010-04-05 21:57 . 2010-04-05 21:57   --------   d-----w-   c:\windows\LastGood
2010-04-02 02:46 . 2010-04-02 02:46   388096   ----a-r-   c:\documents and settings\h\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-04-02 02:46 . 2010-04-02 02:46   --------   d-----w-   C:\TrendMicro
2010-04-02 00:38 . 2010-04-05 21:39   40960   ----a-w-   c:\windows\system32\fui.exe
2010-04-02 00:38 . 2010-04-05 21:39   40960   ----a-w-   c:\windows\system32\msiinfo32.exe
2010-04-02 00:38 . 2010-04-02 00:38   40960   ----a-w-   c:\windows\system32\stsystra.exe
2010-03-31 04:50 . 2010-03-31 04:51   --------   d--h--w-   c:\documents and settings\All Users\Application Data\rpcnet
2010-03-29 03:22 . 2010-03-29 03:22   --------   d-----w-   C:\VundoFix Backups
2010-03-24 04:31 . 2010-03-24 04:31   4   ----a-w-   c:\program files\5034578.dat
2010-03-24 04:31 . 2010-03-24 04:31   4   ----a-w-   c:\program files\5031437.dat
2010-03-24 03:36 . 2010-03-24 03:36   4   ----a-w-   c:\program files\1719718.dat
2010-03-24 03:13 . 2010-04-05 21:38   40960   ----a-w-   c:\windows\ivrnsftav.exe
2010-03-24 02:36 . 2010-03-24 02:36   4   ----a-w-   c:\program files\1632406.dat
2010-03-23 04:36 . 2010-03-23 04:36   4   ----a-w-   c:\program files\2000765.dat
2010-03-22 02:36 . 2010-03-22 02:36   4   ----a-w-   c:\program files\5983640.dat
2010-03-21 22:22 . 2010-03-21 22:22   4   ----a-w-   c:\program files\267531.dat
2010-03-21 21:36 . 2010-03-21 21:36   4   ----a-w-   c:\program files\19239796.dat
2010-03-21 07:41 . 2010-03-21 07:41   4   ----a-w-   c:\program files\6884187.dat
2010-03-21 07:36 . 2010-03-21 07:36   4   ----a-w-   c:\program files\6578718.dat
2010-03-21 06:36 . 2010-03-21 06:36   4   ----a-w-   c:\program files\2978281.dat
2010-03-21 05:55 . 2010-03-21 05:55   4   ----a-w-   c:\program files\542703.dat
2010-03-21 05:54 . 2010-03-21 05:54   4   ----a-w-   c:\program files\512703.dat
2010-03-21 04:07 . 2010-03-31 04:27   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\ivvipl
2010-03-19 15:53 . 2010-03-19 15:53   --------   d-sh--w-   c:\windows\system32\config\systemprofile\PrivacIE
2010-03-19 15:52 . 2010-03-19 15:52   --------   d-sh--w-   c:\windows\system32\config\systemprofile\IECompatCache
2010-03-19 04:31 . 2010-04-05 21:38   --------   d-----w-   c:\program files\AIM
2010-03-19 04:31 . 2010-03-19 04:31   --------   d-----w-   c:\program files\Common Files\Software Update Utility
2010-03-12 19:41 . 2010-03-12 19:41   --------   d-----w-   c:\program files\VS Revo Group
2010-03-10 23:21 . 2009-10-23 15:28   3558912   -c----w-   c:\windows\system32\dllcache\moviemk.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-07 02:16 . 2008-08-14 16:29   17408   ----a-w-   c:\windows\system32\rpcnetp.exe
2010-04-05 21:39 . 2010-01-30 19:50   --------   d-----w-   c:\program files\iTunes
2010-04-05 21:38 . 2009-08-12 23:45   --------   d-----w-   c:\program files\Washer
2010-04-05 21:38 . 2007-07-24 16:24   --------   d-----w-   c:\program files\Spybot - Search & Destroy
2010-04-05 21:36 . 2007-07-26 14:46   56680   ----a-w-   c:\windows\system32\rpcnet.dll
2010-04-02 00:05 . 2010-01-22 23:35   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-04-01 23:52 . 2006-06-20 21:16   --------   d-----w-   c:\program files\QuickTime
2010-04-01 23:01 . 2008-08-14 16:32   17408   ----a-w-   c:\windows\system32\rpcnetp.dll
2010-03-28 19:22 . 2007-07-24 16:24   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-21 03:39 . 2009-08-12 23:53   --------   d-----w-   c:\program files\CCleaner
2010-03-19 04:31 . 2010-01-28 02:03   --------   d-----w-   c:\program files\Common Files\AOL
2010-03-13 22:39 . 2009-07-20 21:56   --------   d-----w-   c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-13 18:19 . 2009-08-20 22:44   581   ----a-w-   c:\windows\eReg.dat
2010-03-13 18:09 . 2009-08-20 22:34   --------   d-----w-   c:\program files\Maxis
2010-03-11 23:25 . 2010-01-29 21:19   --------   d-----w-   c:\program files\SafeConnect
2010-03-11 00:56 . 2006-06-20 19:08   96512   ------w-   c:\windows\system32\drivers\atapi.sys
2010-03-04 14:34 . 2010-01-24 04:21   120   ----a-w-   c:\windows\Asufirol.dat
2010-03-04 14:34 . 2010-01-24 04:21   0   ----a-w-   c:\windows\Wkexaduj.bin
2010-03-03 20:48 . 2010-03-03 20:48   57344   ---h--w-   c:\documents and settings\NetworkService\jfufiwg.exe
2010-03-03 20:47 . 2010-03-03 20:47   552   ----a-w-   c:\windows\system32\d3d8caps.dat
2010-03-03 20:47 . 2010-03-03 20:47   664   ----a-w-   c:\windows\system32\d3d9caps.dat
2010-02-27 23:14 . 2010-02-27 18:42   --------   d-----w-   c:\program files\Google
2010-02-25 06:24 . 2001-08-23 12:00   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-02-17 00:37 . 2006-07-12 21:31   --------   d-----w-   c:\program files\Java
2010-02-17 00:36 . 2010-02-17 00:36   152576   ----a-w-   c:\documents and settings\h\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-02-17 00:36 . 2010-01-24 04:20   79488   ----a-w-   c:\documents and settings\h\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-30 19:55 . 2010-01-30 19:55   57588   ---ha-w-   c:\windows\system32\mlfcache.dat
2010-01-28 23:52 . 2008-10-10 14:57   52120   ----a-w-   c:\windows\system32\pkgmgr.dll
2010-01-26 15:37 . 2010-01-26 15:37   102400   ----a-w-   c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\aimtbres.dll
2010-01-17 23:20 . 2008-10-10 14:57   46488   ----a-w-   c:\windows\system32\pkgslv.exe
2010-01-07 22:07 . 2010-01-22 23:35   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2010-01-22 23:35   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
.

