Author Topic: Some issues (Read 2133 times)

Everlasting Death · « **on:** April 01, 2010, 10:01:20 PM »

My friend gave me two of his laptops to fix...he's given me both of them before and I fixed them with little to no problems and now he gave them back...one is fixed (as far as I know) and the other I can't seem to get rid of this stupid virus. It had some fake antivirus scam thing and some porn popup and I got rid of those and all the other things that were actually noticeable. There is still some "wmpscfgs.exe". Malwarebytes will pick it up and says it cures it, but it copies itself into all the startup programs and renames the actual program with an extra space. I went through and, thought, I deleted all of the infected files manually...and after restarting it all seemed fine, then a little bit later all the files came back.

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\'

\' />
Also, I could not run HiJackThis initially because it said I had insufficient access, so I installed in a different directory and it ran fine. Here is the log:

Code: [Select]

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 21:47:07, on 4/1/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
C:\Program Files\CA\eTrustITM\InoRpc.exe
C:\Program Files\CA\eTrustITM\InoRT.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\SafeConnect\scManager.sys
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\intel\wireless\bin\zcfgsvc .exe
C:\Program Files\SafeConnect\scClient.exe
c:\program files\intel\wireless\bin\ifrmewrk .exe
c:\program files\ca\etrustitm\realmon .exe
C:\Program Files\SBC Self Support Tool\bin\mad.exe
c:\program files\broadjump\client foundation\cfd .exe
c:\progra~1\sbcsel~1\smartb~1\motivesb .exe
c:\program files\itunes\ituneshelper .exe
c:\program files\washer\washer .exe
c:\program files\spybot - search & destroy\teatimer .exe
c:\program files\creative\sync manager unicode\ctsyncu .exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
c:\program files\google\googletoolbarnotifier\googletoolbarnotifier .exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\explorer.exe
C:\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [msiinfo32] C:\WINDOWS\system32\msiinfo32.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [fui] C:\WINDOWS\system32\fui.exe \u
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\h\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Aim] "c:\program files\aim\aim					 .exe" /d locale=en-US
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [fbnafgfj] C:\Documents and Settings\h\Local Settings\Application Data\knccac\lgtjsftav.exe
O4 - HKCU\..\Run: [wtxlyoot] C:\Documents and Settings\h\Local Settings\Application Data\sxssli\ffaesftav.exe
O4 - HKCU\..\Run: [isyuqqcj] C:\Documents and Settings\h\Local Settings\Application Data\dudrop\ffdhsftav.exe
O4 - HKCU\..\Run: [pbyukyjl] C:\Documents and Settings\h\Local Settings\Application Data\svqvso\jlxtsftav.exe
O4 - HKCU\..\Run: [uuxtuexj] C:\Documents and Settings\h\Application Data\rpqlrt\iakvsftav.exe
O4 - HKCU\..\Run: [tuyhvtjb] C:\Documents and Settings\h\Local Settings\Application Data\pyxeef\iybbsftav.exe
O4 - HKCU\..\Run: [utghdqcu] C:\Documents and Settings\h\Local Settings\Application Data\jmoney\irwdsftav.exe
O4 - HKCU\..\Run: [tuqiowqh] C:\Documents and Settings\h\Local Settings\Application Data\wliufl\ihgasftav.exe
O4 - HKCU\..\Run: [iytfikab] C:\Documents and Settings\h\Local Settings\Application Data\dhkcqb\bkipsftav.exe
O4 - HKCU\..\Run: [iyufjpxk] C:\Documents and Settings\h\Local Settings\Application Data\aaaoqx\bjoasftav.exe
O4 - HKCU\..\Run: [hymsbdsy] C:\Documents and Settings\h\Local Settings\Application Data\idcmes\brdssftav.exe
O4 - HKCU\..\Run: [hyvskejc] C:\Documents and Settings\h\Local Settings\Application Data\yjhhej\biffsftav.exe
O4 - HKCU\..\Run: [hyngcser] C:\Documents and Settings\h\Application Data\hmjfre\brtxsftav.exe
O4 - HKCU\..\Run: [hyfstgag] C:\Documents and Settings\h\Local Settings\Application Data\ppmdey\bairsftav.exe
O4 - HKCU\..\Run: [gayhodqn] C:\Documents and Settings\h\Local Settings\Application Data\rerysn\bgkfsftav.exe
O4 - HKCU\..\Run: [gyptfmos] C:\Documents and Settings\h\Application Data\dogkfm\bprnsftav.exe
O4 - HKCU\..\Run: [fwmulnyt] C:\Documents and Settings\h\Local Settings\Application Data\qqrmxc\yhtasftav.exe
O4 - HKCU\..\Run: [jpyfpspl] C:\Documents and Settings\h\Local Settings\Application Data\mhcxpn\ipiosftav.exe
O4 - HKCU\..\Run: [kpwrmygj] C:\Documents and Settings\h\Local Settings\Application Data\rffsbf\iqkysftav.exe
O4 - HKCU\..\Run: [iqbhsble] C:\Documents and Settings\h\Application Data\hsfvqh\inwksftav.exe
O4 - HKCU\..\Run: [iqstkpgs] C:\Documents and Settings\h\Local Settings\Application Data\pvhtdc\iwkdsftav.exe
O4 - HKCU\..\Run: [hqdhugjo] C:\Documents and Settings\h\Local Settings\Application Data\ektiqe\indusftav.exe
O4 - HKCU\..\Run: [hqcutqwv] C:\Documents and Settings\h\Local Settings\Application Data\gbmoes\inmpsftav.exe
O4 - HKCU\..\Run: [hqtulted] C:\WINDOWS\ivrnsftav.exe
O4 - HKCU\..\Run: [gqeivkgx] C:\Documents and Settings\h\Local Settings\Application Data\bdjtrb\imkfsftav.exe
O4 - HKCU\..\Run: [qvoloxep] C:\Documents and Settings\h\Local Settings\Application Data\chmmoj\hhyqsftav.exe
O4 - HKCU\..\Run: [owloloey] C:\Documents and Settings\h\Local Settings\Application Data\axonrg\hmyusftav.exe
O4 - HKCU\..\Run: [owtouquc] C:\Documents and Settings\h\Local Settings\Application Data\qetirv\hdbhsftav.exe
O4 - HKCU\..\Run: [owcbdcyn] C:\Documents and Settings\h\Application Data\ibqleb\humnsftav.exe
O4 - HKCU\..\Run: [owlcmepq] C:\Documents and Settings\h\Local Settings\Application Data\yhvger\hmoasftav.exe
O4 - HKCU\..\Run: [wnodmohb] C:\Documents and Settings\h\Application Data\cimmec\bxnlsftav.exe
O4 - HKCU\..\Run: [wngqecdq] C:\Documents and Settings\h\Local Settings\Application Data\klojrw\bgbfsftav.exe
O4 - HKCU\..\Run: [otgnumqb] C:\Documents and Settings\h\Local Settings\Application Data\giocws\rbvxsftav.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: SafeConnect.lnk = ?
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1150832924960
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228863417765
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Plug-in 1.6.0_13) - 
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iTechnology iGateway 4.2 (iGateway) - CA, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - CA - C:\Program Files\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Service (InoRT) - CA - C:\Program Files\CA\eTrustITM\InoRT.exe
O23 - Service: eTrust ITM Job Service (InoTask) - Unknown owner - C:\Program Files\CA\eTrustITM\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) LD (rpcld) - Absolute Software Corp. - C:\Documents and Settings\All Users\Application Data\Rpcnet\Bin\rpcld.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SafeConnect Manager (SCManager) - Unknown owner - C:\Program Files\SafeConnect\scManager.sys servicestart (file missing)
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 14017 bytes

I know all of the keys that have all sorts of spaces in them are the issue, and I know all those random character keys are also an issue. I've used spybot, eTrust, Malwarebytes, Vundofix (originally a vundo virus on there), Smitfraudfix, along with rkill to actually be able to run the programs because of the original antivirus scam infection.

I'm this close *demonstrates very small amount with fingers* to throwing this thing out the window...
Any help would be much appreciated

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' />

Thanks in advance,
-James

guestolo · « **Reply #1 on:** April 01, 2010, 10:34:27 PM »

Download [color=\"#FF0000\"]OTL.exe[/color][/url] by OldTimer to your Desktop.

Close all windows and double click on OTL.exe to run it
Under the Custom Scan box paste this in, the contents in Blue

[color=\"#0000FF\"]netsvcs
msconfig
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav [/color]

Click Run Scan and let the program run uninterrupted.
It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
You may need to use two posts to get it all.

NOTE: If you have trouble, or an error message trying to post the logs
Can you upload it to a reply box
In a Reply, select "Browse..." on the bottom right and then navigate to the file and select it
Then click "Upload"

Everlasting Death · « **Reply #2 on:** April 05, 2010, 04:53:03 PM »

OTL logfile created on: 4/5/2010 4:40:55 PM - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\h\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 446.00 Mb Available Physical Memory | 44.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 23.57 Gb Free Space | 63.27% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 968.65 Mb Total Space | 933.91 Mb Free Space | 96.41% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RLCHS-838196
Current User Name: HSLaptop
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=\"#E56717\"]========== Processes (SafeList) ==========[/color]

PRC - [2010/04/05 16:39:32 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\h\Desktop\OTL.exe
PRC - [2010/04/01 21:30:38 | 000,040,960 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
PRC - [2010/02/27 13:42:55 | 000,039,408 | ---- | M] (Google Inc.) -- c:\Program Files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
PRC - [2010/01/29 16:19:33 | 000,297,240 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\SCClient.exe
PRC - [2010/01/29 16:19:32 | 000,128,280 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\scManager.sys
PRC - [2009/11/12 17:33:10 | 000,141,600 | ---- | M] (Apple Inc.) -- c:\Program Files\iTunes\ituneshelper .exe
PRC - [2009/10/02 10:58:10 | 000,185,776 | ---- | M] (Absolute Software Corp.) -- C:\Documents and Settings\All Users\Application Data\rpcnet\Bin\rpcld.exe
PRC - [2009/07/08 12:55:23 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\system32\rpcnet.exe
PRC - [2009/04/29 13:36:49 | 000,192,512 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\InoRPC.exe
PRC - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- c:\Program Files\Spybot - Search & Destroy\teatimer .exe
PRC - [2009/02/25 16:35:34 | 000,208,896 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\InoRT.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/05 07:57:24 | 000,106,496 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
PRC - [2007/01/16 21:27:58 | 000,407,632 | ---- | M] (CA) -- c:\Program Files\CA\eTrustITM\realmon .exe
PRC - [2006/10/18 18:05:18 | 000,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006/10/18 18:04:28 | 000,802,816 | ---- | M] (Intel Corporation) -- c:\Program Files\Intel\Wireless\Bin\zcfgsvc .exe
PRC - [2006/10/18 18:01:34 | 000,290,816 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2006/10/18 17:58:16 | 000,696,320 | ---- | M] (Intel Corporation) -- c:\Program Files\Intel\Wireless\Bin\ifrmewrk .exe
PRC - [2006/10/18 17:56:52 | 000,946,176 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2006/10/18 17:53:24 | 000,479,232 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/10/18 17:49:52 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2006/09/28 20:09:14 | 000,700,416 | ---- | M] () -- c:\Program Files\Creative\Sync Manager Unicode\ctsyncu .exe
PRC - [2006/06/29 03:19:03 | 002,371,584 | ---- | M] (Motive, Inc.) -- C:\Program Files\SBC Self Support Tool\bin\mad.exe
PRC - [2005/08/24 07:51:18 | 000,442,455 | ---- | M] (Motive, Inc.) -- c:\Program Files\SBC Self Support Tool\SmartBridge\motivesb .exe
PRC - [2003/10/10 09:06:12 | 000,245,760 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\SBC Self Support Tool\AsstCommon\MotiveDirectory.exe
PRC - [2003/10/10 09:06:10 | 000,192,512 | ---- | M] () -- C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
PRC - [2002/09/19 19:29:28 | 000,053,248 | ---- | M] (Computer Associates) -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
PRC - [2002/09/10 21:26:26 | 000,368,706 | ---- | M] () -- c:\Program Files\BroadJump\Client Foundation\cfd .exe
PRC - [2002/08/15 04:07:02 | 000,428,544 | ---- | M] (Webroot Software, Inc.) -- c:\Program Files\Washer\washer .exe

[color=\"#E56717\"]========== Modules (SafeList) ==========[/color]

MOD - [2010/04/05 16:39:32 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\h\Desktop\OTL.exe
MOD - [2005/06/03 09:23:28 | 000,122,880 | ---- | M] (Motive Communications, Inc.) -- c:\Program Files\SBC Self Support Tool\SmartBridge\SBHook.dll

[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [On_Demand | Stopped] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/01/29 16:19:32 | 000,128,280 | ---- | M] (Impulse Point, LLC) [Auto | Running] -- C:\Program Files\SafeConnect\scManager.sys -- (SCManager)
SRV - [2009/10/02 10:58:10 | 000,185,776 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\rpcnet\Bin\rpcld.exe -- (rpcld) Remote Procedure Call (RPC)
SRV - [2009/07/08 12:55:23 | 000,056,680 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\WINDOWS\system32\rpcnet.exe -- (Rpcnet) Remote Procedure Call (RPC)
SRV - [2009/04/29 13:36:49 | 000,380,928 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CA\eTrustITM\InoTask.exe -- (InoTask)
SRV - [2009/04/29 13:36:49 | 000,192,512 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\eTrustITM\InoRpc.exe -- (InoRPC)
SRV - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/02/25 16:35:34 | 000,208,896 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\eTrustITM\InoRT.exe -- (InoRT)
SRV - [2009/02/06 18:08:58 | 000,533,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2007/02/05 07:57:24 | 000,106,496 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe -- (iGateway)
SRV - [2006/10/18 18:05:18 | 000,434,176 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2006/10/18 18:01:34 | 000,290,816 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2006/10/18 17:56:52 | 000,946,176 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2006/10/18 17:49:52 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2002/09/19 19:41:00 | 000,077,824 | ---- | M] (Computer Associates) [On_Demand | Stopped] -- C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe -- (CA_LIC_SRVR)
SRV - [2002/09/19 19:29:28 | 000,053,248 | ---- | M] (Computer Associates) [Auto | Running] -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe -- (LogWatch)
SRV - [2002/09/19 19:27:04 | 000,077,824 | ---- | M] (Computer Associates) [On_Demand | Stopped] -- C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe -- (CA_LIC_CLNT)

[color=\"#E56717\"]========== Driver Services (SafeList) ==========[/color]

DRV - [2009/02/06 18:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/10/18 21:14:32 | 000,184,080 | ---- | M] (Computer Associates) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\ino_fltr.sys -- (INO_FLTR)
DRV - [2007/08/06 22:07:02 | 000,027,536 | ---- | M] (Computer Associates) [File_System | Boot | Running] -- C:\WINDOWS\system32\Drivers\ino_flpy.sys -- (INO_FLPY)
DRV - [2007/03/30 21:34:14 | 005,704,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/10/19 09:29:22 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/10/17 11:55:28 | 001,711,104 | ---- | M] (IntelÂ® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32) Intel®
DRV - [2006/04/05 19:38:22 | 002,208,512 | ---- | M] (IntelÂ® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2006/04/04 03:17:24 | 001,429,632 | ---- | M] (IntelÂ® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2006/03/24 17:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/07/22 11:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 11:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/22 11:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/10 16:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2004/05/26 15:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]

