Author Topic: help with an xp home edition;-( (Read 377 times)

Ghost · « **on:** October 22, 2011, 05:38:17 PM »

hi all,
i have formatted/reloaded C drive and its clean.
this morning i decided to scan D drive and OMG! hundreds of infections, mostly in system restore.
i scanned with AVG, malwarebytes, superantispyware, and kasparsky online scanner (the one you d/l and run) and they found almost the same number of infections;-(.
here are the logs requested:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Mark at 2011-10-22 13:15:07
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 142 GB (93%) free of 153 GB
Total RAM: 1983 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:15:19 PM, on 10/22/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Mark\Desktop\RSIT.exe
C:\Program Files\trend micro\Mark.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Avira Upgrade Service (AviraUpgradeService) - Unknown owner - C:\WINDOWS\TEMP\AVSETUP_4ea018ac\avupgsvc.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 3932 bytes

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\u16746q2.default

prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19, jqs@sun.com:1.0, {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.23"

"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
npnul32.dll
nppdf32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
amazondotcom.xml
answers.xml
creativecommons.xml
eBay.xml
google.xml
wikipedia.xml
yahoo.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}]
SpywareGuardDLBLOCK.CBrowserHelper - C:\Program Files\SpywareGuard\dlprotect.dll [2003-08-02 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-07 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-10-07 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-03-16 110696]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2011-08-17 20064872]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-03-16 13670504]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"AVG_TRAY"=C:\Program Files\AVG\AVG2012\avgtray.exe [2011-09-23 2404704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2010-03-16 13670504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]