Code: [Select]

<pre>
c:\program files\AIM\aim					  .exe
c:\program files\AIM\aim					 .exe
c:\program files\BroadJump\Client Foundation\cfd .exe
c:\program files\CA\eTrustITM\realmon .exe
c:\program files\Creative\Sync Manager Unicode\ctsyncu .exe
c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\program files\Intel\Wireless\Bin\ifrmewrk .exe
c:\program files\Intel\Wireless\Bin\zcfgsvc .exe
c:\program files\iTunes\ituneshelper .exe
c:\program files\QuickTime\qttask														  .exe
c:\program files\SBC Self Support Tool\SmartBridge\motivesb .exe
c:\program files\Spybot - Search & Destroy\teatimer .exe
c:\program files\Washer\washer .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="1" [X]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2010-04-05 40960]
"Google Update"="c:\documents and settings\h\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-04-05 40960]
"Washer"="c:\program files\Washer\washer.exe" [2010-04-05 40960]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2010-04-05 40960]
"Aim"="c:\program files\aim\aim .exe" [2010-04-05 40960]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-05 40960]
"fbnafgfj"="c:\documents and settings\h\Local Settings\Application Data\knccac\lgtjsftav.exe" [N/A]
"wtxlyoot"="c:\documents and settings\h\Local Settings\Application Data\sxssli\ffaesftav.exe" [N/A]
"isyuqqcj"="c:\documents and settings\h\Local Settings\Application Data\dudrop\ffdhsftav.exe" [N/A]
"pbyukyjl"="c:\documents and settings\h\Local Settings\Application Data\svqvso\jlxtsftav.exe" [N/A]
"uuxtuexj"="c:\documents and settings\h\Application Data\rpqlrt\iakvsftav.exe" [N/A]
"tuyhvtjb"="c:\documents and settings\h\Local Settings\Application Data\pyxeef\iybbsftav.exe" [N/A]
"utghdqcu"="c:\documents and settings\h\Local Settings\Application Data\jmoney\irwdsftav.exe" [N/A]
"tuqiowqh"="c:\documents and settings\h\Local Settings\Application Data\wliufl\ihgasftav.exe" [N/A]
"iytfikab"="c:\documents and settings\h\Local Settings\Application Data\dhkcqb\bkipsftav.exe" [N/A]
"iyufjpxk"="c:\documents and settings\h\Local Settings\Application Data\aaaoqx\bjoasftav.exe" [N/A]
"hymsbdsy"="c:\documents and settings\h\Local Settings\Application Data\idcmes\brdssftav.exe" [N/A]
"hyvskejc"="c:\documents and settings\h\Local Settings\Application Data\yjhhej\biffsftav.exe" [N/A]
"hyngcser"="c:\documents and settings\h\Application Data\hmjfre\brtxsftav.exe" [N/A]
"hyfstgag"="c:\documents and settings\h\Local Settings\Application Data\ppmdey\bairsftav.exe" [N/A]
"gayhodqn"="c:\documents and settings\h\Local Settings\Application Data\rerysn\bgkfsftav.exe" [N/A]
"gyptfmos"="c:\documents and settings\h\Application Data\dogkfm\bprnsftav.exe" [N/A]
"fwmulnyt"="c:\documents and settings\h\Local Settings\Application Data\qqrmxc\yhtasftav.exe" [N/A]
"jpyfpspl"="c:\documents and settings\h\Local Settings\Application Data\mhcxpn\ipiosftav.exe" [N/A]
"kpwrmygj"="c:\documents and settings\h\Local Settings\Application Data\rffsbf\iqkysftav.exe" [N/A]
"iqbhsble"="c:\documents and settings\h\Application Data\hsfvqh\inwksftav.exe" [N/A]
"iqstkpgs"="c:\documents and settings\h\Local Settings\Application Data\pvhtdc\iwkdsftav.exe" [N/A]
"hqdhugjo"="c:\documents and settings\h\Local Settings\Application Data\ektiqe\indusftav.exe" [N/A]
"hqcutqwv"="c:\documents and settings\h\Local Settings\Application Data\gbmoes\inmpsftav.exe" [N/A]
"hqtulted"="c:\windows\ivrnsftav.exe" [2010-04-05 40960]
"gqeivkgx"="c:\documents and settings\h\Local Settings\Application Data\bdjtrb\imkfsftav.exe" [N/A]
"qvoloxep"="c:\documents and settings\h\Local Settings\Application Data\chmmoj\hhyqsftav.exe" [N/A]
"owloloey"="c:\documents and settings\h\Local Settings\Application Data\axonrg\hmyusftav.exe" [N/A]
"owtouquc"="c:\documents and settings\h\Local Settings\Application Data\qetirv\hdbhsftav.exe" [N/A]
"owcbdcyn"="c:\documents and settings\h\Application Data\ibqleb\humnsftav.exe" [N/A]
"owlcmepq"="c:\documents and settings\h\Local Settings\Application Data\yhvger\hmoasftav.exe" [N/A]
"wnodmohb"="c:\documents and settings\h\Application Data\cimmec\bxnlsftav.exe" [N/A]
"wngqecdq"="c:\documents and settings\h\Local Settings\Application Data\klojrw\bgbfsftav.exe" [N/A]
"otgnumqb"="c:\documents and settings\h\Local Settings\Application Data\giocws\rbvxsftav.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"fui"="c:\windows\system32\fui.exe \u" [X]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2010-04-05 40960]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2010-04-02 40960]
"SigmatelSysTrayApp"="stsystra.exe" [2010-04-02 40960]
"Realtime Monitor"="c:\program files\CA\eTrustITM\realmon.exe" [2010-04-05 40960]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2010-04-05 40960]
"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2010-04-05 40960]
"msiinfo32"="c:\windows\system32\msiinfo32.exe" [2010-04-05 40960]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-05 40960]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
SafeConnect.lnk - c:\program files\SafeConnect\scClient.exe [2007-11-13 297240]
SBC Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2009-8-12 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2005-12-19 14:08 1347584 ----a-w- c:\windows\system32\WLTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CA\\eTrustITM\\InoRpc.exe"=
"c:\\Program Files\\CA\\eTrustITM\\Realmon.exe"=
"c:\\Program Files\\CA\\eTrustITM\\Shellscn.exe"=
"c:\\Program Files\\CA\\SharedComponents\\iTechnology\\igateway.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\NetworkService\\jfufiwg.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 LogWatch;Event Log Watch;c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe [9/19/2002 7:29 PM 53248]
R2 rpcld;Remote Procedure Call (RPC) LD;c:\documents and settings\All Users\Application Data\rpcnet\Bin\rpcld.exe [3/30/2010 11:50 PM 185776]
R2 SCManager;SafeConnect Manager;c:\program files\SafeConnect\scManager.sys servicestart --> c:\program files\SafeConnect\scManager.sys servicestart [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/27/2010 6:14 PM 135664]
S3 CA_LIC_CLNT;CA License Client;c:\program files\CA\SharedComponents\CA_LIC\lic98rmt.exe [9/19/2002 7:27 PM 77824]
S3 CA_LIC_SRVR;CA License Server;c:\program files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [9/19/2002 7:41 PM 77824]
.
Contents of the 'Scheduled Tasks' folder

2010-02-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 23:14]

2010-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 23:14]

2010-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1992757637-737350535-4160918168-1003Core.job
- c:\documents and settings\h\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-09 21:38]