[color=\"#E56717\"]========== Internet Explorer ==========[/color]

IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)

IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=\"#E56717\"]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.Email Removed/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.selectedEngine: "AIM Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.9.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.7.1
FF - prefs.js..keyword.URL: "http://slirsredirect.search.Email Removed/slirs_http/sredir?invocationType=bu10aiminstabie7&sredir=2706&query="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/07 22:56:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/07 22:56:00 | 000,000,000 | ---D | M]

[2010/02/07 22:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\h\Application Data\Mozilla\Extensions
[2010/04/05 16:38:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\x2uxm7cb.default\extensions
[2009/08/22 12:44:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\x2uxm7cb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/05 16:38:17 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\x2uxm7cb.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/27 21:03:31 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\x2uxm7cb.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/04/05 16:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\x2uxm7cb.default\extensions\[email protected]
[2010/03/18 23:31:39 | 000,001,490 | ---- | M] () -- C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\x2uxm7cb.default\searchplugins\AIM Search.xml
[2010/01/28 00:59:11 | 000,004,546 | ---- | M] () -- C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\x2uxm7cb.default\searchplugins\aim-search.xml
[2010/04/01 22:00:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/18 23:31:39 | 000,001,490 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\AIM Search.xml

O1 HOSTS File: ([2010/03/30 23:29:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\cfd.exe ()
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [fui] C:\WINDOWS\System32\fui.exe ()
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe ()
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe ()
O4 - HKLM..\Run: [Motive SmartBridge] C:\Program Files\SBC Self Support Tool\SmartBridge\motivesb.exe ()
O4 - HKLM..\Run: [msiinfo32] C:\WINDOWS\system32\msiinfo32.exe ()
O4 - HKLM..\Run: [Realtime Monitor] C:\Program Files\CA\eTrustITM\realmon.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\System32\stsystra.exe ()
O4 - HKCU..\Run: [Aim] c:\program files\aim\aim .exe ()
O4 - HKCU..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKCU..\Run: [fbnafgfj] C:\Documents and Settings\h\Local Settings\Application Data\knccac\lgtjsftav.exe File not found
O4 - HKCU..\Run: [fwmulnyt] C:\Documents and Settings\h\Local Settings\Application Data\qqrmxc\yhtasftav.exe File not found
O4 - HKCU..\Run: [gayhodqn] C:\Documents and Settings\h\Local Settings\Application Data\rerysn\bgkfsftav.exe File not found
O4 - HKCU..\Run: [gqeivkgx] C:\Documents and Settings\h\Local Settings\Application Data\bdjtrb\imkfsftav.exe File not found
O4 - HKCU..\Run: [gyptfmos] C:\Documents and Settings\h\Application Data\dogkfm\bprnsftav.exe File not found
O4 - HKCU..\Run: [hqcutqwv] C:\Documents and Settings\h\Local Settings\Application Data\gbmoes\inmpsftav.exe File not found
O4 - HKCU..\Run: [hqdhugjo] C:\Documents and Settings\h\Local Settings\Application Data\ektiqe\indusftav.exe File not found
O4 - HKCU..\Run: [hqtulted] C:\WINDOWS\ivrnsftav.exe ()
O4 - HKCU..\Run: [hyfstgag] C:\Documents and Settings\h\Local Settings\Application Data\ppmdey\bairsftav.exe File not found
O4 - HKCU..\Run: [hymsbdsy] C:\Documents and Settings\h\Local Settings\Application Data\idcmes\brdssftav.exe File not found
O4 - HKCU..\Run: [hyngcser] C:\Documents and Settings\h\Application Data\hmjfre\brtxsftav.exe File not found
O4 - HKCU..\Run: [hyvskejc] C:\Documents and Settings\h\Local Settings\Application Data\yjhhej\biffsftav.exe File not found
O4 - HKCU..\Run: [iqbhsble] C:\Documents and Settings\h\Application Data\hsfvqh\inwksftav.exe File not found
O4 - HKCU..\Run: [iqstkpgs] C:\Documents and Settings\h\Local Settings\Application Data\pvhtdc\iwkdsftav.exe File not found
O4 - HKCU..\Run: [isyuqqcj] C:\Documents and Settings\h\Local Settings\Application Data\dudrop\ffdhsftav.exe File not found
O4 - HKCU..\Run: [iytfikab] C:\Documents and Settings\h\Local Settings\Application Data\dhkcqb\bkipsftav.exe File not found
O4 - HKCU..\Run: [iyufjpxk] C:\Documents and Settings\h\Local Settings\Application Data\aaaoqx\bjoasftav.exe File not found
O4 - HKCU..\Run: [jpyfpspl] C:\Documents and Settings\h\Local Settings\Application Data\mhcxpn\ipiosftav.exe File not found
O4 - HKCU..\Run: [kpwrmygj] C:\Documents and Settings\h\Local Settings\Application Data\rffsbf\iqkysftav.exe File not found
O4 - HKCU..\Run: [otgnumqb] C:\Documents and Settings\h\Local Settings\Application Data\giocws\rbvxsftav.exe File not found
O4 - HKCU..\Run: [owcbdcyn] C:\Documents and Settings\h\Application Data\ibqleb\humnsftav.exe File not found
O4 - HKCU..\Run: [owlcmepq] C:\Documents and Settings\h\Local Settings\Application Data\yhvger\hmoasftav.exe File not found
O4 - HKCU..\Run: [owloloey] C:\Documents and Settings\h\Local Settings\Application Data\axonrg\hmyusftav.exe File not found
O4 - HKCU..\Run: [owtouquc] C:\Documents and Settings\h\Local Settings\Application Data\qetirv\hdbhsftav.exe File not found
O4 - HKCU..\Run: [pbyukyjl] C:\Documents and Settings\h\Local Settings\Application Data\svqvso\jlxtsftav.exe File not found
O4 - HKCU..\Run: [qvoloxep] C:\Documents and Settings\h\Local Settings\Application Data\chmmoj\hhyqsftav.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\teatimer.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ()
O4 - HKCU..\Run: [tuqiowqh] C:\Documents and Settings\h\Local Settings\Application Data\wliufl\ihgasftav.exe File not found
O4 - HKCU..\Run: [tuyhvtjb] C:\Documents and Settings\h\Local Settings\Application Data\pyxeef\iybbsftav.exe File not found
O4 - HKCU..\Run: [utghdqcu] C:\Documents and Settings\h\Local Settings\Application Data\jmoney\irwdsftav.exe File not found
O4 - HKCU..\Run: [uuxtuexj] C:\Documents and Settings\h\Application Data\rpqlrt\iakvsftav.exe File not found
O4 - HKCU..\Run: [Washer] C:\Program Files\Washer\washer.exe ()
O4 - HKCU..\Run: [wngqecdq] C:\Documents and Settings\h\Local Settings\Application Data\klojrw\bgbfsftav.exe File not found
O4 - HKCU..\Run: [wnodmohb] C:\Documents and Settings\h\Application Data\cimmec\bxnlsftav.exe File not found
O4 - HKCU..\Run: [wtxlyoot] C:\Documents and Settings\h\Local Settings\Application Data\sxssli\ffaesftav.exe File not found
O4 - HKCU..\Run: [Yahoo! Pager] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SafeConnect.lnk = C:\Program Files\SafeConnect\SCClient.exe (Impulse Point, LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe (Motive Communications, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1150832924960 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1228863417765 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/06/20 13:46:41 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: Broadcom Wireless Manager UI - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

[color=\"#E56717\"]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010/04/05 16:40:05 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\h\Desktop\OTL.exe
[2010/04/01 21:46:09 | 000,000,000 | ---D | C] -- C:\TrendMicro
[2010/03/31 21:25:03 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/03/30 23:50:23 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\rpcnet
[2010/03/30 23:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ivvipl
[2010/03/30 23:21:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/30 23:21:51 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/30 23:21:51 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/30 23:21:51 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/28 22:22:49 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2010/03/20 22:45:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\h\Recent
[2010/03/18 23:31:31 | 000,000,000 | ---D | C] -- C:\Program Files\AIM
[2010/03/18 23:31:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/03/18 10:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2010/03/12 14:41:21 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2010/03/10 18:21:01 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/03/08 16:35:23 | 001,230,616 | ---- | C] (Impulse Point, LLC) -- C:\Documents and Settings\h\Desktop\ServiceInstaller.exe
[2010/03/07 20:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2010/03/06 20:29:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\AIM Toolbar
[2010/03/06 20:29:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2010/03/06 20:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
[2010/03/06 18:22:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/03/04 10:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/03/03 15:48:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\AIM Toolbar
[2010/03/03 15:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Google
[2010/03/02 21:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/03/02 21:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/03/02 21:52:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/03/01 21:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/03/01 21:24:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/02/27 18:20:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/02/27 18:15:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/02/01 15:36:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/08/31 14:06:39 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/07/15 11:54:17 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/04/29 13:40:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/04/20 11:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2007/07/24 10:53:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intel
[2007/07/24 10:52:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=\"#E56717\"]========== Files - Modified Within 30 Days ==========[/color]

[2010/04/05 16:39:32 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\h\Desktop\OTL.exe
[2010/04/05 16:39:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/04/05 16:39:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/04/05 16:39:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/04/05 16:39:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/04/05 16:39:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/04/05 16:39:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/04/05 16:39:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/04/05 16:39:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/04/05 16:39:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/04/05 16:39:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/04/05 16:39:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/04/05 16:39:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/04/05 16:39:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/04/05 16:39:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/04/05 16:39:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/04/05 16:39:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/04/05 16:39:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/04/05 16:39:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/04/05 16:39:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/04/05 16:39:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/04/05 16:39:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/04/05 16:39:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/04/05 16:39:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/04/05 16:39:04 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/04/05 16:39:03 | 000,040,960 | ---- | M] () -- C:\WINDOWS\System32\fui.exe
[2010/04/05 16:39:01 | 000,040,960 | ---- | M] () -- C:\WINDOWS\System32\msiinfo32.exe
[2010/04/05 16:38:57 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\h\stsystra.exe
[2010/04/05 16:38:55 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\h\rundll32.exe
[2010/04/05 16:38:45 | 000,040,960 | ---- | M] () -- C:\WINDOWS\ivrnsftav.exe
[2010/04/05 16:36:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/05 16:36:34 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.exe
[2010/04/05 16:36:34 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/05 16:36:34 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/04/05 16:36:31 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.dll
[2010/04/05 16:36:29 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/05 16:36:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/01 22:30:16 | 009,437,184 | -H-- | M] () -- C:\Documents and Settings\h\NTUSER.DAT
[2010/04/01 22:30:16 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\h\ntuser.ini
[2010/04/01 22:30:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/01 22:29:59 | 004,303,472 | -H-- | M] () -- C:\Documents and Settings\h\Local Settings\Application Data\IconCache.db
[2010/04/01 21:46:10 | 000,001,946 | ---- | M] () -- C:\Documents and Settings\h\Desktop\HiJackThis.lnk
[2010/04/01 21:36:31 | 000,000,976 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1992757637-737350535-4160918168-1003UA.job
[2010/04/01 21:30:39 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\h\stsystra .exe
[2010/04/01 19:38:08 | 000,040,960 | ---- | M] () -- C:\WINDOWS\System32\fui .exe
[2010/04/01 19:38:06 | 000,040,960 | ---- | M] () -- C:\WINDOWS\System32\msiinfo32 .exe
[2010/04/01 19:38:02 | 000,040,960 | ---- | M] () -- C:\WINDOWS\System32\stsystra.exe
[2010/04/01 18:01:31 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.dll
[2010/03/30 23:29:56 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/30 23:29:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/30 23:18:17 | 003,906,159 | R--- | M] () -- C:\Documents and Settings\h\Desktop\ComboFix.exe
[2010/03/30 22:23:25 | 000,040,960 | ---- | M] () -- C:\WINDOWS\ivrnsftav .exe
[2010/03/29 22:37:32 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\h\Desktop\iExplore.exe
[2010/03/29 22:36:00 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\h\Desktop\rkill.com
[2010/03/29 22:18:15 | 000,000,373 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/03/28 14:11:26 | 000,000,124 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Control Panel.lnk
[2010/03/23 23:31:15 | 000,000,004 | ---- | M] () -- C:\Program Files\5034578.dat
[2010/03/23 23:31:11 | 000,000,004 | ---- | M] () -- C:\Program Files\5031437.dat
[2010/03/23 22:36:00 | 000,000,004 | ---- | M] () -- C:\Program Files\1719718.dat
[2010/03/23 21:36:00 | 000,000,004 | ---- | M] () -- C:\Program Files\1632406.dat
[2010/03/22 23:36:00 | 000,000,004 | ---- | M] () -- C:\Program Files\2000765.dat
[2010/03/21 21:36:00 | 000,000,004 | ---- | M] () -- C:\Program Files\5983640.dat
[2010/03/21 17:22:30 | 000,000,004 | ---- | M] () -- C:\Program Files\267531.dat
[2010/03/21 16:36:00 | 000,000,004 | ---- | M] () -- C:\Program Files\19239796.dat
[2010/03/21 02:41:06 | 000,000,004 | ---- | M] () -- C:\Program Files\6884187.dat
[2010/03/21 02:36:01 | 000,000,004 | ---- | M] () -- C:\Program Files\6578718.dat
[2010/03/21 01:36:00 | 000,000,004 | ---- | M] () -- C:\Program Files\2978281.dat
[2010/03/21 00:55:25 | 000,000,004 | ---- | M] () -- C:\Program Files\542703.dat
[2010/03/21 00:54:55 | 000,000,004 | ---- | M] () -- C:\Program Files\512703.dat
[2010/03/20 22:39:39 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\h\Desktop\CCleaner.lnk
[2010/03/19 10:36:01 | 000,000,924 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1992757637-737350535-4160918168-1003Core.job
[2010/03/19 09:50:17 | 000,528,518 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/19 09:50:17 | 000,446,158 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/19 09:50:17 | 000,073,884 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/18 23:32:11 | 000,000,722 | -H-- | M] () -- C:\IPH.PH
[2010/03/18 23:31:38 | 000,001,574 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/03/13 13:19:29 | 000,000,581 | ---- | M] () -- C:\WINDOWS\eReg.dat
[2010/03/12 18:02:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/03/12 14:41:22 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\h\Desktop\Revo Uninstaller.lnk
[2010/03/12 09:07:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100319-003403.backup
[2010/03/10 19:56:18 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2010/03/09 09:22:07 | 000,095,232 | ---- | M] () -- C:\Documents and Settings\h\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/09 05:42:00 | 000,016,605 | ---- | M] () -- C:\Documents and Settings\h\Desktop\CHAPTER 14 Mendel and the Gene Idea.docx
[2010/03/08 16:35:32 | 001,230,616 | ---- | M] (Impulse Point, LLC) -- C:\Documents and Settings\h\Desktop\ServiceInstaller.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=\"#E56717\"]========== Files Created - No Company Name ==========[/color]