C:\Documents and Settings\Mark\Start Menu\Programs\Startup
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=C:\Program Files\SpywareGuard\spywareguard.dll [2003-08-02 126976]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\Program Files\AVG\AVG2012\avgnsx.exe"="C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield"
"C:\Program Files\AVG\AVG2012\avgdiagex.exe"="C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012"
"C:\Program Files\AVG\AVG2012\avgmfapx.exe"="C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer"
"C:\Program Files\AVG\AVG2012\avgemcx.exe"="C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-10-22 13:15:07 ----D---- C:\rsit
2011-10-22 13:11:41 ----D---- C:\Program Files\Trend Micro
2011-10-21 12:00:14 ----HD---- C:\Documents and Settings\All Users\Application Data\Common Files
2011-10-21 12:00:13 ----D---- C:\Documents and Settings\Mark\Application Data\AVG2012
2011-10-21 11:59:02 ----D---- C:\WINDOWS\system32\drivers\AVG
2011-10-21 11:59:02 ----D---- C:\Documents and Settings\All Users\Application Data\AVG2012
2011-10-21 11:58:42 ----D---- C:\Program Files\AVG
2011-10-21 11:57:30 ----D---- C:\Documents and Settings\All Users\Application Data\MFAData
2011-10-21 11:55:44 ----D---- C:\Program Files\Common Files\Adobe
2011-10-21 11:55:44 ----D---- C:\Program Files\Adobe
2011-10-21 11:55:14 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2011-10-21 11:51:05 ----D---- C:\Program Files\VS Revo Group
2011-10-20 12:16:36 ----D---- C:\WINDOWS\Sun
2011-10-20 10:34:54 ----D---- C:\Documents and Settings\Mark\Application Data\Macromedia
2011-10-20 10:34:54 ----D---- C:\Documents and Settings\Mark\Application Data\Adobe
2011-10-20 10:27:17 ----D---- C:\WINDOWS\pss
2011-10-20 10:26:05 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2011-10-20 10:26:02 ----D---- C:\Program Files\SUPERAntiSpyware
2011-10-20 10:26:02 ----D---- C:\Documents and Settings\Mark\Application Data\SUPERAntiSpyware.com
2011-10-20 10:25:03 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2011-10-20 10:20:32 ----D---- C:\Documents and Settings\Mark\Application Data\Malwarebytes
2011-10-20 10:20:21 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2011-10-20 10:20:17 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-10-20 10:20:17 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-10-20 08:38:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2492386$
2011-10-20 08:38:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$
2011-10-20 08:38:45 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2011-10-20 08:38:41 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2011-10-20 08:37:25 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2011-10-20 08:37:22 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2011-10-20 08:37:16 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2011-10-20 08:37:08 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2011-10-20 08:27:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2564958$
2011-10-20 08:27:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2592799$
2011-10-20 08:27:48 ----HDC---- C:\WINDOWS\$NtUninstallKB2567053$
2011-10-20 08:27:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2616676-v2$
2011-10-20 08:27:41 ----HDC---- C:\WINDOWS\$NtUninstallKB2570947$
2011-10-20 08:27:38 ----HDC---- C:\WINDOWS\$NtUninstallKB2570791$
2011-10-20 08:27:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2536276-v2$
2011-10-20 08:27:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2570222$
2011-10-20 08:27:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2562937$
2011-10-20 08:27:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2566454$
2011-10-20 08:27:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2567680$
2011-10-20 08:27:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2507938$
2011-10-20 08:27:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2541763$
2011-10-20 08:27:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2476490$
2011-10-20 08:27:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2535512$
2011-10-20 08:27:03 ----HDC---- C:\WINDOWS\$NtUninstallKB2544893$
2011-10-20 08:26:59 ----HDC---- C:\WINDOWS\$NtUninstallKB2509553$
2011-10-20 08:26:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2412687$
2011-10-20 08:26:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2510581$
2011-10-20 08:26:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2507618$
2011-10-20 08:26:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2508272$
2011-10-20 08:26:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2506212$
2011-10-20 08:26:41 ----HDC---- C:\WINDOWS\$NtUninstallKB2508429$
2011-10-20 08:26:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2485663$
2011-10-20 08:26:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2481109$
2011-10-20 08:26:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2479943$
2011-10-20 08:26:26 ----HDC---- C:\WINDOWS\$NtUninstallKB971029$
2011-10-20 08:26:20 ----HDC---- C:\WINDOWS\$NtUninstallKB2393802$
2011-10-20 08:26:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2478960$
2011-10-20 08:26:10 ----HDC---- C:\WINDOWS\$NtUninstallKB2483185$
2011-10-20 08:26:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2478971$
2011-10-20 08:26:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2419632$
2011-10-20 08:25:59 ----HDC---- C:\WINDOWS\$NtUninstallKB2440591$
2011-10-20 08:25:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2443105$
2011-10-20 08:25:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2423089$
2011-10-20 08:25:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2011-10-20 08:25:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2360937$
2011-10-20 08:25:43 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$
2011-10-20 08:25:39 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$
2011-10-20 08:25:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2011-10-20 08:25:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$
2011-10-20 08:25:28 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$
2011-10-20 08:25:25 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2011-10-20 08:25:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2011-10-20 08:25:19 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2011-10-20 08:25:12 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2011-10-20 08:25:09 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2011-10-20 08:25:06 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2011-10-20 08:25:03 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2011-10-20 08:25:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2011-10-20 08:24:57 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2011-10-20 08:24:55 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2011-10-20 08:24:52 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2011-10-20 08:24:48 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2011-10-20 08:24:46 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2011-10-20 08:24:43 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2011-10-20 08:24:40 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2011-10-20 08:24:37 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2011-10-20 08:24:34 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2011-10-20 08:24:31 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2011-10-20 08:24:27 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2011-10-20 08:24:23 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2011-10-20 08:24:20 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2011-10-20 08:24:17 ----HDC---- C:\WINDOWS\$NtUninstallKB971513$
2011-10-20 08:24:14 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2011-10-20 08:24:10 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2011-10-20 08:24:06 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2011-10-20 08:24:03 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2011-10-20 08:24:00 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2011-10-20 08:23:57 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2011-10-20 08:23:53 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2011-10-20 08:23:50 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2011-10-20 08:23:47 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2011-10-20 08:23:43 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2011-10-20 08:23:41 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2011-10-20 08:23:38 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2011-10-20 08:23:36 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2011-10-20 08:23:33 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2011-10-20 08:23:31 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2011-10-20 08:23:28 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2011-10-20 08:23:25 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2011-10-20 08:23:22 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2011-10-20 08:23:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2011-10-20 08:23:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2011-10-20 08:23:12 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2011-10-20 08:23:09 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2011-10-20 08:23:06 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2011-10-20 08:23:03 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2011-10-20 08:22:58 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2011-10-20 08:22:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2011-10-20 08:22:47 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2011-10-20 08:22:43 ----HDC---- C:\WINDOWS\$NtUninstallbasecsp$
2011-10-20 08:22:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2011-10-20 08:22:37 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2011-10-20 08:22:34 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2011-10-20 08:22:31 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2011-10-20 08:22:29 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2011-10-20 08:22:26 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2011-10-20 08:22:24 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2011-10-20 08:22:20 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2011-10-20 08:22:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2011-10-20 08:22:15 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2011-10-20 08:22:12 ----N---- C:\WINDOWS\system32\spmsg.dll
2011-10-20 08:22:11 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2011-10-20 08:22:05 ----A---- C:\WINDOWS\system32\wmpns.dll
2011-10-20 08:22:02 ----D---- C:\Program Files\Windows Media Connect 2
2011-10-20 08:21:55 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2011-10-20 08:21:33 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2011-10-20 08:21:22 ----D---- C:\WINDOWS\system32\LogFiles
2011-10-20 08:21:22 ----D---- C:\WINDOWS\system32\drivers\UMDF
2011-10-20 08:21:18 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2011-10-20 08:20:20 ----RSD---- C:\WINDOWS\assembly
2011-10-20 08:20:20 ----D---- C:\WINDOWS\Microsoft.NET
2011-10-20 08:20:19 ----D---- C:\WINDOWS\system32\URTTemp
2011-10-20 08:08:33 ----A---- C:\WINDOWS\system32\xpsp4res.dll
2011-10-20 07:51:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2586448$
2011-10-20 07:51:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2544521$
2011-10-20 07:49:43 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2011-10-20 07:49:37 ----D---- C:\WINDOWS\system32\PreInstall
2011-10-20 07:49:36 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2011-10-20 07:49:36 ----HD---- C:\WINDOWS\$hf_mig$
2011-10-20 07:46:34 ----D---- C:\Program Files\Common Files\Java
2011-10-20 07:46:24 ----A---- C:\WINDOWS\system32\deployJava1.dll
2011-10-20 07:39:30 ----A---- C:\WINDOWS\system32\wpa.bak
2011-10-20 07:25:30 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2011-10-20 07:25:14 ----A---- C:\WINDOWS\system32\javaws.exe
2011-10-20 07:25:14 ----A---- C:\WINDOWS\system32\javaw.exe