2010-04-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1992757637-737350535-4160918168-1003UA.job
- c:\documents and settings\h\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-09 21:38]

2010-04-05 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\h\Application Data\Mozilla\Firefox\Profiles\x2uxm7cb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.Email Removed/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.Email Removed/slirs_http/sredir?invocationType=bu10aiminstabie7&sredir=2706&query=
FF - plugin: c:\documents and settings\h\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-06 21:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,85,8f,5a,fd,53,c2,c6,4c,bc,ef,ec,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,85,8f,5a,fd,53,c2,c6,4c,bc,ef,ec,\

[HKEY_LOCAL_MACHINE\software\INTEL\Wireless\Folders\*& 2*]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(832)
c:\windows\system32\igfxdev.dll
.
Completion time: 2010-04-06 21:36:24
ComboFix-quarantined-files.txt 2010-04-07 02:36
ComboFix2.txt 2010-03-31 04:35
ComboFix3.txt 2010-03-12 14:14
ComboFix4.txt 2010-03-11 23:29
ComboFix5.txt 2010-04-07 02:28

Pre-Run: 25,258,790,912 bytes free
Post-Run: 25,231,368,192 bytes free

- - End Of File - - 760E6911D81D5615B940FFCD65EE7916

Tech Clinic / Some issues

« on: April 05, 2010, 04:53:03 PM »

OTL logfile created on: 4/5/2010 4:40:55 PM - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\h\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 446.00 Mb Available Physical Memory | 44.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 23.57 Gb Free Space | 63.27% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 968.65 Mb Total Space | 933.91 Mb Free Space | 96.41% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RLCHS-838196
Current User Name: HSLaptop
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=\"#E56717\"]========== Processes (SafeList) ==========[/color]

PRC - [2010/04/05 16:39:32 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\h\Desktop\OTL.exe
PRC - [2010/04/01 21:30:38 | 000,040,960 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
PRC - [2010/02/27 13:42:55 | 000,039,408 | ---- | M] (Google Inc.) -- c:\Program Files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
PRC - [2010/01/29 16:19:33 | 000,297,240 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\SCClient.exe
PRC - [2010/01/29 16:19:32 | 000,128,280 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\scManager.sys
PRC - [2009/11/12 17:33:10 | 000,141,600 | ---- | M] (Apple Inc.) -- c:\Program Files\iTunes\ituneshelper .exe
PRC - [2009/10/02 10:58:10 | 000,185,776 | ---- | M] (Absolute Software Corp.) -- C:\Documents and Settings\All Users\Application Data\rpcnet\Bin\rpcld.exe
PRC - [2009/07/08 12:55:23 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\system32\rpcnet.exe
PRC - [2009/04/29 13:36:49 | 000,192,512 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\InoRPC.exe
PRC - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- c:\Program Files\Spybot - Search & Destroy\teatimer .exe
PRC - [2009/02/25 16:35:34 | 000,208,896 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\InoRT.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/05 07:57:24 | 000,106,496 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
PRC - [2007/01/16 21:27:58 | 000,407,632 | ---- | M] (CA) -- c:\Program Files\CA\eTrustITM\realmon .exe
PRC - [2006/10/18 18:05:18 | 000,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006/10/18 18:04:28 | 000,802,816 | ---- | M] (Intel Corporation) -- c:\Program Files\Intel\Wireless\Bin\zcfgsvc .exe
PRC - [2006/10/18 18:01:34 | 000,290,816 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2006/10/18 17:58:16 | 000,696,320 | ---- | M] (Intel Corporation) -- c:\Program Files\Intel\Wireless\Bin\ifrmewrk .exe
PRC - [2006/10/18 17:56:52 | 000,946,176 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2006/10/18 17:53:24 | 000,479,232 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/10/18 17:49:52 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2006/09/28 20:09:14 | 000,700,416 | ---- | M] () -- c:\Program Files\Creative\Sync Manager Unicode\ctsyncu .exe
PRC - [2006/06/29 03:19:03 | 002,371,584 | ---- | M] (Motive, Inc.) -- C:\Program Files\SBC Self Support Tool\bin\mad.exe
PRC - [2005/08/24 07:51:18 | 000,442,455 | ---- | M] (Motive, Inc.) -- c:\Program Files\SBC Self Support Tool\SmartBridge\motivesb .exe
PRC - [2003/10/10 09:06:12 | 000,245,760 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\SBC Self Support Tool\AsstCommon\MotiveDirectory.exe
PRC - [2003/10/10 09:06:10 | 000,192,512 | ---- | M] () -- C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
PRC - [2002/09/19 19:29:28 | 000,053,248 | ---- | M] (Computer Associates) -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
PRC - [2002/09/10 21:26:26 | 000,368,706 | ---- | M] () -- c:\Program Files\BroadJump\Client Foundation\cfd .exe
PRC - [2002/08/15 04:07:02 | 000,428,544 | ---- | M] (Webroot Software, Inc.) -- c:\Program Files\Washer\washer .exe

[color=\"#E56717\"]========== Modules (SafeList) ==========[/color]

MOD - [2010/04/05 16:39:32 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\h\Desktop\OTL.exe
MOD - [2005/06/03 09:23:28 | 000,122,880 | ---- | M] (Motive Communications, Inc.) -- c:\Program Files\SBC Self Support Tool\SmartBridge\SBHook.dll

[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [On_Demand | Stopped] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/01/29 16:19:32 | 000,128,280 | ---- | M] (Impulse Point, LLC) [Auto | Running] -- C:\Program Files\SafeConnect\scManager.sys -- (SCManager)
SRV - [2009/10/02 10:58:10 | 000,185,776 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\rpcnet\Bin\rpcld.exe -- (rpcld) Remote Procedure Call (RPC)
SRV - [2009/07/08 12:55:23 | 000,056,680 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\WINDOWS\system32\rpcnet.exe -- (Rpcnet) Remote Procedure Call (RPC)
SRV - [2009/04/29 13:36:49 | 000,380,928 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CA\eTrustITM\InoTask.exe -- (InoTask)
SRV - [2009/04/29 13:36:49 | 000,192,512 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\eTrustITM\InoRpc.exe -- (InoRPC)
SRV - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/02/25 16:35:34 | 000,208,896 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\eTrustITM\InoRT.exe -- (InoRT)
SRV - [2009/02/06 18:08:58 | 000,533,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2007/02/05 07:57:24 | 000,106,496 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe -- (iGateway)
SRV - [2006/10/18 18:05:18 | 000,434,176 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2006/10/18 18:01:34 | 000,290,816 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2006/10/18 17:56:52 | 000,946,176 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2006/10/18 17:49:52 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2002/09/19 19:41:00 | 000,077,824 | ---- | M] (Computer Associates) [On_Demand | Stopped] -- C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe -- (CA_LIC_SRVR)
SRV - [2002/09/19 19:29:28 | 000,053,248 | ---- | M] (Computer Associates) [Auto | Running] -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe -- (LogWatch)
SRV - [2002/09/19 19:27:04 | 000,077,824 | ---- | M] (Computer Associates) [On_Demand | Stopped] -- C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe -- (CA_LIC_CLNT)