[2010/04/05 16:38:55 | 000,040,960 | ---- | C] () -- C:\Documents and Settings\h\rundll32.exe
[2010/04/01 21:46:10 | 000,001,946 | ---- | C] () -- C:\Documents and Settings\h\Desktop\HiJackThis.lnk
[2010/04/01 21:30:39 | 000,040,960 | ---- | C] () -- C:\Documents and Settings\h\stsystra.exe
[2010/04/01 21:30:39 | 000,040,960 | ---- | C] () -- C:\Documents and Settings\h\stsystra .exe
[2010/04/01 19:38:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fui.exe
[2010/04/01 19:38:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fui .exe
[2010/04/01 19:38:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\msiinfo32.exe
[2010/04/01 19:38:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\msiinfo32 .exe
[2010/04/01 19:38:02 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\stsystra.exe
[2010/03/30 23:32:42 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/03/30 23:32:42 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/03/30 23:32:42 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/03/30 23:32:42 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/03/30 23:32:42 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/03/30 23:32:42 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/03/30 23:32:42 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/03/30 23:32:42 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/03/30 23:32:42 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/03/30 23:32:42 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/03/30 23:32:42 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/03/30 23:32:42 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/03/30 23:32:42 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/03/30 23:32:42 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/03/30 23:32:42 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/03/30 23:32:42 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/03/30 23:32:42 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/03/30 23:32:42 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/03/30 23:32:42 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/03/30 23:32:42 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/03/30 23:32:42 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/03/30 23:32:42 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/03/30 23:32:42 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/03/30 23:32:42 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/03/30 23:21:51 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/30 23:21:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/30 23:21:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/30 23:21:51 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/30 23:21:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/30 23:15:20 | 003,906,159 | R--- | C] () -- C:\Documents and Settings\h\Desktop\ComboFix.exe
[2010/03/29 22:39:43 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\h\Desktop\rkill.com
[2010/03/29 22:39:43 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\h\Desktop\iExplore.exe
[2010/03/28 14:11:26 | 000,000,124 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Control Panel.lnk
[2010/03/23 23:31:15 | 000,000,004 | ---- | C] () -- C:\Program Files\5034578.dat
[2010/03/23 23:31:11 | 000,000,004 | ---- | C] () -- C:\Program Files\5031437.dat
[2010/03/23 22:36:00 | 000,000,004 | ---- | C] () -- C:\Program Files\1719718.dat
[2010/03/23 22:13:31 | 000,040,960 | ---- | C] () -- C:\WINDOWS\ivrnsftav.exe
[2010/03/23 22:13:31 | 000,040,960 | ---- | C] () -- C:\WINDOWS\ivrnsftav .exe
[2010/03/23 21:36:00 | 000,000,004 | ---- | C] () -- C:\Program Files\1632406.dat
[2010/03/22 23:36:00 | 000,000,004 | ---- | C] () -- C:\Program Files\2000765.dat
[2010/03/21 21:36:00 | 000,000,004 | ---- | C] () -- C:\Program Files\5983640.dat
[2010/03/21 17:22:30 | 000,000,004 | ---- | C] () -- C:\Program Files\267531.dat
[2010/03/21 16:36:00 | 000,000,004 | ---- | C] () -- C:\Program Files\19239796.dat
[2010/03/21 02:41:06 | 000,000,004 | ---- | C] () -- C:\Program Files\6884187.dat
[2010/03/21 02:36:01 | 000,000,004 | ---- | C] () -- C:\Program Files\6578718.dat
[2010/03/21 01:36:00 | 000,000,004 | ---- | C] () -- C:\Program Files\2978281.dat
[2010/03/21 00:55:25 | 000,000,004 | ---- | C] () -- C:\Program Files\542703.dat
[2010/03/21 00:54:55 | 000,000,004 | ---- | C] () -- C:\Program Files\512703.dat
[2010/03/18 23:31:38 | 000,001,574 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/03/12 14:41:22 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\h\Desktop\Revo Uninstaller.lnk
[2010/03/09 09:22:25 | 000,016,605 | ---- | C] () -- C:\Documents and Settings\h\Desktop\CHAPTER 14 Mendel and the Gene Idea.docx
[2010/03/04 12:42:01 | 000,000,373 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/08/12 22:52:09 | 000,095,232 | ---- | C] () -- C:\Documents and Settings\h\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/08/14 11:32:56 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.dll
[2007/07/24 14:09:57 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2007/07/24 14:05:59 | 000,000,605 | ---- | C] () -- C:\WINDOWS\PCalcpro.ini
[2007/07/24 14:05:59 | 000,000,543 | ---- | C] () -- C:\WINDOWS\asc_sys.ini
[2007/07/24 14:05:58 | 000,000,182 | ---- | C] () -- C:\WINDOWS\medlrng.ini
[2007/07/24 14:05:51 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[2007/07/24 14:03:49 | 000,050,688 | ---- | C] () -- C:\WINDOWS\System32\iproc.dll
[2007/07/24 14:03:49 | 000,041,984 | ---- | C] () -- C:\WINDOWS\System32\iprocnt.dll
[2007/07/24 14:03:00 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\twdll.dll
[2007/07/24 14:03:00 | 000,000,134 | ---- | C] () -- C:\WINDOWS\awshkwv.ini
[2007/07/24 10:50:16 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2006/07/20 13:51:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/07/13 10:35:10 | 000,001,767 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/07/12 16:20:28 | 000,000,047 | ---- | C] () -- C:\WINDOWS\InoSetup.ini
[2006/06/21 13:42:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/20 15:24:01 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\ntuser.dat
[2006/06/20 15:24:01 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\ntuser.dat.LOG
[2006/06/20 14:11:33 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/06/20 14:11:32 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/06/20 14:04:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\Stac97co.dll
[2006/06/20 13:52:11 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\h\ntuser.ini
[2006/06/20 13:52:10 | 009,437,184 | -H-- | C] () -- C:\Documents and Settings\h\NTUSER.DAT
[2006/06/20 13:52:10 | 000,036,864 | -H-- | C] () -- C:\Documents and Settings\h\ntuser.dat.LOG

[color=\"#E56717\"]========== Custom Scans ==========[/color]

[color=\"#A23BEC\"]< %SYSTEMDRIVE%\*.exe >[/color]

[color=\"#A23BEC\"]< MD5 for: AGP440.SYS >[/color]
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/12/05 12:45:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/12/05 12:45:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

[color=\"#A23BEC\"]< MD5 for: ATAPI.SYS >[/color]
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/12/05 12:45:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/12/05 12:45:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2010/03/10 19:56:18 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2010/03/10 19:56:18 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2010/03/10 19:56:18 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2001/08/23 07:00:00 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\atapi.sys

[color=\"#A23BEC\"]< MD5 for: EVENTLOG.DLL >[/color]
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 00:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

[color=\"#A23BEC\"]< MD5 for: LOGEVENT.DLL >[/color]
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\logevent.dll

[color=\"#A23BEC\"]< MD5 for: NETLOGON.DLL >[/color]
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

[color=\"#A23BEC\"]< MD5 for: SCECLI.DLL >[/color]
[2004/08/04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

[color=\"#A23BEC\"]< %systemroot%\*. /mp /s >[/color]

[color=\"#A23BEC\"]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

[color=\"#A23BEC\"]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

[color=\"#A23BEC\"]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]

[color=\"#A23BEC\"]< %systemroot%\System32\config\*.sav >[/color]
[2006/06/20 08:31:03 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/06/20 08:31:03 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/06/20 08:31:02 | 000,405,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

[color=\"#E56717\"]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 266944 bytes -> C:\WINDOWS\Temp:temp
< End of report >

OTL Extras logfile created on: 4/5/2010 4:40:55 PM - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\h\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 446.00 Mb Available Physical Memory | 44.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 23.57 Gb Free Space | 63.27% Space Free | Partition Type: NTFS
D: Drive

guestolo · « **Reply #3 on:** April 06, 2010, 10:57:01 AM »

Download ComboFix from only this location

[color=\"#0000FF\"]Link [/color]
[color=\"#FF0000\"]Save it ONLY to your Desktop[/color]

--------------------------------------------------------------------
[color=\"#2E8B57\"]Temporarily Disable your AntiVirus/AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with this tool
[/color]

Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

[color=\"#2e8b57\"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
[/color]

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix will/may run again on startup, it will prompt that it's creating a log
This process could take up to 10 minutes, let it run uninterrupted please

Everlasting Death · « **Reply #4 on:** April 06, 2010, 09:40:13 PM »

ComboFix 10-04-05.06 - HSLaptop 04/06/2010 21:29:14.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.423 [GMT -5:00]
Running from: c:\documents and settings\h\Desktop\ComboFix.exe
AV: eTrust ITM *On-access scanning enabled* (Outdated) {33EA71EA-56CF-40B5-A06B-BD3A27397C44}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\h\rundll32.exe
c:\documents and settings\h\stsystra .exe
c:\documents and settings\h\stsystra.exe
c:\program files\Internet Explorer\js.mui
c:\program files\Internet Explorer\wmpscfgs.exe
c:\windows\ivrnsftav .exe
c:\windows\system32\ctfmon .exe
c:\windows\system32\fui .exe
c:\windows\system32\msiinfo32 .exe
c:\windows\system32\rundll32 .exe

.
((((((((((((((((((((((((( Files Created from 2010-03-07 to 2010-04-07 )))))))))))))))))))))))))))))))
.

2010-04-05 21:57 . 2010-04-05 21:57   --------   d-----w-   c:\windows\LastGood
2010-04-02 02:46 . 2010-04-02 02:46   388096   ----a-r-   c:\documents and settings\h\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-04-02 02:46 . 2010-04-02 02:46   --------   d-----w-   C:\TrendMicro
2010-04-02 00:38 . 2010-04-05 21:39   40960   ----a-w-   c:\windows\system32\fui.exe
2010-04-02 00:38 . 2010-04-05 21:39   40960   ----a-w-   c:\windows\system32\msiinfo32.exe
2010-04-02 00:38 . 2010-04-02 00:38   40960   ----a-w-   c:\windows\system32\stsystra.exe
2010-03-31 04:50 . 2010-03-31 04:51   --------   d--h--w-   c:\documents and settings\All Users\Application Data\rpcnet
2010-03-29 03:22 . 2010-03-29 03:22   --------   d-----w-   C:\VundoFix Backups
2010-03-24 04:31 . 2010-03-24 04:31   4   ----a-w-   c:\program files\5034578.dat
2010-03-24 04:31 . 2010-03-24 04:31   4   ----a-w-   c:\program files\5031437.dat
2010-03-24 03:36 . 2010-03-24 03:36   4   ----a-w-   c:\program files\1719718.dat
2010-03-24 03:13 . 2010-04-05 21:38   40960   ----a-w-   c:\windows\ivrnsftav.exe
2010-03-24 02:36 . 2010-03-24 02:36   4   ----a-w-   c:\program files\1632406.dat
2010-03-23 04:36 . 2010-03-23 04:36   4   ----a-w-   c:\program files\2000765.dat
2010-03-22 02:36 . 2010-03-22 02:36   4   ----a-w-   c:\program files\5983640.dat
2010-03-21 22:22 . 2010-03-21 22:22   4   ----a-w-   c:\program files\267531.dat
2010-03-21 21:36 . 2010-03-21 21:36   4   ----a-w-   c:\program files\19239796.dat
2010-03-21 07:41 . 2010-03-21 07:41   4   ----a-w-   c:\program files\6884187.dat
2010-03-21 07:36 . 2010-03-21 07:36   4   ----a-w-   c:\program files\6578718.dat
2010-03-21 06:36 . 2010-03-21 06:36   4   ----a-w-   c:\program files\2978281.dat
2010-03-21 05:55 . 2010-03-21 05:55   4   ----a-w-   c:\program files\542703.dat
2010-03-21 05:54 . 2010-03-21 05:54   4   ----a-w-   c:\program files\512703.dat
2010-03-21 04:07 . 2010-03-31 04:27   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\ivvipl
2010-03-19 15:53 . 2010-03-19 15:53   --------   d-sh--w-   c:\windows\system32\config\systemprofile\PrivacIE
2010-03-19 15:52 . 2010-03-19 15:52   --------   d-sh--w-   c:\windows\system32\config\systemprofile\IECompatCache
2010-03-19 04:31 . 2010-04-05 21:38   --------   d-----w-   c:\program files\AIM
2010-03-19 04:31 . 2010-03-19 04:31   --------   d-----w-   c:\program files\Common Files\Software Update Utility
2010-03-12 19:41 . 2010-03-12 19:41   --------   d-----w-   c:\program files\VS Revo Group
2010-03-10 23:21 . 2009-10-23 15:28   3558912   -c----w-   c:\windows\system32\dllcache\moviemk.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-07 02:16 . 2008-08-14 16:29   17408   ----a-w-   c:\windows\system32\rpcnetp.exe
2010-04-05 21:39 . 2010-01-30 19:50   --------   d-----w-   c:\program files\iTunes
2010-04-05 21:38 . 2009-08-12 23:45   --------   d-----w-   c:\program files\Washer
2010-04-05 21:38 . 2007-07-24 16:24   --------   d-----w-   c:\program files\Spybot - Search & Destroy
2010-04-05 21:36 . 2007-07-26 14:46   56680   ----a-w-   c:\windows\system32\rpcnet.dll
2010-04-02 00:05 . 2010-01-22 23:35   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-04-01 23:52 . 2006-06-20 21:16   --------   d-----w-   c:\program files\QuickTime
2010-04-01 23:01 . 2008-08-14 16:32   17408   ----a-w-   c:\windows\system32\rpcnetp.dll
2010-03-28 19:22 . 2007-07-24 16:24   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-21 03:39 . 2009-08-12 23:53   --------   d-----w-   c:\program files\CCleaner
2010-03-19 04:31 . 2010-01-28 02:03   --------   d-----w-   c:\program files\Common Files\AOL
2010-03-13 22:39 . 2009-07-20 21:56   --------   d-----w-   c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-13 18:19 . 2009-08-20 22:44   581   ----a-w-   c:\windows\eReg.dat
2010-03-13 18:09 . 2009-08-20 22:34   --------   d-----w-   c:\program files\Maxis
2010-03-11 23:25 . 2010-01-29 21:19   --------   d-----w-   c:\program files\SafeConnect
2010-03-11 00:56 . 2006-06-20 19:08   96512   ------w-   c:\windows\system32\drivers\atapi.sys
2010-03-04 14:34 . 2010-01-24 04:21   120   ----a-w-   c:\windows\Asufirol.dat
2010-03-04 14:34 . 2010-01-24 04:21   0   ----a-w-   c:\windows\Wkexaduj.bin
2010-03-03 20:48 . 2010-03-03 20:48   57344   ---h--w-   c:\documents and settings\NetworkService\jfufiwg.exe
2010-03-03 20:47 . 2010-03-03 20:47   552   ----a-w-   c:\windows\system32\d3d8caps.dat
2010-03-03 20:47 . 2010-03-03 20:47   664   ----a-w-   c:\windows\system32\d3d9caps.dat
2010-02-27 23:14 . 2010-02-27 18:42   --------   d-----w-   c:\program files\Google
2010-02-25 06:24 . 2001-08-23 12:00   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-02-17 00:37 . 2006-07-12 21:31   --------   d-----w-   c:\program files\Java
2010-02-17 00:36 . 2010-02-17 00:36   152576   ----a-w-   c:\documents and settings\h\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-02-17 00:36 . 2010-01-24 04:20   79488   ----a-w-   c:\documents and settings\h\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-30 19:55 . 2010-01-30 19:55   57588   ---ha-w-   c:\windows\system32\mlfcache.dat
2010-01-28 23:52 . 2008-10-10 14:57   52120   ----a-w-   c:\windows\system32\pkgmgr.dll
2010-01-26 15:37 . 2010-01-26 15:37   102400   ----a-w-   c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\aimtbres.dll
2010-01-17 23:20 . 2008-10-10 14:57   46488   ----a-w-   c:\windows\system32\pkgslv.exe
2010-01-07 22:07 . 2010-01-22 23:35   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2010-01-22 23:35   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
.