2011-10-20 07:25:14 ----A---- C:\WINDOWS\system32\java.exe
2011-10-20 07:25:06 ----D---- C:\Program Files\Java
2011-10-20 07:24:43 ----D---- C:\Documents and Settings\Mark\Application Data\Sun
2011-10-20 07:24:25 ----D---- C:\Program Files\CCleaner
2011-10-20 07:23:46 ----D---- C:\Program Files\SpywareGuard
2011-10-20 07:23:07 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2011-10-20 07:23:04 ----D---- C:\Program Files\SpywareBlaster
2011-10-20 07:23:04 ----A---- C:\WINDOWS\system32\MSSTDFMT.DLL
2011-10-20 07:21:12 ----A---- C:\WINDOWS\system32\STKIT432.DLL
2011-10-20 07:21:11 ----D---- C:\Program Files\Registry Mechanic
2011-10-20 07:15:52 ----D---- C:\Program Files\Power Defrag
2011-10-20 07:15:00 ----D---- C:\Program Files\Downloads
2011-10-20 07:11:52 ----D---- C:\WINDOWS\system32\Lang
2011-10-20 07:10:22 ----A---- C:\WINDOWS\system32\drivers\splitter.sys
2011-10-20 07:10:20 ----A---- C:\WINDOWS\system32\drivers\wdmaud.sys
2011-10-20 07:10:19 ----A---- C:\WINDOWS\system32\drivers\DMusic.sys
2011-10-20 07:10:18 ----A---- C:\WINDOWS\system32\drivers\swmidi.sys
2011-10-20 07:10:16 ----A---- C:\WINDOWS\system32\drivers\aec.sys
2011-10-20 07:10:15 ----A---- C:\WINDOWS\system32\drivers\kmixer.sys
2011-10-20 07:10:14 ----A---- C:\WINDOWS\system32\drivers\drmkaud.sys
2011-10-20 07:10:13 ----A---- C:\WINDOWS\system32\drivers\sysaudio.sys
2011-10-20 07:10:11 ----A---- C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011-10-20 07:10:10 ----A---- C:\WINDOWS\system32\drivers\MSPQM.sys
2011-10-20 07:10:09 ----A---- C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011-10-20 07:10:05 ----D---- C:\WINDOWS\system32\RTCOM
2011-10-20 07:10:04 ----A---- C:\WINDOWS\system32\ksuser.dll
2011-10-20 07:10:04 ----A---- C:\WINDOWS\system32\drivers\portcls.sys
2011-10-20 07:10:04 ----A---- C:\WINDOWS\system32\drivers\drmk.sys
2011-10-20 07:10:00 ----A---- C:\WINDOWS\vncutil.exe
2011-10-20 07:10:00 ----A---- C:\WINDOWS\SOUNDMAN.EXE
2011-10-20 07:10:00 ----A---- C:\WINDOWS\SkyTel.exe
2011-10-20 07:09:59 ----A---- C:\WINDOWS\system32\RtkCoInstXP.dll
2011-10-20 07:09:59 ----A---- C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011-10-20 07:09:59 ----A---- C:\WINDOWS\RtlUpd.exe
2011-10-20 07:09:59 ----A---- C:\WINDOWS\RTLCPL.EXE
2011-10-20 07:09:59 ----A---- C:\WINDOWS\RtkAudioService.exe
2011-10-20 07:09:57 ----A---- C:\WINDOWS\system32\drivers\Monfilt.sys
2011-10-20 07:09:57 ----A---- C:\WINDOWS\RTHDCPL.EXE
2011-10-20 07:09:57 ----A---- C:\WINDOWS\MicCal.exe
2011-10-20 07:09:56 ----D---- C:\Program Files\Realtek
2011-10-20 07:09:56 ----A---- C:\WINDOWS\system32\drivers\Ambfilt.sys
2011-10-20 07:09:56 ----A---- C:\WINDOWS\ALCWZRD.EXE
2011-10-20 07:09:56 ----A---- C:\WINDOWS\ALCMTR.EXE
2011-10-20 07:09:50 ----RA---- C:\WINDOWS\RtlExUpd.dll
2011-10-20 07:09:48 ----D---- C:\Program Files\Common Files\InstallShield
2011-10-20 07:05:48 ----HD---- C:\Program Files\InstallShield Installation Information
2011-10-20 07:04:42 ----D---- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
2011-10-20 07:04:32 ----RA---- C:\WINDOWS\system32\NvRCoZht.dll
2011-10-20 07:04:32 ----RA---- C:\WINDOWS\system32\NvRCoZhc.dll
2011-10-20 07:04:32 ----RA---- C:\WINDOWS\system32\NvRCoSv.dll
2011-10-20 07:04:32 ----RA---- C:\WINDOWS\system32\NvRCoRu.dll
2011-10-20 07:04:32 ----RA---- C:\WINDOWS\system32\NvRCoPtb.dll
2011-10-20 07:04:32 ----RA---- C:\WINDOWS\system32\NvRCoNo.dll
2011-10-20 07:04:32 ----RA---- C:\WINDOWS\system32\NvRCoNl.dll
2011-10-20 07:04:32 ----RA---- C:\WINDOWS\system32\NvRCoKo.dll
2011-10-20 07:04:32 ----RA---- C:\WINDOWS\system32\NvRCoJa.dll
2011-10-20 07:04:32 ----RA---- C:\WINDOWS\system32\NvRCoIt.dll
2011-10-20 07:04:32 ----RA---- C:\WINDOWS\system32\NvRCoFr.dll
2011-10-20 07:04:32 ----RA---- C:\WINDOWS\system32\NvRCoFi.dll
2011-10-20 07:04:32 ----RA---- C:\WINDOWS\system32\NvRCoEsm.dll
2011-10-20 07:04:32 ----RA---- C:\WINDOWS\system32\NvRCoEs.dll
2011-10-20 07:04:32 ----RA---- C:\WINDOWS\system32\NvRCoENU.dll
2011-10-20 07:04:32 ----RA---- C:\WINDOWS\system32\NvRCoEng.dll
2011-10-20 07:04:32 ----RA---- C:\WINDOWS\system32\NvRCoDe.dll
2011-10-20 07:04:32 ----RA---- C:\WINDOWS\system32\NvRCoDa.dll
2011-10-20 07:04:32 ----RA---- C:\WINDOWS\system32\nvraiins.dll
2011-10-20 07:04:32 ----RA---- C:\WINDOWS\system32\nvraidco.dll
2011-10-20 07:04:32 ----RA---- C:\WINDOWS\system32\drivers\nvgts.sys
2011-10-20 07:04:29 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2011-10-20 07:04:02 ----RA---- C:\WINDOWS\system32\fdco1ins.dll
2011-10-20 07:04:02 ----RA---- C:\WINDOWS\system32\fdco1.dll
2011-10-20 07:04:02 ----RA---- C:\WINDOWS\system32\drivers\NVENETFD.sys
2011-10-20 07:04:02 ----RA---- C:\WINDOWS\system32\cohelper.dll
2011-10-20 07:04:01 ----RA---- C:\WINDOWS\system32\nvconrm.dll
2011-10-20 07:04:01 ----RA---- C:\WINDOWS\system32\drivers\nvnrm.sys
2011-10-20 07:04:01 ----RA---- C:\WINDOWS\system32\drivers\nvnetbus.sys
2011-10-20 07:04:01 ----RA---- C:\WINDOWS\system32\bdco1ins.dll
2011-10-20 07:04:01 ----RA---- C:\WINDOWS\system32\bdco1.dll
2011-10-20 07:03:59 ----RA---- C:\WINDOWS\system32\NVCOSMU.DLL
2011-10-20 07:03:59 ----RA---- C:\WINDOWS\system32\drivers\nvsmu.sys
2011-10-20 07:03:58 ----RA---- C:\WINDOWS\system32\NVCOSMB.DLL
2011-10-20 07:03:58 ----D---- C:\Program Files\NVIDIA Corporation
2011-10-19 18:12:52 ----SHD---- C:\RECYCLER
2011-10-19 17:46:04 ----D---- C:\Program Files\7-Zip
2011-10-19 15:23:18 ----D---- C:\WINDOWS\Prefetch
2011-10-19 15:19:29 ----N---- C:\WINDOWS\system32\msxml6r.dll
2011-10-19 15:19:29 ----A---- C:\WINDOWS\system32\msxml6.dll
2011-10-19 15:19:20 ----N---- C:\WINDOWS\system32\credssp.dll
2011-10-19 15:19:20 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2011-10-19 15:19:20 ----N---- C:\WINDOWS\system32\azroles.dll
2011-10-19 15:19:20 ----N---- C:\WINDOWS\system32\aaclient.dll
2011-10-19 15:19:19 ----N---- C:\WINDOWS\system32\eapsvc.dll
2011-10-19 15:19:19 ----N---- C:\WINDOWS\system32\eapqec.dll
2011-10-19 15:19:19 ----N---- C:\WINDOWS\system32\eappprxy.dll
2011-10-19 15:19:19 ----N---- C:\WINDOWS\system32\eapphost.dll
2011-10-19 15:19:19 ----N---- C:\WINDOWS\system32\eappgnui.dll
2011-10-19 15:19:19 ----N---- C:\WINDOWS\system32\eappcfg.dll
2011-10-19 15:19:19 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2011-10-19 15:19:19 ----N---- C:\WINDOWS\system32\eapolqec.dll
2011-10-19 15:19:19 ----N---- C:\WINDOWS\system32\dot3ui.dll
2011-10-19 15:19:19 ----N---- C:\WINDOWS\system32\dot3svc.dll
2011-10-19 15:19:19 ----N---- C:\WINDOWS\system32\dot3msm.dll
2011-10-19 15:19:19 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2011-10-19 15:19:19 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2011-10-19 15:19:19 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2011-10-19 15:19:19 ----N---- C:\WINDOWS\system32\dot3api.dll
2011-10-19 15:19:19 ----N---- C:\WINDOWS\system32\dimsroam.dll
2011-10-19 15:19:19 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2011-10-19 15:19:19 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2011-10-19 15:19:18 ----N---- C:\WINDOWS\system32\onex.dll
2011-10-19 15:19:18 ----N---- C:\WINDOWS\system32\napstat.exe
2011-10-19 15:19:18 ----N---- C:\WINDOWS\system32\napmontr.dll
2011-10-19 15:19:18 ----N---- C:\WINDOWS\system32\napipsec.dll
2011-10-19 15:19:18 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2011-10-19 15:19:18 ----N---- C:\WINDOWS\system32\mssha.dll
2011-10-19 15:19:18 ----N---- C:\WINDOWS\system32\mmcperf.exe
2011-10-19 15:19:18 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2011-10-19 15:19:18 ----N---- C:\WINDOWS\system32\mmcex.dll
2011-10-19 15:19:18 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2011-10-19 15:19:18 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2011-10-19 15:19:18 ----N---- C:\WINDOWS\system32\kmsvc.dll
2011-10-19 15:19:18 ----N---- C:\WINDOWS\system32\kbdpash.dll
2011-10-19 15:19:18 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2011-10-19 15:19:18 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2011-10-19 15:19:18 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2011-10-19 15:19:17 ----N---- C:\WINDOWS\system32\wmphoto.dll
2011-10-19 15:19:17 ----N---- C:\WINDOWS\system32\wlanapi.dll
2011-10-19 15:19:17 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2011-10-19 15:19:17 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2011-10-19 15:19:17 ----N---- C:\WINDOWS\system32\verclsid.exe
2011-10-19 15:19:17 ----N---- C:\WINDOWS\system32\tzchange.exe
2011-10-19 15:19:17 ----N---- C:\WINDOWS\system32\tspkg.dll
2011-10-19 15:19:17 ----N---- C:\WINDOWS\system32\tsgqec.dll
2011-10-19 15:19:17 ----N---- C:\WINDOWS\system32\setupn.exe
2011-10-19 15:19:17 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2011-10-19 15:19:17 ----N---- C:\WINDOWS\system32\rasqec.dll
2011-10-19 15:19:17 ----N---- C:\WINDOWS\system32\qutil.dll
2011-10-19 15:19:17 ----N---- C:\WINDOWS\system32\qcliprov.dll
2011-10-19 15:19:17 ----N---- C:\WINDOWS\system32\qagentrt.dll
2011-10-19 15:19:17 ----N---- C:\WINDOWS\system32\qagent.dll
2011-10-19 15:19:17 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2011-10-19 15:19:16 ----N---- C:\WINDOWS\system32\xmllite.dll
2011-10-19 15:19:15 ----N---- C:\WINDOWS\system32\xpsp3res.dll
2011-10-19 15:19:15 ----D---- C:\WINDOWS\system32\scripting
2011-10-19 15:19:15 ----D---- C:\WINDOWS\system32\en-us
2011-10-19 15:19:15 ----D---- C:\WINDOWS\l2schemas
2011-10-19 15:19:14 ----D---- C:\WINDOWS\system32\en
2011-10-19 15:19:14 ----D---- C:\WINDOWS\system32\bits
2011-10-19 15:16:36 ----D---- C:\WINDOWS\network diagnostic
2011-10-19 15:16:34 ----N---- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2011-10-19 15:16:34 ----N---- C:\WINDOWS\system32\drivers\hdaudbus.sys
2011-10-19 15:09:27 ----D---- C:\WINDOWS\SoftwareDistribution
2011-10-19 15:08:07 ----SD---- C:\WINDOWS\system32\Microsoft
2011-10-19 15:06:11 ----N---- C:\WINDOWS\system32\proxycfg.exe
2011-10-19 15:06:11 ----N---- C:\WINDOWS\system32\logman.exe
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\watv10nt.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\watv06nt.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\wadv11nt.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\wadv09nt.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\wadv08nt.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\wadv07nt.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\wacompen.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\viaagp.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\vchnt5.dll
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\usbvideo.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\usb8023x.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\uagp35.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\smbali.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\slwdmsup.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\slnthal.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\slntamr.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\slnt7554.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\sisagp.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\siint5.dll
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\sffp_sd.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\sffdisk.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\sdbus.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\s3gnbm.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\rndismpx.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\rfcomm.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\recagent.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\mutohpen.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\mtxparhm.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\mtlstrm.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\mssmbios.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\ip6fw.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\intelppm.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\http.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\hidir.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\hidbth.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\gagp30kx.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\fltmgr.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\bthusb.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\bthprint.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\bthport.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\bthpan.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\bthmodem.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\bthenum.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\atv10nt5.dll