[color=\"#E56717\"]========== Driver Services (SafeList) ==========[/color]

DRV - [2009/02/06 18:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/10/18 21:14:32 | 000,184,080 | ---- | M] (Computer Associates) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\ino_fltr.sys -- (INO_FLTR)
DRV - [2007/08/06 22:07:02 | 000,027,536 | ---- | M] (Computer Associates) [File_System | Boot | Running] -- C:\WINDOWS\system32\Drivers\ino_flpy.sys -- (INO_FLPY)
DRV - [2007/03/30 21:34:14 | 005,704,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/10/19 09:29:22 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/10/17 11:55:28 | 001,711,104 | ---- | M] (IntelÂ® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32) Intel®
DRV - [2006/04/05 19:38:22 | 002,208,512 | ---- | M] (IntelÂ® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2006/04/04 03:17:24 | 001,429,632 | ---- | M] (IntelÂ® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2006/03/24 17:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/07/22 11:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 11:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/22 11:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/10 16:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2004/05/26 15:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]

[color=\"#E56717\"]========== Internet Explorer ==========[/color]

IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)

IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=\"#E56717\"]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.Email Removed/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.selectedEngine: "AIM Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.9.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.7.1
FF - prefs.js..keyword.URL: "http://slirsredirect.search.Email Removed/slirs_http/sredir?invocationType=bu10aiminstabie7&sredir=2706&query="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/07 22:56:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/07 22:56:00 | 000,000,000 | ---D | M]

[2010/02/07 22:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\h\Application Data\Mozilla\Extensions
[2010/04/05 16:38:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\x2uxm7cb.default\extensions
[2009/08/22 12:44:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\x2uxm7cb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/05 16:38:17 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\x2uxm7cb.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/27 21:03:31 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\x2uxm7cb.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/04/05 16:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\x2uxm7cb.default\extensions\[email protected]
[2010/03/18 23:31:39 | 000,001,490 | ---- | M] () -- C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\x2uxm7cb.default\searchplugins\AIM Search.xml
[2010/01/28 00:59:11 | 000,004,546 | ---- | M] () -- C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\x2uxm7cb.default\searchplugins\aim-search.xml
[2010/04/01 22:00:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/18 23:31:39 | 000,001,490 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\AIM Search.xml

O1 HOSTS File: ([2010/03/30 23:29:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\cfd.exe ()
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [fui] C:\WINDOWS\System32\fui.exe ()
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe ()
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe ()
O4 - HKLM..\Run: [Motive SmartBridge] C:\Program Files\SBC Self Support Tool\SmartBridge\motivesb.exe ()
O4 - HKLM..\Run: [msiinfo32] C:\WINDOWS\system32\msiinfo32.exe ()
O4 - HKLM..\Run: [Realtime Monitor] C:\Program Files\CA\eTrustITM\realmon.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\System32\stsystra.exe ()
O4 - HKCU..\Run: [Aim] c:\program files\aim\aim .exe ()
O4 - HKCU..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKCU..\Run: [fbnafgfj] C:\Documents and Settings\h\Local Settings\Application Data\knccac\lgtjsftav.exe File not found
O4 - HKCU..\Run: [fwmulnyt] C:\Documents and Settings\h\Local Settings\Application Data\qqrmxc\yhtasftav.exe File not found
O4 - HKCU..\Run: [gayhodqn] C:\Documents and Settings\h\Local Settings\Application Data\rerysn\bgkfsftav.exe File not found
O4 - HKCU..\Run: [gqeivkgx] C:\Documents and Settings\h\Local Settings\Application Data\bdjtrb\imkfsftav.exe File not found
O4 - HKCU..\Run: [gyptfmos] C:\Documents and Settings\h\Application Data\dogkfm\bprnsftav.exe File not found
O4 - HKCU..\Run: [hqcutqwv] C:\Documents and Settings\h\Local Settings\Application Data\gbmoes\inmpsftav.exe File not found
O4 - HKCU..\Run: [hqdhugjo] C:\Documents and Settings\h\Local Settings\Application Data\ektiqe\indusftav.exe File not found
O4 - HKCU..\Run: [hqtulted] C:\WINDOWS\ivrnsftav.exe ()
O4 - HKCU..\Run: [hyfstgag] C:\Documents and Settings\h\Local Settings\Application Data\ppmdey\bairsftav.exe File not found
O4 - HKCU..\Run: [hymsbdsy] C:\Documents and Settings\h\Local Settings\Application Data\idcmes\brdssftav.exe File not found
O4 - HKCU..\Run: [hyngcser] C:\Documents and Settings\h\Application Data\hmjfre\brtxsftav.exe File not found
O4 - HKCU..\Run: [hyvskejc] C:\Documents and Settings\h\Local Settings\Application Data\yjhhej\biffsftav.exe File not found
O4 - HKCU..\Run: [iqbhsble] C:\Documents and Settings\h\Application Data\hsfvqh\inwksftav.exe File not found
O4 - HKCU..\Run: [iqstkpgs] C:\Documents and Settings\h\Local Settings\Application Data\pvhtdc\iwkdsftav.exe File not found
O4 - HKCU..\Run: [isyuqqcj] C:\Documents and Settings\h\Local Settings\Application Data\dudrop\ffdhsftav.exe File not found
O4 - HKCU..\Run: [iytfikab] C:\Documents and Settings\h\Local Settings\Application Data\dhkcqb\bkipsftav.exe File not found
O4 - HKCU..\Run: [iyufjpxk] C:\Documents and Settings\h\Local Settings\Application Data\aaaoqx\bjoasftav.exe File not found
O4 - HKCU..\Run: [jpyfpspl] C:\Documents and Settings\h\Local Settings\Application Data\mhcxpn\ipiosftav.exe File not found
O4 - HKCU..\Run: [kpwrmygj] C:\Documents and Settings\h\Local Settings\Application Data\rffsbf\iqkysftav.exe File not found
O4 - HKCU..\Run: [otgnumqb] C:\Documents and Settings\h\Local Settings\Application Data\giocws\rbvxsftav.exe File not found
O4 - HKCU..\Run: [owcbdcyn] C:\Documents and Settings\h\Application Data\ibqleb\humnsftav.exe File not found
O4 - HKCU..\Run: [owlcmepq] C:\Documents and Settings\h\Local Settings\Application Data\yhvger\hmoasftav.exe File not found
O4 - HKCU..\Run: [owloloey] C:\Documents and Settings\h\Local Settings\Application Data\axonrg\hmyusftav.exe File not found
O4 - HKCU..\Run: [owtouquc] C:\Documents and Settings\h\Local Settings\Application Data\qetirv\hdbhsftav.exe File not found
O4 - HKCU..\Run: [pbyukyjl] C:\Documents and Settings\h\Local Settings\Application Data\svqvso\jlxtsftav.exe File not found
O4 - HKCU..\Run: [qvoloxep] C:\Documents and Settings\h\Local Settings\Application Data\chmmoj\hhyqsftav.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\teatimer.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ()
O4 - HKCU..\Run: [tuqiowqh] C:\Documents and Settings\h\Local Settings\Application Data\wliufl\ihgasftav.exe File not found
O4 - HKCU..\Run: [tuyhvtjb] C:\Documents and Settings\h\Local Settings\Application Data\pyxeef\iybbsftav.exe File not found
O4 - HKCU..\Run: [utghdqcu] C:\Documents and Settings\h\Local Settings\Application Data\jmoney\irwdsftav.exe File not found
O4 - HKCU..\Run: [uuxtuexj] C:\Documents and Settings\h\Application Data\rpqlrt\iakvsftav.exe File not found
O4 - HKCU..\Run: [Washer] C:\Program Files\Washer\washer.exe ()
O4 - HKCU..\Run: [wngqecdq] C:\Documents and Settings\h\Local Settings\Application Data\klojrw\bgbfsftav.exe File not found
O4 - HKCU..\Run: [wnodmohb] C:\Documents and Settings\h\Application Data\cimmec\bxnlsftav.exe File not found
O4 - HKCU..\Run: [wtxlyoot] C:\Documents and Settings\h\Local Settings\Application Data\sxssli\ffaesftav.exe File not found
O4 - HKCU..\Run: [Yahoo! Pager] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SafeConnect.lnk = C:\Program Files\SafeConnect\SCClient.exe (Impulse Point, LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe (Motive Communications, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1150832924960 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1228863417765 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/06/20 13:46:41 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: Broadcom Wireless Manager UI - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