Code: [Select]

<pre>
c:\program files\AIM\aim					  .exe
c:\program files\AIM\aim					 .exe
c:\program files\BroadJump\Client Foundation\cfd .exe
c:\program files\CA\eTrustITM\realmon .exe
c:\program files\Creative\Sync Manager Unicode\ctsyncu .exe
c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\program files\Intel\Wireless\Bin\ifrmewrk .exe
c:\program files\Intel\Wireless\Bin\zcfgsvc .exe
c:\program files\iTunes\ituneshelper .exe
c:\program files\QuickTime\qttask														  .exe
c:\program files\SBC Self Support Tool\SmartBridge\motivesb .exe
c:\program files\Spybot - Search & Destroy\teatimer .exe
c:\program files\Washer\washer .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="1" [X]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2010-04-05 40960]
"Google Update"="c:\documents and settings\h\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-04-05 40960]
"Washer"="c:\program files\Washer\washer.exe" [2010-04-05 40960]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2010-04-05 40960]
"Aim"="c:\program files\aim\aim .exe" [2010-04-05 40960]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-05 40960]
"fbnafgfj"="c:\documents and settings\h\Local Settings\Application Data\knccac\lgtjsftav.exe" [N/A]
"wtxlyoot"="c:\documents and settings\h\Local Settings\Application Data\sxssli\ffaesftav.exe" [N/A]
"isyuqqcj"="c:\documents and settings\h\Local Settings\Application Data\dudrop\ffdhsftav.exe" [N/A]
"pbyukyjl"="c:\documents and settings\h\Local Settings\Application Data\svqvso\jlxtsftav.exe" [N/A]
"uuxtuexj"="c:\documents and settings\h\Application Data\rpqlrt\iakvsftav.exe" [N/A]
"tuyhvtjb"="c:\documents and settings\h\Local Settings\Application Data\pyxeef\iybbsftav.exe" [N/A]
"utghdqcu"="c:\documents and settings\h\Local Settings\Application Data\jmoney\irwdsftav.exe" [N/A]
"tuqiowqh"="c:\documents and settings\h\Local Settings\Application Data\wliufl\ihgasftav.exe" [N/A]
"iytfikab"="c:\documents and settings\h\Local Settings\Application Data\dhkcqb\bkipsftav.exe" [N/A]
"iyufjpxk"="c:\documents and settings\h\Local Settings\Application Data\aaaoqx\bjoasftav.exe" [N/A]
"hymsbdsy"="c:\documents and settings\h\Local Settings\Application Data\idcmes\brdssftav.exe" [N/A]
"hyvskejc"="c:\documents and settings\h\Local Settings\Application Data\yjhhej\biffsftav.exe" [N/A]
"hyngcser"="c:\documents and settings\h\Application Data\hmjfre\brtxsftav.exe" [N/A]
"hyfstgag"="c:\documents and settings\h\Local Settings\Application Data\ppmdey\bairsftav.exe" [N/A]
"gayhodqn"="c:\documents and settings\h\Local Settings\Application Data\rerysn\bgkfsftav.exe" [N/A]
"gyptfmos"="c:\documents and settings\h\Application Data\dogkfm\bprnsftav.exe" [N/A]
"fwmulnyt"="c:\documents and settings\h\Local Settings\Application Data\qqrmxc\yhtasftav.exe" [N/A]
"jpyfpspl"="c:\documents and settings\h\Local Settings\Application Data\mhcxpn\ipiosftav.exe" [N/A]
"kpwrmygj"="c:\documents and settings\h\Local Settings\Application Data\rffsbf\iqkysftav.exe" [N/A]
"iqbhsble"="c:\documents and settings\h\Application Data\hsfvqh\inwksftav.exe" [N/A]
"iqstkpgs"="c:\documents and settings\h\Local Settings\Application Data\pvhtdc\iwkdsftav.exe" [N/A]
"hqdhugjo"="c:\documents and settings\h\Local Settings\Application Data\ektiqe\indusftav.exe" [N/A]
"hqcutqwv"="c:\documents and settings\h\Local Settings\Application Data\gbmoes\inmpsftav.exe" [N/A]
"hqtulted"="c:\windows\ivrnsftav.exe" [2010-04-05 40960]
"gqeivkgx"="c:\documents and settings\h\Local Settings\Application Data\bdjtrb\imkfsftav.exe" [N/A]
"qvoloxep"="c:\documents and settings\h\Local Settings\Application Data\chmmoj\hhyqsftav.exe" [N/A]
"owloloey"="c:\documents and settings\h\Local Settings\Application Data\axonrg\hmyusftav.exe" [N/A]
"owtouquc"="c:\documents and settings\h\Local Settings\Application Data\qetirv\hdbhsftav.exe" [N/A]
"owcbdcyn"="c:\documents and settings\h\Application Data\ibqleb\humnsftav.exe" [N/A]
"owlcmepq"="c:\documents and settings\h\Local Settings\Application Data\yhvger\hmoasftav.exe" [N/A]
"wnodmohb"="c:\documents and settings\h\Application Data\cimmec\bxnlsftav.exe" [N/A]
"wngqecdq"="c:\documents and settings\h\Local Settings\Application Data\klojrw\bgbfsftav.exe" [N/A]
"otgnumqb"="c:\documents and settings\h\Local Settings\Application Data\giocws\rbvxsftav.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"fui"="c:\windows\system32\fui.exe \u" [X]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2010-04-05 40960]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2010-04-02 40960]
"SigmatelSysTrayApp"="stsystra.exe" [2010-04-02 40960]
"Realtime Monitor"="c:\program files\CA\eTrustITM\realmon.exe" [2010-04-05 40960]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2010-04-05 40960]
"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2010-04-05 40960]
"msiinfo32"="c:\windows\system32\msiinfo32.exe" [2010-04-05 40960]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-05 40960]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
SafeConnect.lnk - c:\program files\SafeConnect\scClient.exe [2007-11-13 297240]
SBC Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2009-8-12 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2005-12-19 14:08 1347584 ----a-w- c:\windows\system32\WLTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CA\\eTrustITM\\InoRpc.exe"=
"c:\\Program Files\\CA\\eTrustITM\\Realmon.exe"=
"c:\\Program Files\\CA\\eTrustITM\\Shellscn.exe"=
"c:\\Program Files\\CA\\SharedComponents\\iTechnology\\igateway.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\NetworkService\\jfufiwg.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 LogWatch;Event Log Watch;c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe [9/19/2002 7:29 PM 53248]
R2 rpcld;Remote Procedure Call (RPC) LD;c:\documents and settings\All Users\Application Data\rpcnet\Bin\rpcld.exe [3/30/2010 11:50 PM 185776]
R2 SCManager;SafeConnect Manager;c:\program files\SafeConnect\scManager.sys servicestart --> c:\program files\SafeConnect\scManager.sys servicestart [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/27/2010 6:14 PM 135664]
S3 CA_LIC_CLNT;CA License Client;c:\program files\CA\SharedComponents\CA_LIC\lic98rmt.exe [9/19/2002 7:27 PM 77824]
S3 CA_LIC_SRVR;CA License Server;c:\program files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [9/19/2002 7:41 PM 77824]
.
Contents of the 'Scheduled Tasks' folder

2010-02-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 23:14]

2010-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 23:14]

2010-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1992757637-737350535-4160918168-1003Core.job
- c:\documents and settings\h\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-09 21:38]

2010-04-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1992757637-737350535-4160918168-1003UA.job
- c:\documents and settings\h\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-09 21:38]

2010-04-05 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\h\Application Data\Mozilla\Firefox\Profiles\x2uxm7cb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.Email Removed/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.Email Removed/slirs_http/sredir?invocationType=bu10aiminstabie7&sredir=2706&query=
FF - plugin: c:\documents and settings\h\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-06 21:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,85,8f,5a,fd,53,c2,c6,4c,bc,ef,ec,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,85,8f,5a,fd,53,c2,c6,4c,bc,ef,ec,\

[HKEY_LOCAL_MACHINE\software\INTEL\Wireless\Folders\*& 2*]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(832)
c:\windows\system32\igfxdev.dll
.
Completion time: 2010-04-06 21:36:24
ComboFix-quarantined-files.txt 2010-04-07 02:36
ComboFix2.txt 2010-03-31 04:35
ComboFix3.txt 2010-03-12 14:14
ComboFix4.txt 2010-03-11 23:29
ComboFix5.txt 2010-04-07 02:28

Pre-Run: 25,258,790,912 bytes free
Post-Run: 25,231,368,192 bytes free

- - End Of File - - 760E6911D81D5615B940FFCD65EE7916

guestolo · « **Reply #5 on:** April 06, 2010, 10:05:04 PM »

Go [color=\"#FF0000\"]HERE[/color] to run an online scannner from ESET

~~NOTE: I suggest you temporarily disable your realtime protection with your AntiVirus so it won't interfere, simply right click Avira icon by the clock and Disable the Guard~~

If you are not using IE, then save the installer to desktop

If you saved the installer to desktop,

Double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
[/list]
Regardless if running online, or saved the installer, do the next steps if required

Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the ActiveX control to install.
Click Start
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings and ensure these options are ticked:
o Scan for potentially unwanted applications
o Scan for potentially unsafe applications
o Enable Anti-Stealth Technology
Click Scan
Wait for the scan to finish.
Use [color=\"#0000FF\"]Notepad[/color] to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Copy/paste that log as a reply to this topic and also let me know how things are now.

In addition, can you reopen OTL.exe, run a fresh Scan and post back the log that opens

Everlasting Death · « **Reply #6 on:** April 06, 2010, 10:31:05 PM »

It says "Can not get update. Is proxy configured?"
I already disabled the proxy on IE

Also, when I ran combofix it kept saying eTrust ITM was running, but I disabled it (with some struggle might I add)

guestolo · « **Reply #7 on:** April 06, 2010, 10:37:30 PM »

Use Firefox, download esetsmartinstaller_enu.exe to desktop and then run the offline installer and follow the instructions

Everlasting Death · « **Reply #8 on:** April 06, 2010, 10:39:07 PM »

I tried both in IE and with the installer. Now, it's magically working

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/ohmy.gif\' class=\'bbc_emoticon\' alt=\'

\' />

It made it to 100% in downloading, then said "Unexpected error 2002"

and if I retry, it gives me the proxy error again

Everlasting Death · « **Reply #9 on:** April 07, 2010, 05:37:08 PM »

wmpscfg.exe still shows up in "C:/Program Files/Internet Explorer"

ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=cd6f8d4a8e430743991ed5e192b0fdcd
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-04-07 06:01:23
# local_time=2010-04-07 01:01:23 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=76464
# found=61
# cleaned=0
# scan_time=6172
C:\Documents and Settings\h\Local Settings\Application Data\Google\Update\googleupdate.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Documents and Settings\h\Local Settings\temp\wmpscfgs.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Documents and Settings\NetworkService\jfufiwg.exe   a variant of Win32/Kryptik.CQG trojan   00000000000000000000000000000000   I
C:\Documents and Settings\NetworkService\Local Settings\Application Data\ivvipl\vodysftav .exe   a variant of Win32/Kryptik.DHW trojan   00000000000000000000000000000000   I
C:\Program Files\Adobe\315781.old   a variant of Win32/Kryptik.CZR trojan   00000000000000000000000000000000   I
C:\Program Files\Adobe\320718.old   a variant of Win32/Kryptik.CZR trojan   00000000000000000000000000000000   I
C:\Program Files\Adobe\733968.old   a variant of Win32/Kryptik.CZR trojan   00000000000000000000000000000000   I
C:\Program Files\Adobe\80870343.old   a variant of Win32/Kryptik.CZR trojan   00000000000000000000000000000000   I
C:\Program Files\AIM\aim .exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\AIM\aim .exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\BroadJump\Client Foundation\cfd.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\CA\eTrustITM\realmon.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\Creative\Sync Manager Unicode\ctsyncu.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\Google\GoogleToolbarNotifier\googletoolbarnotifier.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\Intel\Wireless\Bin\zcfgsvc.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\Internet Explorer\js.mui   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\Internet Explorer\wmpscfgs.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\iTunes\ituneshelper.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\SBC Self Support Tool\SmartBridge\motivesb.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\Spybot - Search & Destroy\rundll32.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\Spybot - Search & Destroy\stsystra.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\Spybot - Search & Destroy\teatimer.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\Spybot - Search & Destroy\teatimer.exe.delme136   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\Washer\washer.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\Documents and Settings\h\rundll32 .exe.vir   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\Documents and Settings\h\rundll32.exe.vir   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\Documents and Settings\h\stsystra .exe.vir   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\Documents and Settings\h\stsystra.exe.vir   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\Documents and Settings\h\Local Settings\Application Data\xpqubr\nvtvsftav.exe.vir   Win32/Adware.SpywareProtect2009 application   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\twhto.exe.vir   Win32/Agent.OSE trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Local Settings\Application Data\ivvipl\vodysftav.exe.vir   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\Program Files\Adobe\acrotray .exe.vir   a variant of Win32/Kryptik.CZR trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\js.mui.vir   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\wmpscfgs.exe.vir   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\Program Files\Windows Police Pro\tmp\wispex.html.vir   Win32/Adware.WinAntiVirus application   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\ivrnsftav .exe.vir   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\0034.DLL.vir   Win32/Witkinat.A trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\0037.DLL.vir   a variant of Win32/Witkinat.A trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\0038.DLL.vir   Win32/Witkinat.A trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\app_dll.dll.vir   Win32/TrojanDownloader.Unruy.BI trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\critical_warning.html.vir   Win32/TrojanDownloader.FakeAlert.ADG trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\fui .exe.vir   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\meseleru.dll.vir   a variant of Win32/Kryptik.AJK trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\msiinfo32 .exe.vir   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\rotscxputowehw.dll.vir   a variant of Win32/Kryptik.AHG trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\rotscxrmhfttqi.dll.vir   a variant of Win32/Kryptik.AHG trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\stsystra .exe.vir   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACptrapxmlto.dll.vir   a variant of Win32/Kryptik.BKV trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\wexe.exe.vir   probably a variant of Win32/Witkinat.A trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\WORK.DAT.vir   Win32/Witkinat.A trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\~.exe.vir   a variant of Win32/Kryptik.BVA trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir   Win32/Olmarik.VM trojan   00000000000000000000000000000000   I
C:\WINDOWS\ivrnsftav .exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\WINDOWS\ivrnsftav.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\WINDOWS\system32\fui .exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\WINDOWS\system32\fui.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\WINDOWS\system32\msiinfo32 .exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\WINDOWS\system32\msiinfo32.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\WINDOWS\system32\stsystra.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
${Memory}   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I

OTL logfile created on: 4/7/2010 5:35:00 PM - Run 2
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\h\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 425.00 Mb Available Physical Memory | 42.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 23.42 Gb Free Space | 62.88% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 968.65 Mb Total Space | 933.91 Mb Free Space | 96.41% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RLCHS-838196
Current User Name: HSLaptop
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=\"#E56717\"]========== Processes (SafeList) ==========[/color]