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\atv06nt5.dll
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\atv04nt5.dll
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\atv02nt5.dll
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\atv01nt5.dll
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\atinxsxx.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\atinxbxx.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\atintuxx.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\atinttxx.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\atinsnxx.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\atinrvxx.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\atinraxx.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\atinpdxx.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\atinmdxx.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\atinbtxx.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\ati2mtag.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\ati1snxx.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\ati1raxx.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\ati1btxx.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\amdagp.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\alim1541.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\agpcpq.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\agp440.sys
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\adv11nt5.dll
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\adv09nt5.dll
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\adv08nt5.dll
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\adv07nt5.dll
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\adv05nt5.dll
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\adv02nt5.dll
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\drivers\adv01nt5.dll
2011-10-19 15:06:09 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2011-10-19 15:06:09 ----A---- C:\WINDOWS\system32\drivers\nv4_mini.sys
2011-10-19 15:06:08 ----N---- C:\WINDOWS\system32\mspmsnsv.dll
2011-10-19 15:06:08 ----N---- C:\WINDOWS\system32\msdadiag.dll
2011-10-19 15:06:08 ----N---- C:\WINDOWS\system32\MP4SDMOD.dll
2011-10-19 15:06:08 ----N---- C:\WINDOWS\system32\MP43DMOD.dll
2011-10-19 15:06:08 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2011-10-19 15:06:08 ----N---- C:\WINDOWS\system32\kbdukx.dll
2011-10-19 15:06:08 ----N---- C:\WINDOWS\system32\kbdsmsno.dll
2011-10-19 15:06:08 ----N---- C:\WINDOWS\system32\kbdsmsfi.dll
2011-10-19 15:06:08 ----N---- C:\WINDOWS\system32\kbdno1.dll
2011-10-19 15:06:08 ----N---- C:\WINDOWS\system32\kbdmlt48.dll
2011-10-19 15:06:08 ----N---- C:\WINDOWS\system32\kbdmlt47.dll
2011-10-19 15:06:08 ----N---- C:\WINDOWS\system32\kbdmaori.dll
2011-10-19 15:06:08 ----N---- C:\WINDOWS\system32\kbdinmal.dll
2011-10-19 15:06:08 ----N---- C:\WINDOWS\system32\kbdinben.dll
2011-10-19 15:06:08 ----N---- C:\WINDOWS\system32\kbdinbe1.dll
2011-10-19 15:06:08 ----N---- C:\WINDOWS\system32\kbdfi1.dll
2011-10-19 15:06:08 ----N---- C:\WINDOWS\system32\ir50_qcx.dll
2011-10-19 15:06:08 ----N---- C:\WINDOWS\system32\ir50_qc.dll
2011-10-19 15:06:08 ----N---- C:\WINDOWS\system32\ir50_32.dll
2011-10-19 15:06:08 ----N---- C:\WINDOWS\system32\ir41_qcx.dll
2011-10-19 15:06:08 ----N---- C:\WINDOWS\system32\ir41_qc.dll
2011-10-19 15:06:08 ----N---- C:\WINDOWS\system32\ieencode.dll
2011-10-19 15:06:08 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2011-10-19 15:06:08 ----N---- C:\WINDOWS\system32\fwcfg.dll
2011-10-19 15:06:08 ----N---- C:\WINDOWS\system32\fsquirt.exe
2011-10-19 15:06:08 ----N---- C:\WINDOWS\system32\fltmc.exe
2011-10-19 15:06:08 ----N---- C:\WINDOWS\system32\fltlib.dll
2011-10-19 15:06:08 ----N---- C:\WINDOWS\system32\extmgr.dll
2011-10-19 15:06:08 ----N---- C:\WINDOWS\system32\dxdiagn.dll
2011-10-19 15:06:08 ----N---- C:\WINDOWS\system32\d3d9.dll
2011-10-19 15:06:08 ----N---- C:\WINDOWS\system32\cmsetacl.dll
2011-10-19 15:06:08 ----N---- C:\WINDOWS\system32\btpanui.dll
2011-10-19 15:06:08 ----N---- C:\WINDOWS\system32\bthserv.dll
2011-10-19 15:06:08 ----N---- C:\WINDOWS\system32\bthci.dll
2011-10-19 15:06:08 ----N---- C:\WINDOWS\system32\blastcln.exe
2011-10-19 15:06:08 ----N---- C:\WINDOWS\system32\bitsprx3.dll
2011-10-19 15:06:08 ----N---- C:\WINDOWS\system32\bitsprx2.dll
2011-10-19 15:06:08 ----N---- C:\WINDOWS\system32\auditusr.exe
2011-10-19 15:06:08 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2011-10-19 15:06:08 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2011-10-19 15:06:08 ----N---- C:\WINDOWS\system32\ati3duag.dll
2011-10-19 15:06:08 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2011-10-19 15:06:08 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2011-10-19 15:06:08 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2011-10-19 15:06:08 ----A---- C:\WINDOWS\system32\httpapi.dll
2011-10-19 15:06:07 ----N---- C:\WINDOWS\system32\wuaueng1.dll
2011-10-19 15:06:07 ----N---- C:\WINDOWS\system32\wuauclt1.exe
2011-10-19 15:06:07 ----N---- C:\WINDOWS\system32\wshbth.dll
2011-10-19 15:06:07 ----N---- C:\WINDOWS\system32\wmvdmoe2.dll
2011-10-19 15:06:07 ----N---- C:\WINDOWS\system32\WMSPDMOE.dll
2011-10-19 15:06:07 ----N---- C:\WINDOWS\system32\wmspdmod.dll
2011-10-19 15:06:07 ----N---- C:\WINDOWS\system32\wmsdmoe2.dll
2011-10-19 15:06:07 ----N---- C:\WINDOWS\system32\wmpdxm.dll
2011-10-19 15:06:07 ----N---- C:\WINDOWS\system32\wmpasf.dll
2011-10-19 15:06:07 ----N---- C:\WINDOWS\system32\wmp.dll
2011-10-19 15:06:07 ----N---- C:\WINDOWS\system32\wmidx.dll
2011-10-19 15:06:07 ----N---- C:\WINDOWS\system32\wmerror.dll
2011-10-19 15:06:07 ----N---- C:\WINDOWS\system32\winshfhc.dll
2011-10-19 15:06:07 ----N---- C:\WINDOWS\system32\w3ssl.dll
2011-10-19 15:06:07 ----N---- C:\WINDOWS\system32\twext.dll
2011-10-19 15:06:07 ----N---- C:\WINDOWS\system32\smbinst.exe
2011-10-19 15:06:07 ----N---- C:\WINDOWS\system32\slserv.exe
2011-10-19 15:06:07 ----N---- C:\WINDOWS\system32\slrundll.exe
2011-10-19 15:06:07 ----N---- C:\WINDOWS\system32\slgen.dll
2011-10-19 15:06:07 ----N---- C:\WINDOWS\system32\slextspk.dll
2011-10-19 15:06:07 ----N---- C:\WINDOWS\system32\slcoinst.dll
2011-10-19 15:06:07 ----N---- C:\WINDOWS\system32\sdhcinst.dll
2011-10-19 15:06:07 ----N---- C:\WINDOWS\system32\s3gnb.dll
2011-10-19 15:06:07 ----N---- C:\WINDOWS\system32\powercfg.exe
2011-10-19 15:06:07 ----N---- C:\WINDOWS\system32\pnrpnsp.dll
2011-10-19 15:06:07 ----N---- C:\WINDOWS\system32\p2psvc.dll
2011-10-19 15:06:07 ----N---- C:\WINDOWS\system32\p2pnetsh.dll
2011-10-19 15:06:07 ----N---- C:\WINDOWS\system32\p2pgraph.dll
2011-10-19 15:06:07 ----N---- C:\WINDOWS\system32\p2pgasvc.dll
2011-10-19 15:06:07 ----N---- C:\WINDOWS\system32\p2p.dll
2011-10-19 15:06:07 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2011-10-19 15:06:07 ----A---- C:\WINDOWS\system32\wuweb.dll
2011-10-19 15:06:07 ----A---- C:\WINDOWS\system32\wups.dll
2011-10-19 15:06:07 ----A---- C:\WINDOWS\system32\wucltui.dll
2011-10-19 15:06:07 ----A---- C:\WINDOWS\system32\wuapi.dll
2011-10-19 15:06:07 ----A---- C:\WINDOWS\system32\wscsvc.dll
2011-10-19 15:06:07 ----A---- C:\WINDOWS\system32\wscntfy.exe
2011-10-19 15:06:07 ----A---- C:\WINDOWS\system32\strmfilt.dll
2011-10-19 15:06:07 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2011-10-19 15:06:06 ----N---- C:\WINDOWS\system32\xpob2res.dll
2011-10-19 15:06:06 ----N---- C:\WINDOWS\system32\xmlprovi.dll
2011-10-19 15:06:06 ----N---- C:\WINDOWS\system32\xmlprov.dll
2011-10-19 15:06:06 ----N---- C:\WINDOWS\slrundll.exe
2011-10-19 15:06:06 ----D---- C:\WINDOWS\provisioning
2011-10-19 15:06:06 ----D---- C:\WINDOWS\peernet
2011-10-19 15:05:35 ----D---- C:\WINDOWS\ServicePackFiles
2011-10-19 15:05:09 ----N---- C:\WINDOWS\system32\xpsp2res.dll
2011-10-19 15:04:53 ----D---- C:\WINDOWS\system32\ReinstallBackups
2011-10-19 15:04:50 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2011-10-19 15:04:31 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2011-10-19 15:04:30 ----D---- C:\WINDOWS\EHome
2011-10-19 14:52:16 ----D---- C:\Program Files\AnalogX
2011-10-19 14:50:48 ----A---- C:\WINDOWS\nsreg.dat
2011-10-19 14:50:46 ----D---- C:\Documents and Settings\Mark\Application Data\Mozilla
2011-10-19 14:50:43 ----D---- C:\Program Files\Mozilla Firefox
2011-10-19 14:50:03 ----A---- C:\WINDOWS\system32\drivers\usbstor.sys
2011-10-19 14:45:51 ----SHD---- C:\WINDOWS\Installer
2011-10-19 14:45:49 ----D---- C:\Documents and Settings\Mark\Application Data\Identities
2011-10-19 14:45:44 ----HD---- C:\Program Files\Uninstall Information
2011-10-19 14:45:43 ----ASH---- C:\Documents and Settings\Mark\Application Data\desktop.ini
2011-10-19 14:45:42 ----SD---- C:\Documents and Settings\Mark\Application Data\Microsoft
2011-10-19 14:44:54 ----SHD---- C:\System Volume Information
2011-10-19 14:44:53 ----N---- C:\WINDOWS\SchedLgU.Txt
2011-10-19 14:43:24 ----AS---- C:\WINDOWS\bootstat.dat
2011-10-19 14:42:19 ----D---- C:\WINDOWS\system32\xircom
2011-10-19 14:42:19 ----D---- C:\Program Files\xerox
2011-10-19 14:42:19 ----D---- C:\Program Files\microsoft frontpage
2011-10-19 14:42:16 ----RASH---- C:\MSDOS.SYS
2011-10-19 14:42:16 ----RASH---- C:\IO.SYS
2011-10-19 14:42:16 ----A---- C:\WINDOWS\control.ini
2011-10-19 14:42:16 ----A---- C:\CONFIG.SYS
2011-10-19 14:42:16 ----A---- C:\AUTOEXEC.BAT
2011-10-19 14:42:11 ----A---- C:\WINDOWS\system32\mapi32.dll
2011-10-19 14:41:46 ----SD---- C:\WINDOWS\Downloaded Program Files
2011-10-19 14:41:46 ----RD---- C:\WINDOWS\Offline Web Pages
2011-10-19 14:41:26 ----D---- C:\WINDOWS\system32\DirectX
2011-10-19 14:40:52 ----A---- C:\WINDOWS\system32\safrslv.dll
2011-10-19 14:40:52 ----A---- C:\WINDOWS\system32\safrdm.dll
2011-10-19 14:40:52 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2011-10-19 14:40:52 ----A---- C:\WINDOWS\system32\racpldlg.dll
2011-10-19 14:40:52 ----A---- C:\WINDOWS\system32\atrace.dll
2011-10-19 14:40:48 ----A---- C:\WINDOWS\system32\desktop.ini
2011-10-19 14:40:48 ----A---- C:\WINDOWS\desktop.ini
2011-10-19 14:40:40 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2011-10-19 14:40:39 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2011-10-19 14:40:39 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2011-10-19 14:40:37 ----D---- C:\Program Files\Common Files\Services
2011-10-19 14:40:37 ----A---- C:\WINDOWS\system32\acctres.dll
2011-10-19 14:40:36 ----A---- C:\WINDOWS\system32\inetres.dll
2011-10-19 14:40:31 ----SD---- C:\WINDOWS\Tasks
2011-10-19 14:40:31 ----A---- C:\WINDOWS\system32\icwphbk.dll
2011-10-19 14:40:31 ----A---- C:\WINDOWS\system32\icwdial.dll
2011-10-19 14:40:30 ----A---- C:\WINDOWS\system32\isign32.dll
2011-10-19 14:40:30 ----A---- C:\WINDOWS\system32\inetcfg.dll
2011-10-19 14:40:30 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2011-10-19 14:40:27 ----D---- C:\Program Files\Common Files\MSSoap
2011-10-19 14:40:21 ----D---- C:\WINDOWS\srchasst
2011-10-19 14:40:20 ----D---- C:\WINDOWS\system32\Macromed
2011-10-19 14:40:19 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2011-10-19 14:40:19 ----A---- C:\WINDOWS\system32\qmgr.dll
2011-10-19 14:40:18 ----D---- C:\Program Files\Movie Maker
2011-10-19 14:40:14 ----D---- C:\WINDOWS\PCHealth
2011-10-19 14:40:13 ----D---- C:\WINDOWS\system32\Restore
2011-10-19 14:40:13 ----A---- C:\WINDOWS\system32\srsvc.dll
2011-10-19 14:40:13 ----A---- C:\WINDOWS\system32\srrstr.dll
2011-10-19 14:40:13 ----A---- C:\WINDOWS\system32\srclient.dll