[color=\"#E56717\"]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010/04/05 16:40:05 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\h\Desktop\OTL.exe
[2010/04/01 21:46:09 | 000,000,000 | ---D | C] -- C:\TrendMicro
[2010/03/31 21:25:03 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/03/30 23:50:23 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\rpcnet
[2010/03/30 23:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ivvipl
[2010/03/30 23:21:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/30 23:21:51 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/30 23:21:51 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/30 23:21:51 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/28 22:22:49 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2010/03/20 22:45:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\h\Recent
[2010/03/18 23:31:31 | 000,000,000 | ---D | C] -- C:\Program Files\AIM
[2010/03/18 23:31:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/03/18 10:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2010/03/12 14:41:21 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2010/03/10 18:21:01 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/03/08 16:35:23 | 001,230,616 | ---- | C] (Impulse Point, LLC) -- C:\Documents and Settings\h\Desktop\ServiceInstaller.exe
[2010/03/07 20:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2010/03/06 20:29:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\AIM Toolbar
[2010/03/06 20:29:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2010/03/06 20:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
[2010/03/06 18:22:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/03/04 10:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/03/03 15:48:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\AIM Toolbar
[2010/03/03 15:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Google
[2010/03/02 21:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/03/02 21:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/03/02 21:52:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/03/01 21:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/03/01 21:24:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/02/27 18:20:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/02/27 18:15:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/02/01 15:36:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/08/31 14:06:39 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/07/15 11:54:17 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/04/29 13:40:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/04/20 11:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2007/07/24 10:53:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intel
[2007/07/24 10:52:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=\"#E56717\"]========== Files - Modified Within 30 Days ==========[/color]

[2010/04/05 16:39:32 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\h\Desktop\OTL.exe
[2010/04/05 16:39:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/04/05 16:39:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/04/05 16:39:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/04/05 16:39:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/04/05 16:39:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/04/05 16:39:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/04/05 16:39:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/04/05 16:39:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/04/05 16:39:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/04/05 16:39:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/04/05 16:39:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/04/05 16:39:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/04/05 16:39:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/04/05 16:39:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/04/05 16:39:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/04/05 16:39:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/04/05 16:39:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/04/05 16:39:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/04/05 16:39:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/04/05 16:39:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/04/05 16:39:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/04/05 16:39:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/04/05 16:39:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/04/05 16:39:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/04/05 16:39:03 | 000,040,960 | ---- | M] () -- C:\WINDOWS\System32\fui.exe
[2010/04/05 16:39:01 | 000,040,960 | ---- | M] () -- C:\WINDOWS\System32\msiinfo32.exe
[2010/04/05 16:38:57 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\h\stsystra.exe
[2010/04/05 16:38:55 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\h\rundll32.exe
[2010/04/05 16:38:45 | 000,040,960 | ---- | M] () -- C:\WINDOWS\ivrnsftav.exe
[2010/04/05 16:36:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/05 16:36:34 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.exe
[2010/04/05 16:36:34 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/05 16:36:34 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/04/05 16:36:31 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.dll
[2010/04/05 16:36:29 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/05 16:36:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/01 22:30:16 | 009,437,184 | -H-- | M] () -- C:\Documents and Settings\h\NTUSER.DAT
[2010/04/01 22:30:16 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\h\ntuser.ini
[2010/04/01 22:30:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/01 22:29:59 | 004,303,472 | -H-- | M] () -- C:\Documents and Settings\h\Local Settings\Application Data\IconCache.db
[2010/04/01 21:46:10 | 000,001,946 | ---- | M] () -- C:\Documents and Settings\h\Desktop\HiJackThis.lnk
[2010/04/01 21:36:31 | 000,000,976 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1992757637-737350535-4160918168-1003UA.job
[2010/04/01 21:30:39 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\h\stsystra .exe
[2010/04/01 19:38:08 | 000,040,960 | ---- | M] () -- C:\WINDOWS\System32\fui .exe
[2010/04/01 19:38:06 | 000,040,960 | ---- | M] () -- C:\WINDOWS\System32\msiinfo32 .exe
[2010/04/01 19:38:02 | 000,040,960 | ---- | M] () -- C:\WINDOWS\System32\stsystra.exe
[2010/04/01 18:01:31 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.dll
[2010/03/30 23:29:56 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/30 23:29:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/30 23:18:17 | 003,906,159 | R--- | M] () -- C:\Documents and Settings\h\Desktop\ComboFix.exe
[2010/03/30 22:23:25 | 000,040,960 | ---- | M] () -- C:\WINDOWS\ivrnsftav .exe
[2010/03/29 22:37:32 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\h\Desktop\iExplore.exe
[2010/03/29 22:36:00 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\h\Desktop\rkill.com
[2010/03/29 22:18:15 | 000,000,373 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/03/28 14:11:26 | 000,000,124 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Control Panel.lnk
[2010/03/23 23:31:15 | 000,000,004 | ---- | M] () -- C:\Program Files\5034578.dat
[2010/03/23 23:31:11 | 000,000,004 | ---- | M] () -- C:\Program Files\5031437.dat
[2010/03/23 22:36:00 | 000,000,004 | ---- | M] () -- C:\Program Files\1719718.dat
[2010/03/23 21:36:00 | 000,000,004 | ---- | M] () -- C:\Program Files\1632406.dat
[2010/03/22 23:36:00 | 000,000,004 | ---- | M] () -- C:\Program Files\2000765.dat
[2010/03/21 21:36:00 | 000,000,004 | ---- | M] () -- C:\Program Files\5983640.dat
[2010/03/21 17:22:30 | 000,000,004 | ---- | M] () -- C:\Program Files\267531.dat
[2010/03/21 16:36:00 | 000,000,004 | ---- | M] () -- C:\Program Files\19239796.dat
[2010/03/21 02:41:06 | 000,000,004 | ---- | M] () -- C:\Program Files\6884187.dat
[2010/03/21 02:36:01 | 000,000,004 | ---- | M] () -- C:\Program Files\6578718.dat
[2010/03/21 01:36:00 | 000,000,004 | ---- | M] () -- C:\Program Files\2978281.dat
[2010/03/21 00:55:25 | 000,000,004 | ---- | M] () -- C:\Program Files\542703.dat
[2010/03/21 00:54:55 | 000,000,004 | ---- | M] () -- C:\Program Files\512703.dat
[2010/03/20 22:39:39 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\h\Desktop\CCleaner.lnk
[2010/03/19 10:36:01 | 000,000,924 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1992757637-737350535-4160918168-1003Core.job
[2010/03/19 09:50:17 | 000,528,518 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/19 09:50:17 | 000,446,158 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/19 09:50:17 | 000,073,884 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/18 23:32:11 | 000,000,722 | -H-- | M] () -- C:\IPH.PH
[2010/03/18 23:31:38 | 000,001,574 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/03/13 13:19:29 | 000,000,581 | ---- | M] () -- C:\WINDOWS\eReg.dat
[2010/03/12 18:02:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/03/12 14:41:22 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\h\Desktop\Revo Uninstaller.lnk
[2010/03/12 09:07:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100319-003403.backup
[2010/03/10 19:56:18 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2010/03/09 09:22:07 | 000,095,232 | ---- | M] () -- C:\Documents and Settings\h\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/09 05:42:00 | 000,016,605 | ---- | M] () -- C:\Documents and Settings\h\Desktop\CHAPTER 14 Mendel and the Gene Idea.docx
[2010/03/08 16:35:32 | 001,230,616 | ---- | M] (Impulse Point, LLC) -- C:\Documents and Settings\h\Desktop\ServiceInstaller.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=\"#E56717\"]========== Files Created - No Company Name ==========[/color]