PRC - [2010/04/05 16:39:32 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\h\Desktop\OTL.exe
PRC - [2010/04/05 16:38:16 | 000,040,960 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy\teatimer.exe
PRC - [2010/02/27 13:42:55 | 000,039,408 | ---- | M] (Google Inc.) -- c:\Program Files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
PRC - [2010/01/29 16:19:33 | 000,297,240 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\SCClient.exe
PRC - [2010/01/29 16:19:32 | 000,128,280 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\scManager.sys
PRC - [2010/01/15 22:09:37 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/12 17:33:10 | 000,141,600 | ---- | M] (Apple Inc.) -- c:\Program Files\iTunes\ituneshelper .exe
PRC - [2009/10/02 10:58:10 | 000,185,776 | ---- | M] (Absolute Software Corp.) -- C:\Documents and Settings\All Users\Application Data\rpcnet\Bin\rpcld.exe
PRC - [2009/07/08 12:55:23 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\system32\rpcnet.exe
PRC - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/05 07:57:24 | 000,106,496 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
PRC - [2006/10/18 18:05:18 | 000,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006/10/18 18:04:28 | 000,802,816 | ---- | M] (Intel Corporation) -- c:\Program Files\Intel\Wireless\Bin\zcfgsvc .exe
PRC - [2006/10/18 18:01:34 | 000,290,816 | ---- | M] (IntelÂ® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2006/10/18 17:58:16 | 000,696,320 | ---- | M] (Intel Corporation) -- c:\Program Files\Intel\Wireless\Bin\ifrmewrk .exe
PRC - [2006/10/18 17:56:52 | 000,946,176 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2006/10/18 17:53:24 | 000,479,232 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/10/18 17:49:52 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2006/09/28 20:09:14 | 000,700,416 | ---- | M] () -- c:\Program Files\Creative\Sync Manager Unicode\ctsyncu .exe
PRC - [2006/06/29 03:19:03 | 002,371,584 | ---- | M] (Motive, Inc.) -- C:\Program Files\SBC Self Support Tool\bin\mad.exe
PRC - [2005/08/24 07:51:18 | 000,442,455 | ---- | M] (Motive, Inc.) -- c:\Program Files\SBC Self Support Tool\SmartBridge\motivesb .exe
PRC - [2003/10/10 09:06:12 | 000,245,760 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\SBC Self Support Tool\AsstCommon\MotiveDirectory.exe
PRC - [2002/09/19 19:29:28 | 000,053,248 | ---- | M] (Computer Associates) -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
PRC - [2002/09/10 21:26:26 | 000,368,706 | ---- | M] () -- c:\Program Files\BroadJump\Client Foundation\cfd .exe
PRC - [2002/08/15 04:07:02 | 000,428,544 | ---- | M] (Webroot Software, Inc.) -- c:\Program Files\Washer\washer .exe

[color=\"#E56717\"]========== Modules (SafeList) ==========[/color]

MOD - [2010/04/05 16:39:32 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\h\Desktop\OTL.exe
MOD - [2005/06/03 09:23:28 | 000,122,880 | ---- | M] (Motive Communications, Inc.) -- c:\Program Files\SBC Self Support Tool\SmartBridge\SBHook.dll

[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [On_Demand | Stopped] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/01/29 16:19:32 | 000,128,280 | ---- | M] (Impulse Point, LLC) [Auto | Running] -- C:\Program Files\SafeConnect\scManager.sys -- (SCManager)
SRV - [2009/10/02 10:58:10 | 000,185,776 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\rpcnet\Bin\rpcld.exe -- (rpcld) Remote Procedure Call (RPC)
SRV - [2009/07/08 12:55:23 | 000,056,680 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\WINDOWS\system32\rpcnet.exe -- (Rpcnet) Remote Procedure Call (RPC)
SRV - [2009/04/29 13:36:49 | 000,380,928 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CA\eTrustITM\InoTask.exe -- (InoTask)
SRV - [2009/04/29 13:36:49 | 000,192,512 | ---- | M] (CA) [Auto | Stopped] -- C:\Program Files\CA\eTrustITM\InoRpc.exe -- (InoRPC)
SRV - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/02/25 16:35:34 | 000,208,896 | ---- | M] (CA) [Auto | Stopped] -- C:\Program Files\CA\eTrustITM\InoRT.exe -- (InoRT)
SRV - [2009/02/06 18:08:58 | 000,533,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2007/02/05 07:57:24 | 000,106,496 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe -- (iGateway)
SRV - [2006/10/18 18:05:18 | 000,434,176 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) IntelÂ®
SRV - [2006/10/18 18:01:34 | 000,290,816 | ---- | M] (IntelÂ® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) IntelÂ®
SRV - [2006/10/18 17:56:52 | 000,946,176 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) IntelÂ®
SRV - [2006/10/18 17:49:52 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) IntelÂ®
SRV - [2002/09/19 19:41:00 | 000,077,824 | ---- | M] (Computer Associates) [On_Demand | Stopped] -- C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe -- (CA_LIC_SRVR)
SRV - [2002/09/19 19:29:28 | 000,053,248 | ---- | M] (Computer Associates) [Auto | Running] -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe -- (LogWatch)
SRV - [2002/09/19 19:27:04 | 000,077,824 | ---- | M] (Computer Associates) [On_Demand | Stopped] -- C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe -- (CA_LIC_CLNT)

[color=\"#E56717\"]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2009/02/06 18:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows Â® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/10/18 21:14:32 | 000,184,080 | ---- | M] (Computer Associates) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\ino_fltr.sys -- (INO_FLTR)
DRV - [2007/08/06 22:07:02 | 000,027,536 | ---- | M] (Computer Associates) [File_System | Boot | Running] -- C:\WINDOWS\system32\Drivers\ino_flpy.sys -- (INO_FLPY)
DRV - [2007/03/30 21:34:14 | 005,704,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/10/19 09:29:22 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/10/17 11:55:28 | 001,711,104 | ---- | M] (IntelÂ® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32) IntelÂ®
DRV - [2006/04/05 19:38:22 | 002,208,512 | ---- | M] (IntelÂ® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) IntelÂ®
DRV - [2006/04/04 03:17:24 | 001,429,632 | ---- | M] (IntelÂ® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) IntelÂ®
DRV - [2006/03/24 17:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/07/22 11:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 11:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/22 11:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/10 16:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2004/05/26 15:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]

[color=\"#E56717\"]========== Internet Explorer ==========[/color]

IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)

IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=\"#E56717\"]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.Email Removed/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.selectedEngine: "AIM Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.9.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.7.1
FF - prefs.js..keyword.URL: "http://slirsredirect.search.Email Removed/slirs_http/sredir?invocationType=bu10aiminstabie7&sredir=2706&query="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/07 22:56:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/07 22:56:00 | 000,000,000 | ---D | M]

[2010/02/07 22:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\h\Application Data\Mozilla\Extensions
[2010/04/06 21:47:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\x2uxm7cb.default\extensions
[2009/08/22 12:44:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\x2uxm7cb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/05 16:38:17 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\x2uxm7cb.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/27 21:03:31 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\x2uxm7cb.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/04/05 16:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\x2uxm7cb.default\extensions\[email protected]
[2010/03/18 23:31:39 | 000,001,490 | ---- | M] () -- C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\x2uxm7cb.default\searchplugins\AIM Search.xml
[2010/01/28 00:59:11 | 000,004,546 | ---- | M] () -- C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\x2uxm7cb.default\searchplugins\aim-search.xml
[2010/04/06 21:47:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/18 23:31:39 | 000,001,490 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\AIM Search.xml

O1 HOSTS File: ([2010/03/30 23:29:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\cfd.exe ()
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [fui] C:\WINDOWS\System32\fui.exe ()
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe ()
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe ()
O4 - HKLM..\Run: [Motive SmartBridge] C:\Program Files\SBC Self Support Tool\SmartBridge\motivesb.exe ()
O4 - HKLM..\Run: [msiinfo32] C:\WINDOWS\system32\msiinfo32.exe ()
O4 - HKLM..\Run: [Realtime Monitor] C:\Program Files\CA\eTrustITM\realmon.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\System32\stsystra.exe ()
O4 - HKCU..\Run: [Aim] c:\program files\aim\aim .exe ()
O4 - HKCU..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKCU..\Run: [hqtulted] C:\WINDOWS\ivrnsftav.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\teatimer.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ()
O4 - HKCU..\Run: [Washer] C:\Program Files\Washer\washer.exe ()
O4 - HKCU..\Run: [Yahoo! Pager] File not found
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SafeConnect.lnk = C:\Program Files\SafeConnect\SCClient.exe (Impulse Point, LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe (Motive Communications, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1150832924960 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1228863417765 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=\"#E56717\"]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010/04/06 23:10:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\h\Recent
[2010/04/06 23:10:05 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/06 22:19:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/04/06 21:28:16 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/04/05 16:57:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/04/05 16:40:05 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\h\Desktop\OTL.exe
[2010/04/01 21:46:09 | 000,000,000 | ---D | C] -- C:\TrendMicro
[2010/03/30 23:50:23 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\rpcnet
[2010/03/30 23:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ivvipl
[2010/03/30 23:21:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/30 23:21:51 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/30 23:21:51 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/30 23:21:51 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/28 22:22:49 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2010/03/18 23:31:31 | 000,000,000 | ---D | C] -- C:\Program Files\AIM
[2010/03/18 23:31:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/03/18 10:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2010/03/12 14:41:21 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2010/03/10 18:21:01 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/03/07 20:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2010/03/06 20:29:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\AIM Toolbar
[2010/03/06 20:29:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2010/03/06 20:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
[2010/03/06 18:22:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/03/04 10:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/03/03 15:48:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\AIM Toolbar
[2010/03/03 15:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Google
[2010/03/02 21:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/03/02 21:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/03/02 21:52:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/03/01 21:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/03/01 21:24:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/02/27 18:20:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/02/27 18:15:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/02/01 15:36:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/08/31 14:06:39 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/07/15 11:54:17 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/04/29 13:40:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/04/20 11:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2007/07/24 10:53:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intel
[2007/07/24 10:52:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=\"#E56717\"]========== Files - Modified Within 30 Days ==========[/color]

[2010/04/07 17:36:33 | 000,000,976 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1992757637-737350535-4160918168-1003UA.job
[2010/04/07 17:31:54 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.exe
[2010/04/07 01:00:32 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/04/07 00:30:04 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/07 00:02:37 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/04/06 23:00:31 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/04/06 21:38:29 | 000,040,960 | ---- | M] () -- C:\WINDOWS\System32\fui.exe
[2010/04/06 21:38:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/04/06 21:38:27 | 000,040,960 | ---- | M] () -- C:\WINDOWS\System32\msiinfo32.exe
[2010/04/06 21:38:10 | 000,040,960 | ---- | M] () -- C:\WINDOWS\ivrnsftav.exe
[2010/04/06 21:36:25 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/06 21:34:25 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/06 21:25:31 | 003,908,251 | R--- | M] () -- C:\Documents and Settings\h\Desktop\ComboFix.exe
[2010/04/05 16:39:32 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\h\Desktop\OTL.exe
[2010/04/05 16:39:03 | 000,040,960 | ---- | M] () -- C:\WINDOWS\System32\fui .exe
[2010/04/05 16:39:01 | 000,040,960 | ---- | M] () -- C:\WINDOWS\System32\msiinfo32 .exe
[2010/04/05 16:38:45 | 000,040,960 | ---- | M] () -- C:\WINDOWS\ivrnsftav .exe
[2010/04/05 16:36:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/05 16:36:34 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/05 16:36:34 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/04/05 16:36:31 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.dll
[2010/04/05 16:36:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/01 22:30:16 | 009,437,184 | -H-- | M] () -- C:\Documents and Settings\h\NTUSER.DAT
[2010/04/01 22:30:16 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\h\ntuser.ini
[2010/04/01 22:29:59 | 004,303,472 | -H-- | M] () -- C:\Documents and Settings\h\Local Settings\Application Data\IconCache.db
[2010/04/01 21:46:10 | 000,001,946 | ---- | M] () -- C:\Documents and Settings\h\Desktop\HiJackThis.lnk
[2010/04/01 19:38:02 | 000,040,960 | ---- | M] () -- C:\WINDOWS\System32\stsystra.exe
[2010/04/01 18:01:31 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.dll
[2010/03/30 23:29:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/29 22:37:32 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\h\Desktop\iExplore.exe
[2010/03/29 22:36:00 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\h\Desktop\rkill.com
[2010/03/29 22:18:15 | 000,000,373 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/03/28 14:11:26 | 000,000,124 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Control Panel.lnk
[2010/03/23 23:31:15 | 000,000,004 | ---- | M] () -- C:\Program Files\5034578.dat
[2010/03/23 23:31:11 | 000,000,004 | ---- | M] () -- C:\Program Files\5031437.dat
[2010/03/23 22:36:00 | 000,000,004 | ---- | M] () -- C:\Program Files\1719718.dat
[2010/03/23 21:36:00 | 000,000,004 | ---- | M] () -- C:\Program Files\1632406.dat
[2010/03/22 23:36:00 | 000,000,004 | ---- | M] () -- C:\Program Files\2000765.dat
[2010/03/21 21:36:00 | 000,000,004 | ---- | M] () -- C:\Program Files\5983640.dat
[2010/03/21 17:22:30 | 000,000,004 | ---- | M] () -- C:\Program Files\267531.dat
[2010/03/21 16:36:00 | 000,000,004 | ---- | M] () -- C:\Program Files\19239796.dat
[2010/03/21 02:41:06 | 000,000,004 | ---- | M] () -- C:\Program Files\6884187.dat
[2010/03/21 02:36:01 | 000,000,004 | ---- | M] () -- C:\Program Files\6578718.dat
[2010/03/21 01:36:00 | 000,000,004 | ---- | M] () -- C:\Program Files\2978281.dat
[2010/03/21 00:55:25 | 000,000,004 | ---- | M] () -- C:\Program Files\542703.dat
[2010/03/21 00:54:55 | 000,000,004 | ---- | M] () -- C:\Program Files\512703.dat
[2010/03/20 22:39:39 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\h\Desktop\CCleaner.lnk
[2010/03/19 10:36:01 | 000,000,924 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1992757637-737350535-4160918168-1003Core.job
[2010/03/19 09:50:17 | 000,528,518 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/19 09:50:17 | 000,446,158 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/19 09:50:17 | 000,073,884 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/18 23:32:11 | 000,000,722 | -H-- | M] () -- C:\IPH.PH
[2010/03/18 23:31:38 | 000,001,574 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/03/13 13:19:29 | 000,000,581 | ---- | M] () -- C:\WINDOWS\eReg.dat
[2010/03/12 18:02:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/03/12 14:41:22 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\h\Desktop\Revo Uninstaller.lnk
[2010/03/12 09:07:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100319-003403.backup
[2010/03/10 19:56:18 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2010/03/09 09:22:07 | 000,095,232 | ---- | M] () -- C:\Documents and Settings\h\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/09 05:42:00 | 000,016,605 | ---- | M] () -- C:\Documents and Settings\h\Desktop\CHAPTER 14 Mendel and the Gene Idea.docx
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=\"#E56717\"]========== Files Created - No Company Name ==========[/color]