2011-10-19 14:40:13 ----A---- C:\WINDOWS\system32\drivers\sr.sys
2011-10-19 14:40:12 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2011-10-19 14:40:12 ----A---- C:\WINDOWS\system32\msconf.dll
2011-10-19 14:40:12 ----A---- C:\WINDOWS\system32\mnmdd.dll
2011-10-19 14:40:12 ----A---- C:\WINDOWS\system32\ils.dll
2011-10-19 14:40:09 ----D---- C:\Program Files\NetMeeting
2011-10-19 14:40:09 ----A---- C:\WINDOWS\system32\msoert2.dll
2011-10-19 14:40:09 ----A---- C:\WINDOWS\system32\msoeacct.dll
2011-10-19 14:40:08 ----A---- C:\WINDOWS\system32\inetcomm.dll
2011-10-19 14:40:07 ----D---- C:\Program Files\Outlook Express
2011-10-19 14:40:07 ----A---- C:\WINDOWS\system32\schedsvc.dll
2011-10-19 14:40:06 ----A---- C:\WINDOWS\system32\mstinit.exe
2011-10-19 14:40:06 ----A---- C:\WINDOWS\system32\mstask.dll
2011-10-19 14:40:02 ----D---- C:\Program Files\Internet Explorer
2011-10-19 14:40:02 ----D---- C:\Program Files\Common Files\System
2011-10-19 14:40:00 ----A---- C:\WINDOWS\system32\emptyregdb.dat
2011-10-19 14:39:59 ----D---- C:\Program Files\ComPlus Applications
2011-10-19 14:39:58 ----A---- C:\WINDOWS\vbaddin.ini
2011-10-19 14:39:58 ----A---- C:\WINDOWS\vb.ini
2011-10-19 14:39:57 ----D---- C:\WINDOWS\Registration
2011-10-19 14:39:46 ----HD---- C:\Program Files\WindowsUpdate
2011-10-19 14:39:46 ----D---- C:\Program Files\Windows Media Player
2011-10-19 14:39:46 ----D---- C:\Program Files\Online Services
2011-10-19 14:39:43 ----D---- C:\Program Files\Messenger
2011-10-19 14:39:37 ----D---- C:\Program Files\MSN Gaming Zone
2011-10-19 14:39:37 ----A---- C:\WINDOWS\system32\write.exe
2011-10-19 14:39:28 ----A---- C:\WINDOWS\system32\accwiz.exe
2011-10-19 14:39:27 ----A---- C:\WINDOWS\system32\sndvol32.exe
2011-10-19 14:39:27 ----A---- C:\WINDOWS\system32\sndrec32.exe
2011-10-19 14:39:27 ----A---- C:\WINDOWS\system32\hypertrm.dll
2011-10-19 14:39:26 ----A---- C:\WINDOWS\system32\hticons.dll
2011-10-19 14:39:26 ----A---- C:\WINDOWS\system32\avwav.dll
2011-10-19 14:39:26 ----A---- C:\WINDOWS\system32\avtapi.dll
2011-10-19 14:39:26 ----A---- C:\WINDOWS\system32\avmeter.dll
2011-10-19 14:39:25 ----A---- C:\WINDOWS\system32\winchat.exe
2011-10-19 14:39:17 ----A---- C:\WINDOWS\system32\getuname.dll
2011-10-19 14:39:16 ----A---- C:\WINDOWS\system32\sol.exe
2011-10-19 14:39:16 ----A---- C:\WINDOWS\system32\charmap.exe
2011-10-19 14:39:16 ----A---- C:\WINDOWS\system32\calc.exe
2011-10-19 14:39:15 ----A---- C:\WINDOWS\system32\winmine.exe
2011-10-19 14:39:15 ----A---- C:\WINDOWS\system32\reset.exe
2011-10-19 14:39:15 ----A---- C:\WINDOWS\system32\mshearts.exe
2011-10-19 14:39:15 ----A---- C:\WINDOWS\system32\freecell.exe
2011-10-19 14:39:15 ----A---- C:\WINDOWS\system32\drivers\tdtcp.sys
2011-10-19 14:39:15 ----A---- C:\WINDOWS\system32\drivers\tdpipe.sys
2011-10-19 14:39:14 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2011-10-19 14:39:14 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2011-10-19 14:39:14 ----A---- C:\WINDOWS\system32\tslabels.ini
2011-10-19 14:39:14 ----A---- C:\WINDOWS\system32\tskill.exe
2011-10-19 14:39:14 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2011-10-19 14:39:14 ----A---- C:\WINDOWS\system32\tscon.exe
2011-10-19 14:39:14 ----A---- C:\WINDOWS\system32\shadow.exe
2011-10-19 14:39:14 ----A---- C:\WINDOWS\system32\rwinsta.exe
2011-10-19 14:39:14 ----A---- C:\WINDOWS\system32\regini.exe
2011-10-19 14:39:14 ----A---- C:\WINDOWS\system32\rdshost.exe
2011-10-19 14:39:14 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2011-10-19 14:39:14 ----A---- C:\WINDOWS\system32\qwinsta.exe
2011-10-19 14:39:13 ----A---- C:\WINDOWS\system32\qprocess.exe
2011-10-19 14:39:13 ----A---- C:\WINDOWS\system32\qappsrv.exe
2011-10-19 14:39:13 ----A---- C:\WINDOWS\system32\mtxoci.dll
2011-10-19 14:39:13 ----A---- C:\WINDOWS\system32\msg.exe
2011-10-19 14:39:13 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2011-10-19 14:39:13 ----A---- C:\WINDOWS\system32\logoff.exe
2011-10-19 14:39:13 ----A---- C:\WINDOWS\system32\cdmodem.dll
2011-10-19 14:39:12 ----A---- C:\WINDOWS\system32\xolehlp.dll
2011-10-19 14:39:12 ----A---- C:\WINDOWS\system32\msdtctm.dll
2011-10-19 14:39:12 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2011-10-19 14:39:12 ----A---- C:\WINDOWS\system32\msdtclog.dll
2011-10-19 14:39:12 ----A---- C:\WINDOWS\system32\msdtc.exe
2011-10-19 14:39:10 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2011-10-19 14:39:10 ----A---- C:\WINDOWS\system32\mtxex.dll
2011-10-19 14:39:10 ----A---- C:\WINDOWS\system32\mtxdm.dll
2011-10-19 14:39:10 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2011-10-19 14:39:10 ----A---- C:\WINDOWS\system32\comaddin.dll
2011-10-19 14:39:10 ----A---- C:\WINDOWS\system32\colbact.dll
2011-10-19 14:39:09 ----A---- C:\WINDOWS\system32\stclient.dll
2011-10-19 14:39:09 ----A---- C:\WINDOWS\system32\comrepl.dll
2011-10-19 14:39:09 ----A---- C:\WINDOWS\system32\clbcatex.dll
2011-10-19 14:39:09 ----A---- C:\WINDOWS\system32\catsrvps.dll
2011-10-19 14:39:09 ----A---- C:\WINDOWS\system32\catsrv.dll
2011-10-19 14:39:08 ----A---- C:\WINDOWS\system32\comuid.dll
2011-10-19 14:39:08 ----A---- C:\WINDOWS\system32\comsnap.dll
2011-10-19 14:39:08 ----A---- C:\WINDOWS\system32\clbcatq.dll
2011-10-19 14:39:01 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2011-10-19 14:39:01 ----A---- C:\WINDOWS\system32\servdeps.dll
2011-10-19 14:39:00 ----A---- C:\WINDOWS\system32\mmfutil.dll
2011-10-19 14:39:00 ----A---- C:\WINDOWS\system32\cmprops.dll
2011-10-19 14:38:53 ----D---- C:\Program Files\Windows NT
2011-10-19 14:38:53 ----D---- C:\Program Files\MSN
2011-10-19 14:38:53 ----A---- C:\WINDOWS\system32\mplay32.exe
2011-10-19 14:38:52 ----A---- C:\WINDOWS\system32\wuauclt.exe
2011-10-19 14:38:52 ----A---- C:\WINDOWS\system32\spider.exe
2011-10-19 14:38:52 ----A---- C:\WINDOWS\system32\mspaint.exe
2011-10-19 14:38:52 ----A---- C:\WINDOWS\system32\clipbrd.exe
2011-10-19 14:38:51 ----A---- C:\WINDOWS\system32\wuauserv.dll
2011-10-19 14:38:51 ----A---- C:\WINDOWS\system32\wuaueng.dll
2011-10-19 14:38:51 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2011-10-19 14:38:51 ----A---- C:\WINDOWS\system32\drivers\rdpwd.sys
2011-10-19 14:38:50 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2011-10-19 14:38:50 ----A---- C:\WINDOWS\system32\termsrv.dll
2011-10-19 14:38:50 ----A---- C:\WINDOWS\system32\sessmgr.exe
2011-10-19 14:38:50 ----A---- C:\WINDOWS\system32\remotepg.dll
2011-10-19 14:38:50 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2011-10-19 14:38:50 ----A---- C:\WINDOWS\system32\rdchost.dll
2011-10-19 14:38:50 ----A---- C:\WINDOWS\system32\mstscax.dll
2011-10-19 14:38:50 ----A---- C:\WINDOWS\system32\mstsc.exe
2011-10-19 14:38:49 ----D---- C:\WINDOWS\system32\MsDtc
2011-10-19 14:38:49 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2011-10-19 14:38:49 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2011-10-19 14:38:49 ----A---- C:\WINDOWS\system32\rdpclip.exe
2011-10-19 14:38:49 ----A---- C:\WINDOWS\system32\icaapi.dll
2011-10-19 14:38:49 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2011-10-19 14:38:48 ----D---- C:\WINDOWS\system32\Com
2011-10-19 14:38:48 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2011-10-19 14:38:48 ----A---- C:\WINDOWS\system32\catsrvut.dll
2011-10-19 14:38:47 ----A---- C:\WINDOWS\system32\comsvcs.dll
2011-10-19 14:38:44 ----A---- C:\WINDOWS\system32\licwmi.dll
2011-10-19 14:38:40 ----A---- C:\WINDOWS\system32\drivers\termdd.sys
2011-10-19 14:38:40 ----A---- C:\WINDOWS\system32\drivers\rdpdr.sys
2011-10-19 10:38:04 ----A---- C:\WINDOWS\system32\h323log.txt
2011-10-19 10:36:10 ----A---- C:\WINDOWS\system32\drivers\audstub.sys
2011-10-19 10:35:57 ----A---- C:\WINDOWS\system32\drivers\redbook.sys
2011-10-19 10:35:34 ----A---- C:\WINDOWS\system32\usbui.dll
2011-10-19 10:35:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-10-19 10:35:10 ----D---- C:\Program Files\Common Files\ODBC
2011-10-19 10:35:10 ----A---- C:\WINDOWS\ODBCINST.INI
2011-10-19 10:35:07 ----RD---- C:\Program Files
2011-10-19 10:35:07 ----D---- C:\Program Files\Common Files\SpeechEngines
2011-10-19 10:35:07 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-10-19 10:35:07 ----D---- C:\Program Files\Common Files
2011-10-19 10:35:04 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2011-10-19 10:35:04 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2011-10-19 10:35:04 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2011-10-19 10:35:02 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2011-10-19 10:35:02 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2011-10-19 10:35:02 ----RA---- C:\WINDOWS\system32\kbdur.dll
2011-10-19 10:35:02 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2011-10-19 10:35:02 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2011-10-19 10:35:02 ----RA---- C:\WINDOWS\system32\kbdru.dll
2011-10-19 10:35:02 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2011-10-19 10:35:02 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2011-10-19 10:35:02 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2011-10-19 10:35:02 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2011-10-19 10:35:02 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2011-10-19 10:35:02 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2011-10-19 10:34:59 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2011-10-19 10:34:59 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2011-10-19 10:34:59 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2011-10-19 10:34:59 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2011-10-19 10:34:59 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2011-10-19 10:34:59 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2011-10-19 10:34:59 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2011-10-19 10:34:57 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2011-10-19 10:34:57 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2011-10-19 10:34:57 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2011-10-19 10:34:57 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2011-10-19 10:34:57 ----RA---- C:\WINDOWS\system32\kbdest.dll
2011-10-19 10:34:55 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2011-10-19 10:34:55 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2011-10-19 10:34:55 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2011-10-19 10:34:55 ----RA---- C:\WINDOWS\system32\kbdro.dll
2011-10-19 10:34:55 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2011-10-19 10:34:55 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2011-10-19 10:34:55 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2011-10-19 10:34:55 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2011-10-19 10:34:55 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2011-10-19 10:34:55 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2011-10-19 10:34:55 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2011-10-19 10:34:55 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2011-10-19 10:34:55 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2011-10-19 10:34:53 ----A---- C:\WINDOWS\system32\irclass.dll
2011-10-19 10:34:53 ----A---- C:\WINDOWS\system32\drivers\irenum.sys
2011-10-19 10:34:52 ----A---- C:\WINDOWS\system32\spxcoins.dll
2011-10-19 10:34:52 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2011-10-19 10:34:52 ----A---- C:\WINDOWS\system32\dgsetup.dll
2011-10-19 10:34:52 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2011-10-19 10:34:50 ----A---- C:\WINDOWS\TASKMAN.EXE
2011-10-19 10:34:49 ----A---- C:\WINDOWS\system32\storprop.dll
2011-10-19 10:34:49 ----A---- C:\WINDOWS\system32\batt.dll
2011-10-19 10:34:49 ----A---- C:\WINDOWS\notepad.exe
2011-10-19 10:34:46 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2011-10-19 10:34:37 ----D---- C:\WINDOWS\system32\CatRoot2
2011-10-19 10:34:37 ----D---- C:\WINDOWS\system32\CatRoot
2011-10-19 10:34:31 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2011-10-19 10:34:08 ----D---- C:\Documents and Settings
2011-10-19 10:34:0