[2010/04/05 16:38:55 | 000,040,960 | ---- | C] () -- C:\Documents and Settings\h\rundll32.exe
[2010/04/01 21:46:10 | 000,001,946 | ---- | C] () -- C:\Documents and Settings\h\Desktop\HiJackThis.lnk
[2010/04/01 21:30:39 | 000,040,960 | ---- | C] () -- C:\Documents and Settings\h\stsystra.exe
[2010/04/01 21:30:39 | 000,040,960 | ---- | C] () -- C:\Documents and Settings\h\stsystra .exe
[2010/04/01 19:38:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fui.exe
[2010/04/01 19:38:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fui .exe
[2010/04/01 19:38:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\msiinfo32.exe
[2010/04/01 19:38:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\msiinfo32 .exe
[2010/04/01 19:38:02 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\stsystra.exe
[2010/03/30 23:32:42 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/03/30 23:32:42 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/03/30 23:32:42 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/03/30 23:32:42 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/03/30 23:32:42 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/03/30 23:32:42 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/03/30 23:32:42 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/03/30 23:32:42 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/03/30 23:32:42 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/03/30 23:32:42 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/03/30 23:32:42 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/03/30 23:32:42 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/03/30 23:32:42 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/03/30 23:32:42 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/03/30 23:32:42 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/03/30 23:32:42 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/03/30 23:32:42 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/03/30 23:32:42 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/03/30 23:32:42 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/03/30 23:32:42 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/03/30 23:32:42 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/03/30 23:32:42 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/03/30 23:32:42 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/03/30 23:32:42 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/03/30 23:21:51 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/30 23:21:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/30 23:21:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/30 23:21:51 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/30 23:21:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/30 23:15:20 | 003,906,159 | R--- | C] () -- C:\Documents and Settings\h\Desktop\ComboFix.exe
[2010/03/29 22:39:43 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\h\Desktop\rkill.com
[2010/03/29 22:39:43 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\h\Desktop\iExplore.exe
[2010/03/28 14:11:26 | 000,000,124 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Control Panel.lnk
[2010/03/23 23:31:15 | 000,000,004 | ---- | C] () -- C:\Program Files\5034578.dat
[2010/03/23 23:31:11 | 000,000,004 | ---- | C] () -- C:\Program Files\5031437.dat
[2010/03/23 22:36:00 | 000,000,004 | ---- | C] () -- C:\Program Files\1719718.dat
[2010/03/23 22:13:31 | 000,040,960 | ---- | C] () -- C:\WINDOWS\ivrnsftav.exe
[2010/03/23 22:13:31 | 000,040,960 | ---- | C] () -- C:\WINDOWS\ivrnsftav .exe
[2010/03/23 21:36:00 | 000,000,004 | ---- | C] () -- C:\Program Files\1632406.dat
[2010/03/22 23:36:00 | 000,000,004 | ---- | C] () -- C:\Program Files\2000765.dat
[2010/03/21 21:36:00 | 000,000,004 | ---- | C] () -- C:\Program Files\5983640.dat
[2010/03/21 17:22:30 | 000,000,004 | ---- | C] () -- C:\Program Files\267531.dat
[2010/03/21 16:36:00 | 000,000,004 | ---- | C] () -- C:\Program Files\19239796.dat
[2010/03/21 02:41:06 | 000,000,004 | ---- | C] () -- C:\Program Files\6884187.dat
[2010/03/21 02:36:01 | 000,000,004 | ---- | C] () -- C:\Program Files\6578718.dat
[2010/03/21 01:36:00 | 000,000,004 | ---- | C] () -- C:\Program Files\2978281.dat
[2010/03/21 00:55:25 | 000,000,004 | ---- | C] () -- C:\Program Files\542703.dat
[2010/03/21 00:54:55 | 000,000,004 | ---- | C] () -- C:\Program Files\512703.dat
[2010/03/18 23:31:38 | 000,001,574 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/03/12 14:41:22 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\h\Desktop\Revo Uninstaller.lnk
[2010/03/09 09:22:25 | 000,016,605 | ---- | C] () -- C:\Documents and Settings\h\Desktop\CHAPTER 14 Mendel and the Gene Idea.docx
[2010/03/04 12:42:01 | 000,000,373 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/08/12 22:52:09 | 000,095,232 | ---- | C] () -- C:\Documents and Settings\h\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/08/14 11:32:56 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.dll
[2007/07/24 14:09:57 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2007/07/24 14:05:59 | 000,000,605 | ---- | C] () -- C:\WINDOWS\PCalcpro.ini
[2007/07/24 14:05:59 | 000,000,543 | ---- | C] () -- C:\WINDOWS\asc_sys.ini
[2007/07/24 14:05:58 | 000,000,182 | ---- | C] () -- C:\WINDOWS\medlrng.ini
[2007/07/24 14:05:51 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[2007/07/24 14:03:49 | 000,050,688 | ---- | C] () -- C:\WINDOWS\System32\iproc.dll
[2007/07/24 14:03:49 | 000,041,984 | ---- | C] () -- C:\WINDOWS\System32\iprocnt.dll
[2007/07/24 14:03:00 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\twdll.dll
[2007/07/24 14:03:00 | 000,000,134 | ---- | C] () -- C:\WINDOWS\awshkwv.ini
[2007/07/24 10:50:16 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2006/07/20 13:51:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/07/13 10:35:10 | 000,001,767 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/07/12 16:20:28 | 000,000,047 | ---- | C] () -- C:\WINDOWS\InoSetup.ini
[2006/06/21 13:42:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/20 15:24:01 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\ntuser.dat
[2006/06/20 15:24:01 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\ntuser.dat.LOG
[2006/06/20 14:11:33 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/06/20 14:11:32 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/06/20 14:04:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\Stac97co.dll
[2006/06/20 13:52:11 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\h\ntuser.ini
[2006/06/20 13:52:10 | 009,437,184 | -H-- | C] () -- C:\Documents and Settings\h\NTUSER.DAT
[2006/06/20 13:52:10 | 000,036,864 | -H-- | C] () -- C:\Documents and Settings\h\ntuser.dat.LOG