[2010/04/06 21:38:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/04/06 21:38:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/04/01 21:46:10 | 000,001,946 | ---- | C] () -- C:\Documents and Settings\h\Desktop\HiJackThis.lnk
[2010/04/01 19:38:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fui.exe
[2010/04/01 19:38:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\fui .exe
[2010/04/01 19:38:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\msiinfo32.exe
[2010/04/01 19:38:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\msiinfo32 .exe
[2010/04/01 19:38:02 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\stsystra.exe
[2010/03/30 23:21:51 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/30 23:21:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/30 23:21:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/30 23:21:51 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/30 23:21:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/30 23:15:20 | 003,908,251 | R--- | C] () -- C:\Documents and Settings\h\Desktop\ComboFix.exe
[2010/03/29 22:39:43 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\h\Desktop\rkill.com
[2010/03/29 22:39:43 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\h\Desktop\iExplore.exe
[2010/03/28 14:11:26 | 000,000,124 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Control Panel.lnk
[2010/03/23 23:31:15 | 000,000,004 | ---- | C] () -- C:\Program Files\5034578.dat
[2010/03/23 23:31:11 | 000,000,004 | ---- | C] () -- C:\Program Files\5031437.dat
[2010/03/23 22:36:00 | 000,000,004 | ---- | C] () -- C:\Program Files\1719718.dat
[2010/03/23 22:13:31 | 000,040,960 | ---- | C] () -- C:\WINDOWS\ivrnsftav.exe
[2010/03/23 22:13:31 | 000,040,960 | ---- | C] () -- C:\WINDOWS\ivrnsftav .exe
[2010/03/23 21:36:00 | 000,000,004 | ---- | C] () -- C:\Program Files\1632406.dat
[2010/03/22 23:36:00 | 000,000,004 | ---- | C] () -- C:\Program Files\2000765.dat
[2010/03/21 21:36:00 | 000,000,004 | ---- | C] () -- C:\Program Files\5983640.dat
[2010/03/21 17:22:30 | 000,000,004 | ---- | C] () -- C:\Program Files\267531.dat
[2010/03/21 16:36:00 | 000,000,004 | ---- | C] () -- C:\Program Files\19239796.dat
[2010/03/21 02:41:06 | 000,000,004 | ---- | C] () -- C:\Program Files\6884187.dat
[2010/03/21 02:36:01 | 000,000,004 | ---- | C] () -- C:\Program Files\6578718.dat
[2010/03/21 01:36:00 | 000,000,004 | ---- | C] () -- C:\Program Files\2978281.dat
[2010/03/21 00:55:25 | 000,000,004 | ---- | C] () -- C:\Program Files\542703.dat
[2010/03/21 00:54:55 | 000,000,004 | ---- | C] () -- C:\Program Files\512703.dat
[2010/03/18 23:31:38 | 000,001,574 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/03/12 14:41:22 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\h\Desktop\Revo Uninstaller.lnk
[2010/03/09 09:22:25 | 000,016,605 | ---- | C] () -- C:\Documents and Settings\h\Desktop\CHAPTER 14 Mendel and the Gene Idea.docx
[2010/03/04 12:42:01 | 000,000,373 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/08/12 22:52:09 | 000,095,232 | ---- | C] () -- C:\Documents and Settings\h\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/08/14 11:32:56 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.dll
[2007/07/24 14:09:57 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2007/07/24 14:05:59 | 000,000,605 | ---- | C] () -- C:\WINDOWS\PCalcpro.ini
[2007/07/24 14:05:59 | 000,000,543 | ---- | C] () -- C:\WINDOWS\asc_sys.ini
[2007/07/24 14:05:58 | 000,000,182 | ---- | C] () -- C:\WINDOWS\medlrng.ini
[2007/07/24 14:05:51 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[2007/07/24 14:03:49 | 000,050,688 | ---- | C] () -- C:\WINDOWS\System32\iproc.dll
[2007/07/24 14:03:49 | 000,041,984 | ---- | C] () -- C:\WINDOWS\System32\iprocnt.dll
[2007/07/24 14:03:00 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\twdll.dll
[2007/07/24 14:03:00 | 000,000,134 | ---- | C] () -- C:\WINDOWS\awshkwv.ini
[2007/07/24 10:50:16 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2006/07/20 13:51:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/07/13 10:35:10 | 000,001,767 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/07/12 16:20:28 | 000,000,047 | ---- | C] () -- C:\WINDOWS\InoSetup.ini
[2006/06/21 13:42:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/20 15:24:01 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\ntuser.dat
[2006/06/20 15:24:01 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\ntuser.dat.LOG
[2006/06/20 14:11:33 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/06/20 14:11:32 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/06/20 14:04:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\Stac97co.dll
[2006/06/20 13:52:11 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\h\ntuser.ini
[2006/06/20 13:52:10 | 009,437,184 | -H-- | C] () -- C:\Documents and Settings\h\NTUSER.DAT
[2006/06/20 13:52:10 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\h\ntuser.dat.LOG

[color=\"#E56717\"]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 266944 bytes -> C:\WINDOWS\Temp:temp
< End of report >

guestolo · « **Reply #10 on:** April 11, 2010, 11:14:27 AM »

sorry for the delay, I was out of town for a few days
Do you still need a hand?

Everlasting Death · « **Reply #11 on:** April 12, 2010, 11:06:49 AM »

I do still require some assistance

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' /> I really don't notice any physical symptoms of a virus, although the files are still there.

guestolo · « **Reply #12 on:** April 13, 2010, 09:11:23 PM »

As Spybot's TeaTimer will interfere with any fixes, and it is corrupt
Can you do the following
Open Spybot and click on Mode and check Advanced Mode
Check yes to next window.
Click on Tools in bottom left hand corner.
Click on Resident icon.
Uncheck Teatimer box.
Click Allow Change box if prompted
Close Spybot

Then go into Add and Remove programs and uninstall Spybot

Delete your copy of ComboFix on desktop
Then redownload a fresh copy to only your Desktop from this link again, to ensure you have the latest copy
[color=\"#FF0000\"]LINK[/color]

Copy ALL the below in the Code box and paste to an empty notepad file
Don't use anything else than notepad or the script will not work

Code: [Select]

File::
c:\windows\system32\fui.exe
c:\windows\system32\msiinfo32.exe
c:\windows\system32\stsystra.exe
c:\program files\5034578.dat
c:\program files\5031437.dat
c:\program files\1719718.dat
c:\windows\ivrnsftav.exe
c:\program files\1632406.dat
c:\program files\2000765.dat
c:\program files\5983640.dat
c:\program files\267531.dat
c:\program files\19239796.dat
c:\program files\6884187.dat
c:\program files\6578718.dat
c:\program files\2978281.dat
c:\program files\542703.dat
c:\program files\512703.dat
c:\windows\Asufirol.dat
c:\windows\Wkexaduj.bin
c:\documents and settings\NetworkService\jfufiwg.exe
C:\WINDOWS\tasks\At*.job

Folder::
c:\program files\Spybot - Search & Destroy
c:\documents and settings\h\Local Settings\Application Data\knccac
c:\documents and settings\h\Local Settings\Application Data\sxssli
c:\documents and settings\h\Local Settings\Application Data\dudrop
c:\documents and settings\h\Local Settings\Application Data\svqvso
c:\documents and settings\h\Application Data\rpqlrt
c:\documents and settings\h\Local Settings\Application Data\pyxeef
c:\documents and settings\h\Local Settings\Application Data\jmoney
c:\documents and settings\h\Local Settings\Application Data\wliufl
c:\documents and settings\h\Local Settings\Application Data\dhkcqb
c:\documents and settings\h\Local Settings\Application Data\aaaoqx
c:\documents and settings\h\Local Settings\Application Data\idcmes
c:\documents and settings\h\Local Settings\Application Data\yjhhej
c:\documents and settings\h\Application Data\hmjfre
c:\documents and settings\h\Local Settings\Application Data\ppmdey
c:\documents and settings\h\Local Settings\Application Data\rerysn
c:\documents and settings\h\Application Data\dogkfm
c:\documents and settings\h\Local Settings\Application Data\qqrmxc
c:\documents and settings\h\Local Settings\Application Data\mhcxpn
c:\documents and settings\h\Local Settings\Application Data\rffsbf
c:\documents and settings\h\Application Data\hsfvqh
c:\documents and settings\h\Local Settings\Application Data\pvhtdc
c:\documents and settings\h\Local Settings\Application Data\ektiqe
c:\documents and settings\h\Local Settings\Application Data\gbmoes
c:\documents and settings\h\Local Settings\Application Data\bdjtrb
c:\documents and settings\h\Local Settings\Application Data\chmmoj
c:\documents and settings\h\Local Settings\Application Data\axonrg
c:\documents and settings\h\Local Settings\Application Data\qetirv
c:\documents and settings\h\Application Data\ibqleb
c:\documents and settings\h\Local Settings\Application Data\yhvger
c:\documents and settings\h\Application Data\cimmec
c:\documents and settings\h\Local Settings\Application Data\klojrw
c:\documents and settings\h\Local Settings\Application Data\giocws

RenV::
c:\program files\AIM\aim					  .exe
c:\program files\AIM\aim					 .exe
c:\program files\BroadJump\Client Foundation\cfd .exe
c:\program files\CA\eTrustITM\realmon .exe
c:\program files\Creative\Sync Manager Unicode\ctsyncu .exe
c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\program files\Intel\Wireless\Bin\ifrmewrk .exe
c:\program files\Intel\Wireless\Bin\zcfgsvc .exe
c:\program files\iTunes\ituneshelper .exe
c:\program files\QuickTime\qttask														  .exe
c:\program files\SBC Self Support Tool\SmartBridge\motivesb .exe
c:\program files\Washer\washer .exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"fbnafgfj"=-
"wtxlyoot"=-
"isyuqqcj"=-
"pbyukyjl"=-
"uuxtuexj"=-
"tuyhvtjb"=-
"utghdqcu"=-
"tuqiowqh"=-
"iytfikab"=-
"iyufjpxk"=-
"hymsbdsy"=-
"hyvskejc"=-
"hyngcser"=-
"hyfstgag"=-
"gayhodqn"=-
"gyptfmos"=-
"fwmulnyt"=-
"jpyfpspl"=-
"kpwrmygj"=-
"iqbhsble"=-
"iqstkpgs"=-
"hqdhugjo"=-
"hqcutqwv"=-
"hqtulted"=-
"gqeivkgx"=-
"qvoloxep"=-
"owloloey"=-
"owtouquc"=-
"owcbdcyn"=-
"owlcmepq"=-
"wnodmohb"=-
"wngqecdq"=-
"otgnumqb"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"fui"=-
"BJCFD"=-
"msiinfo32"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Documents and Settings\\NetworkService\\jfufiwg.exe"=-

Save this as txtfile on your desktop, with the exact name of
CFScript

Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When finished, it shall produce a log for you with the same name C:\ComboFix.txt..
I'll need to see that log again later

NOTE: ONLY run the above script once, I need to see that log from it's first run

Everlasting Death · « **Reply #13 on:** April 14, 2010, 08:14:57 PM »

ComboFix 10-04-14.01 - HSLaptop 04/14/2010 20:05:43.6.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.510 [GMT -5:00]
Running from: c:\documents and settings\h\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\h\Desktop\CFScript.txt
AV: eTrust ITM *On-access scanning enabled* (Outdated) {33EA71EA-56CF-40B5-A06B-BD3A27397C44}

FILE ::
"c:\documents and settings\NetworkService\jfufiwg.exe"
"c:\program files\1632406.dat"
"c:\program files\1719718.dat"
"c:\program files\19239796.dat"
"c:\program files\2000765.dat"
"c:\program files\267531.dat"
"c:\program files\2978281.dat"
"c:\program files\5031437.dat"
"c:\program files\5034578.dat"
"c:\program files\512703.dat"
"c:\program files\542703.dat"
"c:\program files\5983640.dat"
"c:\program files\6578718.dat"
"c:\program files\6884187.dat"
"c:\windows\Asufirol.dat"
"c:\windows\ivrnsftav.exe"
"c:\windows\system32\fui.exe"
"c:\windows\system32\msiinfo32.exe"
"c:\windows\system32\stsystra.exe"
"c:\windows\Wkexaduj.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\h\rundll32.exe
c:\documents and settings\h\stsystra.exe
c:\documents and settings\NetworkService\jfufiwg.exe
c:\program files\1632406.dat
c:\program files\1719718.dat
c:\program files\19239796.dat
c:\program files\2000765.dat
c:\program files\267531.dat
c:\program files\2978281.dat
c:\program files\5031437.dat
c:\program files\5034578.dat
c:\program files\512703.dat
c:\program files\542703.dat
c:\program files\5983640.dat
c:\program files\6578718.dat
c:\program files\6884187.dat
c:\program files\Internet Explorer\js.mui
c:\program files\Internet Explorer\wmpscfgs.exe
c:\windows\Asufirol.dat
c:\windows\ivrnsftav .exe
c:\windows\ivrnsftav.exe
c:\windows\system32\fui .exe
c:\windows\system32\fui.exe
c:\windows\system32\msiinfo32 .exe
c:\windows\system32\msiinfo32.exe
c:\windows\system32\stsystra.exe
c:\windows\Wkexaduj.bin

.
((((((((((((((((((((((((( Files Created from 2010-03-15 to 2010-04-15 )))))))))))))))))))))))))))))))
.

2010-04-15 01:02 . 2010-04-15 01:02   --------   d-----w-   c:\windows\LastGood
2010-04-07 03:19 . 2010-04-07 03:19   --------   d-----w-   c:\program files\ESET
2010-04-02 02:46 . 2010-04-02 02:46   388096   ----a-r-   c:\documents and settings\h\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-04-02 02:46 . 2010-04-02 02:46   --------   d-----w-   C:\TrendMicro
2010-03-31 04:50 . 2010-03-31 04:51   --------   d--h--w-   c:\documents and settings\All Users\Application Data\rpcnet
2010-03-29 03:22 . 2010-03-29 03:22   --------   d-----w-   C:\VundoFix Backups
2010-03-21 04:07 . 2010-03-31 04:27   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\ivvipl
2010-03-19 15:53 . 2010-03-19 15:53   --------   d-sh--w-   c:\windows\system32\config\systemprofile\PrivacIE
2010-03-19 15:52 . 2010-03-19 15:52   --------   d-sh--w-   c:\windows\system32\config\systemprofile\IECompatCache
2010-03-19 04:31 . 2010-04-15 01:05   --------   d-----w-   c:\program files\AIM
2010-03-19 04:31 . 2010-03-19 04:31   --------   d-----w-   c:\program files\Common Files\Software Update Utility

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-15 01:05 . 2009-08-12 23:45   --------   d-----w-   c:\program files\Washer
2010-04-15 01:05 . 2006-06-20 21:16   --------   d-----w-   c:\program files\QuickTime
2010-04-15 01:05 . 2010-01-30 19:50   --------   d-----w-   c:\program files\iTunes
2010-04-15 00:58 . 2008-08-14 16:29   17408   ----a-w-   c:\windows\system32\rpcnetp.exe
2010-04-15 00:58 . 2007-07-26 14:46   56680   ----a-w-   c:\windows\system32\rpcnet.dll
2010-04-15 00:55 . 2007-07-24 16:24   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-02 00:05 . 2010-01-22 23:35   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-04-01 23:01 . 2008-08-14 16:32   17408   ----a-w-   c:\windows\system32\rpcnetp.dll
2010-03-21 03:39 . 2009-08-12 23:53   --------   d-----w-   c:\program files\CCleaner
2010-03-19 04:31 . 2010-01-28 02:03   --------   d-----w-   c:\program files\Common Files\AOL
2010-03-13 22:39 . 2009-07-20 21:56   --------   d-----w-   c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-13 18:19 . 2009-08-20 22:44   581   ----a-w-   c:\windows\eReg.dat
2010-03-13 18:09 . 2009-08-20 22:34   --------   d-----w-   c:\program files\Maxis
2010-03-12 19:41 . 2010-03-12 19:41   --------   d-----w-   c:\program files\VS Revo Group
2010-03-11 23:25 . 2010-01-29 21:19   --------   d-----w-   c:\program files\SafeConnect
2010-03-11 00:56 . 2006-06-20 19:08   96512   ------w-   c:\windows\system32\drivers\atapi.sys
2010-03-03 20:47 . 2010-03-03 20:47   552   ----a-w-   c:\windows\system32\d3d8caps.dat
2010-03-03 20:47 . 2010-03-03 20:47   664   ----a-w-   c:\windows\system32\d3d9caps.dat
2010-02-27 23:14 . 2010-02-27 18:42   --------   d-----w-   c:\program files\Google
2010-02-25 06:24 . 2001-08-23 12:00   916480   ------w-   c:\windows\system32\wininet.dll
2010-02-17 00:37 . 2006-07-12 21:31   --------   d-----w-   c:\program files\Java
2010-02-17 00:36 . 2010-02-17 00:36   152576   ----a-w-   c:\documents and settings\h\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-02-17 00:36 . 2010-01-24 04:20   79488   ----a-w-   c:\documents and settings\h\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-30 19:55 . 2010-01-30 19:55   57588   ---ha-w-   c:\windows\system32\mlfcache.dat
2010-01-28 23:52 . 2008-10-10 14:57   52120   ----a-w-   c:\windows\system32\pkgmgr.dll
2010-01-26 15:37 . 2010-01-26 15:37   102400   ----a-w-   c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\aimtbres.dll
2010-01-17 23:20 . 2008-10-10 14:57   46488   ----a-w-   c:\windows\system32\pkgslv.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-04-07_02.34.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-15 00:58 . 2010-04-15 00:58   16384 c:\windows\Temp\Perflib_Perfdata_1bc.dat
+ 2008-12-09 21:27 . 2010-04-10 22:56   84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2008-12-09 21:27 . 2009-08-22 18:24   84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2010-01-27 01:07 . 2010-01-27 01:07   256280 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2010-01-27 01:07 . 2010-01-27 01:07   3884312 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="1" [X]
"Google Update"="c:\documents and settings\h\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-04-15 40960]
"Washer"="c:\program files\Washer\washer.exe" [2002-08-15 428544]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-09-29 700416]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-27 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"Realtime Monitor"="c:\program files\CA\eTrustITM\realmon.exe" [2007-01-17 407632]
"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 442455]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
SafeConnect.lnk - c:\program files\SafeConnect\scClient.exe [2007-11-13 297240]
SBC Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2009-8-12 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2005-12-19 14:08   1347584   ----a-w-   c:\windows\system32\WLTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CA\\eTrustITM\\InoRpc.exe"=
"c:\\Program Files\\CA\\eTrustITM\\Realmon.exe"=
"c:\\Program Files\\CA\\eTrustITM\\Shellscn.exe"=
"c:\\Program Files\\CA\\SharedComponents\\iTechnology\\igateway.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 LogWatch;Event Log Watch;c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe [9/19/2002 7:29 PM 53248]
R2 rpcld;Remote Procedure Call (RPC) LD;c:\documents and settings\All Users\Application Data\rpcnet\Bin\rpcld.exe [3/30/2010 11:50 PM 185776]
R2 SCManager;SafeConnect Manager;c:\program files\SafeConnect\scManager.sys servicestart --> c:\program files\SafeConnect\scManager.sys servicestart [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/27/2010 6:14 PM 135664]
S3 CA_LIC_CLNT;CA License Client;c:\program files\CA\SharedComponents\CA_LIC\lic98rmt.exe [9/19/2002 7:27 PM 77824]
S3 CA_LIC_SRVR;CA License Server;c:\program files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [9/19/2002 7:41 PM 77824]
.
Contents of the 'Scheduled Tasks' folder

2010-02-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 23:14]

2010-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 23:14]

2010-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1992757637-737350535-4160918168-1003Core.job
- c:\documents and settings\h\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-09 01:00]

2010-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1992757637-737350535-4160918168-1003UA.job
- c:\documents and settings\h\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-09 01:00]

2010-04-15 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\h\Application Data\Mozilla\Firefox\Profiles\x2uxm7cb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.Email Removed/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.Email Removed/slirs_http/sredir?invocationType=bu10aiminstabie7&sredir=2706&query=
FF - plugin: c:\documents and settings\h\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim - c:\program files\aim\aim .exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-14 20:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,85,8f,5a,fd,53,c2,c6,4c,bc,ef,ec,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,85,8f,5a,fd,53,c2,c6,4c,bc,ef,ec,\

[HKEY_LOCAL_MACHINE\software\INTEL\Wireless\Folders\*& 2*]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
Completion time: 2010-04-14 20:12:45
ComboFix-quarantined-files.txt 2010-04-15 01:12
ComboFix2.txt 2010-04-07 02:36
ComboFix3.txt 2010-03-31 04:35
ComboFix4.txt 2010-03-12 14:14
ComboFix5.txt 2010-04-15 01:04

Pre-Run: 25,166,462,976 bytes free
Post-Run: 25,129,775,104 bytes free

- - End Of File - - E2DCE5F05565CE8E3611B46E48F104B5

guestolo · « **Reply #14 on:** April 17, 2010, 10:19:50 AM »

Can you run another online scan at Eset Online Scanner
This time have it Remove infected files found

Post it's new log
In addition: Can you reopen OTL.exe and run a Fresh Scan and post the new log that opens

Please keep me informed how things are now running

Everlasting Death · « **Reply #15 on:** April 17, 2010, 03:05:34 PM »

I'll post the otl later, kinda in a rush >.<
It looks like the wmpcfg whatever is gone

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/ohmy.gif\' class=\'bbc_emoticon\' alt=\'

\' /> but again, I was in a rush

ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=cd6f8d4a8e430743991ed5e192b0fdcd
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-04-07 06:01:23
# local_time=2010-04-07 01:01:23 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=76464
# found=61
# cleaned=0
# scan_time=6172
C:\Documents and Settings\h\Local Settings\Application Data\Google\Update\googleupdate.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Documents and Settings\h\Local Settings\temp\wmpscfgs.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Documents and Settings\NetworkService\jfufiwg.exe   a variant of Win32/Kryptik.CQG trojan   00000000000000000000000000000000   I
C:\Documents and Settings\NetworkService\Local Settings\Application Data\ivvipl\vodysftav .exe   a variant of Win32/Kryptik.DHW trojan   00000000000000000000000000000000   I
C:\Program Files\Adobe\315781.old   a variant of Win32/Kryptik.CZR trojan   00000000000000000000000000000000   I
C:\Program Files\Adobe\320718.old   a variant of Win32/Kryptik.CZR trojan   00000000000000000000000000000000   I
C:\Program Files\Adobe\733968.old   a variant of Win32/Kryptik.CZR trojan   00000000000000000000000000000000   I
C:\Program Files\Adobe\80870343.old   a variant of Win32/Kryptik.CZR trojan   00000000000000000000000000000000   I
C:\Program Files\AIM\aim .exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\AIM\aim .exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\BroadJump\Client Foundation\cfd.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\CA\eTrustITM\realmon.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\Creative\Sync Manager Unicode\ctsyncu.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\Google\GoogleToolbarNotifier\googletoolbarnotifier.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\Intel\Wireless\Bin\zcfgsvc.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\Internet Explorer\js.mui   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\Internet Explorer\wmpscfgs.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\iTunes\ituneshelper.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\SBC Self Support Tool\SmartBridge\motivesb.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\Spybot - Search & Destroy\rundll32.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\Spybot - Search & Destroy\stsystra.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\Spybot - Search & Destroy\teatimer.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\Spybot - Search & Destroy\teatimer.exe.delme136   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Program Files\Washer\washer.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\Documents and Settings\h\rundll32 .exe.vir   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\Documents and Settings\h\rundll32.exe.vir   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\Documents and Settings\h\stsystra .exe.vir   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\Documents and Settings\h\stsystra.exe.vir   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\Documents and Settings\h\Local Settings\Application Data\xpqubr\nvtvsftav.exe.vir   Win32/Adware.SpywareProtect2009 application   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\twhto.exe.vir   Win32/Agent.OSE trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Local Settings\Application Data\ivvipl\vodysftav.exe.vir   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\Program Files\Adobe\acrotray .exe.vir   a variant of Win32/Kryptik.CZR trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\js.mui.vir   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\wmpscfgs.exe.vir   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\Program Files\Windows Police Pro\tmp\wispex.html.vir   Win32/Adware.WinAntiVirus application   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\ivrnsftav .exe.vir   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\0034.DLL.vir   Win32/Witkinat.A trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\0037.DLL.vir   a variant of Win32/Witkinat.A trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\0038.DLL.vir   Win32/Witkinat.A trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\app_dll.dll.vir   Win32/TrojanDownloader.Unruy.BI trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\critical_warning.html.vir   Win32/TrojanDownloader.FakeAlert.ADG trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\fui .exe.vir   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\meseleru.dll.vir   a variant of Win32/Kryptik.AJK trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\msiinfo32 .exe.vir   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\rotscxputowehw.dll.vir   a variant of Win32/Kryptik.AHG trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\rotscxrmhfttqi.dll.vir   a variant of Win32/Kryptik.AHG trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\stsystra .exe.vir   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACptrapxmlto.dll.vir   a variant of Win32/Kryptik.BKV trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\wexe.exe.vir   probably a variant of Win32/Witkinat.A trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\WORK.DAT.vir   Win32/Witkinat.A trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\~.exe.vir   a variant of Win32/Kryptik.BVA trojan   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir   Win32/Olmarik.VM trojan   00000000000000000000000000000000   I
C:\WINDOWS\ivrnsftav .exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\WINDOWS\ivrnsftav.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\WINDOWS\system32\fui .exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\WINDOWS\system32\fui.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\WINDOWS\system32\msiinfo32 .exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\WINDOWS\system32\msiinfo32.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
C:\WINDOWS\system32\stsystra.exe   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
${Memory}   Win32/TrojanDownloader.Unruy.AV trojan   00000000000000000000000000000000   I
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=cd6f8d4a8e430743991ed5e192b0fdcd
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-04-17 08:01:17
# local_time=2010-04-17 03:01:17 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=80807
# found=1075
# cleaned=1075
# scan_time=7304
C:\Documents and Settings\h\rundll32.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\h\stsystra.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\h\Local Settings\Application Data\Google\Update\googleupdate.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\h\Local Settings\temp\wmpscfgs.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\NetworkService\Local Settings\Application Data\ivvipl\vodysftav .exe   a variant of Win32/Kryptik.DHW trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Program Files\Adobe\315781.old   a variant of Win32/Kryptik.CZR trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Program Files\Adobe\320718.old   a variant of Win32/Kryptik.CZR trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Program Files\Adobe\733968.old   a variant of Win32/Kryptik.CZR trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Program Files\Adobe\80870343.old   a variant of Win32/Kryptik.CZR trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Program Files\AIM\aim.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Program Files\CA\eTrustITM\realmon.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Program Files\Creative\Sync Manager Unicode\ctsyncu.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Program Files\Google\GoogleToolbarNotifier\googletoolbarnotifier.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Program Files\Intel\Wireless\Bin\zcfgsvc.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Program Files\Internet Explorer\js.mui   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Program Files\Internet Explorer\wmpscfgs.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Program Files\iTunes\ituneshelper.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Program Files\SBC Self Support Tool\SmartBridge\motivesb.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Program Files\Washer\washer.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\[4]-Submit_2010-04-14_20.05.32.zip   multiple threats (deleted - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\Documents and Settings\h\rundll32 .exe.vir   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\Documents and Settings\h\rundll32.exe.vir   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\Documents and Settings\h\stsystra .exe.vir   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\Documents and Settings\h\stsystra.exe.vir   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\Documents and Settings\h\Local Settings\Application Data\xpqubr\nvtvsftav.exe.vir   Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\twhto.exe.vir   Win32/Agent.OSE trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Local Settings\Application Data\ivvipl\vodysftav.exe.vir   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\Program Files\Adobe\acrotray .exe.vir   a variant of Win32/Kryptik.CZR trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\js.mui.vir   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\wmpscfgs.exe.vir   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\Program Files\Windows Police Pro\tmp\wispex.html.vir   Win32/Adware.WinAntiVirus application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\WINDOWS\ivrnsftav .exe.vir   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\WINDOWS\system32\0034.DLL.vir   Win32/Witkinat.A trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\WINDOWS\system32\0037.DLL.vir   a variant of Win32/Witkinat.A trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\WINDOWS\system32\0038.DLL.vir   Win32/Witkinat.A trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\WINDOWS\system32\app_dll.dll.vir   Win32/TrojanDownloader.Unruy.BI trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\WINDOWS\system32\critical_warning.html.vir   Win32/TrojanDownloader.FakeAlert.ADG trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\WINDOWS\system32\fui .exe.vir   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\WINDOWS\system32\meseleru.dll.vir   a variant of Win32/Kryptik.AJK trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\WINDOWS\system32\msiinfo32 .exe.vir   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\WINDOWS\system32\rotscxputowehw.dll.vir   a variant of Win32/Kryptik.AHG trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\WINDOWS\system32\rotscxrmhfttqi.dll.vir   a variant of Win32/Kryptik.AHG trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\WINDOWS\system32\stsystra .exe.vir   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACptrapxmlto.dll.vir   a variant of Win32/Kryptik.BKV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\WINDOWS\system32\wexe.exe.vir   probably a variant of Win32/Witkinat.A trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\WINDOWS\system32\WORK.DAT.vir   Win32/Witkinat.A trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\WINDOWS\system32\~.exe.vir   a variant of Win32/Kryptik.BVA trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir   Win32/Olmarik.VM trojan (cleaned - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000076.exe   Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000077.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000078.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000079.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000080.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000081.exe   Win32/Agent.OSE trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000082.exe   a variant of Win32/Kryptik.CZR trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000083.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000084.DLL   Win32/Witkinat.A trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000085.DLL   a variant of Win32/Witkinat.A trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000086.DLL   Win32/Witkinat.A trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000087.dll   Win32/TrojanDownloader.Unruy.BI trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000090.exe   Win32/Agent.NWL trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000091.exe   a variant of Win32/Injector.ASA trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000095.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000096.exe   probably a variant of Win32/Witkinat.A trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000117.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000118.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000120.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000122.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000123.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000126.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000127.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000128.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000129.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000130.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000264.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000265.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000266.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000267.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000268.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000269.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000270.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000271.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000272.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP1\A0000273.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP11\A0013994.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP11\A0014009.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP11\A0014010.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP11\A0014011.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP11\A0014012.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP11\A0014013.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP11\A0014015.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP11\A0014016.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP11\A0014135.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP11\A0014136.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP11\A0014137.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP11\A0014138.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP11\A0014139.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP11\A0014140.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP11\A0014141.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP11\A0014142.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP11\A0014143.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP11\A0014144.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP11\A0014145.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP12\A0014345.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP12\A0014354.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP12\A0014355.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP12\A0014356.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP12\A0014357.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP12\A0014358.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP12\A0014359.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP12\A0014360.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP12\A0014361.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP12\A0014362.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP12\A0014363.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP12\A0014364.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP12\A0014365.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP12\A0014366.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP12\A0014367.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP12\A0014382.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP12\A0014383.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP12\A0014407.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP12\A0014408.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP12\A0014411.exe   Win32/Agent.NWL trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP12\A0014412.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP12\A0014413.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP12\A0014414.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP13\A0014570.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP13\A0014573.exe   a variant of Win32/Kryptik.DHW trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP13\A0014574.old   a variant of Win32/Kryptik.CZR trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP13\A0014575.old   a variant of Win32/Kryptik.CZR trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP13\A0014576.old   a variant of Win32/Kryptik.CZR trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP13\A0014577.old   a variant of Win32/Kryptik.CZR trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP13\A0014578.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0000544.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0000545.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0000546.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0000547.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0000548.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0000549.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0000550.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0000551.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0000552.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0000553.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0000554.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0000555.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0000556.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0000557.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0000558.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0000559.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0000560.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0000561.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0000562.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0000563.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0000564.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0000565.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0000566.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0000567.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0000568.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0000569.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0001409.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0001410.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0001412.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0001415.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0001416.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0001417.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0001418.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP2\A0001419.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001477.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001478.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001479.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001480.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001481.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001482.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001483.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001484.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001485.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001486.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001487.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001488.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001489.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001490.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001491.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001502.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001503.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001504.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001505.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001506.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001507.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001508.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001509.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001510.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001511.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001512.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001513.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001514.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001515.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001516.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001534.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001535.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001536.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001537.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001538.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001539.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001540.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001541.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001542.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001543.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001544.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001545.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001546.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001547.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001548.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001562.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001563.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001564.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001565.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001566.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001567.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001568.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001569.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001570.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001571.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001572.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001573.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001574.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001575.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001576.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001713.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001714.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001715.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001716.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001717.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001718.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001719.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001720.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001721.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001722.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001723.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001724.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001725.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001726.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001727.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001747.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001748.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001749.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001750.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001751.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001752.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001753.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{F5CD81F5-BB72-47D2-A924-C64F2E1227A4}\RP4\A0001754.exe   Win32/TrojanDownloader.Unruy.AV trojan (cleaned by deletin

Everlasting Death · « **Reply #16 on:** April 20, 2010, 10:46:26 PM »

Here's the OTL log...Everything seems ok, and the virus file isn't in it's normal place anymore, so I think it may be all good now

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' /> thanks a ton

OTL logfile created on: 4/20/2010 10:40:13 PM - Run 3
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\h\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 584.00 Mb Available Physical Memory | 58.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 23.14 Gb Free Space | 62.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loadeda
Drive E: | 968.65 Mb Total Space | 933.91 Mb Free Space | 96.41% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RLCHS-838196
Current User Name: HSLaptop
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=\"#E56717\"]========== Processes (SafeList) ==========[/color]

PRC - [2010/04/05 16:39:32 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\h\Desktop\OTL.exe
PRC - [2010/01/29 16:19:33 | 000,297,240 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\SCClient.exe
PRC - [2010/01/29 16:19:32 | 000,128,280 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\scManager.sys
PRC - [2009/10/02 10:58:10 | 000,185,776 | ---- | M] (Absolute Software Corp.) -- C:\Documents and Settings\All Users\Application Data\rpcnet\Bin\rpcld.exe
PRC - [2009/07/08 12:55:23 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\system32\rpcnet.exe
PRC - [2009/04/29 13:36:49 | 000,192,512 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\InoRPC.exe
PRC - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/02/25 16:35:34 | 000,208,896 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\InoRT.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/05 07:57:24 | 000,106,496 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
PRC - [2006/10/18 18:05:18 | 000,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006/10/18 18:01:34 | 000,290,816 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2006/10/18 17:56:52 | 000,946,176 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2006/10/18 17:49:52 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2006/06/29 03:19:03 | 002,371,584 | ---- | M] (Motive, Inc.) -- C:\Program Files\SBC Self Support Tool\bin\mad.exe
PRC - [2006/03/24 17:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2003/10/10 09:06:12 | 000,245,760 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\SBC Self Support Tool\AsstCommon\MotiveDirectory.exe
PRC - [2003/10/10 09:06:10 | 000,192,512 | ---- | M] () -- C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
PRC - [2002/09/19 19:29:28 | 000,053,248 | ---- | M] (Computer Associates) -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe

[color=\"#E56717\"]========== Modules (SafeList) ==========[/color]

MOD - [2010/04/05 16:39:32 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\h\Desktop\OTL.exe

[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [On_Demand | Stopped] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/01/29 16:19:32 | 000,128,280 | ---- | M] (Impulse Point, LLC) [Auto | Running] -- C:\Program Files\SafeConnect\scManager.sys -- (SCManager)
SRV - [2009/10/02 10:58:10 | 000,185,776 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\rpcnet\Bin\rpcld.exe -- (rpcld) Remote Procedure Call (RPC)
SRV - [2009/07/08 12:55:23 | 000,056,680 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\WINDOWS\system32\rpcnet.exe -- (Rpcnet) Remote Procedure Call (RPC)
SRV - [2009/04/29 13:36:49 | 000,380,928 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CA\eTrustITM\InoTask.exe -- (InoTask)
SRV - [2009/04/29 13:36:49 | 000,192,512 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\eTrustITM\InoRpc.exe -- (InoRPC)
SRV - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/02/25 16:35:34 | 000,208,896 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\eTrustITM\InoRT.exe -- (InoRT)
SRV - [2009/02/06 18:08:58 | 000,533,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2007/02/05 07:57:24 | 000,106,496 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe -- (iGateway)
SRV - [2006/10/18 18:05:18 | 000,434,176 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2006/10/18 18:01:34 | 000,290,816 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2006/10/18 17:56:52 | 000,946,176 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2006/10/18 17:49:52 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2002/09/19 19:41:00 | 000,077,824 | ---- | M] (Computer Associates) [On_Demand | Stopped] -- C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe -- (CA_LIC_SRVR)
SRV - [2002/09/19 19:29:28 | 000,053,248 | ---- | M] (Computer Associates) [Auto | Running] -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe -- (LogWatch)
SRV - [2002/09/19 19:27:04 | 000,077,824 | ---- | M] (Computer Associates) [On_Demand | Stopped] -- C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe -- (CA_LIC_CLNT)

[color=\"#E56717\"]========== Driver Services (SafeList) ==========[/color]

DRV - [2009/02/06 18:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/10/18 21:14:32 | 000,184,080 | ---- | M] (Computer Associates) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\ino_fltr.sys -- (INO_FLTR)
DRV - [2007/08/06 22:07:02 | 000,027,536 | ---- | M] (Computer Associates) [File_System | Boot | Running] -- C:\WINDOWS\system32\Drivers\ino_flpy.sys -- (INO_FLPY)
DRV - [2007/03/30 21:34:14 | 005,704,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/10/19 09:29:22 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/10/17 11:55:28 | 001,711,104 | ---- | M] (IntelÂ® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32) Intel®
DRV - [2006/04/05 19:38:22 | 002,208,512 | ---- | M] (IntelÂ® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2006/04/04 03:17:24 | 001,429,632 | ---- | M] (IntelÂ® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2006/03/24 17:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/07/22 11:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 11:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/22 11:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/10 16:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2004/05/26 15:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]

[color=\"#E56717\"]========== Internet Explorer ==========[/color]

IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)

IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=\"#E56717\"]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.Email Removed/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.9.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.7.1
FF - prefs.js..keyword.URL: "http://slirsredirect.search.Email Removed/slirs_http/sredir?invocationType=bu10aiminstabie7&sredir=2706&query="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/07 22:56:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/07 22:56:00 | 000,000,000 | ---D | M]

[2010/02/07 22:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\h\Application Data\Mozilla\Extensions
[2010/04/10 17:55:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\x2uxm7cb.default\extensions
[2009/08/22 12:44:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\x2uxm7cb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/05 16:38:17 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\x2uxm7cb.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/27 21:03:31 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\x2uxm7cb.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/04/05 16:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\x2uxm7cb.default\extensions\[email protected]
[2010/03/18 23:31:39 | 000,001,490 | ---- | M] () -- C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\x2uxm7cb.default\searchplugins\AIM Search.xml
[2010/01/28 00:59:11 | 000,004,546 | ---- | M] () -- C:\Documents and Settings\h\Application Data\Mozilla\Firefox\Profiles\x2uxm7cb.default\searchplugins\aim-search.xml
[2010/04/10 17:55:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/18 23:31:39 | 000,001,490 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\AIM Search.xml

O1 HOSTS File: ([2010/03/30 23:29:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [Yahoo! Pager] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SafeConnect.lnk = C:\Program Files\SafeConnect\SCClient.exe (Impulse Point, LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe (Motive Communications, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1150832924960 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1228863417765 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=\"#E56717\"]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010/04/17 12:50:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\h\Recent
[2010/04/17 12:50:40 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/06 22:19:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/04/05 16:40:05 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\h\Desktop\OTL.exe
[2010/04/01 21:46:09 | 000,000,000 | ---D | C] -- C:\TrendMicro
[2010/03/30 23:50:23 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\rpcnet
[2010/03/30 23:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ivvipl
[2010/03/30 23:21:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/30 23:21:51 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/30 23:21:51 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/30 23:21:51 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/28 22:22:49 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2010/03/18 10:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2010/03/07 20:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2010/03/06 20:29:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\AIM Toolbar
[2010/03/06 20:29:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2010/03/06 20:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
[2010/03/06 18:22:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/03/04 10:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/03/03 15:48:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\AIM Toolbar
[2010/03/03 15:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Google
[2010/03/02 21:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/03/02 21:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/03/02 21:52:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/03/01 21:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/03/01 21:24:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/02/27 18:20:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/02/27 18:15:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/02/01 15:36:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/08/31 14:06:39 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/07/15 11:54:17 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/04/29 13:40:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/04/20 11:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2007/07/24 10:53:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intel
[2007/07/24 10:52:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=\"#E56717\"]========== Files - Modified Within 30 Days ==========[/color]

[2010/04/20 22:39:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/20 22:38:56 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/04/20 22:38:54 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.exe
[2010/04/20 22:38:52 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.dll
[2010/04/20 22:38:52 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/20 22:38:50 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/20 22:38:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/17 15:10:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/17 15:07:30 | 009,437,184 | -H-- | M] () -- C:\Documents and Settings\h\NTUSER.DAT
[2010/04/17 15:07:30 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\h\ntuser.ini
[2010/04/17 15:07:19 | 005,363,516 | -H-- | M] () -- C:\Documents and Settings\h\Local Settings\Application Data\IconCache.db
[2010/04/17 14:36:00 | 000,000,976 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1992757637-737350535-4160918168-1003UA.job
[2010/04/17 14:30:04 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/14 20:10:48 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/14 20:02:14 | 003,915,740 | R--- | M] () -- C:\Documents and Settings\h\Desktop\ComboFix.exe
[2010/04/05 16:39:32 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\h\Desktop\OTL.exe
[2010/04/01 21:46:10 | 000,001,946 | ---- | M] () -- C:\Documents and Settings\h\Desktop\HiJackThis.lnk
[2010/04/01 18:01:31 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.dll
[2010/03/30 23:29:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/29 22:37:32 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\h\Desktop\iExplore.exe
[2010/03/29 22:36:00 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\h\Desktop\rkill.com
[2010/03/29 22:18:15 | 000,000,373 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/03/28 14:11:26 | 000,000,124 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Control Panel.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=\"#E56717\"]========== Files Created - No Company Name ==========[/color]

[2010/04/17 12:51:05 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/04/01 21:46:10 | 000,001,946 | ---- | C] () -- C:\Documents and Settings\h\Desktop\HiJackThis.lnk
[2010/03/30 23:21:51 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/30 23:21:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/30 23:21:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/30 23:21:51 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/30 23:21:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/30 23:15:20 | 003,915,740 | R--- | C] () -- C:\Documents and Settings\h\Desktop\ComboFix.exe
[2010/03/29 22:39:43 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\h\Desktop\rkill.com
[2010/03/29 22:39:43 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\h\Desktop\iExplore.exe
[2010/03/28 14:11:26 | 000,000,124 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Control Panel.lnk
[2010/03/04 12:42:01 | 000,000,373 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/08/12 22:52:09 | 000,095,232 | ---- | C] () -- C:\Documents and Settings\h\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/08/14 11:32:56 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.dll
[2007/07/24 14:09:57 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2007/07/24 14:05:59 | 000,000,605 | ---- | C] () -- C:\WINDOWS\PCalcpro.ini
[2007/07/24 14:05:59 | 000,000,543 | ---- | C] () -- C:\WINDOWS\asc_sys.ini
[2007/07/24 14:05:58 | 000,000,182 | ---- | C] () -- C:\WINDOWS\medlrng.ini
[2007/07/24 14:05:51 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[2007/07/24 14:03:49 | 000,050,688 | ---- | C] () -- C:\WINDOWS\System32\iproc.dll
[2007/07/24 14:03:49 | 000,041,984 | ---- | C] () -- C:\WINDOWS\System32\iprocnt.dll
[2007/07/24 14:03:00 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\twdll.dll
[2007/07/24 14:03:00 | 000,000,134 | ---- | C] () -- C:\WINDOWS\awshkwv.ini
[2007/07/24 10:50:16 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2006/07/20 13:51:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/07/13 10:35:10 | 000,001,767 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/07/12 16:20:28 | 000,000,047 | ---- | C] () -- C:\WINDOWS\InoSetup.ini
[2006/06/21 13:42:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/20 15:24:01 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\ntuser.dat
[2006/06/20 15:24:01 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\ntuser.dat.LOG
[2006/06/20 14:11:33 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/06/20 14:11:32 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/06/20 14:04:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\Stac97co.dll
[2006/06/20 13:52:11 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\h\ntuser.ini
[2006/06/20 13:52:10 | 009,437,184 | -H-- | C] () -- C:\Documents and Settings\h\NTUSER.DAT
[2006/06/20 13:52:10 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\h\ntuser.dat.LOG

[color=\"#E56717\"]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 266944 bytes -> C:\WINDOWS\Temp:temp
< End of report >

guestolo · « **Reply #17 on:** April 23, 2010, 07:31:34 PM »

If you still have this computer
Can you do me a favor scan the next 2 files for me

C:\WINDOWS\System32\rpcnet.dll
C:\WINDOWS\System32\rpcnetp.dll

Scan them both at Virustotal
http://www.virustotal.com/

If found bad, can you post back here the results of the scan, you can just post the links to the results pages

TheTechGuide Forum

News:

Author Topic: Some issues (Read 2133 times)

Everlasting Death

Some issues

guestolo

Some issues

Everlasting Death

Some issues

guestolo

Some issues

Everlasting Death

Some issues

guestolo

Some issues

Everlasting Death

Some issues

guestolo

Some issues

Everlasting Death

Some issues

Everlasting Death

Some issues

guestolo

Some issues

Everlasting Death

Some issues

guestolo

Some issues

Everlasting Death

Some issues

guestolo

Some issues

Everlasting Death

Some issues

Everlasting Death

Some issues

guestolo

Some issues