GR@PH;<'S · « **Reply #1 on:** October 22, 2011, 08:08:51 PM »

Ghost,

Quote

formatted/reloaded C drive and its clean. i decided to scan D drive and OMG! hundreds of infections, mostly in system restore.
i scanned with AVG, malwarebytes, superantispyware, and kasparsky online scanner (the one you d/l and run) and they found almost the same number of infections

Have you removed the items that were forund on your "D" drive and as your "C" Drive is clean (Your main drive) then My advice is to empty the system restore folder and the create a new restore point. To do this
Click Start, and then right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Restart the computer.
All data, including the items and registry entries will be removed from the restore folder.
After restarting the computer, "Re-enable System Restore"
before going any further you need now to create a fresh restore point
Then rescan and post new log files.

GR@PH;<'S

Corrine · « **Reply #2 on:** October 22, 2011, 08:15:10 PM »

Oops. I didn't realize you were looking at Ghost's topic, GR@PH;<'S. Based on a separate conversation Ghost and I had, I'd like to deal with some additional issues.

Hi, Ghost.

Thank you for the message about your friend's computer. Because this was a reinstall, the log was cut off but based on a couple of things I see, let's take a run with ComboFix.

Please follow these instructions carefully.

Download ComboFix from one of the following locations:

Link 1
Link 2

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray.

Note: If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum: How to disable your security applications.

Now, please run ComboFix:

Note: If infections are found, ComboFix will automatically reboot the machine to complete the removal process. Please ensure all opened windows are closed before proceeding.
Double-click ComboFix.exe on your desktop and follow the prompts.
As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click "Yes" to continue scanning for malware.
When finished, a log will be produced. Please include the C:\ComboFix.txt in your next reply.

Ghost · « **Reply #3 on:** October 22, 2011, 09:20:43 PM »

hi GR@PH;<'S,
thanks for the drink;-).
did as you asked in restore and thanks again.
corrine,
here is the log requested:
ComboFix 11-10-21.06 - Mark 10/22/2011 17:14:10.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1983.1485 [GMT -4:00]
Running from: c:\documents and settings\Mark\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\messenger\msmsgsin.exe
c:\program files\msn\msncorefiles\custdial.dll
c:\program files\msn\msncorefiles\logonmgr.dll
c:\windows\help\tours\htmltour\unlock_playing.htm
.
.
((((((((((((((((((((((((( Files Created from 2011-09-22 to 2011-10-22 )))))))))))))))))))))))))))))))
.
.
2011-10-22 17:15 . 2011-10-22 17:15   --------   d-----w-   C:\rsit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 15:41 . 2009-10-08 18:57   611328   ----a-w-   c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2003-03-31 12:00   220160   ----a-w-   c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2003-03-31 12:00   20480   ----a-w-   c:\windows\system32\oleaccrc.dll
2011-09-13 10:30 . 2011-09-13 10:30   32592   ----a-w-   c:\windows\system32\drivers\avgrkx86.sys
2011-09-09 09:12 . 2003-03-31 12:00   599040   ----a-w-   c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2003-03-31 12:00   1858944   ----a-w-   c:\windows\system32\win32k.sys
2011-09-05 13:56 . 2003-03-31 12:00   667136   ----a-w-   c:\windows\system32\wininet.dll
2011-09-05 13:56 . 2003-03-31 12:00   61952   ----a-w-   c:\windows\system32\tdc.ocx
2011-08-17 13:49 . 2003-03-31 12:00   138496   ----a-w-   c:\windows\system32\drivers\afd.sys
2011-08-08 10:08 . 2011-08-08 10:08   40016   ----a-w-   c:\windows\system32\drivers\avgmfx86.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-03-16 110696]
"RTHDCPL"="RTHDCPL.EXE" [2011-08-17 20064872]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-16 13670504]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-09-23 2404704]
.
c:\documents and settings\Mark\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ     autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-03-16 07:37   13670504   ----a-w-   c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 17:06   254696   ----a-w-   c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 1:14 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/11/2011 1:13 AM 229840]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 295248]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
S2 AviraUpgradeService;Avira Upgrade Service;"c:\windows\TEMP\AVSETUP_4ea018ac\avupgsvc.exe" /TEMPSTART:""c:\windows\TEMP\AVSETUP_4ea018ac\setup.exe" /NOTEMPCLEANUP /CROSSUPGRADE" --> c:\windows\TEMP\AVSETUP_4ea018ac\avupgsvc.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/20/2011 7:09 AM 1691480]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 68.94.156.1 68.94.157.1
FF - ProfilePath - c:\documents and settings\Mark\Application Data\Mozilla\Firefox\Profiles\u16746q2.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -
.
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
MSConfigStartUp-nwiz - nwiz.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-22 17:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(880)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2011-10-22 17:17:12
ComboFix-quarantined-files.txt 2011-10-22 21:17
.
Pre-Run: 149,512,847,360 bytes free
Post-Run: 149,473,271,808 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 8CD4F69DE75A67872C1958143B65A717

thanks,
Ghost

Corrine · « **Reply #4 on:** October 22, 2011, 10:09:29 PM »

Hi, Ghost.

What concerned me was AVUPGSVC.EXE, particularly as it is located in Temp and has two different .exe files associated with the folder. So, let's give this a try and also remove the out-dated Java Console from Firefox.

Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK). Copy/Paste all of the text present inside the code box below:

Code: [Select]

Firefox::
FF - ProfilePath - c:\documents and settings\Mark\Application Data\Mozilla\Firefox\Profiles\u16746q2.default\
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - 

Folder::
c:\windows\TEMP\AVSETUP_4ea018ac

Save this as CFScript.txt and place it on your desktop.
Close any open browsers.
Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Ghost · « **Reply #5 on:** October 22, 2011, 10:35:34 PM »

hi Corrine,
here is the combofix log you requested:

ComboFix 11-10-21.06 - Mark 10/22/2011 18:26:03.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1983.1338 [GMT -4:00]
Running from: c:\documents and settings\Mark\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mark\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AviraUpgradeService
-------\Service_AviraUpgradeService
.
.
((((((((((((((((((((((((( Files Created from 2011-09-22 to 2011-10-22 )))))))))))))))))))))))))))))))
.
.
2011-10-22 17:15 . 2011-10-22 17:15   --------   d-----w-   C:\rsit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 15:41 . 2009-10-08 18:57   611328   ----a-w-   c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2003-03-31 12:00   220160   ----a-w-   c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2003-03-31 12:00   20480   ----a-w-   c:\windows\system32\oleaccrc.dll
2011-09-13 10:30 . 2011-09-13 10:30   32592   ----a-w-   c:\windows\system32\drivers\avgrkx86.sys
2011-09-09 09:12 . 2003-03-31 12:00   599040   ----a-w-   c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2003-03-31 12:00   1858944   ----a-w-   c:\windows\system32\win32k.sys
2011-09-05 13:56 . 2003-03-31 12:00   667136   ----a-w-   c:\windows\system32\wininet.dll
2011-09-05 13:56 . 2003-03-31 12:00   61952   ----a-w-   c:\windows\system32\tdc.ocx
2011-08-17 13:49 . 2003-03-31 12:00   138496   ----a-w-   c:\windows\system32\drivers\afd.sys
2011-08-08 10:08 . 2011-08-08 10:08   40016   ----a-w-   c:\windows\system32\drivers\avgmfx86.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-22_21.16.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-22 22:29 . 2011-10-22 22:29   16384 c:\windows\Temp\Perflib_Perfdata_380.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-03-16 110696]
"RTHDCPL"="RTHDCPL.EXE" [2011-08-17 20064872]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-16 13670504]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-09-23 2404704]
.
c:\documents and settings\Mark\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ     autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-03-16 07:37   13670504   ----a-w-   c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 17:06   254696   ----a-w-   c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 1:14 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/11/2011 1:13 AM 229840]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 295248]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/20/2011 7:09 AM 1691480]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 68.94.156.1 68.94.157.1
FF - ProfilePath - c:\documents and settings\Mark\Application Data\Mozilla\Firefox\Profiles\u16746q2.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-22 18:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(884)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
- - - - - - - > 'explorer.exe'(3920)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
c:\program files\SpywareGuard\sgbhp.exe
.
**************************************************************************
.
Completion time: 2011-10-22 18:32:19 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-22 22:32
ComboFix2.txt 2011-10-22 21:17
.
Pre-Run: 149,482,512,384 bytes free
Post-Run: 149,420,146,688 bytes free
.
- - End Of File - - 1E905EFF050D46EC6E8FAE4A946B871D

thank you,
Ghost

Corrine · « **Reply #6 on:** October 22, 2011, 10:58:47 PM »

Perhaps I should have included the entire Java Console line. Anyway, we can do it manually.

Uninstalling older versions of JRE may not uninstall the Java Console for that version, causing Firefox to accumulate multiple Java Console extensions located in the Firefox > Tools > Add-ons list.

Make sure you already have the most recent version, Java SE Runtime Environment 6u29.
Go to C:\Program Files > Mozilla Firefox > extensions.
Delete the folders "{CAFEEFAC-0016-0000-xxxx-ABCDEFFEDCBA}", where xxxx is the number of the JRE-version. In this case, delete the one with 19: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
Keep the highest number as this is the latest version, i.e., 0029.

For contrast, let's try an online ESET scan. Please go here to run an on-line scan from ESET.

Note: It is easiest if you use Internet explorer for this scan. (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic and also let me know how things are now.

Note: Don't do any other surfing with IE until it is upgraded. Even though your friend uses Firefox, after we finish, I strongly suggest doing a stepped upgrade: IE6 -> IE6 -> IE8.

Ghost · « **Reply #7 on:** October 23, 2011, 12:08:19 AM »