[color=\"#E56717\"]========== Custom Scans ==========[/color]

[color=\"#A23BEC\"]< %SYSTEMDRIVE%\*.exe >[/color]

[color=\"#A23BEC\"]< MD5 for: AGP440.SYS >[/color]
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/12/05 12:45:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/12/05 12:45:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

[color=\"#A23BEC\"]< MD5 for: ATAPI.SYS >[/color]
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/12/05 12:45:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/12/05 12:45:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2010/03/10 19:56:18 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2010/03/10 19:56:18 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2010/03/10 19:56:18 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2001/08/23 07:00:00 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\atapi.sys

[color=\"#A23BEC\"]< MD5 for: EVENTLOG.DLL >[/color]
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 00:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

[color=\"#A23BEC\"]< MD5 for: LOGEVENT.DLL >[/color]
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\logevent.dll

[color=\"#A23BEC\"]< MD5 for: NETLOGON.DLL >[/color]
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

[color=\"#A23BEC\"]< MD5 for: SCECLI.DLL >[/color]
[2004/08/04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

[color=\"#A23BEC\"]< %systemroot%\*. /mp /s >[/color]

[color=\"#A23BEC\"]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

[color=\"#A23BEC\"]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

[color=\"#A23BEC\"]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]

[color=\"#A23BEC\"]< %systemroot%\System32\config\*.sav >[/color]
[2006/06/20 08:31:03 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/06/20 08:31:03 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/06/20 08:31:02 | 000,405,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

[color=\"#E56717\"]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 266944 bytes -> C:\WINDOWS\Temp:temp
< End of report >

OTL Extras logfile created on: 4/5/2010 4:40:55 PM - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\h\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 446.00 Mb Available Physical Memory | 44.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 23.57 Gb Free Space | 63.27% Space Free | Partition Type: NTFS
D: Drive

Anti-Scammers Forum / Hi

« on: April 01, 2010, 10:20:17 PM »

I came by to get some help with some viruses and figured I'd drop by and say hi...so, how yall doin?

General Discussion / I DID IT I FIGURED IT OUT!!!!

« on: April 01, 2010, 10:18:38 PM »

HOLY BALLS! I'm gonna go do this right now! oh darn...it didn't work, I'll just send him my username and password! OH NOSE!!!! My password has been changed

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\'

\' /> how could this have happened!?

General Discussion / Lets see how inactive this place is.

« on: April 01, 2010, 10:16:02 PM »

I like the recoloring update, could care less about the life points honestly

Tech Clinic / Some issues

« on: April 01, 2010, 10:01:20 PM »

My friend gave me two of his laptops to fix...he's given me both of them before and I fixed them with little to no problems and now he gave them back...one is fixed (as far as I know) and the other I can't seem to get rid of this stupid virus. It had some fake antivirus scam thing and some porn popup and I got rid of those and all the other things that were actually noticeable. There is still some "wmpscfgs.exe". Malwarebytes will pick it up and says it cures it, but it copies itself into all the startup programs and renames the actual program with an extra space. I went through and, thought, I deleted all of the infected files manually...and after restarting it all seemed fine, then a little bit later all the files came back.

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\'

\' />
Also, I could not run HiJackThis initially because it said I had insufficient access, so I installed in a different directory and it ran fine. Here is the log:

Code: [Select]

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 21:47:07, on 4/1/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
C:\Program Files\CA\eTrustITM\InoRpc.exe
C:\Program Files\CA\eTrustITM\InoRT.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\SafeConnect\scManager.sys
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\intel\wireless\bin\zcfgsvc .exe
C:\Program Files\SafeConnect\scClient.exe
c:\program files\intel\wireless\bin\ifrmewrk .exe
c:\program files\ca\etrustitm\realmon .exe
C:\Program Files\SBC Self Support Tool\bin\mad.exe
c:\program files\broadjump\client foundation\cfd .exe
c:\progra~1\sbcsel~1\smartb~1\motivesb .exe
c:\program files\itunes\ituneshelper .exe
c:\program files\washer\washer .exe
c:\program files\spybot - search & destroy\teatimer .exe
c:\program files\creative\sync manager unicode\ctsyncu .exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
c:\program files\google\googletoolbarnotifier\googletoolbarnotifier .exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\explorer.exe
C:\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [msiinfo32] C:\WINDOWS\system32\msiinfo32.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [fui] C:\WINDOWS\system32\fui.exe \u
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\h\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Aim] "c:\program files\aim\aim					 .exe" /d locale=en-US
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [fbnafgfj] C:\Documents and Settings\h\Local Settings\Application Data\knccac\lgtjsftav.exe
O4 - HKCU\..\Run: [wtxlyoot] C:\Documents and Settings\h\Local Settings\Application Data\sxssli\ffaesftav.exe
O4 - HKCU\..\Run: [isyuqqcj] C:\Documents and Settings\h\Local Settings\Application Data\dudrop\ffdhsftav.exe
O4 - HKCU\..\Run: [pbyukyjl] C:\Documents and Settings\h\Local Settings\Application Data\svqvso\jlxtsftav.exe
O4 - HKCU\..\Run: [uuxtuexj] C:\Documents and Settings\h\Application Data\rpqlrt\iakvsftav.exe
O4 - HKCU\..\Run: [tuyhvtjb] C:\Documents and Settings\h\Local Settings\Application Data\pyxeef\iybbsftav.exe
O4 - HKCU\..\Run: [utghdqcu] C:\Documents and Settings\h\Local Settings\Application Data\jmoney\irwdsftav.exe
O4 - HKCU\..\Run: [tuqiowqh] C:\Documents and Settings\h\Local Settings\Application Data\wliufl\ihgasftav.exe
O4 - HKCU\..\Run: [iytfikab] C:\Documents and Settings\h\Local Settings\Application Data\dhkcqb\bkipsftav.exe
O4 - HKCU\..\Run: [iyufjpxk] C:\Documents and Settings\h\Local Settings\Application Data\aaaoqx\bjoasftav.exe
O4 - HKCU\..\Run: [hymsbdsy] C:\Documents and Settings\h\Local Settings\Application Data\idcmes\brdssftav.exe
O4 - HKCU\..\Run: [hyvskejc] C:\Documents and Settings\h\Local Settings\Application Data\yjhhej\biffsftav.exe
O4 - HKCU\..\Run: [hyngcser] C:\Documents and Settings\h\Application Data\hmjfre\brtxsftav.exe
O4 - HKCU\..\Run: [hyfstgag] C:\Documents and Settings\h\Local Settings\Application Data\ppmdey\bairsftav.exe
O4 - HKCU\..\Run: [gayhodqn] C:\Documents and Settings\h\Local Settings\Application Data\rerysn\bgkfsftav.exe
O4 - HKCU\..\Run: [gyptfmos] C:\Documents and Settings\h\Application Data\dogkfm\bprnsftav.exe
O4 - HKCU\..\Run: [fwmulnyt] C:\Documents and Settings\h\Local Settings\Application Data\qqrmxc\yhtasftav.exe
O4 - HKCU\..\Run: [jpyfpspl] C:\Documents and Settings\h\Local Settings\Application Data\mhcxpn\ipiosftav.exe
O4 - HKCU\..\Run: [kpwrmygj] C:\Documents and Settings\h\Local Settings\Application Data\rffsbf\iqkysftav.exe
O4 - HKCU\..\Run: [iqbhsble] C:\Documents and Settings\h\Application Data\hsfvqh\inwksftav.exe
O4 - HKCU\..\Run: [iqstkpgs] C:\Documents and Settings\h\Local Settings\Application Data\pvhtdc\iwkdsftav.exe
O4 - HKCU\..\Run: [hqdhugjo] C:\Documents and Settings\h\Local Settings\Application Data\ektiqe\indusftav.exe
O4 - HKCU\..\Run: [hqcutqwv] C:\Documents and Settings\h\Local Settings\Application Data\gbmoes\inmpsftav.exe
O4 - HKCU\..\Run: [hqtulted] C:\WINDOWS\ivrnsftav.exe
O4 - HKCU\..\Run: [gqeivkgx] C:\Documents and Settings\h\Local Settings\Application Data\bdjtrb\imkfsftav.exe
O4 - HKCU\..\Run: [qvoloxep] C:\Documents and Settings\h\Local Settings\Application Data\chmmoj\hhyqsftav.exe
O4 - HKCU\..\Run: [owloloey] C:\Documents and Settings\h\Local Settings\Application Data\axonrg\hmyusftav.exe
O4 - HKCU\..\Run: [owtouquc] C:\Documents and Settings\h\Local Settings\Application Data\qetirv\hdbhsftav.exe
O4 - HKCU\..\Run: [owcbdcyn] C:\Documents and Settings\h\Application Data\ibqleb\humnsftav.exe
O4 - HKCU\..\Run: [owlcmepq] C:\Documents and Settings\h\Local Settings\Application Data\yhvger\hmoasftav.exe
O4 - HKCU\..\Run: [wnodmohb] C:\Documents and Settings\h\Application Data\cimmec\bxnlsftav.exe
O4 - HKCU\..\Run: [wngqecdq] C:\Documents and Settings\h\Local Settings\Application Data\klojrw\bgbfsftav.exe
O4 - HKCU\..\Run: [otgnumqb] C:\Documents and Settings\h\Local Settings\Application Data\giocws\rbvxsftav.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: SafeConnect.lnk = ?
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1150832924960
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228863417765
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Plug-in 1.6.0_13) - 
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iTechnology iGateway 4.2 (iGateway) - CA, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - CA - C:\Program Files\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Service (InoRT) - CA - C:\Program Files\CA\eTrustITM\InoRT.exe
O23 - Service: eTrust ITM Job Service (InoTask) - Unknown owner - C:\Program Files\CA\eTrustITM\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) LD (rpcld) - Absolute Software Corp. - C:\Documents and Settings\All Users\Application Data\Rpcnet\Bin\rpcld.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SafeConnect Manager (SCManager) - Unknown owner - C:\Program Files\SafeConnect\scManager.sys servicestart (file missing)
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 14017 bytes

I know all of the keys that have all sorts of spaces in them are the issue, and I know all those random character keys are also an issue. I've used spybot, eTrust, Malwarebytes, Vundofix (originally a vundo virus on there), Smitfraudfix, along with rkill to actually be able to run the programs because of the original antivirus scam infection.

I'm this close *demonstrates very small amount with fingers* to throwing this thing out the window...
Any help would be much appreciated

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' />

Thanks in advance,
-James

Tech Clinic / Website

« on: March 13, 2009, 08:56:41 PM »

thanks again questolo, I still have no way of getting rid of the infection, I guess that's IX's issue...I'll have to speak with the church about switching hosts, but for now what I did should take care of it

Tech Clinic / Website

« on: March 13, 2009, 09:28:40 AM »

So the yahoo counter is saved in the site description field on the database and I currently don't have access to the database but I will get rid of it ASAP. Also, when I first put up the forum some random jumble showed up in the header and when I viewed the source I noticed the yahoo counter in the same place but it didn't come up as a trojan on Avast, my guess was it was done incorrectly. I deleted the data from the database and didn't think anything of it, now it's back. I'm wondering if there is a way I can further protect myself from this. After googleing the yahoo counter thing I found that a couple people had this problem with IXHosting which is the host used by my church. Could it be the hosts security problem? Because I use the same forum script on my personal website, jaswin.net, and I use 1and1 and have never had this issue with that site.

EDIT: I deleted the data from the database but the script kept coming back. I then decided to delete the site description placeholder from the template and it seems to have fixed the issue.

Tech Clinic / Website

« on: March 12, 2009, 08:07:19 PM »

So, I am the webmaster of my church's website, kinda neway...and I had put in a forum but never really implemented it into the actual website and one day I decide to do that and I visit the forum and Avast comes up with a Trojan, it says 'JS:Redirector-D [Trj]' and then the only option is the abort connection. I currently don't have access to the SQL database and from what I've read the malware is in the database, I don't really know. Any help would be appreciated.

the website is hxxp://life.firstintheheart.com/forum

Thanks

For Sale / Wanted / Selling lvl 103+3 main

« on: December 27, 2008, 07:03:39 PM »

lookin for more the $15 if i do paypal, i would prefer rsgp

For Sale / Wanted / Selling lvl 103+3 main

« on: December 27, 2008, 04:01:34 AM »

bumpage

Pages: [1] 2 3 ... 49

TheTechGuide Forum

News:

Show Posts

Messages - Everlasting Death

General Discussion / Greetings and Salutations!

Tech Clinic / Some issues

Tech Clinic / Some issues

Tech Clinic / Some issues

Tech Clinic / Some issues

Anti-Scammers Forum / Hi

Tech Clinic / Some issues

Tech Clinic / Some issues

Tech Clinic / Some issues

Tech Clinic / Some issues

Tech Clinic / Some issues

Anti-Scammers Forum / Hi

General Discussion / I DID IT I FIGURED IT OUT!!!!

General Discussion / Lets see how inactive this place is.

Tech Clinic / Some issues

Tech Clinic / Website

Tech Clinic / Website

Tech Clinic / Website

For Sale / Wanted / Selling lvl 103+3 main

For Sale / Wanted / Selling lvl 103+3 main