hi Corrine,
this scan found the mess!
log as requested:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=96872edc2e9b604da0ee26225a6cf6e6
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-10-23 12:02:49
# local_time=2011-10-22 08:02:49 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777191 100 0 0 0 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=125156
# found=1512
# cleaned=0
# scan_time=3067
D:\Documents and Settings\Heidi\Local Settings\Temporary Internet Files\Content.IE5\8LBM4HSS\cartShow[1].aspx   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\Heidi\Local Settings\Temporary Internet Files\Content.IE5\FYQKJ6H0\stat[1].htm   Win32/TrojanDropper.Agent.OFV trojan (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\Heidi\My Documents\PRODUCTS.HTM   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\Heidi\My Documents\Misc Documents\KW Itinerary.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\Heidi\My Documents\My Music\80s Trivia.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\Heidi\My Documents\My Pictures\clockcornflowerblue.htm   HTML/Iframe.gen trojan (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\Heidi\My Documents\My Pictures\Haley & Dee.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\Heidi\My Documents\My Pictures\Kodak Pictures\Haley & her bass.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\Heidi\My Documents\My Webs\myweb\_derived\nortbots.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\Heidi\My Documents\My Webs\ZoneAlarm\readme.html   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\Heidi\My Documents\My Webs\ZoneAlarm\zl_priv.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\Heidi\My Documents\Realtek_AC97_MB\AC97\alcchkid.exe   Win32/Virut.NBP virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\Heidi\My Documents\Realtek_AC97_MB\AC97\alcrmv.exe   Win32/Virut.NBP virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\Heidi\My Documents\Realtek_AC97_MB\AC97\alcrmv9x.exe   Win32/Virut.NBP virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\Heidi\My Documents\Realtek_AC97_MB\AC97\alcupd.exe   Win32/Virut.NBP virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\Heidi\My Documents\Realtek_AC97_MB\AC97\ChCfg.exe   Win32/Virut.NBP virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\Heidi\My Documents\Realtek_AC97_MB\AC97\GETDXVER.EXE   Win32/Virut.NBP virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\Heidi\My Documents\Realtek_AC97_MB\AC97\SetCDfmt.exe   Win32/Virut.NBP virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\Heidi\My Documents\Realtek_AC97_MB\AC97\Ap\AvRack2.exe   Win32/Virut.NBP virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\Heidi\My Documents\Realtek_AC97_MB\AC97\Ap\RtlRack.exe   Win32/Virut.NBP virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\Heidi\My Documents\Realtek_AC97_MB\AC97\WDM\alcrmv.exe   Win32/Virut.NBP virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\Heidi\My Documents\Realtek_AC97_MB\AC97\WDM\ChCfg.exe   Win32/Virut.NBP virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\Heidi\My Documents\Realtek_AC97_MB\AC97\WDM\RTLCPL.exe   Win32/Virut.NBP virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\Heidi\My Documents\Realtek_AC97_MB\AC97\WDM\SoundMan.exe   Win32/Virut.NBP virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\Heidi\My Documents\Realtek_AC97_MB\AC97\WinNT4\SoundMan.exe   Win32/Virut.NBP virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\flow2-p1[1].aspx   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\reCA0BI7I2.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\reCA4F894O.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\reCA56Q9P2.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\reCADMS6S0.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\reCAFQFCKT.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\reCAID3SQ6.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\reCAJISRTL.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\reCAP70UZK.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\reCASAYIAA.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\reCAVWFGA8.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\reCAW9Z3C5.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\reCAYI29SO.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\re[10].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\re[11].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\re[1].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\re[2].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\re[3].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\re[4].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\re[5].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\re[6].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\re[7].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\re[8].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\re[9].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\searchCA15PL17.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\searchCA38NBT0.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\searchCA65WJDU.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\searchCA6CFR6H.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\searchCA6EBQTF.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\searchCA6RCY8E.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\searchCA6SPXN7.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\searchCA9ET6QW.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\searchCABFH5Q8.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\searchCACQ20PB.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\searchCADV822Y.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\searchCAK794UG.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\searchCANCI36N.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\searchCANMKZO0.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\searchCAQ5JWAI.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\searchCAREGT23.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\searchCASQYMGP.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\searchCATQ624N.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\searchCAYAMHQW.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\search[10].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\search[11].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\search[1].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\search[1].php   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\search[2].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\search[3].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\search[4].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\search[5].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\search[6].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\search[7].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\search[8].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\search[9].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\w[1].bin   a variant of Win32/Adware.Coolezweb.BI application (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0J2L4NOP\w[2].bin   a variant of Win32/Adware.Coolezweb.BI application (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\01[1].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\index[1].html   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\reCA5ESNNP.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\reCAALCY4N.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\reCAFTZAGS.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\reCALXBB59.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\reCAP5RDC4.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\reCAV05DR5.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\re[10].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\re[11].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\re[1].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\re[2].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\re[3].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\re[4].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\re[5].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\re[6].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\re[7].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\re[8].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\re[9].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\searchCA2OGK92.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\searchCA2PR3L8.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\searchCA2ZWFSV.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\searchCA6FA5OM.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\searchCA6X1GQ1.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\searchCAC15DST.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\searchCAE0907Y.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\searchCAGA7238.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\searchCAHB0MA1.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\searchCAHPAQVG.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\searchCALI4OMW.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\searchCALL2PVU.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\searchCAR2UVP5.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\searchCARET87L.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\searchCAS6G83A.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\searchCATJ17PR.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\searchCAWU08C9.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\searchCAXSZRVQ.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\searchCAY6K6D7.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\searchCAZLFWHR.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\search[10].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\search[11].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\search[1].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\search[2].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\search[3].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\search[4].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\search[5].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\search[6].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\search[7].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\search[8].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\search[9].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\w[1].bin   a variant of Win32/Adware.Coolezweb.BI application (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\w[2].bin   a variant of Win32/Adware.Coolezweb.BI application (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\w[3].bin   a variant of Win32/Adware.Coolezweb.BI application (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\w[4].bin   a variant of Win32/Adware.Coolezweb.BI application (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\w[5].bin   a variant of Win32/Adware.Coolezweb.BI application (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\w[6].bin   a variant of Win32/Adware.Coolezweb.BI application (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\w[7].bin   a variant of Win32/Adware.Coolezweb.BI application (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQ9STCD\w[8].bin   a variant of Win32/Adware.Coolezweb.BI application (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\index[1].html   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\reCA2GGPYM.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\reCA3QZKAK.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\reCA7R0Q2S.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\reCA8YRSJ9.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\reCA9GAAS4.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\reCA9VLKEL.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\reCAAKQDFE.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\reCABOBOKV.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\reCAEYKQMD.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\reCAH0TQ41.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\reCAIJT5AP.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\reCAJSMUWP.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\reCAKQC2OO.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\reCAMXIHNM.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\reCAO4QYE7.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\reCAPKNG7Z.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\reCAPVF3LQ.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\reCARZQMOD.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\reCAUF5DU9.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\reCAW68L9V.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\reCAX8U81W.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\reCAXBGXOS.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\reCAYMC5DW.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\reCAYWBSIU.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\re[10].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\re[11].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\re[1].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\re[2].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\re[3].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\re[4].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\re[5].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\re[7].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\re[8].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\re[9].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\searchCA03LG7S.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\searchCADE4IW3.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\searchCAFEO3XF.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\searchCAG3J806.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\searchCAGYMUL3.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\searchCAJPG9BT.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\searchCAKPUHOX.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\searchCAM2XZLW.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\searchCASC2XJ8.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\searchCASSLNTA.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\searchCAT98R5T.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\searchCAU7D24L.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\searchCAV00ILD.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\searchCAW1HG2H.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\searchCAWKM9KF.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\searchCAY2LV7Z.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\searchCAYQUQOS.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\searchCAZICOEV.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\search[10].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\search[11].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\search[1].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\search[1].php   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\search[2].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\search[3].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\search[4].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\search[5].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\search[6].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\search[7].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\search[8].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\search[9].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\w[1].bin   a variant of Win32/Adware.Coolezweb.BI application (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\w[2].bin   Win32/Adware.Coolezweb application (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\w[3].bin   Win32/Adware.Coolezweb application (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\w[4].bin   a variant of Win32/Adware.Coolezweb.BI application (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\w[5].bin   a variant of Win32/Adware.Coolezweb.BI application (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Q9STCVEX\w[6].bin   a variant of Win32/Adware.Coolezweb.BI application (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\1431963[1].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\reCABB13NV.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\reCABBTQIJ.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\reCAEHHY0O.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\reCALD0KL7.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\reCAPKUY5E.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\reCAQ5SMXR.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\reCARW29Y2.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\reCAT81NE9.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\re[10].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\re[11].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\re[1].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\re[2].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\re[3].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\re[4].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\re[5].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\re[6].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\re[7].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\re[8].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\re[9].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\searchCA1PTI9O.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\searchCA4H3N9B.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\searchCA91DINP.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\searchCA9DA0V4.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\searchCA9FD4NZ.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\searchCA9M7NTS.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\searchCAA4NK6S.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\searchCAB63FMW.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\searchCACEDEJQ.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\searchCACN294N.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\searchCADKKTIL.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\searchCAH6V1X0.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\searchCAKIE4LT.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\searchCAL2B2W4.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\searchCALEDU7K.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\searchCALFXOKP.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\searchCALY9IOF.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\searchCAMI8527.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\searchCANC0DRO.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\searchCARDFY2W.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\searchCARRJGBJ.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\searchCAVKBLB8.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\searchCAYIXQEF.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\searchCAZESD80.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\search[10].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\search[11].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\search[1].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\search[2].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\search[3].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\search[4].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\search[5].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\search[6].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\search[7].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\search[8].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\search[9].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\w[1].bin   a variant of Win32/Adware.Coolezweb.BI application (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\w[2].bin   a variant of Win32/Adware.Coolezweb.BI application (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\w[3].bin   a variant of Win32/Adware.Coolezweb.BI application (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YH01K3MN\w[4].bin   a variant of Win32/Adware.Coolezweb.BI application (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\Mark\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\index.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\Mark\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\html\blank.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\Mark\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\html\closeapp.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\Mark\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\html\delitem.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\Mark\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\html\download.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\Mark\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\html\index.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\Mark\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\html\indexCenter.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\Mark\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\html\lastMsg.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\Mark\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\html\noitems.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\Mark\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\html\senddata.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\Mark\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\html\statinfo.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\Mark\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\html\wait.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\Mark\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\agent_infolet_netstatus.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\Mark\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\agent_infolet_runbrowse.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\Mark\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\toolwindow\toolwindow.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\Mark\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\HTML\index.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\Mark\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\HTML\html\blank.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\Mark\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\HTML\html\closeapp.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\Mark\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\HTML\html\delitem.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\Mark\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\HTML\html\index.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\Mark\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\HTML\html\indexCenter.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\Mark\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\HTML\html\noitems.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\Mark\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\HTML\html\senddata.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\Mark\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\HTML\html\statinfo.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\Mark\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\HTML\html\wait.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\Mark\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\HTML\item_templ\agent_infolet_runbrowse.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\Mark\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\HTML\toolwindow\toolwindow.htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4SF9WE1T\01[2].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4SF9WE1T\default[1].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4SF9WE1T\default[2].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4SF9WE1T\default[3].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4SF9WE1T\default[4].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4SF9WE1T\default[5].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4SF9WE1T\default[6].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4SF9WE1T\default[7].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4SF9WE1T\default[8].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4SF9WE1T\im[1].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4SF9WE1T\im[2].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4SF9WE1T\im[3].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4SF9WE1T\im[4].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4SF9WE1T\Logincredprof[1].aspx   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4SF9WE1T\Logincredprof[1].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4SF9WE1T\Logincredprof[2].aspx   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4SF9WE1T\Logincredprof[3].aspx   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4SF9WE1T\Logincredprof[4].aspx   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4SF9WE1T\Logincredprof[5].aspx   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4SF9WE1T\Logincredprof[6].aspx   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4SF9WE1T\Logincredprof[7].aspx   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4SF9WE1T\Logincredprof[8].aspx   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4SF9WE1T\search[1].php   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4SF9WE1T\ToastFull[1].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4SF9WE1T\ToastFull[2].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4SF9WE1T\ToastFull[3].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4SF9WE1T\ToastMini[1].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4SF9WE1T\ToastMini[2].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4SF9WE1T\ToastMini[3].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NB023FMA\default[1].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NB023FMA\default[2].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NB023FMA\default[3].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NB023FMA\default[4].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NB023FMA\default[5].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NB023FMA\default[6].htm   Win32/Virut.NBK virus (unable to clean)   00000000000000000000000000000000   I
D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NB023FMA\default[7].htm   Win32/Virut.NBK virus (unable to

Corrine · « **Reply #8 on:** October 23, 2011, 01:13:57 AM »

Hi, Ghost.

Now that Mitch has you using Ubuntu, you're out of the Windows loop.

Virut is a polymorphic file infector. (See miekiemoes' Blog: Virut and other File infectors - Throwing in the Towel?) This infection will spread to every executable file in the computer and, unfortunately, the only real cure for it is to flatten the D:\ drive.

Looking at some of the names in the partial log that was posted, are you certain that the D:\ drive is actively used? Based on Virut being from 2009 and seeing Zone Alarm, which is not currently installed on C:\, it looks as though the computer could have been infected and the D:\ drive contains the old files.

If your friend wants any of the files saved from that drive, you will be very limited. Do NOT backup any applications or installers and do NOT backup any files with the following extensions:

.exe
.scr
.htm
.html
.xml
.zip
.rar
.doc
.jpg
.pdf

That said, Symantec has an old tool for Virut at W32.Virut Removal Tool | Symantec. That doesn't mean I would guarantee the D:\ drive is safe to use though. I still recommend that you convince your friend to flatten it.

ComboFix won't be able to help with Virut. You can proceed with uninstalling it. Please do the following to implement cleanup procedures and also to reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Note: In the event you wish to contribute to the ongoing development of ComboFix, the developer is accepting donations via PayPal.

Ghost · « **Reply #9 on:** October 23, 2011, 01:48:39 AM »

hi Corrine,

Quote

Now that Mitch has you using Ubuntu, you're out of the Windows loop.

i have worked on realitives pc's but ya im out of the loop.

Quote

flatten the D:\ drive.

do you mean format?

Quote

are you certain that the D:\ drive is actively used?

no im not certain but after reading what you said im going to format? drive D.
thanks,
Ghost
you rock!

Corrine · « **Reply #10 on:** October 23, 2011, 02:06:12 AM »

Good, I'm glad you're going to format it.

Quote from: Ghost on October 23, 2011, 01:48:39 AM

you rock!

Awe, thank you.

Ghost · « **Reply #11 on:** October 23, 2011, 02:18:20 AM »

hi Corrine,
just to you catch up;
i will talk to the owner about IE 7 and 8.
the pc is running about the same and i have uninstalled combofix.
ill format D drive tonight.
thanks again Corrine for saving me

Ghost

Corrine · « **Reply #12 on:** October 23, 2011, 01:58:48 PM »

You are most welcome, Ghost.

Please try and convince the owner to update IE. Even if it is only used on occasion, the security improvements make it well worth the upgrade.

Ghost · « **Reply #13 on:** October 25, 2011, 12:22:54 AM »

hi Corrine,
ill do that and thanks again;-).
Ghost

Corrine · « **Reply #14 on:** October 25, 2011, 12:30:38 AM »

You're welcome.

LandzDown Forum

News: