Solved Please look @ my DDS logs. Trojans/backdoor/viruses.

Welcome back


I'm afraid so far we're not winning against the battle of the malicious spawning files.

Before I have you run another script, please do this next.

Download Lop S&D

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: C:\lopR.txt

 

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 2200+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : mom ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.0 (Not Activated)
C:\ (Local Disk) - NTFS - Total:127 Go (Free:60 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Wed 03/11/2009|14:44 )

--------------------\\ Listing folders in APPLIC~1

[05/10/2008|01:30] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft

[05/10/2008|01:30] C:\DOCUME~1\ADMINI~1.HAY\APPLIC~1\<DIR> Microsoft

[01/07/2009|10:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {148D8B8A-8F96-4822-81EC-D510B626B7D5}
[07/22/2008|04:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[05/03/2008|07:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe Systems
[01/30/2009|07:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Age of Empires 3
[12/07/2007|11:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ahead
[03/15/2008|10:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[03/15/2008|10:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[03/11/2009|12:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> avg8
[07/15/2008|03:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> broderbund
[03/28/2008|11:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> JollyBear
[04/19/2008|12:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[11/26/2008|06:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[01/16/2009|09:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft Help
[03/04/2008|12:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> MinigolfAdventures
[11/22/2007|01:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> nView_Profiles
[11/28/2007|07:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[02/28/2009|09:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[04/18/2008|03:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ubisoft
[11/21/2007|06:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[07/01/2008|10:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo!
[07/07/2008|02:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo! Companion

[11/21/2007|04:27] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[08/17/2008|11:16] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[11/03/2008|10:04] C:\DOCUME~1\mom\APPLIC~1\<DIR> Adobe
[12/19/2007|12:17] C:\DOCUME~1\mom\APPLIC~1\<DIR> AdobeUM
[06/24/2008|01:14] C:\DOCUME~1\mom\APPLIC~1\<DIR> Ahead
[09/04/2008|01:58] C:\DOCUME~1\mom\APPLIC~1\<DIR> Any Video Converter
[03/15/2008|10:13] C:\DOCUME~1\mom\APPLIC~1\<DIR> Apple Computer
[08/16/2008|12:08] C:\DOCUME~1\mom\APPLIC~1\<DIR> ATI
[09/15/2008|10:09] C:\DOCUME~1\mom\APPLIC~1\<DIR> AVGTOOLBAR
[07/15/2008|03:16] C:\DOCUME~1\mom\APPLIC~1\<DIR> Broderbund
[11/02/2008|10:09] C:\DOCUME~1\mom\APPLIC~1\<DIR> com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[04/17/2008|10:00] C:\DOCUME~1\mom\APPLIC~1\<DIR> Creative
[04/18/2008|06:07] C:\DOCUME~1\mom\APPLIC~1\<DIR> DAEMON Tools
[12/03/2007|07:43] C:\DOCUME~1\mom\APPLIC~1\<DIR> DivX
[05/19/2008|12:15] C:\DOCUME~1\mom\APPLIC~1\<DIR> Download Manager
[12/14/2008|07:56] C:\DOCUME~1\mom\APPLIC~1\<DIR> dvdcss
[10/15/2008|08:48] C:\DOCUME~1\mom\APPLIC~1\<DIR> Help
[11/21/2007|04:34] C:\DOCUME~1\mom\APPLIC~1\<DIR> Identities
[12/25/2007|09:21] C:\DOCUME~1\mom\APPLIC~1\<DIR> InstallShield
[07/17/2008|07:01] C:\DOCUME~1\mom\APPLIC~1\<DIR> InterVideo
[01/06/2008|01:30] C:\DOCUME~1\mom\APPLIC~1\<DIR> IrfanView
[02/27/2009|09:37] C:\DOCUME~1\mom\APPLIC~1\<DIR> LimeWire
[04/21/2008|02:17] C:\DOCUME~1\mom\APPLIC~1\<DIR> Macromedia
[02/07/2009|08:07] C:\DOCUME~1\mom\APPLIC~1\<DIR> Microsoft
[06/17/2008|08:18] C:\DOCUME~1\mom\APPLIC~1\<DIR> Mozilla
[07/28/2008|06:52] C:\DOCUME~1\mom\APPLIC~1\<DIR> My Battle for Middle-earth(tm) II Files
[01/22/2009|10:30] C:\DOCUME~1\mom\APPLIC~1\<DIR> My The Lord of the Rings, The Rise of the Witch-king Files
[06/04/2008|01:07] C:\DOCUME~1\mom\APPLIC~1\<DIR> Opera
[04/04/2008|12:00] C:\DOCUME~1\mom\APPLIC~1\<DIR> Real
[07/13/2008|04:54] C:\DOCUME~1\mom\APPLIC~1\<DIR> SecuROM
[03/28/2008|11:27] C:\DOCUME~1\mom\APPLIC~1\<DIR> SpinTop
[11/23/2007|01:32] C:\DOCUME~1\mom\APPLIC~1\<DIR> Sun
[11/23/2007|02:40] C:\DOCUME~1\mom\APPLIC~1\<DIR> SystemRequirementsLab
[03/06/2009|11:20] C:\DOCUME~1\mom\APPLIC~1\<DIR> U3
[08/17/2008|11:42] C:\DOCUME~1\mom\APPLIC~1\<DIR> vlc
[08/31/2008|06:47] C:\DOCUME~1\mom\APPLIC~1\<DIR> Wal-Mart Digital Photo Manager
[08/31/2008|06:47] C:\DOCUME~1\mom\APPLIC~1\<DIR> Wal-Mart Digital Photo Viewer
[12/09/2007|03:42] C:\DOCUME~1\mom\APPLIC~1\<DIR> WinRAR
[07/07/2008|02:11] C:\DOCUME~1\mom\APPLIC~1\<DIR> Yahoo!

[02/28/2009|04:47] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Adobe
[08/17/2008|11:16] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[03/11/2009 01:44 PM][--ah-----] C:\WINDOWS\tasks\User_Feed_Synchronization-{1EB108CF-ECF5-4F4F-9BC0-8533B710F6A7}.job
[03/09/2009 04:12 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[03/11/2009 01:34 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 07:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[04/03/2008|05:26] C:\Program Files\<DIR> 2008 Mahjongg Lite
[12/25/2007|09:28] C:\Program Files\<DIR> 2K Games
[07/22/2008|04:14] C:\Program Files\<DIR> Adobe
[10/05/2008|01:42] C:\Program Files\<DIR> Age of Wonders Shadow Magic
[12/07/2007|11:51] C:\Program Files\<DIR> Ahead
[09/04/2008|01:18] C:\Program Files\<DIR> Any Video Converter
[03/15/2008|10:11] C:\Program Files\<DIR> Apple Software Update
[08/16/2008|12:04] C:\Program Files\<DIR> ATI Technologies
[04/18/2008|06:34] C:\Program Files\<DIR> Audiosurf
[04/18/2008|10:57] C:\Program Files\<DIR> AVG
[03/08/2009|09:31] C:\Program Files\<DIR> BitComet
[03/11/2009|01:32] C:\Program Files\<DIR> Common Files
[11/21/2007|04:23] C:\Program Files\<DIR> ComPlus Applications
[04/17/2008|10:00] C:\Program Files\<DIR> Creative
[02/23/2008|06:57] C:\Program Files\<DIR> Cubis Gold 2
[05/07/2008|09:08] C:\Program Files\<DIR> Cucusoft
[05/16/2008|09:48] C:\Program Files\<DIR> DivX
[07/13/2008|06:19] C:\Program Files\<DIR> Doom
[01/20/2009|07:18] C:\Program Files\<DIR> Electronic Arts
[02/26/2008|09:34] C:\Program Files\<DIR> Firefly Studios
[12/07/2007|07:57] C:\Program Files\<DIR> FLV Player
[09/10/2008|05:16] C:\Program Files\<DIR> Game Elements
[03/19/2008|11:04] C:\Program Files\<DIR> Gamenext
[03/04/2008|12:10] C:\Program Files\<DIR> GamesBar
[03/20/2008|10:19] C:\Program Files\<DIR> GameSpy Arcade
[11/23/2007|08:31] C:\Program Files\<DIR> Grisoft
[01/30/2009|07:13] C:\Program Files\<DIR> InstallShield Installation Information
[09/10/2008|07:22] C:\Program Files\<DIR> Intel
[11/25/2007|09:21] C:\Program Files\<DIR> InterActual
[01/12/2009|07:20] C:\Program Files\<DIR> Internet Explorer
[07/17/2008|07:01] C:\Program Files\<DIR> InterVideo
[12/05/2007|06:05] C:\Program Files\<DIR> IrfanView
[12/18/2007|08:49] C:\Program Files\<DIR> Java
[05/18/2008|10:46] C:\Program Files\<DIR> JawDropper 2007
[01/23/2009|04:45] C:\Program Files\<DIR> Kap.SATr
[12/21/2008|08:58] C:\Program Files\<DIR> Kaplan
[11/26/2007|10:01] C:\Program Files\<DIR> Lavasoft
[06/04/2008|06:57] C:\Program Files\<DIR> LimeWire
[01/11/2009|05:52] C:\Program Files\<DIR> LSI SoftModem
[05/30/2008|04:36] C:\Program Files\<DIR> LucasArts
[01/20/2009|09:35] C:\Program Files\<DIR> Maxis
[07/15/2008|03:13] C:\Program Files\<DIR> Mediostream
[08/27/2008|03:07] C:\Program Files\<DIR> Messenger
[05/19/2008|04:41] C:\Program Files\<DIR> Microsoft File Transfer Manager
[11/21/2007|04:28] C:\Program Files\<DIR> microsoft frontpage
[01/30/2009|06:42] C:\Program Files\<DIR> Microsoft Games
[11/26/2008|06:53] C:\Program Files\<DIR> Microsoft Office
[01/11/2009|02:47] C:\Program Files\<DIR> Microsoft Silverlight
[11/26/2008|06:53] C:\Program Files\<DIR> Microsoft Visual Studio
[11/26/2008|06:49] C:\Program Files\<DIR> Microsoft Visual Studio 8
[11/26/2008|06:54] C:\Program Files\<DIR> Microsoft Works
[11/26/2008|06:52] C:\Program Files\<DIR> Microsoft.NET
[04/22/2008|05:30] C:\Program Files\<DIR> Moraff's 3D-Jongg Freeware
[05/01/2008|11:16] C:\Program Files\<DIR> Moraff's MahJongg Freeware
[04/26/2008|05:55] C:\Program Files\<DIR> Moraff's MarbleJongg 1.11 Freeware
[04/26/2008|06:24] C:\Program Files\<DIR> Moraff's RingJongg Freeware
[04/30/2008|12:38] C:\Program Files\<DIR> Moraff's SpaceJongg Freeware
[04/26/2008|06:16] C:\Program Files\<DIR> Moraff's SphereJongg
[11/21/2007|04:25] C:\Program Files\<DIR> Movie Maker
[07/15/2008|03:13] C:\Program Files\<DIR> movieshop
[03/11/2009|01:37] C:\Program Files\<DIR> Mozilla Firefox
[11/26/2008|06:54] C:\Program Files\<DIR> MSBuild
[11/21/2007|04:22] C:\Program Files\<DIR> MSN
[11/21/2007|04:23] C:\Program Files\<DIR> MSN Gaming Zone
[12/04/2007|04:00] C:\Program Files\<DIR> MSXML 4.0
[11/21/2007|04:25] C:\Program Files\<DIR> NetMeeting
[07/17/2008|12:28] C:\Program Files\<DIR> No1 DVD Ripper
[11/21/2007|04:26] C:\Program Files\<DIR> Online Services
[01/12/2009|02:33] C:\Program Files\<DIR> Outlook Express
[03/08/2008|11:33] C:\Program Files\<DIR> PhotoShop CS2
[10/02/2008|09:08] C:\Program Files\<DIR> PopCap Games
[03/15/2008|10:12] C:\Program Files\<DIR> QuickTime
[03/07/2008|11:07] C:\Program Files\<DIR> Real
[04/03/2008|05:26] C:\Program Files\<DIR> Rightdown Software SearchBar
[02/08/2009|01:25] C:\Program Files\<DIR> Shockwave.com
[09/10/2008|07:21] C:\Program Files\<DIR> Sierra On-Line
[11/28/2007|06:24] C:\Program Files\<DIR> Spybot - Search & Destroy
[03/11/2009|12:56] C:\Program Files\<DIR> Steam
[02/21/2009|08:28] C:\Program Files\<DIR> StepMania
[01/26/2008|08:59] C:\Program Files\<DIR> Synaesthete
[11/23/2007|02:40] C:\Program Files\<DIR> SystemRequirementsLab
[08/22/2008|07:04] C:\Program Files\<DIR> THQ
[03/03/2009|09:27] C:\Program Files\<DIR> Trend Micro
[10/02/2008|09:08] C:\Program Files\<DIR> TryMedia
[04/04/2008|11:15] C:\Program Files\<DIR> Twilight
[10/01/2008|10:12] C:\Program Files\<DIR> Ubisoft
[11/21/2007|04:34] C:\Program Files\<DIR> Uninstall Information
[08/17/2008|11:41] C:\Program Files\<DIR> VideoLAN
[08/31/2008|06:42] C:\Program Files\<DIR> Wal-Mart
[01/08/2008|06:57] C:\Program Files\<DIR> WarRock
[04/16/2008|06:13] C:\Program Files\<DIR> WildBlue
[01/12/2009|02:27] C:\Program Files\<DIR> Windows Media Player
[11/21/2007|04:23] C:\Program Files\<DIR> Windows NT
[11/21/2007|04:26] C:\Program Files\<DIR> WindowsUpdate
[12/09/2007|03:41] C:\Program Files\<DIR> WinRAR
[09/11/2008|08:08] C:\Program Files\<DIR> Wizards of the Coast
[11/21/2007|04:28] C:\Program Files\<DIR> xerox
[07/01/2008|01:16] C:\Program Files\<DIR> Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[07/22/2008|04:13] C:\Program Files\Common Files\<DIR> Adobe
[07/22/2008|04:14] C:\Program Files\Common Files\<DIR> Adobe AIR
[05/03/2008|06:55] C:\Program Files\Common Files\<DIR> Adobe Systems Shared
[12/07/2007|11:48] C:\Program Files\Common Files\<DIR> Ahead
[08/16/2008|12:03] C:\Program Files\Common Files\<DIR> ATI Technologies
[11/26/2008|06:53] C:\Program Files\Common Files\<DIR> DESIGNER
[11/29/2007|12:08] C:\Program Files\Common Files\<DIR> EasyInfo
[08/31/2008|06:42] C:\Program Files\Common Files\<DIR> HP
[02/26/2008|09:33] C:\Program Files\Common Files\<DIR> InstallShield
[11/22/2007|12:11] C:\Program Files\Common Files\<DIR> Java
[01/12/2009|07:13] C:\Program Files\Common Files\<DIR> Microsoft Shared
[11/21/2007|04:25] C:\Program Files\Common Files\<DIR> MSSoap
[11/21/2007|10:16] C:\Program Files\Common Files\<DIR> ODBC
[03/07/2008|11:06] C:\Program Files\Common Files\<DIR> Real
[11/21/2007|04:25] C:\Program Files\Common Files\<DIR> Services
[11/21/2007|10:16] C:\Program Files\Common Files\<DIR> SpeechEngines
[01/12/2009|02:33] C:\Program Files\Common Files\<DIR> System
[11/26/2007|10:00] C:\Program Files\Common Files\<DIR> Wise Installation Wizard
[03/07/2008|11:07] C:\Program Files\Common Files\<DIR> xing shared

--------------------\\ Process

( 31 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-11 14:46:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\mom\Desktop\Photoshop CS 2\Photoshop.CS2.KeyGen.exe
C:\DOCUME~1\mom\Desktop\Photoshop CS 2\Photoshop.CS2.KeyGen.exe.zip
C:\DOCUME~1\mom\Desktop\Photoshop CS 2\Photoshop.CS2.KeyGen.exe\Photoshop.CS2.KeyGen.exe


[F:4][D:4]-> C:\DOCUME~1\mom\LOCALS~1\Temp
[F:6][D:0]-> C:\DOCUME~1\mom\Cookies
[F:2][D:0]-> C:\DOCUME~1\mom\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Wed 03/11/2009|14:47 - Option : [1]

--------------------\\ Scan completed at 14:47:0

 

I'll try to be back soon, the forums are very busy right now.

Wanted to let you know I had not forgot about you.

The last scan may have identified some of the reason for the infection.

BeBackSoon

 

Thanks Juliet, I really, really appreciate your help!

 

OK, let's try this again.

Someone downloaded a crack + keygen to the computer.
I don't know if it is the same date and time that the infection hit but it still needs to be deleted.


Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
Save this as "CFScript.txt " including quotes and change the "Save as type" to "All Files" and place it on your desktop.

Code:

KillAll:: 

File:: 
C:\DOCUME~1\mom\Desktop\Photoshop CS 2\Photoshop.CS2.KeyGen.exe
C:\DOCUME~1\mom\Desktop\Photoshop CS 2\Photoshop.CS2.KeyGen.exe.zip
C:\DOCUME~1\mom\Desktop\Photoshop CS 2\Photoshop.CS2.KeyGen.exe\Photoshop.CS2.KeyGen.exe
C:\FoEgBE.exe
C:\IAs9R.bat
C:\rZsbOwv.bat
C:\ZUhL2.exe
C:\ZUhL.exe
C:\tozmi.bat
C:\wQ0.bat
C:\yQHZA2.exe
C:\yQHZA.exe
C:\TneYUug9.bat
C:\CXmo.bat
C:\t7gtQl2.exe
C:\t7gtQl.exe
C:\mC6IIRW.bat
C:\L0OFy6i.bat
C:\U0E2.exe
C:\U0E.exe
C:\nyw1.bat
C:\CZBhofoz.bat
C:\GrY.bat
C:\ngUnh.bat
C:\HWg2.exe
C:\HWg.exe
C:\vPfra.bat
C:\mc4DP5Lg.bat
C:\Mvgsrg2.exe
C:\Mvgsrg.exe
C:\Iqf.bat
C:\wyn024.bat
C:\y6npmlb2.exe
C:\y6npmlb.exe
C:\u10rKb.bat
C:\EDl.bat
C:\b99m9t2.exe
C:\b99m9t.exe
C:\v4K2wI.bat
C:\sHc2wjWQ.bat
C:\X5h00Xi2.exe
C:\vFgxS2.exe
C:\X5h00Xi.exe
C:\vFgxS.exe
C:\oE0vtP0Q.bat
C:\ISylmE.bat
C:\sst38o.bat
C:\OzO.bat
C:\WZl.bat
C:\imdARCj.bat
C:\kug2.exe
C:\kug.exe
C:\Twf.bat
C:\EpaWy0.bat
C:\db12.exe
C:\db1.exe
C:\sIoN.bat
C:\mK0M.bat
C:\uQh2.exe
C:\uQh.exe
C:\SEbXS5RL.bat
C:\g4M.bat
C:\w3esqOR2.exe
C:\w3esqOR.exe
C:\N8DeZ.bat
C:\qGa.bat
C:\kEvKnc2.exe
C:\kEvKnc.exe
C:\MKQp.bat
C:\uGGsjv.bat
C:\Fjp03Jq2.exe
C:\Fjp03Jq.exe
C:\i9DQ.bat
C:\e39ssXa.bat
C:\X7yA2.exe
C:\X7yA.exe
C:\nyr6.bat
C:\TDprSi.bat
C:\MW5uL0j.bat
C:\pknP.exe
C:\CDgB.bat
C:\ZzJMq2.exe
C:\ZzJMq.exe
C:\DQW.bat
C:\S1p48RV7.bat
C:\Unt.bat
C:\dL6T.bat
C:\CVds.exe
C:\tJyQqx.bat
C:\QV7LN.bat
C:\nw3.bat
C:\xMw.bat
C:\rQ2sU3u.bat
C:\PqsaYPM.bat
C:\rljzF2.exe
C:\rljzF.exe
C:\WAhv.bat
C:\zBLyX.bat
C:\PYt.bat
C:\NQoYHh9.bat
C:\LlGgg.bat
C:\bFv.bat
C:\FBH.bat
C:\MKWI.bat
C:\O21RnSN.exe
C:\CPk2.exe
C:\CPk.exe
C:\V7Qs.bat
C:\DrX77.bat
C:\Bnyg2.exe
C:\Bnyg.exe
C:\GGEPI.bat
C:\n3Fu.bat
C:\l0cB2.exe
C:\l0cB.exe
C:\SRH69vEJ.bat
C:\FJ9B7.bat
C:\Msw2.exe
C:\Msw.exe
C:\SH1LhB.bat
C:\Yzrl.bat
C:\GVaT2.exe
C:\GVaT.exe
C:\wKE69AeN.bat
C:\XlO.bat
C:\LWwmc2.exe
C:\LWwmc.exe
C:\ztoxbFj.bat

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.


In your next replt post:
ComboFix.txt
new DDS log


How's your computer now?

 

Your probably going to shoot me but we need a couple of more scans.


Please download Malwarebytes' Anti-Malware to your desktop

Additional Link

* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location.
* You can also access the log by doing the following:

o Click on the Malwarebytes' Anti-Malware icon to launch the program.
o Click on the Logs tab.
o Click on the log at the bottom of those listed to highlight it.
o Click Open.

Tutorial if needed
http://thespykiller.co.uk/index.php/topic,5946.0.html

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT**
Please run a free online scan with the [color= "blue"]ESET Online Scanner[/color]
Note: You will need to use Internet Explorer for this scan.

1. Tick the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the ActiveX control to install
4. Click Start
5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
6. Click Scan
   Wait for the scan to finish
7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
8. Copy and paste that log as a reply to this topic

In your next reply post:
ComboFix.txt
Malwarebytes' Anti-Malware log
EsetOnlineScanner log.txt

 

Juliet,
That keygen was put on the computer a year ago. I'm sure the infections came from downloading through Limewire.

Also the computer does seem to be running much better!

ComboFix 09-03-10.03 - mom 2009-03-11 19:28:09.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.1111 [GMT -5:00]
Running from: c:\documents and settings\mom\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\mom\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)
* Created a new restore point

FILE ::
C:\b99m9t.exe
C:\b99m9t2.exe
C:\bFv.bat
C:\Bnyg.exe
C:\Bnyg2.exe
C:\CDgB.bat
C:\CPk.exe
C:\CPk2.exe
C:\CVds.exe
C:\CXmo.bat
C:\CZBhofoz.bat
C:\db1.exe
C:\db12.exe
C:\dL6T.bat
c:\docume~1\mom\Desktop\Photoshop CS 2\Photoshop.CS2.KeyGen.exe
c:\docume~1\mom\Desktop\Photoshop CS 2\Photoshop.CS2.KeyGen.exe.zip
c:\docume~1\mom\Desktop\Photoshop CS 2\Photoshop.CS2.KeyGen.exe\Photoshop.CS2.KeyGen.exe
C:\DQW.bat
C:\DrX77.bat
C:\e39ssXa.bat
C:\EDl.bat
C:\EpaWy0.bat
C:\FBH.bat
C:\FJ9B7.bat
C:\Fjp03Jq.exe
C:\Fjp03Jq2.exe
C:\FoEgBE.exe
C:\g4M.bat
C:\GGEPI.bat
C:\GrY.bat
C:\GVaT.exe
C:\GVaT2.exe
C:\HWg.exe
C:\HWg2.exe
C:\i9DQ.bat
C:\IAs9R.bat
C:\imdARCj.bat
C:\Iqf.bat
C:\ISylmE.bat
C:\kEvKnc.exe
C:\kEvKnc2.exe
C:\kug.exe
C:\kug2.exe
C:\l0cB.exe
C:\l0cB2.exe
C:\L0OFy6i.bat
C:\LlGgg.bat
C:\LWwmc.exe
C:\LWwmc2.exe
C:\mc4DP5Lg.bat
C:\mC6IIRW.bat
C:\mK0M.bat
C:\MKQp.bat
C:\MKWI.bat
C:\Msw.exe
C:\Msw2.exe
C:\Mvgsrg.exe
C:\Mvgsrg2.exe
C:\MW5uL0j.bat
C:\n3Fu.bat
C:\N8DeZ.bat
C:\ngUnh.bat
C:\NQoYHh9.bat
C:\nw3.bat
C:\nyr6.bat
C:\nyw1.bat
C:\O21RnSN.exe
C:\oE0vtP0Q.bat
C:\OzO.bat
C:\pknP.exe
C:\PqsaYPM.bat
C:\PYt.bat
C:\qGa.bat
C:\QV7LN.bat
C:\rljzF.exe
C:\rljzF2.exe
C:\rQ2sU3u.bat
C:\rZsbOwv.bat
C:\S1p48RV7.bat
C:\SEbXS5RL.bat
C:\SH1LhB.bat
C:\sHc2wjWQ.bat
C:\sIoN.bat
C:\SRH69vEJ.bat
C:\sst38o.bat
C:\t7gtQl.exe
C:\t7gtQl2.exe
C:\TDprSi.bat
C:\tJyQqx.bat
C:\TneYUug9.bat
C:\tozmi.bat
C:\Twf.bat
C:\U0E.exe
C:\U0E2.exe
C:\u10rKb.bat
C:\uGGsjv.bat
C:\Unt.bat
C:\uQh.exe
C:\uQh2.exe
C:\v4K2wI.bat
C:\V7Qs.bat
C:\vFgxS.exe
C:\vFgxS2.exe
C:\vPfra.bat
C:\w3esqOR.exe
C:\w3esqOR2.exe
C:\WAhv.bat
C:\wKE69AeN.bat
C:\wQ0.bat
C:\wyn024.bat
C:\WZl.bat
C:\X5h00Xi.exe
C:\X5h00Xi2.exe
C:\X7yA.exe
C:\X7yA2.exe
C:\XlO.bat
C:\xMw.bat
C:\y6npmlb.exe
C:\y6npmlb2.exe
C:\yQHZA.exe
C:\yQHZA2.exe
C:\Yzrl.bat
C:\zBLyX.bat
C:\ztoxbFj.bat
C:\ZUhL.exe
C:\ZUhL2.exe
C:\ZzJMq.exe
C:\ZzJMq2.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\b99m9t.exe
C:\b99m9t2.exe
C:\bFv.bat
C:\Bnyg.exe
C:\Bnyg2.exe
C:\CDgB.bat
C:\CPk.exe
C:\CPk2.exe
C:\CVds.exe
C:\CXmo.bat
C:\CZBhofoz.bat
C:\db1.exe
C:\db12.exe
C:\dL6T.bat
c:\docume~1\mom\Desktop\Photoshop CS 2\Photoshop.CS2.KeyGen.exe.zip
c:\docume~1\mom\Desktop\Photoshop CS 2\Photoshop.CS2.KeyGen.exe\Photoshop.CS2.KeyGen.exe
C:\DQW.bat
C:\DrX77.bat
C:\e39ssXa.bat
C:\EDl.bat
C:\EpaWy0.bat
C:\FBH.bat
C:\FJ9B7.bat
C:\Fjp03Jq.exe
C:\Fjp03Jq2.exe
C:\FoEgBE.exe
C:\g4M.bat
C:\GGEPI.bat
C:\GrY.bat
C:\GVaT.exe
C:\GVaT2.exe
C:\HWg.exe
C:\HWg2.exe
C:\i9DQ.bat
C:\IAs9R.bat
C:\imdARCj.bat
C:\Iqf.bat
C:\ISylmE.bat
C:\kEvKnc.exe
C:\kEvKnc2.exe
C:\kug.exe
C:\kug2.exe
C:\l0cB.exe
C:\l0cB2.exe
C:\L0OFy6i.bat
C:\LlGgg.bat
C:\LWwmc.exe
C:\LWwmc2.exe
C:\mc4DP5Lg.bat
C:\mC6IIRW.bat
C:\mK0M.bat
C:\MKQp.bat
C:\MKWI.bat
C:\Msw.exe
C:\Msw2.exe
C:\Mvgsrg.exe
C:\Mvgsrg2.exe
C:\MW5uL0j.bat
C:\n3Fu.bat
C:\N8DeZ.bat
C:\ngUnh.bat
C:\NQoYHh9.bat
C:\nw3.bat
C:\nyr6.bat
C:\nyw1.bat
C:\O21RnSN.exe
C:\oE0vtP0Q.bat
C:\OzO.bat
C:\pknP.exe
C:\PqsaYPM.bat
C:\PYt.bat
C:\qGa.bat
C:\QV7LN.bat
C:\rljzF.exe
C:\rljzF2.exe
C:\rQ2sU3u.bat
C:\rZsbOwv.bat
C:\S1p48RV7.bat
C:\SEbXS5RL.bat
C:\SH1LhB.bat
C:\sHc2wjWQ.bat
C:\sIoN.bat
C:\SRH69vEJ.bat
C:\sst38o.bat
C:\t7gtQl.exe
C:\t7gtQl2.exe
C:\TDprSi.bat
C:\tJyQqx.bat
C:\TneYUug9.bat
C:\tozmi.bat
C:\Twf.bat
C:\U0E.exe
C:\U0E2.exe
C:\u10rKb.bat
C:\uGGsjv.bat
C:\Unt.bat
C:\uQh.exe
C:\uQh2.exe
C:\v4K2wI.bat
C:\V7Qs.bat
C:\vFgxS.exe
C:\vFgxS2.exe
C:\vPfra.bat
C:\w3esqOR.exe
C:\w3esqOR2.exe
C:\WAhv.bat
C:\wKE69AeN.bat
C:\wQ0.bat
C:\wyn024.bat
C:\WZl.bat
C:\X5h00Xi.exe
C:\X5h00Xi2.exe
C:\X7yA.exe
C:\X7yA2.exe
C:\XlO.bat
C:\xMw.bat
C:\y6npmlb.exe
C:\y6npmlb2.exe
C:\yQHZA.exe
C:\yQHZA2.exe
C:\Yzrl.bat
C:\zBLyX.bat
C:\ztoxbFj.bat
C:\ZUhL.exe
C:\ZUhL2.exe
C:\ZzJMq.exe
C:\ZzJMq2.exe

.
((((((((((((((((((((((((( Files Created from 2009-02-12 to 2009-03-12 )))))))))))))))))))))))))))))))
.

2009-03-11 14:44 . 2009-03-11 14:47 <DIR> d-------- C:\Lop SD
2009-03-07 22:15 . 2009-03-07 22:15 206 --a------ C:\eMgiESd.bat
2009-03-07 22:04 . 2009-03-07 22:06 55,024 --a------ C:\vJXG2.exe
2009-03-07 22:01 . 2009-03-07 22:04 192,512 --a------ C:\vJXG.exe
2009-03-07 22:00 . 2009-03-07 22:00 8,150 --a------ C:\pv7Omd.bat
2009-03-07 22:00 . 2009-03-07 22:00 203 --a------ C:\BDffy.bat
2009-03-07 21:48 . 2009-03-07 21:50 117,360 --a------ C:\fqter2.exe
2009-03-07 21:45 . 2009-03-07 21:48 188,312 --a------ C:\fqter.exe
2009-03-07 21:45 . 2009-03-07 21:45 8,150 --a------ C:\bdShK7e.bat
2009-03-07 21:45 . 2009-03-07 21:45 211 --a------ C:\FzP9.bat
2009-03-07 21:34 . 2009-03-07 21:36 33,304 --a------ C:\S1tO2.exe
2009-03-07 21:30 . 2009-03-07 21:34 192,512 --a------ C:\S1tO.exe
2009-03-07 21:30 . 2009-03-07 21:30 8,150 --a------ C:\ZUS3.bat
2009-03-07 21:30 . 2009-03-07 21:30 205 --a------ C:\uCz.bat
2009-03-07 21:16 . 2009-03-07 21:16 0 --a------ C:\yTpiQ.exe
2009-03-07 21:15 . 2009-03-07 21:15 8,150 --a------ C:\Yvl.bat
2009-03-07 21:15 . 2009-03-07 21:15 208 --a------ C:\xsd.bat
2009-03-07 21:02 . 2009-03-07 21:03 238,080 --a------ C:\QvWO0o2.exe
2009-03-07 21:00 . 2009-03-07 21:02 192,512 --a------ C:\QvWO0o.exe
2009-03-07 21:00 . 2009-03-07 21:00 8,150 --a------ C:\puG.bat
2009-03-07 21:00 . 2009-03-07 21:00 214 --a------ C:\P8r6ESx.bat
2009-03-07 20:50 . 2009-03-07 20:53 128,872 --a------ C:\csPPD2.exe
2009-03-07 20:45 . 2009-03-07 20:50 192,512 --a------ C:\csPPD.exe
2009-03-07 20:45 . 2009-03-07 20:45 8,150 --a------ C:\MQtMCsS.bat
2009-03-07 20:45 . 2009-03-07 20:45 207 --a------ C:\xP2zM.bat
2009-03-07 20:18 . 2009-03-07 20:20 238,080 --a------ C:\PaAn6b2.exe
2009-03-07 20:16 . 2009-03-07 20:18 192,512 --a------ C:\PaAn6b.exe
2009-03-07 20:15 . 2009-03-07 20:15 8,150 --a------ C:\lQvfM.bat
2009-03-07 20:15 . 2009-03-07 20:15 217 --a------ C:\Se6d6.bat
2009-03-07 20:02 . 2009-03-07 20:03 238,080 --a------ C:\W7A2.exe
2009-03-07 20:01 . 2009-03-07 20:02 192,512 --a------ C:\W7A.exe
2009-03-07 20:00 . 2009-03-07 20:00 8,150 --a------ C:\OX2VTyyW.bat
2009-03-07 20:00 . 2009-03-07 20:00 194 --a------ C:\Jv10.bat
2009-03-07 19:45 . 2009-03-07 19:47 238,080 --a------ C:\n0zEVp2.exe
2009-03-07 19:45 . 2009-03-07 19:45 192,512 --a------ C:\n0zEVp.exe
2009-03-07 19:45 . 2009-03-07 19:45 8,150 --a------ C:\G06j0.bat
2009-03-07 19:45 . 2009-03-07 19:45 214 --a------ C:\REu.bat
2009-03-07 19:31 . 2009-03-07 19:32 238,080 --a------ C:\M6M2.exe
2009-03-07 19:30 . 2009-03-07 19:31 192,512 --a------ C:\M6M.exe
2009-03-07 19:30 . 2009-03-07 19:30 8,150 --a------ C:\zcKQeBTk.bat
2009-03-07 19:30 . 2009-03-07 19:30 196 --a------ C:\BgbH.bat
2009-03-07 19:16 . 2009-03-07 19:17 238,080 --a------ C:\l8bCNJbi2.exe
2009-03-07 19:15 . 2009-03-07 19:16 192,512 --a------ C:\l8bCNJbi.exe
2009-03-07 19:15 . 2009-03-07 19:15 8,150 --a------ C:\W1U.bat
2009-03-07 19:15 . 2009-03-07 19:15 224 --a------ C:\pYp9.bat
2009-03-07 19:02 . 2009-03-07 19:05 92,672 --a------ C:\Tcqb.exe
2009-03-07 19:01 . 2009-03-07 19:01 8,150 --a------ C:\hqrg.bat
2009-03-07 19:01 . 2009-03-07 19:01 200 --a------ C:\twiZS0MV.bat
2009-03-07 18:55 . 2009-03-07 19:00 233,128 --a------ C:\VzpIrMq2.exe
2009-03-07 18:51 . 2009-03-07 18:55 192,512 --a------ C:\VzpIrMq.exe
2009-03-07 18:51 . 2009-03-07 18:51 8,150 --a------ C:\EuQlh.bat
2009-03-07 18:51 . 2009-03-07 18:51 220 --a------ C:\a8wi4Z.bat
2009-03-07 18:35 . 2009-03-07 18:39 238,080 --a------ C:\MTCJW1A2.exe
2009-03-07 18:32 . 2009-03-07 18:35 192,512 --a------ C:\MTCJW1A.exe
2009-03-07 18:32 . 2009-03-07 18:32 8,150 --a------ C:\GzCUJX.bat
2009-03-07 18:32 . 2009-03-07 18:32 219 --a------ C:\nCxexo.bat
2009-03-07 18:16 . 2009-03-07 18:17 238,080 --a------ C:\eR9iq7cz2.exe
2009-03-07 18:15 . 2009-03-07 18:16 192,512 --a------ C:\eR9iq7cz.exe
2009-03-07 18:15 . 2009-03-07 18:15 8,150 --a------ C:\jPm1U.bat
2009-03-07 18:15 . 2009-03-07 18:15 224 --a------ C:\UutrnS2C.bat
2009-03-07 18:00 . 2009-03-07 18:00 8,150 --a------ C:\Qay.bat
2009-03-07 18:00 . 2009-03-07 18:00 219 --a------ C:\syD.bat
2009-03-07 17:45 . 2009-03-07 17:45 8,150 --a------ C:\glBDgP.bat
2009-03-07 17:45 . 2009-03-07 17:45 220 --a------ C:\AxN5Lv.bat
2009-03-07 17:33 . 2009-03-07 17:34 192,512 --a------ C:\bc1sasDR.exe
2009-03-07 17:32 . 2009-03-07 17:32 8,150 --a------ C:\cnme.bat
2009-03-07 17:32 . 2009-03-07 17:32 225 --a------ C:\sRFQC.bat
2009-03-07 17:21 . 2009-03-07 17:22 2,896 --a------ C:\n4w2.exe
2009-03-07 17:17 . 2009-03-07 17:21 192,512 --a------ C:\n4w.exe
2009-03-07 17:17 . 2009-03-07 17:17 8,150 --a------ C:\qCJ.bat
2009-03-07 17:17 . 2009-03-07 17:17 199 --a------ C:\GHZ.bat
2009-03-07 17:04 . 2009-03-07 17:08 238,080 --a------ C:\yNe2.exe
2009-03-07 17:00 . 2009-03-07 17:04 192,512 --a------ C:\yNe.exe
2009-03-07 17:00 . 2009-03-07 17:00 8,150 --a------ C:\J8B.bat
2009-03-07 17:00 . 2009-03-07 17:00 195 --a------ C:\m9m8iw.bat
2009-03-07 16:47 . 2009-03-07 16:50 238,080 --a------ C:\Irrb2.exe
2009-03-07 16:45 . 2009-03-07 16:47 192,512 --a------ C:\Irrb.exe
2009-03-07 16:45 . 2009-03-07 16:45 8,150 --a------ C:\GlFKzbj.bat
2009-03-07 16:45 . 2009-03-07 16:45 205 --a------ C:\qybT.bat
2009-03-07 16:33 . 2009-03-07 16:35 238,080 --a------ C:\Tni2.exe
2009-03-07 16:30 . 2009-03-07 16:33 192,512 --a------ C:\Tni.exe
2009-03-07 16:30 . 2009-03-07 16:30 8,150 --a------ C:\YC1SBzN.bat
2009-03-07 16:30 . 2009-03-07 16:30 199 --a------ C:\MHY.bat
2009-03-07 15:17 . 2009-03-07 15:27 236,024 --a------ C:\nExj012.exe
2009-03-07 15:16 . 2009-03-07 15:17 192,512 --a------ C:\nExj01.exe
2009-03-07 15:16 . 2009-03-07 15:16 8,150 --a------ C:\Fbgi.bat
2009-03-07 15:16 . 2009-03-07 15:16 215 --a------ C:\Gp9a.bat
2009-03-07 15:08 . 2009-03-07 15:14 238,080 --a------ C:\GYzU7I2.exe
2009-03-07 15:03 . 2009-03-07 15:08 192,512 --a------ C:\GYzU7I.exe
2009-03-07 15:02 . 2009-03-07 15:02 8,150 --a------ C:\iS41m.bat
2009-03-07 15:02 . 2009-03-07 15:02 216 --a------ C:\Nft3WPe.bat
2009-03-07 14:35 . 2009-03-07 14:39 238,080 --a------ C:\J3i30Ykw2.exe
2009-03-07 14:31 . 2009-03-07 14:35 192,512 --a------ C:\J3i30Ykw.exe
2009-03-07 14:30 . 2009-03-07 14:30 8,150 --a------ C:\HZF.bat
2009-03-07 14:30 . 2009-03-07 14:30 227 --a------ C:\J57.bat
2009-03-07 14:16 . 2009-03-07 14:17 238,080 --a------ C:\furGEZMN2.exe
2009-03-07 14:15 . 2009-03-07 14:16 192,512 --a------ C:\furGEZMN.exe
2009-03-07 14:15 . 2009-03-07 14:15 8,150 --a------ C:\UZQxOMn8.bat
2009-03-07 14:15 . 2009-03-07 14:15 227 --a------ C:\s9kTqw18.bat
2009-03-07 14:01 . 2009-03-07 14:01 0 --a------ C:\slO2.exe
2009-03-07 14:00 . 2009-03-07 14:01 192,512 --a------ C:\slO.exe
2009-03-07 14:00 . 2009-03-07 14:00 8,150 --a------ C:\dqtfGXG.bat
2009-03-07 14:00 . 2009-03-07 14:00 194 --a------ C:\oCjQj1dd.bat
2009-03-07 13:49 . 2009-03-07 13:54 237,472 --a------ C:\vAMt2.exe
2009-03-07 13:46 . 2009-03-07 13:49 192,512 --a------ C:\vAMt.exe
2009-03-07 13:46 . 2009-03-07 13:46 8,150 --a------ C:\ige2d.bat
2009-03-07 13:46 . 2009-03-07 13:46 200 --a------ C:\OKTRHBAm.bat
2009-03-07 13:16 . 2009-03-07 13:17 238,080 --a------ C:\T9Gn9NV12.exe
2009-03-07 13:15 . 2009-03-07 13:16 192,512 --a------ C:\T9Gn9NV1.exe
2009-03-07 13:15 . 2009-03-07 13:15 8,150 --a------ C:\qCF4o.bat
2009-03-07 13:15 . 2009-03-07 13:15 227 --a------ C:\kUs.bat
2009-03-07 04:30 . 2009-03-07 04:30 8,150 --a------ C:\wm4QfVW.bat
2009-03-07 04:30 . 2009-03-07 04:30 194 --a------ C:\JxbiW.bat
2009-03-07 04:16 . 2009-03-07 04:18 238,080 --a------ C:\Xlkq32.exe
2009-03-07 04:16 . 2009-03-07 04:16 8,150 --a------ C:\A72tEh.bat
2009-03-07 04:16 . 2009-03-07 04:16 208 --a------ C:\ifKaH.bat
2009-03-07 04:16 . 2009-03-07 04:16 0 --a------ C:\Xlkq3.exe
2009-03-07 04:03 . 2009-03-07 04:03 0 --a------ C:\COR2.exe
2009-03-07 04:01 . 2009-03-07 04:01 8,150 --a------ C:\d3A.bat
2009-03-07 04:01 . 2009-03-07 04:01 198 --a------ C:\Xip14.bat
2009-03-07 03:50 . 2009-03-07 03:56 238,080 --a------ C:\ybt2.exe
2009-03-07 03:49 . 2009-03-07 03:49 8,150 --a------ C:\A6c.bat
2009-03-07 03:49 . 2009-03-07 03:49 194 --a------ C:\H75nD.bat
2009-03-07 03:49 . 2009-03-07 03:49 0 --a------ C:\ybt.exe
2009-03-07 03:21 . 2009-03-07 03:23 2,896 --a------ C:\ULBUp6Q2.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-12 00:32 --------- d-----w c:\program files\Steam
2009-03-11 17:58 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-03-09 02:31 --------- d-----w c:\program files\BitComet
2009-03-01 02:10 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-27 14:37 --------- d-----w c:\documents and settings\mom\Application Data\LimeWire
2009-02-22 01:28 --------- d-----w c:\program files\StepMania
2009-02-08 06:25 --------- d-----w c:\program files\Shockwave.com
2009-01-31 00:13 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-31 00:13 --------- d-----w c:\documents and settings\All Users\Application Data\Age of Empires 3
2009-01-30 23:42 --------- d-----w c:\program files\Microsoft Games
2009-01-23 21:45 --------- d-----w c:\program files\Kap.SATr
2009-01-23 03:30 --------- d-----w c:\documents and settings\mom\Application Data\My The Lord of the Rings, The Rise of the Witch-king Files
2009-01-21 00:18 --------- d-----w c:\program files\Electronic Arts
2009-01-17 02:42 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-10 01:42 31 ----a-w c:\documents and settings\mom\jagex_runescape_preferences.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam "= "c:\program files\steam\steam.exe" [2008-10-07 1410296]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Yahoo! Pager "= "c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"NeroFilterCheck "= "c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-07 185896]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-01-31 385024]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2008-08-17 1232152]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"ATICCC "= "c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"nwiz "= "nwiz.exe" [2007-10-04 c:\windows\system32\nwiz.exe]
"CTHelper "= "CTHELPER.EXE" [2006-08-11 c:\windows\CTHELPER.EXE]
"CTxfiHlp "= "CTXFIHLP.EXE" [2006-08-11 c:\windows\system32\CTXFIHLP.EXE]

c:\documents and settings\mom\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-07-17 106496]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop "= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\\Program Files\\Steam\\Steam.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\BitComet\\BitComet.exe "=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD "=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Gold\\Civilization4.exe "=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Gold\\Warlords\\Civ4Warlords.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
"c:\\Program Files\\Microsoft Games\\Combat Flight Simulator\\COMBATFS.EXE "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\PopCap Games\\Typer Shark Deluxe\\WinTS.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\Program Files\\Electronic Arts\\The Lord of the Rings, The Rise of the Witch-king\\game.dat "=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe "=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe "=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7715:TCP "= 7715:TCP:BitCometBeta 7715 TCP
"7715:UDP "= 7715:UDP:BitCometBeta 7715 UDP

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-08-17 96520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-17 231192]
S3 mgau;mgau;c:\windows\system32\drivers\mgaum.sys [2009-01-08 320384]
S3 PCnetHL;AMD PCnet-Home Adapter Driver;c:\windows\system32\DRIVERS\pcntn5hl.sys --> c:\windows\system32\DRIVERS\pcntn5hl.sys [?]
S3 XPAD910;XPADFilter Service 910;c:\windows\system32\drivers\xpad910.sys [2008-09-10 29405]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8fc89fb-fbc4-11dd-b5d7-00301b3a532e}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-03-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2009-03-11 c:\windows\Tasks\User_Feed_Synchronization-{1EB108CF-ECF5-4F4F-9BC0-8533B710F6A7}.job
- c:\windows\system32\msfeedssync.exe [2008-08-22 04:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {417BAF00-08F8-42BA-92E4-045A1691F2EE} = 209.244.0.3 209.244.0.4
FF - ProfilePath - c:\documents and settings\mom\Application Data\Mozilla\Firefox\Profiles\c9cxfovx.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - component: c:\documents and settings\mom\Application Data\Mozilla\Firefox\Profiles\c9cxfovx.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\wildblue.js - pref( "network.proxy.type ", 2);
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-11 19:32:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1123561945-343818398-725345543-1003\Software\SecuROM\License information*]
"datasecu "=hex:01,0d,ff,c3,ff,c1,98,3c,1f,c0,bf,0a,51,aa,b5,fc,17,03,aa,ad,bb,
83,93,9b,b1,bb,e0,8c,54,12,1b,20,f8,68,d9,21,cd,ec,78,13,2b,de,11,10,43,c8,\
"rkeysecu "=hex:c5,61,7a,13,89,99,85,1c,32,8f,0c,85,3d,dd,17,c8
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\agrsmsvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\wscntfy.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
.
**************************************************************************
.
Completion time: 2009-03-11 19:36:26 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-12 00:36:23
ComboFix2.txt 2009-03-11 18:34:54
ComboFix3.txt 2009-03-10 03:01:31
ComboFix4.txt 2009-03-09 23:41:23
ComboFix5.txt 2009-03-12 00:27:37

Pre-Run: 64,776,617,984 bytes free
Post-Run: 64,767,885,312 bytes free

543 --- E O F --- 2008-11-13 09:05:15


======

 

DDS (Ver_09-02-01.01) - NTFSx86
Run by mom at 19:37:03.48 on Wed 03/11/2009
Internet Explorer: 8.0.6001.18241 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.950 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Documents and Settings\mom\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.2.8.7.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe "
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe "
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
StartupFolder: c:\docume~1\mom\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.2.8.7.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/stg_drm.ocx
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1208896645531
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/armhelper.ocx
TCP: {417BAF00-08F8-42BA-92E4-045A1691F2EE} = 209.244.0.3 209.244.0.4
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mom\applic~1\mozilla\firefox\profiles\c9cxfovx.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - component: c:\documents and settings\mom\application data\mozilla\firefox\profiles\c9cxfovx.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\defaults\pref\wildblue.js - pref( "network.proxy.type ", 2);

============= SERVICES / DRIVERS ===============

R?2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-10-29 607576]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-8-17 96520]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-8-17 26824]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-8-17 231192]
S3 mgau;mgau;c:\windows\system32\drivers\mgaum.sys [2009-1-8 320384]
S3 PCnetHL;AMD PCnet-Home Adapter Driver;c:\windows\system32\drivers\pcntn5hl.sys --> c:\windows\system32\drivers\pcntn5hl.sys [?]
S3 XPAD910;XPADFilter Service 910;c:\windows\system32\drivers\xpad910.sys [2008-9-10 29405]

=============== Created Last 30 ================

2009-03-11 14:44 <DIR> --d----- C:\Lop SD
2009-03-11 12:53 <DIR> a-dshr-- C:\autorun.inf
2009-03-09 14:14 <DIR> a-dshr-- C:\cmdcons
2009-03-08 21:30 161,792 a------- c:\windows\SWREG.exe
2009-03-08 21:30 98,816 a------- c:\windows\sed.exe
2009-03-07 22:15 206 a------- C:\eMgiESd.bat
2009-03-07 22:04 55,024 a------- C:\vJXG2.exe
2009-03-07 22:01 192,512 a------- C:\vJXG.exe
2009-03-07 22:00 8,150 a------- C:\pv7Omd.bat
2009-03-07 22:00 203 a------- C:\BDffy.bat
2009-03-07 21:48 117,360 a------- C:\fqter2.exe
2009-03-07 21:45 188,312 a------- C:\fqter.exe
2009-03-07 21:45 8,150 a------- C:\bdShK7e.bat
2009-03-07 21:45 211 a------- C:\FzP9.bat
2009-03-07 21:34 33,304 a------- C:\S1tO2.exe
2009-03-07 21:30 192,512 a------- C:\S1tO.exe
2009-03-07 21:30 8,150 a------- C:\ZUS3.bat
2009-03-07 21:30 205 a------- C:\uCz.bat
2009-03-07 21:16 0 a------- C:\yTpiQ.exe
2009-03-07 21:15 8,150 a------- C:\Yvl.bat
2009-03-07 21:15 208 a------- C:\xsd.bat
2009-03-07 21:02 238,080 a------- C:\QvWO0o2.exe
2009-03-07 21:00 192,512 a------- C:\QvWO0o.exe
2009-03-07 21:00 8,150 a------- C:\puG.bat
2009-03-07 21:00 214 a------- C:\P8r6ESx.bat
2009-03-07 20:50 128,872 a------- C:\csPPD2.exe
2009-03-07 20:45 192,512 a------- C:\csPPD.exe
2009-03-07 20:45 8,150 a------- C:\MQtMCsS.bat
2009-03-07 20:45 207 a------- C:\xP2zM.bat
2009-03-07 20:18 238,080 a------- C:\PaAn6b2.exe
2009-03-07 20:16 192,512 a------- C:\PaAn6b.exe
2009-03-07 20:15 8,150 a------- C:\lQvfM.bat
2009-03-07 20:15 217 a------- C:\Se6d6.bat
2009-03-07 20:02 238,080 a------- C:\W7A2.exe
2009-03-07 20:01 192,512 a------- C:\W7A.exe
2009-03-07 20:00 8,150 a------- C:\OX2VTyyW.bat
2009-03-07 20:00 194 a------- C:\Jv10.bat
2009-03-07 19:45 238,080 a------- C:\n0zEVp2.exe
2009-03-07 19:45 192,512 a------- C:\n0zEVp.exe
2009-03-07 19:45 8,150 a------- C:\G06j0.bat
2009-03-07 19:45 214 a------- C:\REu.bat
2009-03-07 19:31 238,080 a------- C:\M6M2.exe
2009-03-07 19:30 192,512 a------- C:\M6M.exe
2009-03-07 19:30 8,150 a------- C:\zcKQeBTk.bat
2009-03-07 19:30 196 a------- C:\BgbH.bat
2009-03-07 19:16 238,080 a------- C:\l8bCNJbi2.exe
2009-03-07 19:15 192,512 a------- C:\l8bCNJbi.exe
2009-03-07 19:15 8,150 a------- C:\W1U.bat
2009-03-07 19:15 224 a------- C:\pYp9.bat
2009-03-07 19:02 92,672 a------- C:\Tcqb.exe
2009-03-07 19:01 8,150 a------- C:\hqrg.bat
2009-03-07 19:01 200 a------- C:\twiZS0MV.bat
2009-03-07 18:55 233,128 a------- C:\VzpIrMq2.exe
2009-03-07 18:51 192,512 a------- C:\VzpIrMq.exe
2009-03-07 18:51 8,150 a------- C:\EuQlh.bat
2009-03-07 18:51 220 a------- C:\a8wi4Z.bat
2009-03-07 18:35 238,080 a------- C:\MTCJW1A2.exe
2009-03-07 18:32 192,512 a------- C:\MTCJW1A.exe
2009-03-07 18:32 8,150 a------- C:\GzCUJX.bat
2009-03-07 18:32 219 a------- C:\nCxexo.bat
2009-03-07 18:16 238,080 a------- C:\eR9iq7cz2.exe
2009-03-07 18:15 192,512 a------- C:\eR9iq7cz.exe
2009-03-07 18:15 8,150 a------- C:\jPm1U.bat
2009-03-07 18:15 224 a------- C:\UutrnS2C.bat
2009-03-07 18:00 8,150 a------- C:\Qay.bat
2009-03-07 18:00 219 a------- C:\syD.bat
2009-03-07 17:45 8,150 a------- C:\glBDgP.bat
2009-03-07 17:45 220 a------- C:\AxN5Lv.bat
2009-03-07 17:33 192,512 a------- C:\bc1sasDR.exe
2009-03-07 17:32 8,150 a------- C:\cnme.bat
2009-03-07 17:32 225 a------- C:\sRFQC.bat
2009-03-07 17:21 2,896 a------- C:\n4w2.exe
2009-03-07 17:17 192,512 a------- C:\n4w.exe
2009-03-07 17:17 8,150 a------- C:\qCJ.bat
2009-03-07 17:17 199 a------- C:\GHZ.bat
2009-03-07 17:04 238,080 a------- C:\yNe2.exe
2009-03-07 17:00 192,512 a------- C:\yNe.exe
2009-03-07 17:00 8,150 a------- C:\J8B.bat
2009-03-07 17:00 195 a------- C:\m9m8iw.bat
2009-03-07 16:47 238,080 a------- C:\Irrb2.exe
2009-03-07 16:45 192,512 a------- C:\Irrb.exe
2009-03-07 16:45 8,150 a------- C:\GlFKzbj.bat
2009-03-07 16:45 205 a------- C:\qybT.bat
2009-03-07 16:33 238,080 a------- C:\Tni2.exe
2009-03-07 16:30 192,512 a------- C:\Tni.exe
2009-03-07 16:30 8,150 a------- C:\YC1SBzN.bat
2009-03-07 16:30 199 a------- C:\MHY.bat
2009-03-07 15:17 236,024 a------- C:\nExj012.exe
2009-03-07 15:16 192,512 a------- C:\nExj01.exe
2009-03-07 15:16 8,150 a------- C:\Fbgi.bat
2009-03-07 15:16 215 a------- C:\Gp9a.bat
2009-03-07 15:08 238,080 a------- C:\GYzU7I2.exe
2009-03-07 15:03 192,512 a------- C:\GYzU7I.exe
2009-03-07 15:02 8,150 a------- C:\iS41m.bat
2009-03-07 15:02 216 a------- C:\Nft3WPe.bat
2009-03-07 14:35 238,080 a------- C:\J3i30Ykw2.exe
2009-03-07 14:31 192,512 a------- C:\J3i30Ykw.exe
2009-03-07 14:30 8,150 a------- C:\HZF.bat
2009-03-07 14:30 227 a------- C:\J57.bat
2009-03-07 14:16 238,080 a------- C:\furGEZMN2.exe
2009-03-07 14:15 192,512 a------- C:\furGEZMN.exe
2009-03-07 14:15 8,150 a------- C:\UZQxOMn8.bat
2009-03-07 14:15 227 a------- C:\s9kTqw18.bat
2009-03-07 14:01 0 a------- C:\slO2.exe
2009-03-07 14:00 192,512 a------- C:\slO.exe
2009-03-07 14:00 8,150 a------- C:\dqtfGXG.bat
2009-03-07 14:00 194 a------- C:\oCjQj1dd.bat
2009-03-07 13:49 237,472 a------- C:\vAMt2.exe
2009-03-07 13:46 192,512 a------- C:\vAMt.exe
2009-03-07 13:46 8,150 a------- C:\ige2d.bat
2009-03-07 13:46 200 a------- C:\OKTRHBAm.bat
2009-03-07 13:16 238,080 a------- C:\T9Gn9NV12.exe
2009-03-07 13:15 192,512 a------- C:\T9Gn9NV1.exe
2009-03-07 13:15 8,150 a------- C:\qCF4o.bat
2009-03-07 13:15 227 a------- C:\kUs.bat
2009-03-07 04:30 8,150 a------- C:\wm4QfVW.bat
2009-03-07 04:30 194 a------- C:\JxbiW.bat
2009-03-07 04:16 238,080 a------- C:\Xlkq32.exe
2009-03-07 04:16 0 a------- C:\Xlkq3.exe
2009-03-07 04:16 8,150 a------- C:\A72tEh.bat
2009-03-07 04:16 208 a------- C:\ifKaH.bat
2009-03-07 04:03 0 a------- C:\COR2.exe
2009-03-07 04:01 8,150 a------- C:\d3A.bat
2009-03-07 04:01 198 a------- C:\Xip14.bat
2009-03-07 03:50 238,080 a------- C:\ybt2.exe
2009-03-07 03:49 0 a------- C:\ybt.exe
2009-03-07 03:49 8,150 a------- C:\A6c.bat
2009-03-07 03:49 194 a------- C:\H75nD.bat
2009-03-07 03:21 2,896 a------- C:\ULBUp6Q2.exe
2009-03-07 03:17 78,192 a------- C:\ULBUp6Q.exe
2009-03-07 03:17 8,150 a------- C:\e5Kx.bat
2009-03-07 03:17 223 a------- C:\MBfEt.bat
2009-03-07 03:00 1,448 a------- C:\lc87.exe
2009-03-07 03:00 8,150 a------- C:\IOVO.bat
2009-03-07 03:00 201 a------- C:\JuBL.bat
2009-03-07 02:15 8,150 a------- C:\u4B.bat
2009-03-07 02:15 209 a------- C:\MbK06g0.bat
2009-03-07 02:00 8,150 a------- C:\iZS9W4.bat
2009-03-07 02:00 197 a------- C:\JPBryJ.bat
2009-03-07 01:45 8,150 a------- C:\VILA.bat
2009-03-07 01:45 225 a------- C:\LISlzG.bat
2009-03-07 01:33 81,088 a------- C:\HHSs2.exe
2009-03-07 01:30 8,150 a------- C:\JNH.bat
2009-03-07 01:30 202 a------- C:\DnyoUBGy.bat
2009-03-07 01:16 52,128 a------- C:\iJHsX.exe
2009-03-07 01:15 8,150 a------- C:\kz0A.bat
2009-03-07 01:15 207 a------- C:\wa8AjGe.bat
2009-03-07 01:05 144,800 a------- C:\H0YNJrj72.exe
2009-03-07 01:00 8,150 a------- C:\bTM9lEZ.bat
2009-03-07 01:00 227 a------- C:\lwnzEkBB.bat
2009-03-07 00:45 8,150 a------- C:\Igi.bat
2009-03-07 00:45 228 a------- C:\Bb2vQH65.bat
2009-03-07 00:31 0 a------- C:\u1IXAT.exe
2009-03-07 00:30 8,150 a------- C:\f6Gpln.bat
2009-03-07 00:30 217 a------- C:\boHZD.bat
2009-03-07 00:15 0 a------- C:\OyXzit.exe
2009-03-07 00:15 8,150 a------- C:\WrxbC.bat
2009-03-07 00:15 216 a------- C:\vRy1.bat
2009-03-06 23:46 63,712 a------- C:\LO3Pn.exe
2009-03-06 23:45 8,150 a------- C:\sfv.bat
2009-03-06 23:45 211 a------- C:\Q4EHA.bat
2009-03-06 23:30 8,150 a------- C:\zzz6egh.bat
2009-03-06 23:30 215 a------- C:\RXPg.bat
2009-03-06 23:00 8,150 a------- C:\Ri5HgQSW.bat
2009-03-06 23:00 226 a------- C:\W02Kz.bat
2009-03-06 22:46 1,448 a------- C:\yaP2.exe
2009-03-06 22:45 0 a------- C:\yaP.exe
2009-03-06 22:45 8,150 a------- C:\tP81Jh2m.bat
2009-03-06 22:45 195 a------- C:\HOg.bat
2009-03-06 22:30 8,150 a------- C:\jCA.bat
2009-03-06 22:30 209 a------- C:\TdV.bat
2009-03-06 22:00 8,150 a------- C:\H2YR54.bat
2009-03-06 22:00 227 a------- C:\HtkPO.bat
2009-03-06 21:46 57,920 a------- C:\dhRD04Xo.exe
2009-03-06 21:46 8,150 a------- C:\L7rE5.bat
2009-03-06 21:46 229 a------- C:\Vnkx.bat
2009-03-06 21:31 8,150 a------- C:\EVqbnI.bat
2009-03-06 21:31 194 a------- C:\wZtUKQr.bat
2009-03-06 21:15 8,150 a------- C:\o9OSU.bat
2009-03-06 21:15 221 a------- C:\i2s.bat
2009-03-06 20:47 186,792 a------- C:\irit.exe
2009-03-06 20:47 8,150 a------- C:\a5c3t.bat
2009-03-06 20:47 202 a------- C:\Wj0P6.bat
2009-03-06 20:34 238,080 a------- C:\J4X8DF2.exe
2009-03-06 20:30 76,744 a------- C:\J4X8DF.exe
2009-03-06 20:30 8,150 a------- C:\FKGVniz.bat
2009-03-06 20:30 213 a------- C:\ibbA0sK.bat
2009-03-06 19:49 163,624 a------- C:\JWmKK2.exe
2009-03-06 19:45 8,150 a------- C:\FgPD.bat
2009-03-06 19:45 206 a------- C:\giw.bat
2009-03-06 19:30 8,150 a------- C:\d7e0gXA2.bat
2009-03-06 19:30 204 a------- C:\Kjcg7Ubl.bat
2009-03-06 17:37 133,216 a------- C:\pbk7Lfs2.exe
2009-03-06 17:32 172,384 a------- C:\pbk7Lfs.exe
2009-03-06 17:31 8,150 a------- C:\vl2qOuo.bat
2009-03-06 17:31 221 a------- C:\xIK2CJo.bat
2009-03-06 17:02 193,536 a------- C:\uQmTBXA3.exe
2009-03-06 17:02 8,150 a------- C:\J9L7.bat
2009-03-06 17:02 225 a------- C:\O8fKY.bat
2009-03-06 16:45 8,150 a------- C:\u4d.bat
2009-03-06 16:45 227 a------- C:\hMYQbigQ.bat
2009-03-06 16:30 8,150 a------- C:\bra.bat
2009-03-06 16:30 213 a------- C:\MkH6MAyx.bat
2009-03-06 16:00 8,150 a------- C:\VGh0NAT.bat
2009-03-06 16:00 211 a------- C:\CIalQ1.bat
2009-03-06 15:30 8,150 a------- C:\soI3yH.bat
2009-03-06 15:30 205 a------- C:\KBC6.bat
2009-03-06 14:52 18,980 a------- C:\LWm2.exe
2009-03-06 14:46 8,150 a------- C:\EF4.bat
2009-03-06 14:46 195 a------- C:\jBuT56I.bat
2009-03-06 14:31 99,912 a------- C:\hNzwU.exe
2009-03-06 14:30 8,150 a------- C:\ipb5r68Y.bat
2009-03-06 14:30 207 a------- C:\UTuhk.bat
2009-03-06 14:21 0 a------- C:\Xhwm7goO2.exe
2009-03-06 14:16 144,800 a------- C:\Xhwm7goO.exe
2009-03-06 14:16 8,150 a------- C:\KhrCpC.bat
2009-03-06 14:16 227 a------- C:\XojwoS.bat
2009-03-06 13:54 4,344 a------- C:\Ls92.exe
2009-03-06 13:47 8,150 a------- C:\mvagP.bat
2009-03-06 13:47 196 a------- C:\Gke.bat
2009-03-06 13:03 8,150 a------- C:\zC2Xto.bat
2009-03-06 13:03 217 a------- C:\GGil79e.bat
2009-03-06 12:45 8,150 a------- C:\eE1X.bat
2009-03-06 12:45 211 a------- C:\vJb.bat
2009-03-06 12:31 8,760 a------- C:\yb5.exe
2009-03-06 12:30 8,150 a------- C:\MymXnThr.bat
2009-03-06 12:30 197 a------- C:\LnhO.bat
2009-03-06 12:18 40,544 a------- C:\bTnwkD2.exe
2009-03-06 12:15 8,150 a------- C:\cTMQULVR.bat
2009-03-06 12:15 212 a------- C:\Pr9zJD9B.bat
2009-03-06 11:45 114,392 a------- C:\jA8QHQ6.exe
2009-03-06 11:45 8,150 a------- C:\O6Fkr4.bat
2009-03-06 11:45 222 a------- C:\ShU.bat
2009-03-06 11:30 8,150 a------- C:\ZxN9.bat
2009-03-06 11:30 201 a------- C:\xbUOsH.bat
2009-03-06 11:18 128,944 a------- C:\MYc2.exe
2009-03-06 11:16 30,660 a------- C:\MYc.exe
2009-03-06 11:15 8,150 a------- C:\O5uw0.bat
2009-03-06 11:15 195 a------- C:\lC8.bat
2009-03-06 11:00 8,150 a------- C:\Yo92Z.bat
2009-03-06 11:00 210 a------- C:\xSQSm3y.bat
2009-03-06 10:34 18,824 a------- C:\LRy62.exe
2009-03-06 10:30 8,150 a------- C:\zG0VWh.bat
2009-03-06 10:30 201 a------- C:\fCPo9k8.bat
2009-03-06 10:15 8,150 a------- C:\wJol.bat
2009-03-06 10:15 219 a------- C:\LNJ5CfL.bat
2009-03-06 10:01 170,820 a------- C:\Ml352.exe
2009-03-06 10:00 8,150 a------- C:\FQj2N.bat
2009-03-06 10:00 201 a------- C:\QJuVRhX.bat
2009-03-06 09:45 8,150 a------- C:\bNXQ4cT3.bat
2009-03-06 09:45 226 a------- C:\bFyt.bat
2009-03-06 09:19 10,616 a------- C:\svc11
2009-03-06 09:19 101 a------- C:\svc10
2009-03-06 09:15 8,150 a------- C:\YH86.bat
2009-03-06 09:15 199 a------- C:\mpGZMrYl.bat
2009-03-06 09:00 8,150 a------- C:\sDJs0Two.bat
2009-03-06 09:00 200 a------- C:\DYyb6Xh.bat
2009-03-06 08:45 8,150 a------- C:\Rsy.bat
2009-03-06 08:45 179 a------- C:\OzHGlm.bat
2009-03-06 08:30 8,150 a------- C:\ZIe9rqE.bat
2009-03-06 08:30 190 a------- C:\e2HY.bat
2009-03-06 08:15 8,150 a------- C:\u1CWeQ.bat
2009-03-06 08:15 182 a------- C:\h0Fv.bat
2009-03-06 08:00 8,150 a------- C:\OPrJWEL.bat
2009-03-06 08:00 176 a------- C:\sHOjCin.bat
2009-03-06 07:45 8,150 a------- C:\GBWb.bat
2009-03-06 07:45 185 a------- C:\PqS.bat
2009-03-06 07:30 8,150 a------- C:\wPkPuzGH.bat
2009-03-06 07:30 179 a------- C:\qpOGafWe.bat
2009-03-06 07:15 8,150 a------- C:\ANGOIYh.bat
2009-03-06 07:15 193 a------- C:\SxgA28.bat
2009-03-06 07:00 8,150 a------- C:\G5GV.bat
2009-03-06 07:00 198 a------- C:\GDN.bat
2009-03-06 06:45 8,150 a------- C:\jPHJi.bat
2009-03-06 06:45 199 a------- C:\RkZ0.bat
2009-03-06 06:30 151 a------- C:\JHVF62.bat
2009-03-06 06:30 8,150 a------- C:\v7KX9t.bat
2009-03-06 06:30 202 a------- C:\JHVF6.bat
2009-03-06 06:15 161 a------- C:\VyktLf9Y2.bat
2009-03-06 06:15 8,150 a------- C:\y71XbAV.bat
2009-03-06 06:15 224 a------- C:\VyktLf9Y.bat
2009-03-06 06:00 151 a------- C:\FRaEdI9t2.bat
2009-03-06 06:00 8,150 a------- C:\e0VGIO.bat
2009-03-06 06:00 205 a------- C:\FRaEdI9t.bat
2009-03-06 05:45 160 a------- C:\LiufxL2l2.bat
2009-03-06 05:45 8,150 a------- C:\ipmeIPoT.bat
2009-03-06 05:45 223 a------- C:\LiufxL2l.bat
2009-03-06 05:30 148 a------- C:\W9RK2.bat
2009-03-06 05:30 8,150 a------- C:\UMbk.bat
2009-03-06 05:30 196 a------- C:\W9RK.bat
2009-03-06 05:15 161 a------- C:\YnjUgtOL2.bat
2009-03-06 05:15 8,150 a------- C:\e87v4b.bat
2009-03-06 05:15 221 a------- C:\YnjUgtOL.bat
2009-03-06 05:00 154 a------- C:\J3De0P2.bat
2009-03-06 05:00 8,150 a------- C:\dlR.bat
2009-03-06 05:00 208 a------- C:\J3De0P.bat
2009-03-06 04:45 16,060 a------- C:\itm22.exe
2009-03-06 04:45 153 a------- C:\SadaT2GR2.bat
2009-03-06 04:45 8,150 a------- C:\frkYO.bat
2009-03-06 04:45 204 a------- C:\SadaT2GR.bat
2009-03-06 04:30 159 a------- C:\Imd3TrrF2.bat
2009-03-06 04:30 8,150 a------- C:\oOakP.bat
2009-03-06 04:30 216 a------- C:\Imd3TrrF.bat
2009-03-06 04:15 157 a------- C:\tC192.bat
2009-03-06 04:15 8,150 a------- C:\GEVF9onH.bat
2009-03-06 04:15 217 a------- C:\tC19.bat
2009-03-06 04:00 145 a------- C:\xg6j2PX2.bat
2009-03-06 04:00 8,150 a------- C:\UFtBjdRP.bat
2009-03-06 04:00 193 a------- C:\xg6j2PX.bat
2009-03-06 03:45 161 a------- C:\QQw6KWu2.bat
2009-03-06 03:45 8,150 a------- C:\kMi.bat
2009-03-06 03:45 224 a------- C:\QQw6KWu.bat
2009-03-06 03:30 165 a------- C:\boTC32.bat
2009-03-06 03:30 8,150 a------- C:\s9rLQV0K.bat
2009-03-06 03:30 228 a------- C:\boTC3.bat
2009-03-06 03:15 160 a------- C:\g43iV2.bat
2009-03-06 03:15 8,150 a------- C:\NkuGMt.bat
2009-03-06 03:15 220 a------- C:\g43iV.bat
2009-03-06 03:00 163 a------- C:\j0qi2.bat
2009-03-06 03:00 8,150 a------- C:\q57k.bat
2009-03-06 03:00 226 a------- C:\j0qi.bat
2009-03-06 02:45 154 a------- C:\kVeWsVO2.bat
2009-03-06 02:45 8,150 a------- C:\zfVUov.bat
2009-03-06 02:45 211 a------- C:\kVeWsVO.bat
2009-03-06 02:30 152 a------- C:\ZAq2.bat
2009-03-06 02:30 8,150 a------- C:\pSiH20.bat
2009-03-06 02:30 206 a------- C:\ZAq.bat
2009-03-06 02:15 161 a------- C:\bmV2.bat
2009-03-06 02:15 8,150 a------- C:\SeZPnIr4.bat
2009-03-06 02:15 221 a------- C:\bmV.bat
2009-03-06 02:00 163 a------- C:\KWOTVGEX2.bat
2009-03-06 02:00 8,150 a------- C:\ibUd3.bat
2009-03-06 02:00 226 a------- C:\KWOTVGEX.bat
2009-03-06 01:45 154 a------- C:\bHmsb2.bat
2009-03-06 01:45 8,150 a------- C:\KbYuGUd.bat
2009-03-06 01:45 211 a------- C:\bHmsb.bat
2009-03-06 01:31 0 a------- C:\IJ5IJRL22.exe
2009-03-06 01:30 160 a------- C:\Sjt2.bat
2009-03-06 01:30 8,150 a------- C:\F0vg.bat
2009-03-06 01:30 220 a------- C:\Sjt.bat
2009-03-06 01:16 0 a------- C:\dyWuy22.exe
2009-03-06 01:15 154 a------- C:\ikU0Qi2.bat
2009-03-06 01:15 8,150 a------- C:\fYVdb.bat
2009-03-06 01:15 208 a------- C:\ikU0Qi.bat
2009-03-06 01:00 151 a------- C:\jUb2.bat
2009-03-06 01:00 8,150 a------- C:\XCf2xl.bat
2009-03-06 01:00 202 a------- C:\jUb.bat
2009-03-06 00:45 145 a------- C:\FmZFQK92.bat
2009-03-06 00:45 8,150 a------- C:\Mm3Wfs.bat
2009-03-06 00:45 193 a------- C:\FmZFQK9.bat
2009-03-06 00:30 156 a------- C:\tTt02.bat
2009-03-06 00:30 8,150 a------- C:\jLrQQSN.bat
2009-03-06 00:30 210 a------- C:\tTt0.bat
2009-03-06 00:17 63,712 a------- C:\Z1o.exe
2009-03-06 00:15 149 a------- C:\O5LtxE2.bat
2009-03-06 00:15 8,150 a------- C:\Ndg0BLhb.bat
2009-03-06 00:15 197 a------- C:\O5LtxE.bat
2009-03-05 23:30 136,112 a------- C:\YAPWUGT.exe
2009-03-05 23:30 8,150 a------- C:\skCEDaz.bat
2009-03-05 23:30 217 a------- C:\pPhJzvF.bat
2009-03-05 23:30 157 a------- C:\pPhJzvF2.bat
2009-03-05 23:15 149 a------- C:\I1ejRAJ2.bat
2009-03-05 23:15 8,150 a------- C:\TfxhQ.bat
2009-03-05 23:15 200 a------- C:\I1ejRAJ.bat
2009-03-05 23:03 56,832 a------- c:\windows\system32\drivers\UACd.sys
2009-03-05 23:00 8,150 a------- C:\iI0X9.bat
2009-03-05 23:00 147 a------- C:\teGg2rnV2.bat
2009-03-05 23:00 195 a------- C:\teGg2rnV.bat
2009-03-05 22:45 8,150 a------- C:\kjRLTHI.bat
2009-03-05 22:45 159 a------- C:\VTCk2.bat
2009-03-05 22:45 219 a------- C:\VTCk.bat
2009-03-05 22:30 161 a------- C:\bbm2.bat
2009-03-05 22:30 8,150 a------- C:\bVDIEX.bat
2009-03-05 22:30 224 a------- C:\bbm.bat
2009-03-05 22:15 161 a------- C:\HYySzvNE2.bat
2009-03-05 22:15 8,150 a------- C:\GyaXJW.bat
2009-03-05 22:15 221 a------- C:\HYySzvNE.bat
2009-03-05 22:01 46,336 a------- C:\IvbP22.exe
2009-03-05 22:00 8,150 a------- C:\nHN5Q2f.bat
2009-03-05 22:00 149 a------- C:\rLO2.bat
2009-03-05 22:00 200 a------- C:\rLO.bat
2009-03-05 21:46 0 a------- C:\Ptg22.exe
2009-03-05 21:45 146 a------- C:\KKGEL2.bat
2009-03-05 21:45 8,150 a------- C:\rJkPiM.bat
2009-03-05 21:45 194 a------- C:\KKGEL.bat
2009-03-05 21:15 8,150 a------- C:\vnypCjGl.bat
2009-03-05 21:15 221 a------- C:\IUWF7Lx.bat
2009-03-05 21:15 161 a------- C:\IUWF7Lx2.bat
2009-03-04 00:45 106 a------- C:\yXB52.bat
2009-03-04 00:45 8,150 a------- C:\tlnq.bat
2009-03-04 00:45 140 a------- C:\yXB5.bat
2009-03-04 00:15 112 a------- C:\nX72e62.bat
2009-03-04 00:15 8,150 a------- C:\XiVbWkuK.bat
2009-03-04 00:15 152 a------- C:\nX72e6.bat
2009-03-04 00:00 8,150 a------- C:\A5Gi.bat
2009-03-04 00:00 112 a------- C:\EjPu2.bat
2009-03-04 00:00 154 a------- C:\EjPu.bat
2009-03-03 23:45 149,144 a------- C:\cmyT2.exe
2009-03-03 23:45 110 a------- C:\hGSUjh2.bat
2009-03-03 23:45 8,150 a------- C:\i5QqBjc.bat
2009-03-03 23:45 146 a------- C:\hGSUjh.bat
2009-03-03 23:30 108 a------- C:\RXHr2.bat
2009-03-03 23:30 8,150 a------- C:\turoD0.bat
2009-03-03 23:30 142 a------- C:\RXHr.bat
2009-03-03 23:15 111 a------- C:\DNs2.bat
2009-03-03 23:15 8,150 a------- C:\R1DtT.bat
2009-03-03 23:15 155 a------- C:\DNs.bat
2009-03-03 23:01 114 a------- C:\duXo2.bat
2009-03-03 23:01 8,150 a------- C:\zKlkjDl.bat
2009-03-03 23:01 156 a------- C:\duXo.bat
2009-03-03 22:45 8,150 a------- C:\dMA.bat
2009-03-03 22:45 155 a------- C:\poa92.bat
2009-03-03 22:45 113 a------- C:\poa922.bat
2009-03-03 22:30 110 a------- C:\K4x42.bat
2009-03-03 22:30 8,150 a------- C:\q1YQnb.bat
2009-03-03 22:30 148 a------- C:\K4x4.bat
2009-03-03 22:15 112 a------- C:\SviISQ2.bat
2009-03-03 22:15 8,150 a------- C:\lAndtAf6.bat
2009-03-03 22:15 152 a------- C:\SviISQ.bat
2009-03-03 22:00 109 a------- C:\PvDvm4H2.bat
2009-03-03 22:00 8,150 a------- C:\Qryyl.bat
2009-03-03 22:00 149 a------- C:\PvDvm4H.bat
2009-03-03 21:45 8,150 a------- C:\ZqBgDoF.bat
2009-03-03 21:45 108 a------- C:\cYBN2.bat
2009-03-03 21:45 142 a------- C:\cYBN.bat
2009-03-03 21:30 110 a------- C:\TER2.bat
2009-03-03 21:30 8,150 a------- C:\TUGQK0fo.bat
2009-03-03 21:30 146 a------- C:\TER.bat
2009-03-03 21:27 <DIR> --d----- c:\program files\Trend Micro
2009-03-03 21:25 <DIR> --d----- C:\hjt
2009-03-03 21:15 8,150 a------- C:\wkmiCXE8.bat
2009-03-03 21:15 154 a------- C:\zePHC.bat
2009-03-03 21:15 110 a------- C:\zePHC2.bat
2009-03-03 21:00 8,150 a------- C:\DfeDolk.bat
2009-03-03 21:00 113 a------- C:\HZl2.bat
2009-03-03 21:00 153 a------- C:\HZl.bat
2009-03-03 20:45 111 a------- C:\HxL2.bat
2009-03-03 20:45 8,150 a------- C:\J4N.bat
2009-03-03 20:45 153 a------- C:\HxL.bat
2009-03-03 20:15 8,150 a------- C:\tHh.bat
2009-03-03 20:15 145 a------- C:\OcN3AsD.bat
2009-03-03 20:15 109 a------- C:\OcN3AsD2.bat
2009-03-03 20:00 8,150 a------- C:\qs90.bat
2009-03-03 20:00 114 a------- C:\ife6lrfl2.bat
2009-03-03 20:00 158 a------- C:\ife6lrfl.bat
2009-03-03 19:30 8,150 a------- C:\TlpSx8.bat
2009-03-03 19:30 111 a------- C:\HikrmD2.bat
2009-03-03 19:30 147 a------- C:\HikrmD.bat
2009-03-03 19:15 110 a------- C:\Eaz2.bat
2009-03-03 19:15 8,150 a------- C:\gfcPfpSs.bat
2009-03-03 19:15 150 a------- C:\Eaz.bat
2009-03-03 16:00 105 a------- C:\U1Z2.bat
2009-03-03 16:00 8,150 a------- C:\kjUqxy1.bat
2009-03-03 16:00 139 a------- C:\U1Z.bat
2009-03-03 15:45 114 a------- C:\BNeGRJ2.bat
2009-03-03 15:45 8,150 a------- C:\lUU8HkTB.bat
2009-03-03 15:45 158 a------- C:\BNeGRJ.bat
2009-03-03 15:30 113 a------- C:\PuncsoHa2.bat
2009-03-03 15:30 8,150 a------- C:\zW8hbk4W.bat
2009-03-03 15:30 155 a------- C:\PuncsoHa.bat
2009-03-03 15:15 8,150 a------- C:\ijNGdOz.bat
2009-03-03 15:15 152 a------- C:\AKiP.bat
2009-03-03 15:15 112 a------- C:\AKiP2.bat
2009-03-03 15:00 107 a------- C:\bK8xmu2.bat
2009-03-03 15:00 8,150 a------- C:\QnqUSq6m.bat
2009-03-03 15:00 141 a------- C:\bK8xmu.bat
2009-03-03 14:30 8,150 a------- C:\Kap.bat
2009-03-03 14:30 108 a------- C:\swndGc2.bat
2009-03-03 14:30 146 a------- C:\swndGc.bat
2009-03-03 14:15 8,150 a------- C:\dSa2.bat
2009-03-03 14:15 107 a------- C:\nhfbU2.bat
2009-03-03 14:15 141 a------- C:\nhfbU.bat
2009-03-03 14:00 8,150 a------- C:\CzQC6Sq.bat
2009-03-03 14:00 112 a------- C:\VUrl2.bat
2009-03-03 14:00 156 a------- C:\VUrl.bat
2009-03-03 13:45 8,150 a------- C:\BAXeXg8.bat
2009-03-03 13:45 146 a------- C:\PoWKsa.bat
2009-03-03 13:45 108 a------- C:\PoWKsa2.bat
2009-03-03 13:30 114 a------- C:\igwRcZ2.bat
2009-03-03 13:30 8,150 a------- C:\sm0ZBuW.bat
2009-03-03 13:30 158 a------- C:\igwRcZ.bat
2009-03-03 10:45 106 a------- C:\wpuFSY2.bat
2009-03-03 10:45 8,150 a------- C:\AGBALsr.bat
2009-03-03 10:45 142 a------- C:\wpuFSY.bat
2009-03-03 10:30 107 a------- C:\pZuzJYw82.bat
2009-03-03 10:30 8,150 a------- C:\cR0.bat
2009-03-03 10:30 143 a------- C:\pZuzJYw8.bat
2009-03-03 10:15 105 a------- C:\zzcHjyOe2.bat
2009-03-03 10:15 8,150 a------- C:\PLq.bat
2009-03-03 10:15 139 a------- C:\zzcHjyOe.bat
2009-03-03 10:00 113 a------- C:\cJDlS2.bat
2009-03-03 10:00 8,150 a------- C:\tUy4jp.bat
2009-03-03 10:00 153 a------- C:\cJDlS.bat
2009-03-02 01:00 0 a------- C:\proxy.log.2009.03.02
2009-03-01 02:00 8,150 a------- C:\dM4SOqRk.bat
2009-03-01 02:00 107 a------- C:\cLqx2.bat
2009-03-01 02:00 141 a------- C:\cLqx.bat
2009-03-01 01:45 107 a------- C:\GyIzG2.bat
2009-03-01 01:45 8,150 a------- C:\hCCAbDrT.bat
2009-03-01 01:45 141 a------- C:\GyIzG.bat
2009-03-01 01:30 8,150 a------- C:\AYNEZ08.bat
2009-03-01 01:30 157 a------- C:\gy0.bat
2009-03-01 01:30 113 a------- C:\gy02.bat
2009-03-01 01:15 112 a------- C:\K7wAb8q2.bat
2009-03-01 01:15 8,150 a------- C:\OVgL.bat
2009-03-01 01:15 154 a------- C:\K7wAb8q.bat
2009-03-01 01:00 200 a------- C:\proxy.log.2009.03.01
2009-03-01 00:45 114 a------- C:\OSxXZ2.bat
2009-03-01 00:45 8,150 a------- C:\Ylin.bat
2009-03-01 00:45 156 a------- C:\OSxXZ.bat
2009-03-01 00:30 8,150 a------- C:\pCI2Yn.bat
2009-03-01 00:30 109 a------- C:\G3HrXkeB2.bat
2009-03-01 00:30 145 a------- C:\G3HrXkeB.bat
2009-03-01 00:00 8,150 a------- C:\cYA.bat
2009-03-01 00:00 108 a------- C:\TcXoIaz2.bat
2009-03-01 00:00 146 a------- C:\TcXoIaz.bat
2009-02-28 23:30 8,150 a------- C:\DDwA7Xob.bat
2009-02-28 23:30 112 a------- C:\j8a82.bat
2009-02-28 23:30 154 a------- C:\j8a8.bat
2009-02-28 23:16 113 a------- C:\oyhNFlOp2.bat
2009-02-28 23:16 8,150 a------- C:\HYS9MfV.bat
2009-02-28 23:16 155 a------- C:\oyhNFlOp.bat
2009-02-28 22:47 10,136 a------- C:\jBzaZ.exe
2009-02-28 22:45 108 a------- C:\xefGQlQ2.bat
2009-02-28 22:45 8,150 a------- C:\i2H6X.bat
2009-02-28 22:45 146 a------- C:\xefGQlQ.bat
2009-02-28 21:45 114 a------- C:\jQ3KPdb2.bat
2009-02-28 21:45 8,150 a------- C:\t9L.bat
2009-02-28 21:45 158 a------- C:\jQ3KPdb.bat
2009-02-28 21:31 23,168 a------- C:\vkd.exe
2009-02-28 21:31 8,150 a------- C:\ZjCXCy.bat
2009-02-28 21:31 109 a------- C:\BvTz2.bat
2009-02-28 21:31 143 a------- C:\BvTz.bat
2009-02-28 20:15 110 a------- C:\rgs2.bat
2009-02-28 20:15 8,150 a------- C:\zrT.bat
2009-02-28 20:15 144 a------- C:\rgs.bat
2009-02-28 19:45 109 a------- C:\kZkIlS2.bat
2009-02-28 19:45 8,150 a------- C:\OwDtG.bat
2009-02-28 19:45 143 a------- C:\kZkIlS.bat
2009-02-28 19:16 113 a------- C:\bGya5h2.bat
2009-02-28 19:16 8,150 a------- C:\tMNp.bat
2009-02-28 19:16 155 a------- C:\bGya5h.bat
2009-02-28 18:46 106 a------- C:\ZEcqnRu2.bat
2009-02-28 18:45 8,150 a------- C:\VKAKcD.bat
2009-02-28 18:45 140 a------- C:\ZEcqnRu.bat
2009-02-28 18:15 110 a------- C:\dwNqt2.bat
2009-02-28 18:15 8,150 a------- C:\AIX2.bat
2009-02-28 18:15 144 a------- C:\dwNqt.bat
2009-02-28 18:00 111 a------- C:\l5652.bat
2009-02-28 18:00 8,150 a------- C:\XNbkzC.bat
2009-02-28 18:00 149 a------- C:\l565.bat
2009-02-28 17:34 3,576 a------- C:\proxy.log.2009.02.28
2009-02-28 17:34 <DIR> --d----- C:\svc
2009-02-28 17:31 127 a------- C:\z3o2.bat
2009-02-28 17:31 8,150 a------- C:\hRXmW.bat
2009-02-28 17:31 154 a------- C:\z3o.bat
2009-02-28 16:45 8,098 a------- C:\sKCEpW1.bat
2009-02-28 16:45 205 a------- C:\nDHO.bat
2009-02-28 16:00 <DIR> --d----- c:\program files\Maxis
2009-02-28 09:54 8,098 a------- C:\bctBA8B.bat
2009-02-28 09:54 215 a------- C:\k1DJnp.bat
2009-02-20 00:40 54,156 a---h--- c:\windows\QTFont.qfn
2009-02-20 00:40 1,409 a------- c:\windows\QTFont.for

==================== Find3M ====================

2008-12-09 20:42 31 a------- c:\documents and settings\mom\jagex_runescape_preferences.dat

============= FINISH: 19:37:16.95 ===============

 

I don't know or can't say thats how it got in but it is a possible avenue.
There are so many ways now, innocent people are infected everyday.


If you could back tract and go to my post 26
I suggested a couple of scans.

 

Juliet,

I've had to change security setting to install activex so that I can scan w/ESET online. I get the prompt to install and nothing happens. Any suggestions?


Thanks, JBH

 

It's beginning to not look so good, try Malwarebytes' Anti-Malware scan.

Also please do this as well.

Download Gmer's mbr.exe to your desktop
click the downloaded file to run the scan (a window will open briefly, then close).
The scan will create a mbr.log on your desktop - please copy/paste those contents in your next reply.

 

I scanned this last night.

Malwarebytes' Anti-Malware 1.34
Database version: 1838
Windows 5.1.2600 Service Pack 2

3/11/2009 9:20:23 PM
mbam-log-2009-03-11 (21-20-23).txt

Scan type: Quick Scan
Objects scanned: 68467
Time elapsed: 3 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\UACd.sys (Trojan.Agent) -> Quarantined and deleted successfully.

 

Also please do this as well.

Download Gmer's mbr.exe to your desktop
click the downloaded file to run the scan (a window will open briefly, then close).
The scan will create a mbr.log on your desktop - please copy/paste those contents in your next reply.

 

Is this what you wanted?

Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

 

Yes, good thank you.

Let's try this scanner next.

Print this topic or save to notepad, it will make it easier for you to follow the instructions and complete all of the necessary steps as we will need to close all windows that are open later in the fix.



Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
• http://www.pchell.com/support/safemode.shtml
•
Scan with DrWeb-CureIt as follows:

* Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
* Under "Start the Express Scan Now ", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.

* Once the short scan has finished, Click Options > Change settings
* Choose the "Scan tab" and UNcheck "Heuristic analysis "

* Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
* Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.

* When done, a message will be displayed at the bottom advising if any viruses were found.
* Click "Yes to all" if it asks if you want to cure/move the file.

* When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable ".
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)

* Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
* Save the DrWeb.csv report to your desktop.
* Exit Dr.Web Cureit when done.

* Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
* After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
In your next reply post:

DrWeb.cvs report
New DDS log

 

IvbP22.exe;C:\;BackDoor.Tdss.based;Incurable.Moved.;
J4X8DF2.exe;C:\;Trojan.DownLoad.31814;Deleted.;
RegUBP2b-mom.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;
ComboFix.exe/data002\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\mom\Desktop\ComboFix.exe/data002;Program.PsExec.171;;
data002;C:\Documents and Settings\mom\Desktop;Archive contains infected objects;;
ComboFix.exe;C:\Documents and Settings\mom\Desktop;Container contains infected objects;Moved.;
Preview-T-3571623-Blind Guardian - Mirror mirror.mp3;C:\Documents and Settings\mom\My Documents\LimeWire\Incomplete;Trojan.WMALoader;Cured.;
Blind Guardian - Mirror mirror.mp3;C:\Documents and Settings\mom\My Documents\LimeWire\Saved;Trojan.WMALoader;Cured.;
ResultReporter.exe;C:\Program Files\Steam\steamapps\eaglescout101us\race07 demo;Trojan.DownLoad.30694;Deleted.;
amxEWtf2.exe.vir;C:\Qoobox\Quarantine\C;Trojan.DownLoad.31814;Deleted.;
AsEl5sdB2.exe.vir;C:\Qoobox\Quarantine\C;Trojan.DownLoad.31814;Deleted.;
bRRbB2.exe.vir;C:\Qoobox\Quarantine\C;Trojan.DownLoad.31814;Deleted.;
c37aAFf62.exe.vir;C:\Qoobox\Quarantine\C;Trojan.DownLoad.31814;Deleted.;
dhRD04Xo2.exe.vir;C:\Qoobox\Quarantine\C;Trojan.DownLoad.31814;Deleted.;
DT4Np.21.exe.vir;C:\Qoobox\Quarantine\C;Trojan.Fakealert.4005;Deleted.;
dyWuy.21.exe.vir;C:\Qoobox\Quarantine\C;Trojan.Fakealert.4005;Deleted.;
Ev1ncRV2.21.exe.vir;C:\Qoobox\Quarantine\C;Trojan.Fakealert.4005;Deleted.;
F4Yj.21.exe.vir;C:\Qoobox\Quarantine\C;Trojan.Fakealert.4005;Deleted.;
fUIaht2.exe.vir;C:\Qoobox\Quarantine\C;Trojan.DownLoad.31814;Deleted.;
GIm.21.exe.vir;C:\Qoobox\Quarantine\C;Trojan.Fakealert.4005;Deleted.;
HHu.21.exe.vir;C:\Qoobox\Quarantine\C;Trojan.Fakealert.4005;Deleted.;
hnE.21.exe.vir;C:\Qoobox\Quarantine\C;Trojan.Fakealert.4005;Deleted.;
hNzwU2.exe.vir;C:\Qoobox\Quarantine\C;Trojan.DownLoad.31814;Deleted.;
IJ5IJRL.21.exe.vir;C:\Qoobox\Quarantine\C;Trojan.Fakealert.4005;Deleted.;
irit2.exe.vir;C:\Qoobox\Quarantine\C;Trojan.DownLoad.31814;Deleted.;
itm2.21.exe.vir;C:\Qoobox\Quarantine\C;Trojan.Fakealert.4005;Deleted.;
itm222.exe.vir;C:\Qoobox\Quarantine\C;BackDoor.Tdss.based;Incurable.Moved.;
IvbP.21.exe.vir;C:\Qoobox\Quarantine\C;Trojan.Fakealert.4005;Deleted.;
iWNNlC.21.exe.vir;C:\Qoobox\Quarantine\C;Trojan.Fakealert.4005;Deleted.;
jA8QHQ62.exe.vir;C:\Qoobox\Quarantine\C;Trojan.DownLoad.31814;Deleted.;
k5Ljk22.exe.vir;C:\Qoobox\Quarantine\C;Trojan.DownLoad.31814;Deleted.;
MtZs6m.21.exe.vir;C:\Qoobox\Quarantine\C;Trojan.Fakealert.4005;Deleted.;
MWURtmSU.21.exe.vir;C:\Qoobox\Quarantine\C;Trojan.Fakealert.4005;Deleted.;
o5TnH.21.exe.vir;C:\Qoobox\Quarantine\C;Trojan.Fakealert.4005;Deleted.;
OD8i2.exe.vir;C:\Qoobox\Quarantine\C;Trojan.DownLoad.31814;Deleted.;
PCmF8c632.exe.vir;C:\Qoobox\Quarantine\C;Trojan.DownLoad.31814;Deleted.;
Ptg.21.exe.vir;C:\Qoobox\Quarantine\C;Trojan.Fakealert.4005;Deleted.;
rCj9.21.exe.vir;C:\Qoobox\Quarantine\C;Trojan.Fakealert.4005;Deleted.;
rrm5xDS1.21.exe.vir;C:\Qoobox\Quarantine\C;Trojan.Fakealert.4005;Deleted.;
SGGhyZO1.21.exe.vir;C:\Qoobox\Quarantine\C;Trojan.Fakealert.4005;Deleted.;
SIK.21.exe.vir;C:\Qoobox\Quarantine\C;Trojan.Fakealert.4005;Deleted.;
sjD2Azv.21.exe.vir;C:\Qoobox\Quarantine\C;Trojan.Fakealert.4005;Deleted.;
T0lE2.exe.vir;C:\Qoobox\Quarantine\C;Trojan.DownLoad.31814;Deleted.;
u6S5T.21.exe.vir;C:\Qoobox\Quarantine\C;Trojan.Fakealert.4005;Deleted.;
ufnS6ZX.21.exe.vir;C:\Qoobox\Quarantine\C;Trojan.Fakealert.4005;Deleted.;
uqI5U2.exe.vir;C:\Qoobox\Quarantine\C;Trojan.DownLoad.31814;Deleted.;
uQmTBXA32.exe.vir;C:\Qoobox\Quarantine\C;Trojan.DownLoad.31814;Deleted.;
v7eMeLr.21.exe.vir;C:\Qoobox\Quarantine\C;Trojan.Fakealert.4005;Deleted.;
VIx5OGdY.21.exe.vir;C:\Qoobox\Quarantine\C;Trojan.Fakealert.4005;Deleted.;
VpWr.21.exe.vir;C:\Qoobox\Quarantine\C;Trojan.Fakealert.4005;Deleted.;
vpx13Pc.21.exe.vir;C:\Qoobox\Quarantine\C;Trojan.Fakealert.4005;Deleted.;
vpx13Pc22.exe.vir;C:\Qoobox\Quarantine\C;BackDoor.Tdss.based;Incurable.Moved.;
wdyP8S82.exe.vir;C:\Qoobox\Quarantine\C;Trojan.DownLoad.31814;Deleted.;
WGakEaDb2.exe.vir;C:\Qoobox\Quarantine\C;Trojan.DownLoad.31814;Deleted.;
wqVqnh.21.exe.vir;C:\Qoobox\Quarantine\C;Trojan.Fakealert.4005;Deleted.;
xlfWb2.exe.vir;C:\Qoobox\Quarantine\C;Trojan.DownLoad.31814;Deleted.;
xOlD0.21.exe.vir;C:\Qoobox\Quarantine\C;Trojan.Fakealert.4005;Deleted.;
xTKHoP2.exe.vir;C:\Qoobox\Quarantine\C;Trojan.DownLoad.31814;Deleted.;
y6n2.exe.vir;C:\Qoobox\Quarantine\C;Trojan.DownLoad.31814;Deleted.;
YAPWUGT.21.exe.vir;C:\Qoobox\Quarantine\C;Trojan.Fakealert.4005;Deleted.;
yb52.exe.vir;C:\Qoobox\Quarantine\C;Trojan.DownLoad.31814;Deleted.;
Yhi7qNw.21.exe.vir;C:\Qoobox\Quarantine\C;Trojan.Fakealert.4005;Deleted.;
YLUh4if.21.exe.vir;C:\Qoobox\Quarantine\C;Trojan.Fakealert.4005;Deleted.;
YLUh4if22.exe.vir;C:\Qoobox\Quarantine\C;BackDoor.Tdss.based;Incurable.Moved.;
Z0n2.exe.vir;C:\Qoobox\Quarantine\C;Trojan.DownLoad.31814;Deleted.;
Z1o.21.exe.vir;C:\Qoobox\Quarantine\C;Trojan.Fakealert.4005;Deleted.;
ZFlFn2.exe.vir;C:\Qoobox\Quarantine\C;Trojan.DownLoad.31814;Deleted.;
green sleeves vocals.mp3.vir;C:\Qoobox\Quarantine\C\Documents and Settings\mom\My Documents\LimeWire\Saved;Trojan.WMALoader;Cured.;
svc.exe.vir;C:\Qoobox\Quarantine\C\svc;Program.3Proxy.20;Moved.;
A0137401.reg;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP308;Trojan.StartPage.1505;Deleted.;
A0138463.reg;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP311;Trojan.StartPage.1505;Deleted.;
A0139705.reg;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP313;Trojan.StartPage.1505;Deleted.;
A0140709.reg;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP314;Trojan.StartPage.1505;Deleted.;
A0142670.reg;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP322;Trojan.StartPage.1505;Deleted.;
A0142902.reg;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP325;Trojan.StartPage.1505;Deleted.;
A0143895.reg;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP329;Trojan.StartPage.1505;Deleted.;
A0146901.reg;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP335;Trojan.StartPage.1505;Deleted.;
A0147346.reg;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP340;Trojan.StartPage.1505;Deleted.;
A0148346.reg;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP340;Trojan.StartPage.1505;Deleted.;
A0149183.reg;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP347;Trojan.StartPage.1505;Deleted.;
A0151290.reg;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP350;Trojan.StartPage.1505;Deleted.;
A0152166.reg;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP354;Trojan.StartPage.1505;Deleted.;
A0152268.reg;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP358;Trojan.StartPage.1505;Deleted.;
A0153361.reg;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP358;Trojan.StartPage.1505;Deleted.;
A0153512.reg;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP366;Trojan.StartPage.1505;Deleted.;
A0154609.reg;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP370;Trojan.StartPage.1505;Deleted.;
A0155609.reg;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP374;Trojan.StartPage.1505;Deleted.;
A0162611.reg;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP386;Trojan.StartPage.1505;Deleted.;
A0164689.reg;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP392;Trojan.StartPage.1505;Deleted.;
A0165963.reg;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP395;Trojan.StartPage.1505;Deleted.;
A0166950.reg;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP395;Trojan.StartPage.1505;Deleted.;
A0168950.reg;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP397;Trojan.StartPage.1505;Deleted.;
A0169950.reg;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP399;Trojan.StartPage.1505;Deleted.;
A0171923.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP401;Trojan.MulDrop.30479;Deleted.;
A0171924.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP401;Trojan.Click.24757;Deleted.;
A0171925.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP401;Trojan.MulDrop.30479;Deleted.;
A0171926.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP401;Trojan.MulDrop.30479;Deleted.;
A0171927.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP401;Trojan.MulDrop.30479;Deleted.;
A0171928.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP401;Trojan.Click.24757;Deleted.;
A0171929.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP401;Trojan.MulDrop.30479;Deleted.;
A0171930.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP401;Trojan.Click.24757;Deleted.;
A0171931.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP401;Trojan.MulDrop.30479;Deleted.;
A0171932.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP401;Trojan.MulDrop.30479;Deleted.;
A0171933.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP401;Trojan.Fakealert.4005;Deleted.;
A0171934.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP401;Trojan.MulDrop.30479;Deleted.;
A0171935.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP401;Trojan.Click.24757;Deleted.;
A0171936.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP401;Trojan.MulDrop.30479;Deleted.;
A0171937.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP401;Trojan.Click.24757;Deleted.;
A0171938.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP401;Trojan.MulDrop.30479;Deleted.;
A0171939.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP401;Trojan.Click.24757;Deleted.;
A0171940.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP401;Trojan.MulDrop.30479;Deleted.;
A0171941.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP401;Trojan.Click.24757;Deleted.;
A0171942.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP401;Trojan.MulDrop.30479;Deleted.;
A0171943.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP401;Trojan.Click.24757;Deleted.;
A0171944.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP401;Trojan.MulDrop.30479;Deleted.;
A0171945.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP401;Trojan.Click.24757;Deleted.;
A0171946.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP401;Trojan.MulDrop.30479;Deleted.;
A0171947.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP401;Trojan.Click.24757;Deleted.;
A0171948.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP401;Trojan.MulDrop.30479;Deleted.;
A0171949.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP401;Trojan.MulDrop.30479;Deleted.;
A0171950.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP401;Trojan.Click.24757;Deleted.;
A0171951.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP401;Trojan.MulDrop.30479;Deleted.;
A0171952.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP401;Trojan.Fakealert.4005;Deleted.;
A0171996.reg;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP401;Trojan.StartPage.1505;Deleted.;
A0172033.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP402;Trojan.Click.24757;Deleted.;
A0172034.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP402;Trojan.MulDrop.30479;Deleted.;
A0172066.reg;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP402;Trojan.StartPage.1505;Deleted.;
A0172090.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP402;Trojan.Click.24757;Deleted.;
A0172092.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP402;Trojan.Click.24757;Deleted.;
A0172093.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP402;Trojan.MulDrop.30479;Deleted.;
A0173030.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP404;Trojan.DownLoad.31903;Deleted.;
A0173062.reg;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP404;Trojan.StartPage.1505;Deleted.;
A0175067.reg;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP404;Trojan.StartPage.1505;Deleted.;
A0175092.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP404;Trojan.Click.24757;Deleted.;
A0175141.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP405;Trojan.Click.24757;Deleted.;
A0175142.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP405;Trojan.Click.24757;Deleted.;
A0175143.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP405;Trojan.MulDrop.30479;Deleted.;
A0175144.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP405;Trojan.MulDrop.30479;Deleted.;
A0175145.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP405;Trojan.Click.24757;Deleted.;
A0175146.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP405;Trojan.Click.24757;Deleted.;
A0175147.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP405;Trojan.MulDrop.30479;Deleted.;
A0175148.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP405;Trojan.Click.24757;Deleted.;
A0175149.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP405;Trojan.MulDrop.30479;Deleted.;
A0175150.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP405;Trojan.Click.24757;Deleted.;
A0175151.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP405;Trojan.Click.24757;Deleted.;
A0175152.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP405;Trojan.MulDrop.30479;Deleted.;
A0175153.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP405;Trojan.Click.24757;Deleted.;
A0175154.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP405;Trojan.MulDrop.30479;Deleted.;
A0175155.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP405;Trojan.Click.24757;Deleted.;
A0175156.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP405;Trojan.Click.24757;Deleted.;
A0175157.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP405;Trojan.MulDrop.30479;Deleted.;
A0175158.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP405;Trojan.Click.24757;Deleted.;
A0175159.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP405;Trojan.MulDrop.30479;Deleted.;
A0175160.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP405;Trojan.Click.24757;Deleted.;
A0175161.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP405;Trojan.MulDrop.30479;Deleted.;
A0175162.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP405;Trojan.Click.24757;Deleted.;
A0175163.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP405;Trojan.MulDrop.30479;Deleted.;
A0175164.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP405;Trojan.MulDrop.30479;Deleted.;
A0175165.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP405;Trojan.MulDrop.30479;Deleted.;
A0175166.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP405;Trojan.MulDrop.30479;Deleted.;
A0175167.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP405;Trojan.MulDrop.30479;Deleted.;
A0177154.reg;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP406;Trojan.StartPage.1505;Deleted.;
A0178298.reg;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP407;Trojan.StartPage.1505;Deleted.;
A0178326.EXE;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP407;Program.PsExec.170;Moved.;
A0179289.reg;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP408;Trojan.StartPage.1505;Deleted.;
A0179320.EXE;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP408;Program.PsExec.170;Moved.;
A0179669.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;Trojan.DownLoad.31814;Deleted.;
A0179671.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;Trojan.DownLoad.31814;Deleted.;
A0179674.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;Trojan.DownLoad.31814;Deleted.;
A0179677.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;Trojan.DownLoad.31814;Deleted.;
A0179680.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;Trojan.DownLoad.31814;Deleted.;
A0179683.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;Trojan.Fakealert.4005;Deleted.;
A0179684.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;Trojan.Fakealert.4005;Deleted.;
A0179685.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;Trojan.Fakealert.4005;Deleted.;
A0179686.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;Trojan.Fakealert.4005;Deleted.;
A0179688.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;Trojan.DownLoad.31814;Deleted.;
A0179690.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;Trojan.Fakealert.4005;Deleted.;
A0179694.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;Trojan.Fakealert.4005;Deleted.;
A0179695.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;Trojan.Fakealert.4005;Deleted.;
A0179696.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;Trojan.DownLoad.31814;Deleted.;
A0179697.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;Trojan.Fakealert.4005;Deleted.;
A0179698.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;Trojan.DownLoad.31814;Deleted.;
A0179699.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;Trojan.Fakealert.4005;Deleted.;
A0179700.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;BackDoor.Tdss.based;Incurable.Moved.;
A0179701.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;Trojan.Fakealert.4005;Deleted.;
A0179702.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;Trojan.Fakealert.4005;Deleted.;
A0179703.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;Trojan.DownLoad.31814;Deleted.;
A0179706.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;Trojan.DownLoad.31814;Deleted.;
A0179713.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;Trojan.Fakealert.4005;Deleted.;
A0179714.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;Trojan.Fakealert.4005;Deleted.;
A0179716.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;Trojan.Fakealert.4005;Deleted.;
A0179718.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;Trojan.DownLoad.31814;Deleted.;
A0179720.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;Trojan.DownLoad.31814;Deleted.;
A0179721.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;Trojan.Fakealert.4005;Deleted.;
A0179722.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;Trojan.Fakealert.4005;Deleted.;
A0179723.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;Trojan.Fakealert.4005;Deleted.;
A0179724.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;Trojan.Fakealert.4005;Deleted.;
A0179725.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;Trojan.Fakealert.4005;Deleted.;
A0179726.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;Trojan.Fakealert.4005;Deleted.;
A0179727.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;Program.3Proxy.20;Moved.;
A0179729.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;Trojan.DownLoad.31814;Deleted.;
A0179730.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;Trojan.Fakealert.4005;Deleted.;
A0179731.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;Trojan.Fakealert.4005;Deleted.;
A0179734.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;Trojan.DownLoad.31814;Deleted.;
A0179735.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;Trojan.DownLoad.31814;Deleted.;
A0179736.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;Trojan.Fakealert.4005;Deleted.;
A0179737.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;Trojan.Fakealert.4005;Deleted.;
A0179738.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;Trojan.Fakealert.4005;Deleted.;
A0179739.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;Trojan.Fakealert.4005;Deleted.;
A0179740.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;BackDoor.Tdss.based;Incurable.Moved.;
A0179742.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;Trojan.DownLoad.31814;Deleted.;
A0179744.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;Trojan.DownLoad.31814;Deleted.;
A0179745.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;Trojan.Fakealert.4005;Deleted.;
A0179747.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;Trojan.DownLoad.31814;Deleted.;
A0179748.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;Trojan.Fakealert.4005;Deleted.;
A0179750.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;Trojan.DownLoad.31814;Deleted.;
A0179753.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;Trojan.DownLoad.31814;Deleted.;
A0179754.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;Trojan.Fakealert.4005;Deleted.;
A0179755.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;Trojan.DownLoad.31814;Deleted.;
A0179756.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;Trojan.Fakealert.4005;Deleted.;
A0179757.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;Trojan.Fakealert.4005;Deleted.;
A0179758.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;BackDoor.Tdss.based;Incurable.Moved.;
A0179760.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;Trojan.DownLoad.31814;Deleted.;
A0179761.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;Trojan.Fakealert.4005;Deleted.;
A0179763.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP410;Trojan.DownLoad.31814;Deleted.;
A0179994.EXE;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP411;Program.PsExec.170;Moved.;
A0182072.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP412;BackDoor.Tdss.based;Incurable.Moved.;
A0182073.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP412;Trojan.DownLoad.31814;Deleted.;
A0182074.reg;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP412;Trojan.StartPage.1505;Deleted.;
A0182076.exe;C:\System Volume Information\_restore{472FE18B-1697-41DD-A5DA-2EA2C2FB6B54}\RP412;Trojan.DownLoad.30694;Deleted.;

 

DDS (Ver_09-02-01.01) - NTFSx86
Run by mom at 10:11:57.25 on Fri 03/13/2009
Internet Explorer: 8.0.6001.18241 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.976 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\CTHELPER.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\mom\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.2.8.7.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe "
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe "
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
StartupFolder: c:\docume~1\mom\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.2.8.7.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/stg_drm.ocx
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1208896645531
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/armhelper.ocx
TCP: {417BAF00-08F8-42BA-92E4-045A1691F2EE} = 209.244.0.3 209.244.0.4
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mom\applic~1\mozilla\firefox\profiles\c9cxfovx.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - component: c:\documents and settings\mom\application data\mozilla\firefox\profiles\c9cxfovx.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\defaults\pref\wildblue.js - pref( "network.proxy.type ", 2);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-8-17 96520]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-8-17 26824]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-8-17 231192]
S0 lucjfb;lucjfb;c:\windows\system32\drivers\wggfaig.sys --> c:\windows\system32\drivers\wggfaig.sys [?]
S2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-10-29 607576]
S3 mbr;mbr;\??\c:\docume~1\mom\locals~1\temp\mbr.sys --> c:\docume~1\mom\locals~1\temp\mbr.sys [?]
S3 mgau;mgau;c:\windows\system32\drivers\mgaum.sys [2009-1-8 320384]
S3 PCnetHL;AMD PCnet-Home Adapter Driver;c:\windows\system32\drivers\pcntn5hl.sys --> c:\windows\system32\drivers\pcntn5hl.sys [?]
S3 XPAD910;XPADFilter Service 910;c:\windows\system32\drivers\xpad910.sys [2008-9-10 29405]

=============== Created Last 30 ================

2009-03-11 21:00 <DIR> --d----- c:\docume~1\mom\applic~1\Malwarebytes
2009-03-11 21:00 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-11 21:00 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-11 21:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-11 21:00 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-11 14:44 <DIR> --d----- C:\Lop SD
2009-03-11 12:53 <DIR> a-dshr-- C:\autorun.inf
2009-03-09 14:14 <DIR> a-dshr-- C:\cmdcons
2009-03-08 21:30 161,792 a------- c:\windows\SWREG.exe
2009-03-08 21:30 98,816 a------- c:\windows\sed.exe
2009-03-07 22:15 206 a------- C:\eMgiESd.bat
2009-03-07 22:04 55,024 a------- C:\vJXG2.exe
2009-03-07 22:01 192,512 a------- C:\vJXG.exe
2009-03-07 22:00 8,150 a------- C:\pv7Omd.bat
2009-03-07 22:00 203 a------- C:\BDffy.bat
2009-03-07 21:48 117,360 a------- C:\fqter2.exe
2009-03-07 21:45 188,312 a------- C:\fqter.exe
2009-03-07 21:45 8,150 a------- C:\bdShK7e.bat
2009-03-07 21:45 211 a------- C:\FzP9.bat
2009-03-07 21:34 33,304 a------- C:\S1tO2.exe
2009-03-07 21:30 192,512 a------- C:\S1tO.exe
2009-03-07 21:30 8,150 a------- C:\ZUS3.bat
2009-03-07 21:30 205 a------- C:\uCz.bat
2009-03-07 21:16 0 a------- C:\yTpiQ.exe
2009-03-07 21:15 8,150 a------- C:\Yvl.bat
2009-03-07 21:15 208 a------- C:\xsd.bat
2009-03-07 21:02 238,080 a------- C:\QvWO0o2.exe
2009-03-07 21:00 192,512 a------- C:\QvWO0o.exe
2009-03-07 21:00 8,150 a------- C:\puG.bat
2009-03-07 21:00 214 a------- C:\P8r6ESx.bat
2009-03-07 20:50 128,872 a------- C:\csPPD2.exe
2009-03-07 20:45 192,512 a------- C:\csPPD.exe
2009-03-07 20:45 8,150 a------- C:\MQtMCsS.bat
2009-03-07 20:45 207 a------- C:\xP2zM.bat
2009-03-07 20:18 238,080 a------- C:\PaAn6b2.exe
2009-03-07 20:16 192,512 a------- C:\PaAn6b.exe
2009-03-07 20:15 8,150 a------- C:\lQvfM.bat
2009-03-07 20:15 217 a------- C:\Se6d6.bat
2009-03-07 20:02 238,080 a------- C:\W7A2.exe
2009-03-07 20:01 192,512 a------- C:\W7A.exe
2009-03-07 20:00 8,150 a------- C:\OX2VTyyW.bat
2009-03-07 20:00 194 a------- C:\Jv10.bat
2009-03-07 19:45 238,080 a------- C:\n0zEVp2.exe
2009-03-07 19:45 192,512 a------- C:\n0zEVp.exe
2009-03-07 19:45 8,150 a------- C:\G06j0.bat
2009-03-07 19:45 214 a------- C:\REu.bat
2009-03-07 19:31 238,080 a------- C:\M6M2.exe
2009-03-07 19:30 192,512 a------- C:\M6M.exe
2009-03-07 19:30 8,150 a------- C:\zcKQeBTk.bat
2009-03-07 19:30 196 a------- C:\BgbH.bat
2009-03-07 19:16 238,080 a------- C:\l8bCNJbi2.exe
2009-03-07 19:15 192,512 a------- C:\l8bCNJbi.exe
2009-03-07 19:15 8,150 a------- C:\W1U.bat
2009-03-07 19:15 224 a------- C:\pYp9.bat
2009-03-07 19:02 92,672 a------- C:\Tcqb.exe
2009-03-07 19:01 8,150 a------- C:\hqrg.bat
2009-03-07 19:01 200 a------- C:\twiZS0MV.bat
2009-03-07 18:55 233,128 a------- C:\VzpIrMq2.exe
2009-03-07 18:51 192,512 a------- C:\VzpIrMq.exe
2009-03-07 18:51 8,150 a------- C:\EuQlh.bat
2009-03-07 18:51 220 a------- C:\a8wi4Z.bat
2009-03-07 18:35 238,080 a------- C:\MTCJW1A2.exe
2009-03-07 18:32 192,512 a------- C:\MTCJW1A.exe
2009-03-07 18:32 8,150 a------- C:\GzCUJX.bat
2009-03-07 18:32 219 a------- C:\nCxexo.bat
2009-03-07 18:16 238,080 a------- C:\eR9iq7cz2.exe
2009-03-07 18:15 192,512 a------- C:\eR9iq7cz.exe
2009-03-07 18:15 8,150 a------- C:\jPm1U.bat
2009-03-07 18:15 224 a------- C:\UutrnS2C.bat
2009-03-07 18:00 8,150 a------- C:\Qay.bat
2009-03-07 18:00 219 a------- C:\syD.bat
2009-03-07 17:45 8,150 a------- C:\glBDgP.bat
2009-03-07 17:45 220 a------- C:\AxN5Lv.bat
2009-03-07 17:33 192,512 a------- C:\bc1sasDR.exe
2009-03-07 17:32 8,150 a------- C:\cnme.bat
2009-03-07 17:32 225 a------- C:\sRFQC.bat
2009-03-07 17:21 2,896 a------- C:\n4w2.exe
2009-03-07 17:17 192,512 a------- C:\n4w.exe
2009-03-07 17:17 8,150 a------- C:\qCJ.bat
2009-03-07 17:17 199 a------- C:\GHZ.bat
2009-03-07 17:04 238,080 a------- C:\yNe2.exe
2009-03-07 17:00 192,512 a------- C:\yNe.exe
2009-03-07 17:00 8,150 a------- C:\J8B.bat
2009-03-07 17:00 195 a------- C:\m9m8iw.bat
2009-03-07 16:47 238,080 a------- C:\Irrb2.exe
2009-03-07 16:45 192,512 a------- C:\Irrb.exe
2009-03-07 16:45 8,150 a------- C:\GlFKzbj.bat
2009-03-07 16:45 205 a------- C:\qybT.bat
2009-03-07 16:33 238,080 a------- C:\Tni2.exe
2009-03-07 16:30 192,512 a------- C:\Tni.exe
2009-03-07 16:30 8,150 a------- C:\YC1SBzN.bat
2009-03-07 16:30 199 a------- C:\MHY.bat
2009-03-07 15:17 236,024 a------- C:\nExj012.exe
2009-03-07 15:16 192,512 a------- C:\nExj01.exe
2009-03-07 15:16 8,150 a------- C:\Fbgi.bat
2009-03-07 15:16 215 a------- C:\Gp9a.bat
2009-03-07 15:08 238,080 a------- C:\GYzU7I2.exe
2009-03-07 15:03 192,512 a------- C:\GYzU7I.exe
2009-03-07 15:02 8,150 a------- C:\iS41m.bat
2009-03-07 15:02 216 a------- C:\Nft3WPe.bat
2009-03-07 14:35 238,080 a------- C:\J3i30Ykw2.exe
2009-03-07 14:31 192,512 a------- C:\J3i30Ykw.exe
2009-03-07 14:30 8,150 a------- C:\HZF.bat
2009-03-07 14:30 227 a------- C:\J57.bat
2009-03-07 14:16 238,080 a------- C:\furGEZMN2.exe
2009-03-07 14:15 192,512 a------- C:\furGEZMN.exe
2009-03-07 14:15 8,150 a------- C:\UZQxOMn8.bat
2009-03-07 14:15 227 a------- C:\s9kTqw18.bat
2009-03-07 14:01 0 a------- C:\slO2.exe
2009-03-07 14:00 192,512 a------- C:\slO.exe
2009-03-07 14:00 8,150 a------- C:\dqtfGXG.bat
2009-03-07 14:00 194 a------- C:\oCjQj1dd.bat
2009-03-07 13:49 237,472 a------- C:\vAMt2.exe
2009-03-07 13:46 192,512 a------- C:\vAMt.exe
2009-03-07 13:46 8,150 a------- C:\ige2d.bat
2009-03-07 13:46 200 a------- C:\OKTRHBAm.bat
2009-03-07 13:16 238,080 a------- C:\T9Gn9NV12.exe
2009-03-07 13:15 192,512 a------- C:\T9Gn9NV1.exe
2009-03-07 13:15 8,150 a------- C:\qCF4o.bat
2009-03-07 13:15 227 a------- C:\kUs.bat
2009-03-07 04:30 8,150 a------- C:\wm4QfVW.bat
2009-03-07 04:30 194 a------- C:\JxbiW.bat
2009-03-07 04:16 238,080 a------- C:\Xlkq32.exe
2009-03-07 04:16 0 a------- C:\Xlkq3.exe
2009-03-07 04:16 8,150 a------- C:\A72tEh.bat
2009-03-07 04:16 208 a------- C:\ifKaH.bat
2009-03-07 04:03 0 a------- C:\COR2.exe
2009-03-07 04:01 8,150 a------- C:\d3A.bat
2009-03-07 04:01 198 a------- C:\Xip14.bat
2009-03-07 03:50 238,080 a------- C:\ybt2.exe
2009-03-07 03:49 0 a------- C:\ybt.exe
2009-03-07 03:49 8,150 a------- C:\A6c.bat
2009-03-07 03:49 194 a------- C:\H75nD.bat
2009-03-07 03:21 2,896 a------- C:\ULBUp6Q2.exe
2009-03-07 03:17 78,192 a------- C:\ULBUp6Q.exe
2009-03-07 03:17 8,150 a------- C:\e5Kx.bat
2009-03-07 03:17 223 a------- C:\MBfEt.bat
2009-03-07 03:00 1,448 a------- C:\lc87.exe
2009-03-07 03:00 8,150 a------- C:\IOVO.bat
2009-03-07 03:00 201 a------- C:\JuBL.bat
2009-03-07 02:15 8,150 a------- C:\u4B.bat
2009-03-07 02:15 209 a------- C:\MbK06g0.bat
2009-03-07 02:00 8,150 a------- C:\iZS9W4.bat
2009-03-07 02:00 197 a------- C:\JPBryJ.bat
2009-03-07 01:45 8,150 a------- C:\VILA.bat
2009-03-07 01:45 225 a------- C:\LISlzG.bat
2009-03-07 01:33 81,088 a------- C:\HHSs2.exe
2009-03-07 01:30 8,150 a------- C:\JNH.bat
2009-03-07 01:30 202 a------- C:\DnyoUBGy.bat
2009-03-07 01:16 52,128 a------- C:\iJHsX.exe
2009-03-07 01:15 8,150 a------- C:\kz0A.bat
2009-03-07 01:15 207 a------- C:\wa8AjGe.bat
2009-03-07 01:05 144,800 a------- C:\H0YNJrj72.exe
2009-03-07 01:00 8,150 a------- C:\bTM9lEZ.bat
2009-03-07 01:00 227 a------- C:\lwnzEkBB.bat
2009-03-07 00:45 8,150 a------- C:\Igi.bat
2009-03-07 00:45 228 a------- C:\Bb2vQH65.bat
2009-03-07 00:31 0 a------- C:\u1IXAT.exe
2009-03-07 00:30 8,150 a------- C:\f6Gpln.bat
2009-03-07 00:30 217 a------- C:\boHZD.bat
2009-03-07 00:15 0 a------- C:\OyXzit.exe
2009-03-07 00:15 8,150 a------- C:\WrxbC.bat
2009-03-07 00:15 216 a------- C:\vRy1.bat
2009-03-06 23:46 63,712 a------- C:\LO3Pn.exe
2009-03-06 23:45 8,150 a------- C:\sfv.bat
2009-03-06 23:45 211 a------- C:\Q4EHA.bat
2009-03-06 23:30 8,150 a------- C:\zzz6egh.bat
2009-03-06 23:30 215 a------- C:\RXPg.bat
2009-03-06 23:00 8,150 a------- C:\Ri5HgQSW.bat
2009-03-06 23:00 226 a------- C:\W02Kz.bat
2009-03-06 22:46 1,448 a------- C:\yaP2.exe
2009-03-06 22:45 0 a------- C:\yaP.exe
2009-03-06 22:45 8,150 a------- C:\tP81Jh2m.bat
2009-03-06 22:45 195 a------- C:\HOg.bat
2009-03-06 22:30 8,150 a------- C:\jCA.bat
2009-03-06 22:30 209 a------- C:\TdV.bat
2009-03-06 22:00 8,150 a------- C:\H2YR54.bat
2009-03-06 22:00 227 a------- C:\HtkPO.bat
2009-03-06 21:46 57,920 a------- C:\dhRD04Xo.exe
2009-03-06 21:46 8,150 a------- C:\L7rE5.bat
2009-03-06 21:46 229 a------- C:\Vnkx.bat
2009-03-06 21:31 8,150 a------- C:\EVqbnI.bat
2009-03-06 21:31 194 a------- C:\wZtUKQr.bat
2009-03-06 21:15 8,150 a------- C:\o9OSU.bat
2009-03-06 21:15 221 a------- C:\i2s.bat
2009-03-06 20:47 186,792 a------- C:\irit.exe
2009-03-06 20:47 8,150 a------- C:\a5c3t.bat
2009-03-06 20:47 202 a------- C:\Wj0P6.bat
2009-03-06 20:30 76,744 a------- C:\J4X8DF.exe
2009-03-06 20:30 8,150 a------- C:\FKGVniz.bat
2009-03-06 20:30 213 a------- C:\ibbA0sK.bat
2009-03-06 19:49 163,624 a------- C:\JWmKK2.exe
2009-03-06 19:45 8,150 a------- C:\FgPD.bat
2009-03-06 19:45 206 a------- C:\giw.bat
2009-03-06 19:30 8,150 a------- C:\d7e0gXA2.bat
2009-03-06 19:30 204 a------- C:\Kjcg7Ubl.bat
2009-03-06 17:37 133,216 a------- C:\pbk7Lfs2.exe
2009-03-06 17:32 172,384 a------- C:\pbk7Lfs.exe
2009-03-06 17:31 8,150 a------- C:\vl2qOuo.bat
2009-03-06 17:31 221 a------- C:\xIK2CJo.bat
2009-03-06 17:02 193,536 a------- C:\uQmTBXA3.exe
2009-03-06 17:02 8,150 a------- C:\J9L7.bat
2009-03-06 17:02 225 a------- C:\O8fKY.bat
2009-03-06 16:45 8,150 a------- C:\u4d.bat
2009-03-06 16:45 227 a------- C:\hMYQbigQ.bat
2009-03-06 16:30 8,150 a------- C:\bra.bat
2009-03-06 16:30 213 a------- C:\MkH6MAyx.bat
2009-03-06 16:00 8,150 a------- C:\VGh0NAT.bat
2009-03-06 16:00 211 a------- C:\CIalQ1.bat
2009-03-06 15:30 8,150 a------- C:\soI3yH.bat
2009-03-06 15:30 205 a------- C:\KBC6.bat
2009-03-06 14:52 18,980 a------- C:\LWm2.exe
2009-03-06 14:46 8,150 a------- C:\EF4.bat
2009-03-06 14:46 195 a------- C:\jBuT56I.bat
2009-03-06 14:31 99,912 a------- C:\hNzwU.exe
2009-03-06 14:30 8,150 a------- C:\ipb5r68Y.bat
2009-03-06 14:30 207 a------- C:\UTuhk.bat
2009-03-06 14:21 0 a------- C:\Xhwm7goO2.exe
2009-03-06 14:16 144,800 a------- C:\Xhwm7goO.exe
2009-03-06 14:16 8,150 a------- C:\KhrCpC.bat
2009-03-06 14:16 227 a------- C:\XojwoS.bat
2009-03-06 13:54 4,344 a------- C:\Ls92.exe
2009-03-06 13:47 8,150 a------- C:\mvagP.bat
2009-03-06 13:47 196 a------- C:\Gke.bat
2009-03-06 13:03 8,150 a------- C:\zC2Xto.bat
2009-03-06 13:03 217 a------- C:\GGil79e.bat
2009-03-06 12:45 8,150 a------- C:\eE1X.bat
2009-03-06 12:45 211 a------- C:\vJb.bat
2009-03-06 12:31 8,760 a------- C:\yb5.exe
2009-03-06 12:30 8,150 a------- C:\MymXnThr.bat
2009-03-06 12:30 197 a------- C:\LnhO.bat
2009-03-06 12:18 40,544 a------- C:\bTnwkD2.exe
2009-03-06 12:15 8,150 a------- C:\cTMQULVR.bat
2009-03-06 12:15 212 a------- C:\Pr9zJD9B.bat
2009-03-06 11:45 114,392 a------- C:\jA8QHQ6.exe
2009-03-06 11:45 8,150 a------- C:\O6Fkr4.bat
2009-03-06 11:45 222 a------- C:\ShU.bat
2009-03-06 11:30 8,150 a------- C:\ZxN9.bat
2009-03-06 11:30 201 a------- C:\xbUOsH.bat
2009-03-06 11:18 128,944 a------- C:\MYc2.exe
2009-03-06 11:16 30,660 a------- C:\MYc.exe
2009-03-06 11:15 8,150 a------- C:\O5uw0.bat
2009-03-06 11:15 195 a------- C:\lC8.bat
2009-03-06 11:00 8,150 a------- C:\Yo92Z.bat
2009-03-06 11:00 210 a------- C:\xSQSm3y.bat
2009-03-06 10:34 18,824 a------- C:\LRy62.exe
2009-03-06 10:30 8,150 a------- C:\zG0VWh.bat
2009-03-06 10:30 201 a------- C:\fCPo9k8.bat
2009-03-06 10:15 8,150 a------- C:\wJol.bat
2009-03-06 10:15 219 a------- C:\LNJ5CfL.bat
2009-03-06 10:01 170,820 a------- C:\Ml352.exe
2009-03-06 10:00 8,150 a------- C:\FQj2N.bat
2009-03-06 10:00 201 a------- C:\QJuVRhX.bat
2009-03-06 09:45 8,150 a------- C:\bNXQ4cT3.bat
2009-03-06 09:45 226 a------- C:\bFyt.bat
2009-03-06 09:19 10,616 a------- C:\svc11
2009-03-06 09:19 101 a------- C:\svc10
2009-03-06 09:15 8,150 a------- C:\YH86.bat
2009-03-06 09:15 199 a------- C:\mpGZMrYl.bat
2009-03-06 09:00 8,150 a------- C:\sDJs0Two.bat
2009-03-06 09:00 200 a------- C:\DYyb6Xh.bat
2009-03-06 08:45 8,150 a------- C:\Rsy.bat
2009-03-06 08:45 179 a------- C:\OzHGlm.bat
2009-03-06 08:30 8,150 a------- C:\ZIe9rqE.bat
2009-03-06 08:30 190 a------- C:\e2HY.bat
2009-03-06 08:15 8,150 a------- C:\u1CWeQ.bat
2009-03-06 08:15 182 a------- C:\h0Fv.bat
2009-03-06 08:00 8,150 a------- C:\OPrJWEL.bat
2009-03-06 08:00 176 a------- C:\sHOjCin.bat
2009-03-06 07:45 8,150 a------- C:\GBWb.bat
2009-03-06 07:45 185 a------- C:\PqS.bat
2009-03-06 07:30 8,150 a------- C:\wPkPuzGH.bat
2009-03-06 07:30 179 a------- C:\qpOGafWe.bat
2009-03-06 07:15 8,150 a------- C:\ANGOIYh.bat
2009-03-06 07:15 193 a------- C:\SxgA28.bat
2009-03-06 07:00 8,150 a------- C:\G5GV.bat
2009-03-06 07:00 198 a------- C:\GDN.bat
2009-03-06 06:45 8,150 a------- C:\jPHJi.bat
2009-03-06 06:45 199 a------- C:\RkZ0.bat
2009-03-06 06:30 151 a------- C:\JHVF62.bat
2009-03-06 06:30 8,150 a------- C:\v7KX9t.bat
2009-03-06 06:30 202 a------- C:\JHVF6.bat
2009-03-06 06:15 161 a------- C:\VyktLf9Y2.bat
2009-03-06 06:15 8,150 a------- C:\y71XbAV.bat
2009-03-06 06:15 224 a------- C:\VyktLf9Y.bat
2009-03-06 06:00 151 a------- C:\FRaEdI9t2.bat
2009-03-06 06:00 8,150 a------- C:\e0VGIO.bat
2009-03-06 06:00 205 a------- C:\FRaEdI9t.bat
2009-03-06 05:45 160 a------- C:\LiufxL2l2.bat
2009-03-06 05:45 8,150 a------- C:\ipmeIPoT.bat
2009-03-06 05:45 223 a------- C:\LiufxL2l.bat
2009-03-06 05:30 148 a------- C:\W9RK2.bat
2009-03-06 05:30 8,150 a------- C:\UMbk.bat
2009-03-06 05:30 196 a------- C:\W9RK.bat
2009-03-06 05:15 161 a------- C:\YnjUgtOL2.bat
2009-03-06 05:15 8,150 a------- C:\e87v4b.bat
2009-03-06 05:15 221 a------- C:\YnjUgtOL.bat
2009-03-06 05:00 154 a------- C:\J3De0P2.bat
2009-03-06 05:00 8,150 a------- C:\dlR.bat
2009-03-06 05:00 208 a------- C:\J3De0P.bat
2009-03-06 04:45 16,060 a------- C:\itm22.exe
2009-03-06 04:45 153 a------- C:\SadaT2GR2.bat
2009-03-06 04:45 8,150 a------- C:\frkYO.bat
2009-03-06 04:45 204 a------- C:\SadaT2GR.bat
2009-03-06 04:30 159 a------- C:\Imd3TrrF2.bat
2009-03-06 04:30 8,150 a------- C:\oOakP.bat
2009-03-06 04:30 216 a------- C:\Imd3TrrF.bat
2009-03-06 04:15 157 a------- C:\tC192.bat
2009-03-06 04:15 8,150 a------- C:\GEVF9onH.bat
2009-03-06 04:15 217 a------- C:\tC19.bat
2009-03-06 04:00 145 a------- C:\xg6j2PX2.bat
2009-03-06 04:00 8,150 a------- C:\UFtBjdRP.bat
2009-03-06 04:00 193 a------- C:\xg6j2PX.bat
2009-03-06 03:45 161 a------- C:\QQw6KWu2.bat
2009-03-06 03:45 8,150 a------- C:\kMi.bat
2009-03-06 03:45 224 a------- C:\QQw6KWu.bat
2009-03-06 03:30 165 a------- C:\boTC32.bat
2009-03-06 03:30 8,150 a------- C:\s9rLQV0K.bat
2009-03-06 03:30 228 a------- C:\boTC3.bat
2009-03-06 03:15 160 a------- C:\g43iV2.bat
2009-03-06 03:15 8,150 a------- C:\NkuGMt.bat
2009-03-06 03:15 220 a------- C:\g43iV.bat
2009-03-06 03:00 163 a------- C:\j0qi2.bat
2009-03-06 03:00 8,150 a------- C:\q57k.bat
2009-03-06 03:00 226 a------- C:\j0qi.bat
2009-03-06 02:45 154 a------- C:\kVeWsVO2.bat
2009-03-06 02:45 8,150 a------- C:\zfVUov.bat
2009-03-06 02:45 211 a------- C:\kVeWsVO.bat
2009-03-06 02:30 152 a------- C:\ZAq2.bat
2009-03-06 02:30 8,150 a------- C:\pSiH20.bat
2009-03-06 02:30 206 a------- C:\ZAq.bat
2009-03-06 02:15 161 a------- C:\bmV2.bat
2009-03-06 02:15 8,150 a------- C:\SeZPnIr4.bat
2009-03-06 02:15 221 a------- C:\bmV.bat
2009-03-06 02:00 163 a------- C:\KWOTVGEX2.bat
2009-03-06 02:00 8,150 a------- C:\ibUd3.bat
2009-03-06 02:00 226 a------- C:\KWOTVGEX.bat
2009-03-06 01:45 154 a------- C:\bHmsb2.bat
2009-03-06 01:45 8,150 a------- C:\KbYuGUd.bat
2009-03-06 01:45 211 a------- C:\bHmsb.bat
2009-03-06 01:31 0 a------- C:\IJ5IJRL22.exe
2009-03-06 01:30 160 a------- C:\Sjt2.bat
2009-03-06 01:30 8,150 a------- C:\F0vg.bat
2009-03-06 01:30 220 a------- C:\Sjt.bat
2009-03-06 01:16 0 a------- C:\dyWuy22.exe
2009-03-06 01:15 154 a------- C:\ikU0Qi2.bat
2009-03-06 01:15 8,150 a------- C:\fYVdb.bat
2009-03-06 01:15 208 a------- C:\ikU0Qi.bat
2009-03-06 01:00 151 a------- C:\jUb2.bat
2009-03-06 01:00 8,150 a------- C:\XCf2xl.bat
2009-03-06 01:00 202 a------- C:\jUb.bat
2009-03-06 00:45 145 a------- C:\FmZFQK92.bat
2009-03-06 00:45 8,150 a------- C:\Mm3Wfs.bat
2009-03-06 00:45 193 a------- C:\FmZFQK9.bat
2009-03-06 00:30 156 a------- C:\tTt02.bat
2009-03-06 00:30 8,150 a------- C:\jLrQQSN.bat
2009-03-06 00:30 210 a------- C:\tTt0.bat
2009-03-06 00:17 63,712 a------- C:\Z1o.exe
2009-03-06 00:15 149 a------- C:\O5LtxE2.bat
2009-03-06 00:15 8,150 a------- C:\Ndg0BLhb.bat
2009-03-06 00:15 197 a------- C:\O5LtxE.bat
2009-03-05 23:30 136,112 a------- C:\YAPWUGT.exe
2009-03-05 23:30 8,150 a------- C:\skCEDaz.bat
2009-03-05 23:30 217 a------- C:\pPhJzvF.bat
2009-03-05 23:30 157 a------- C:\pPhJzvF2.bat
2009-03-05 23:15 149 a------- C:\I1ejRAJ2.bat
2009-03-05 23:15 8,150 a------- C:\TfxhQ.bat
2009-03-05 23:15 200 a------- C:\I1ejRAJ.bat
2009-03-05 23:00 8,150 a------- C:\iI0X9.bat
2009-03-05 23:00 147 a------- C:\teGg2rnV2.bat
2009-03-05 23:00 195 a------- C:\teGg2rnV.bat
2009-03-05 22:45 8,150 a------- C:\kjRLTHI.bat
2009-03-05 22:45 159 a------- C:\VTCk2.bat
2009-03-05 22:45 219 a------- C:\VTCk.bat
2009-03-05 22:30 161 a------- C:\bbm2.bat
2009-03-05 22:30 8,150 a------- C:\bVDIEX.bat
2009-03-05 22:30 224 a------- C:\bbm.bat
2009-03-05 22:15 161 a------- C:\HYySzvNE2.bat
2009-03-05 22:15 8,150 a------- C:\GyaXJW.bat
2009-03-05 22:15 221 a------- C:\HYySzvNE.bat
2009-03-05 22:00 8,150 a------- C:\nHN5Q2f.bat
2009-03-05 22:00 149 a------- C:\rLO2.bat
2009-03-05 22:00 200 a------- C:\rLO.bat
2009-03-05 21:46 0 a------- C:\Ptg22.exe
2009-03-05 21:45 146 a------- C:\KKGEL2.bat
2009-03-05 21:45 8,150 a------- C:\rJkPiM.bat
2009-03-05 21:45 194 a------- C:\KKGEL.bat
2009-03-05 21:15 8,150 a------- C:\vnypCjGl.bat
2009-03-05 21:15 221 a------- C:\IUWF7Lx.bat
2009-03-05 21:15 161 a------- C:\IUWF7Lx2.bat
2009-03-04 00:45 106 a------- C:\yXB52.bat
2009-03-04 00:45 8,150 a------- C:\tlnq.bat
2009-03-04 00:45 140 a------- C:\yXB5.bat
2009-03-04 00:15 112 a------- C:\nX72e62.bat
2009-03-04 00:15 8,150 a------- C:\XiVbWkuK.bat
2009-03-04 00:15 152 a------- C:\nX72e6.bat
2009-03-04 00:00 8,150 a------- C:\A5Gi.bat
2009-03-04 00:00 112 a------- C:\EjPu2.bat
2009-03-04 00:00 154 a------- C:\EjPu.bat
2009-03-03 23:45 149,144 a------- C:\cmyT2.exe
2009-03-03 23:45 110 a------- C:\hGSUjh2.bat
2009-03-03 23:45 8,150 a------- C:\i5QqBjc.bat
2009-03-03 23:45 146 a------- C:\hGSUjh.bat
2009-03-03 23:30 108 a------- C:\RXHr2.bat
2009-03-03 23:30 8,150 a------- C:\turoD0.bat
2009-03-03 23:30 142 a------- C:\RXHr.bat
2009-03-03 23:15 111 a------- C:\DNs2.bat
2009-03-03 23:15 8,150 a------- C:\R1DtT.bat
2009-03-03 23:15 155 a------- C:\DNs.bat
2009-03-03 23:01 114 a------- C:\duXo2.bat
2009-03-03 23:01 8,150 a------- C:\zKlkjDl.bat
2009-03-03 23:01 156 a------- C:\duXo.bat
2009-03-03 22:45 8,150 a------- C:\dMA.bat
2009-03-03 22:45 155 a------- C:\poa92.bat
2009-03-03 22:45 113 a------- C:\poa922.bat
2009-03-03 22:30 110 a------- C:\K4x42.bat
2009-03-03 22:30 8,150 a------- C:\q1YQnb.bat
2009-03-03 22:30 148 a------- C:\K4x4.bat
2009-03-03 22:15 112 a------- C:\SviISQ2.bat
2009-03-03 22:15 8,150 a------- C:\lAndtAf6.bat
2009-03-03 22:15 152 a------- C:\SviISQ.bat
2009-03-03 22:00 109 a------- C:\PvDvm4H2.bat
2009-03-03 22:00 8,150 a------- C:\Qryyl.bat
2009-03-03 22:00 149 a------- C:\PvDvm4H.bat
2009-03-03 21:45 8,150 a------- C:\ZqBgDoF.bat
2009-03-03 21:45 108 a------- C:\cYBN2.bat
2009-03-03 21:45 142 a------- C:\cYBN.bat
2009-03-03 21:30 110 a------- C:\TER2.bat
2009-03-03 21:30 8,150 a------- C:\TUGQK0fo.bat
2009-03-03 21:30 146 a------- C:\TER.bat
2009-03-03 21:27 <DIR> --d----- c:\program files\Trend Micro
2009-03-03 21:25 <DIR> --d----- C:\hjt
2009-03-03 21:15 8,150 a------- C:\wkmiCXE8.bat
2009-03-03 21:15 154 a------- C:\zePHC.bat
2009-03-03 21:15 110 a------- C:\zePHC2.bat
2009-03-03 21:00 8,150 a------- C:\DfeDolk.bat
2009-03-03 21:00 113 a------- C:\HZl2.bat
2009-03-03 21:00 153 a------- C:\HZl.bat
2009-03-03 20:45 111 a------- C:\HxL2.bat
2009-03-03 20:45 8,150 a------- C:\J4N.bat
2009-03-03 20:45 153 a------- C:\HxL.bat
2009-03-03 20:15 8,150 a------- C:\tHh.bat
2009-03-03 20:15 145 a------- C:\OcN3AsD.bat
2009-03-03 20:15 109 a------- C:\OcN3AsD2.bat
2009-03-03 20:00 8,150 a------- C:\qs90.bat
2009-03-03 20:00 114 a------- C:\ife6lrfl2.bat
2009-03-03 20:00 158 a------- C:\ife6lrfl.bat
2009-03-03 19:30 8,150 a------- C:\TlpSx8.bat
2009-03-03 19:30 111 a------- C:\HikrmD2.bat
2009-03-03 19:30 147 a------- C:\HikrmD.bat
2009-03-03 19:15 110 a------- C:\Eaz2.bat
2009-03-03 19:15 8,150 a------- C:\gfcPfpSs.bat
2009-03-03 19:15 150 a------- C:\Eaz.bat
2009-03-03 16:00 105 a------- C:\U1Z2.bat
2009-03-03 16:00 8,150 a------- C:\kjUqxy1.bat
2009-03-03 16:00 139 a------- C:\U1Z.bat
2009-03-03 15:45 114 a------- C:\BNeGRJ2.bat
2009-03-03 15:45 8,150 a------- C:\lUU8HkTB.bat
2009-03-03 15:45 158 a------- C:\BNeGRJ.bat
2009-03-03 15:30 113 a------- C:\PuncsoHa2.bat
2009-03-03 15:30 8,150 a------- C:\zW8hbk4W.bat
2009-03-03 15:30 155 a------- C:\PuncsoHa.bat
2009-03-03 15:15 8,150 a------- C:\ijNGdOz.bat
2009-03-03 15:15 152 a------- C:\AKiP.bat
2009-03-03 15:15 112 a------- C:\AKiP2.bat
2009-03-03 15:00 107 a------- C:\bK8xmu2.bat
2009-03-03 15:00 8,150 a------- C:\QnqUSq6m.bat
2009-03-03 15:00 141 a------- C:\bK8xmu.bat
2009-03-03 14:30 8,150 a------- C:\Kap.bat
2009-03-03 14:30 108 a------- C:\swndGc2.bat
2009-03-03 14:30 146 a------- C:\swndGc.bat
2009-03-03 14:15 8,150 a------- C:\dSa2.bat
2009-03-03 14:15 107 a------- C:\nhfbU2.bat
2009-03-03 14:15 141 a------- C:\nhfbU.bat
2009-03-03 14:00 8,150 a------- C:\CzQC6Sq.bat
2009-03-03 14:00 112 a------- C:\VUrl2.bat
2009-03-03 14:00 156 a------- C:\VUrl.bat
2009-03-03 13:45 8,150 a------- C:\BAXeXg8.bat
2009-03-03 13:45 146 a------- C:\PoWKsa.bat
2009-03-03 13:45 108 a------- C:\PoWKsa2.bat
2009-03-03 13:30 114 a------- C:\igwRcZ2.bat
2009-03-03 13:30 8,150 a------- C:\sm0ZBuW.bat
2009-03-03 13:30 158 a------- C:\igwRcZ.bat
2009-03-03 10:45 106 a------- C:\wpuFSY2.bat
2009-03-03 10:45 8,150 a------- C:\AGBALsr.bat
2009-03-03 10:45 142 a------- C:\wpuFSY.bat
2009-03-03 10:30 107 a------- C:\pZuzJYw82.bat
2009-03-03 10:30 8,150 a------- C:\cR0.bat
2009-03-03 10:30 143 a------- C:\pZuzJYw8.bat
2009-03-03 10:15 105 a------- C:\zzcHjyOe2.bat
2009-03-03 10:15 8,150 a------- C:\PLq.bat
2009-03-03 10:15 139 a------- C:\zzcHjyOe.bat
2009-03-03 10:00 113 a------- C:\cJDlS2.bat
2009-03-03 10:00 8,150 a------- C:\tUy4jp.bat
2009-03-03 10:00 153 a------- C:\cJDlS.bat
2009-03-02 01:00 0 a------- C:\proxy.log.2009.03.02
2009-03-01 02:00 8,150 a------- C:\dM4SOqRk.bat
2009-03-01 02:00 107 a------- C:\cLqx2.bat
2009-03-01 02:00 141 a------- C:\cLqx.bat
2009-03-01 01:45 107 a------- C:\GyIzG2.bat
2009-03-01 01:45 8,150 a------- C:\hCCAbDrT.bat
2009-03-01 01:45 141 a------- C:\GyIzG.bat
2009-03-01 01:30 8,150 a------- C:\AYNEZ08.bat
2009-03-01 01:30 157 a------- C:\gy0.bat
2009-03-01 01:30 113 a------- C:\gy02.bat
2009-03-01 01:15 112 a------- C:\K7wAb8q2.bat
2009-03-01 01:15 8,150 a------- C:\OVgL.bat
2009-03-01 01:15 154 a------- C:\K7wAb8q.bat
2009-03-01 01:00 200 a------- C:\proxy.log.2009.03.01
2009-03-01 00:45 114 a------- C:\OSxXZ2.bat
2009-03-01 00:45 8,150 a------- C:\Ylin.bat
2009-03-01 00:45 156 a------- C:\OSxXZ.bat
2009-03-01 00:30 8,150 a------- C:\pCI2Yn.bat
2009-03-01 00:30 109 a------- C:\G3HrXkeB2.bat
2009-03-01 00:30 145 a------- C:\G3HrXkeB.bat
2009-03-01 00:00 8,150 a------- C:\cYA.bat
2009-03-01 00:00 108 a------- C:\TcXoIaz2.bat
2009-03-01 00:00 146 a------- C:\TcXoIaz.bat
2009-02-28 23:30 8,150 a------- C:\DDwA7Xob.bat
2009-02-28 23:30 112 a------- C:\j8a82.bat
2009-02-28 23:30 154 a------- C:\j8a8.bat
2009-02-28 23:16 113 a------- C:\oyhNFlOp2.bat
2009-02-28 23:16 8,150 a------- C:\HYS9MfV.bat
2009-02-28 23:16 155 a------- C:\oyhNFlOp.bat
2009-02-28 22:47 10,136 a------- C:\jBzaZ.exe
2009-02-28 22:45 108 a------- C:\xefGQlQ2.bat
2009-02-28 22:45 8,150 a------- C:\i2H6X.bat
2009-02-28 22:45 146 a------- C:\xefGQlQ.bat
2009-02-28 21:45 114 a------- C:\jQ3KPdb2.bat
2009-02-28 21:45 8,150 a------- C:\t9L.bat
2009-02-28 21:45 158 a------- C:\jQ3KPdb.bat
2009-02-28 21:31 23,168 a------- C:\vkd.exe
2009-02-28 21:31 8,150 a------- C:\ZjCXCy.bat
2009-02-28 21:31 109 a------- C:\BvTz2.bat
2009-02-28 21:31 143 a------- C:\BvTz.bat
2009-02-28 20:15 110 a------- C:\rgs2.bat
2009-02-28 20:15 8,150 a------- C:\zrT.bat
2009-02-28 20:15 144 a------- C:\rgs.bat
2009-02-28 19:45 109 a------- C:\kZkIlS2.bat
2009-02-28 19:45 8,150 a------- C:\OwDtG.bat
2009-02-28 19:45 143 a------- C:\kZkIlS.bat
2009-02-28 19:16 113 a------- C:\bGya5h2.bat
2009-02-28 19:16 8,150 a------- C:\tMNp.bat
2009-02-28 19:16 155 a------- C:\bGya5h.bat
2009-02-28 18:46 106 a------- C:\ZEcqnRu2.bat
2009-02-28 18:45 8,150 a------- C:\VKAKcD.bat
2009-02-28 18:45 140 a------- C:\ZEcqnRu.bat
2009-02-28 18:15 110 a------- C:\dwNqt2.bat
2009-02-28 18:15 8,150 a------- C:\AIX2.bat
2009-02-28 18:15 144 a------- C:\dwNqt.bat
2009-02-28 18:00 111 a------- C:\l5652.bat
2009-02-28 18:00 8,150 a------- C:\XNbkzC.bat
2009-02-28 18:00 149 a------- C:\l565.bat
2009-02-28 17:34 3,576 a------- C:\proxy.log.2009.02.28
2009-02-28 17:34 <DIR> --d----- C:\svc
2009-02-28 17:31 127 a------- C:\z3o2.bat
2009-02-28 17:31 8,150 a------- C:\hRXmW.bat
2009-02-28 17:31 154 a------- C:\z3o.bat
2009-02-28 16:45 8,098 a------- C:\sKCEpW1.bat
2009-02-28 16:45 205 a------- C:\nDHO.bat
2009-02-28 16:00 <DIR> --d----- c:\program files\Maxis
2009-02-28 09:54 8,098 a------- C:\bctBA8B.bat
2009-02-28 09:54 215 a------- C:\k1DJnp.bat
2009-02-20 00:40 54,156 a---h--- c:\windows\QTFont.qfn
2009-02-20 00:40 1,409 a------- c:\windows\QTFont.for

==================== Find3M ====================

2008-12-09 20:42 31 a------- c:\documents and settings\mom\jagex_runescape_preferences.dat

============= FINISH: 10:12:26.20 ===============

 

While I work on your next fix, please locate the last combofix log.
It was cut off....if you can post the remaining contents beginning here

==================== Find3M ====================

 

Due to the nature of this infection I think we should continue.

http://www.cnn.com/2009/TECH/ptech/02/13/virus.downadup/index.html
Cleaning Systems of Conficker

The above is information about this infection plus a write from Microsoft.
They claim to have a patch for infected machines.
http://technet.microsoft.com/en-us/security/dd452420.aspx


Print or save these instructions to notepad/wordpad to help with all the necessary steps.


Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

Code:

@ECHO OFF
NIRCMD SERVICE STOP SCHEDULE
NIRCMD SERVICE DISABLED SCHEDULE
DEL /A/Q %WINDIR%\TASKS\*.JOB

Save this as fix.bat and choose to Save as type: - All Files then close the Notepad file.
You should see a small gear icon on your desktop
Double-click on fix.bat and allow it to run.




Are your behind a router?
If you are please follow:

Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). If you don’t know the router's default password, you can look it up HERE

You also need to reconfigure any security settings you had in place prior to the reset. Check out this site here for video tutorials on how to properly configure your router's encryption and security settings. You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.


Now lets check some settings on your system.
In the windows control panel. If you are using Windows XP's Category View, select the Network and Internet Connections category, otherwise double click on Network Connections.
Then right click on your default connection, usually local area connection for Cable and DSL, and left click on properties.
Click the Networking tab. Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says "Obtain DNS servers automatically "
Press OK twice to get out of the properties screen and reboot if it asks.

That option might not be available on some systems.
Next go Start, Run and type cmd and hit OK
now type:
ipconfig /flushdns
(note that a space between ipconfig and / is needed)
then hit Enter, type exit and hit Enter again.



Next**
I want to locate ComboFix on your desktop
Right click and select delete

Please download an updated copy.

Download Combofix from any of the links below.

Save it to your desktop.

Link 1
Link 2
Link 3


Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the CODE box below:
Save this as "CFScript.txt " including quotes and change the "Save as type" to "All Files" and place it on your desktop.

Code:

KillAll::
 
File:: 
c:\windows\system32\drivers\wggfaig.sys
C:\autorun.inf
C:\eMgiESd.bat
C:\vJXG2.exe
C:\vJXG.exe
C:\pv7Omd.bat
C:\BDffy.bat
C:\fqter2.exe
C:\fqter.exe
C:\bdShK7e.bat
C:\FzP9.bat
C:\S1tO2.exe
C:\S1tO.exe
C:\ZUS3.bat
C:\uCz.bat
C:\yTpiQ.exe
C:\Yvl.bat
C:\xsd.bat
C:\QvWO0o2.exe
C:\QvWO0o.exe
C:\puG.bat
C:\P8r6ESx.bat
C:\csPPD2.exe
C:\csPPD.exe
C:\MQtMCsS.bat
C:\xP2zM.bat
C:\PaAn6b2.exe
C:\PaAn6b.exe
C:\lQvfM.bat
C:\Se6d6.bat
C:\W7A2.exe
C:\W7A.exe
C:\OX2VTyyW.bat
C:\Jv10.bat
C:\n0zEVp2.exe
C:\n0zEVp.exe
C:\G06j0.bat
C:\REu.bat
C:\M6M2.exe
C:\M6M.exe
C:\zcKQeBTk.bat
C:\BgbH.bat
C:\l8bCNJbi2.exe
C:\l8bCNJbi.exe
C:\W1U.bat
C:\pYp9.bat
C:\Tcqb.exe
C:\hqrg.bat
C:\twiZS0MV.bat
C:\VzpIrMq2.exe
C:\VzpIrMq.exe
C:\EuQlh.bat
C:\a8wi4Z.bat
C:\MTCJW1A2.exe
C:\MTCJW1A.exe
C:\GzCUJX.bat
C:\nCxexo.bat
C:\eR9iq7cz2.exe
C:\eR9iq7cz.exe
C:\jPm1U.bat
C:\UutrnS2C.bat
C:\Qay.bat
C:\syD.bat
C:\glBDgP.bat
C:\AxN5Lv.bat
C:\bc1sasDR.exe
C:\cnme.bat
C:\sRFQC.bat
C:\n4w2.exe
C:\n4w.exe
C:\qCJ.bat
C:\GHZ.bat
C:\yNe2.exe
C:\yNe.exe
C:\J8B.bat
C:\m9m8iw.bat
C:\Irrb2.exe
C:\Irrb.exe
C:\GlFKzbj.bat
C:\qybT.bat
C:\Tni2.exe
C:\Tni.exe
C:\YC1SBzN.bat
C:\MHY.bat
C:\nExj012.exe
C:\nExj01.exe
C:\Fbgi.bat
C:\Gp9a.bat
C:\GYzU7I2.exe
C:\GYzU7I.exe
C:\iS41m.bat
C:\Nft3WPe.bat
C:\J3i30Ykw2.exe
C:\J3i30Ykw.exe
C:\HZF.bat
C:\J57.bat
C:\furGEZMN2.exe
C:\furGEZMN.exe
C:\UZQxOMn8.bat
C:\s9kTqw18.bat
C:\slO2.exe
C:\slO.exe
C:\dqtfGXG.bat
C:\oCjQj1dd.bat
C:\vAMt2.exe
C:\vAMt.exe
C:\ige2d.bat
C:\OKTRHBAm.bat
C:\T9Gn9NV12.exe
C:\T9Gn9NV1.exe
C:\qCF4o.bat
C:\kUs.bat
C:\wm4QfVW.bat
C:\JxbiW.bat
C:\Xlkq32.exe
C:\Xlkq3.exe
C:\A72tEh.bat
C:\ifKaH.bat
C:\COR2.exe
C:\d3A.bat
C:\Xip14.bat
C:\ybt2.exe
C:\ybt.exe
C:\A6c.bat
C:\H75nD.bat
C:\ULBUp6Q2.exe
C:\ULBUp6Q.exe
C:\e5Kx.bat
C:\MBfEt.bat
C:\lc87.exe
C:\IOVO.bat
C:\JuBL.bat
C:\u4B.bat
C:\MbK06g0.bat
C:\iZS9W4.bat
C:\JPBryJ.bat
C:\VILA.bat
C:\LISlzG.bat
C:\HHSs2.exe
C:\JNH.bat
C:\DnyoUBGy.bat
C:\iJHsX.exe
C:\kz0A.bat
C:\wa8AjGe.bat
C:\H0YNJrj72.exe
C:\bTM9lEZ.bat
C:\lwnzEkBB.bat
C:\Igi.bat
C:\Bb2vQH65.bat
C:\u1IXAT.exe
C:\f6Gpln.bat
C:\boHZD.bat
C:\OyXzit.exe
C:\WrxbC.bat
C:\vRy1.bat
C:\LO3Pn.exe
C:\sfv.bat
C:\Q4EHA.bat
C:\zzz6egh.bat
C:\RXPg.bat
C:\Ri5HgQSW.bat
C:\W02Kz.bat
C:\yaP2.exe
C:\yaP.exe
C:\tP81Jh2m.bat
C:\HOg.bat
C:\jCA.bat
C:\TdV.bat
C:\H2YR54.bat
C:\HtkPO.bat
C:\dhRD04Xo.exe
C:\L7rE5.bat
C:\Vnkx.bat
C:\EVqbnI.bat
C:\wZtUKQr.bat
C:\o9OSU.bat
C:\i2s.bat
C:\irit.exe
C:\a5c3t.bat
C:\Wj0P6.bat
C:\J4X8DF.exe
C:\FKGVniz.bat
C:\ibbA0sK.bat
C:\JWmKK2.exe
C:\FgPD.bat
C:\giw.bat
C:\d7e0gXA2.bat
C:\Kjcg7Ubl.bat
C:\pbk7Lfs2.exe
C:\pbk7Lfs.exe
C:\vl2qOuo.bat
C:\xIK2CJo.bat
C:\uQmTBXA3.exe
C:\J9L7.bat
C:\O8fKY.bat
C:\u4d.bat
C:\hMYQbigQ.bat
C:\bra.bat
C:\MkH6MAyx.bat
C:\VGh0NAT.bat
C:\CIalQ1.bat
C:\soI3yH.bat
C:\KBC6.bat
C:\LWm2.exe
C:\EF4.bat
C:\jBuT56I.bat
C:\hNzwU.exe
C:\ipb5r68Y.bat
C:\UTuhk.bat
C:\Xhwm7goO2.exe
C:\Xhwm7goO.exe
C:\KhrCpC.bat
C:\XojwoS.bat
C:\Ls92.exeC:\mvagP.bat
C:\Gke.bat
C:\zC2Xto.bat
C:\GGil79e.bat
C:\eE1X.bat
C:\vJb.bat
C:\yb5.exe
C:\MymXnThr.bat
C:\LnhO.bat
C:\bTnwkD2.exe
C:\cTMQULVR.bat
C:\Pr9zJD9B.bat
C:\jA8QHQ6.exe
C:\O6Fkr4.bat
C:\ShU.bat
C:\ZxN9.bat
C:\xbUOsH.bat
C:\MYc2.exe
C:\MYc.exe
C:\O5uw0.bat
C:\lC8.bat
C:\Yo92Z.bat
C:\xSQSm3y.bat
C:\LRy62.exe
C:\zG0VWh.bat
C:\fCPo9k8.bat
C:\wJol.bat
C:\LNJ5CfL.bat
C:\Ml352.exe
C:\FQj2N.bat
C:\QJuVRhX.bat
C:\bNXQ4cT3.bat
C:\bFyt.bat
C:\svc11
C:\svc10
C:\YH86.bat
C:\mpGZMrYl.bat
C:\sDJs0Two.bat
C:\DYyb6Xh.bat
C:\Rsy.bat
C:\OzHGlm.bat
C:\ZIe9rqE.bat
C:\e2HY.bat
C:\u1CWeQ.bat
C:\h0Fv.bat
C:\OPrJWEL.bat
C:\sHOjCin.bat
C:\GBWb.bat
C:\PqS.bat
C:\wPkPuzGH.bat
C:\qpOGafWe.bat
C:\ANGOIYh.bat
C:\SxgA28.bat
C:\G5GV.bat
C:\GDN.bat
C:\jPHJi.bat
C:\RkZ0.bat
C:\JHVF62.bat
C:\v7KX9t.bat
C:\JHVF6.bat
C:\VyktLf9Y2.bat
C:\y71XbAV.bat
C:\VyktLf9Y.bat
C:\FRaEdI9t2.bat
C:\e0VGIO.bat
C:\FRaEdI9t.bat
C:\LiufxL2l2.bat
C:\ipmeIPoT.bat
C:\LiufxL2l.bat
C:\W9RK2.bat
C:\UMbk.bat
C:\W9RK.bat
C:\YnjUgtOL2.bat
C:\e87v4b.bat
C:\YnjUgtOL.bat
C:\J3De0P2.bat
C:\dlR.bat
C:\J3De0P.bat
C:\itm22.exe
C:\SadaT2GR2.bat
C:\frkYO.bat
C:\SadaT2GR.bat
C:\Imd3TrrF2.bat
C:\oOakP.bat
C:\Imd3TrrF.bat
C:\tC192.bat
C:\GEVF9onH.bat
C:\tC19.bat
C:\xg6j2PX2.bat
C:\UFtBjdRP.bat
C:\xg6j2PX.bat
C:\QQw6KWu2.bat
C:\kMi.bat
C:\QQw6KWu.bat
C:\boTC32.bat
C:\s9rLQV0K.bat
C:\boTC3.bat
C:\g43iV2.bat
C:\NkuGMt.bat
C:\g43iV.bat
C:\j0qi2.bat
C:\q57k.bat
C:\j0qi.bat
C:\kVeWsVO2.bat
C:\zfVUov.bat
C:\kVeWsVO.bat
C:\ZAq2.bat
C:\pSiH20.bat
C:\ZAq.bat
C:\bmV2.bat
C:\SeZPnIr4.bat
C:\bmV.bat
C:\KWOTVGEX2.bat
C:\ibUd3.bat
C:\KWOTVGEX.bat
C:\bHmsb2.bat
C:\KbYuGUd.bat
C:\bHmsb.bat
C:\IJ5IJRL22.exe
C:\Sjt2.bat
C:\F0vg.bat
C:\Sjt.bat
C:\dyWuy22.exe
C:\ikU0Qi2.bat
C:\fYVdb.bat
C:\ikU0Qi.bat
C:\jUb2.bat
C:\XCf2xl.bat
C:\jUb.bat
C:\FmZFQK92.bat
C:\Mm3Wfs.bat
C:\FmZFQK9.bat
C:\tTt02.bat
C:\jLrQQSN.bat
C:\tTt0.bat
C:\Z1o.exe
C:\O5LtxE2.bat
C:\Ndg0BLhb.bat
C:\O5LtxE.bat
C:\YAPWUGT.exe
C:\skCEDaz.bat
C:\pPhJzvF.bat
C:\pPhJzvF2.bat
C:\I1ejRAJ2.bat
C:\TfxhQ.bat
C:\I1ejRAJ.bat
C:\iI0X9.bat
C:\teGg2rnV2.bat
C:\teGg2rnV.bat
C:\kjRLTHI.bat
C:\VTCk2.bat
C:\VTCk.bat
C:\bbm2.bat
C:\bVDIEX.bat
C:\bbm.bat
C:\HYySzvNE2.bat
C:\GyaXJW.bat
C:\HYySzvNE.bat
C:\nHN5Q2f.bat
C:\rLO2.bat
C:\rLO.bat
C:\Ptg22.exe
C:\KKGEL2.bat
C:\rJkPiM.bat
C:\KKGEL.bat
C:\vnypCjGl.bat
C:\IUWF7Lx.bat
C:\IUWF7Lx2.bat
C:\yXB52.bat
C:\tlnq.bat
C:\yXB5.bat
C:\nX72e62.bat
C:\XiVbWkuK.bat
C:\nX72e6.bat
C:\A5Gi.bat
C:\EjPu2.bat
C:\EjPu.bat
C:\cmyT2.exe
C:\hGSUjh2.bat
C:\i5QqBjc.bat
C:\hGSUjh.bat
C:\RXHr2.bat
C:\turoD0.bat
C:\RXHr.bat
C:\DNs2.bat
C:\R1DtT.bat
C:\DNs.bat
C:\duXo2.bat
C:\zKlkjDl.bat
C:\duXo.bat
C:\dMA.bat
C:\poa92.bat
C:\poa922.bat
C:\K4x42.bat
C:\q1YQnb.bat
C:\K4x4.bat
C:\SviISQ2.bat
C:\lAndtAf6.bat
C:\SviISQ.bat
C:\PvDvm4H2.bat
C:\Qryyl.bat
C:\PvDvm4H.bat
C:\ZqBgDoF.bat
C:\cYBN2.bat
C:\cYBN.bat
C:\TER2.bat
C:\TUGQK0fo.bat
C:\TER.bat
C:\wkmiCXE8.bat
C:\zePHC.bat
C:\zePHC2.bat
C:\DfeDolk.bat
C:\HZl2.bat
C:\HZl.bat
C:\HxL2.bat
C:\J4N.bat
C:\HxL.bat
C:\tHh.bat
C:\OcN3AsD.bat
C:\OcN3AsD2.bat
C:\qs90.bat
C:\ife6lrfl2.bat
C:\ife6lrfl.bat
C:\TlpSx8.bat
C:\HikrmD2.bat
C:\HikrmD.bat
C:\Eaz2.bat
C:\gfcPfpSs.bat
C:\Eaz.bat
C:\U1Z2.bat
C:\kjUqxy1.bat
C:\U1Z.bat
C:\BNeGRJ2.bat
C:\lUU8HkTB.bat
C:\BNeGRJ.bat
C:\PuncsoHa2.bat
C:\zW8hbk4W.bat
C:\PuncsoHa.bat
C:\ijNGdOz.bat
C:\AKiP.bat
C:\AKiP2.bat
C:\bK8xmu2.bat
C:\QnqUSq6m.bat
C:\bK8xmu.bat
C:\Kap.bat
C:\swndGc2.bat
C:\swndGc.bat
C:\dSa2.bat
C:\nhfbU2.bat
C:\nhfbU.bat
C:\CzQC6Sq.bat
C:\VUrl2.bat
C:\VUrl.bat
C:\BAXeXg8.bat
C:\PoWKsa.bat
C:\PoWKsa2.bat
C:\igwRcZ2.bat
C:\sm0ZBuW.bat
C:\igwRcZ.bat
C:\wpuFSY2.bat
C:\AGBALsr.bat
C:\wpuFSY.bat
C:\pZuzJYw82.bat
C:\cR0.bat
C:\pZuzJYw8.bat
C:\zzcHjyOe2.bat
C:\PLq.bat
C:\zzcHjyOe.bat
C:\cJDlS2.bat
C:\tUy4jp.bat
C:\cJDlS.bat
C:\dM4SOqRk.bat
C:\cLqx2.bat
C:\cLqx.bat
C:\GyIzG2.bat
C:\hCCAbDrT.bat
C:\GyIzG.bat
C:\AYNEZ08.bat
C:\gy0.bat
C:\gy02.bat
C:\K7wAb8q2.bat
C:\OVgL.bat
C:\K7wAb8q.bat
C:\proxy.log.2009.03.01
C:\OSxXZ2.bat
C:\Ylin.bat
C:\OSxXZ.bat
C:\pCI2Yn.bat
C:\G3HrXkeB2.bat
C:\G3HrXkeB.bat
C:\cYA.bat
C:\TcXoIaz2.bat
C:\TcXoIaz.bat
C:\DDwA7Xob.bat
C:\j8a82.bat
C:\j8a8.bat
C:\oyhNFlOp2.bat
C:\HYS9MfV.bat
C:\oyhNFlOp.bat
C:\jBzaZ.exe
C:\xefGQlQ2.bat
C:\i2H6X.bat
C:\xefGQlQ.bat
C:\jQ3KPdb2.bat
C:\t9L.bat
C:\jQ3KPdb.bat
C:\vkd.exe
C:\ZjCXCy.bat
C:\BvTz2.bat
C:\BvTz.bat
C:\rgs2.bat
C:\zrT.bat
C:\rgs.bat
C:\kZkIlS2.bat
C:\OwDtG.bat
C:\kZkIlS.bat
C:\bGya5h2.bat
C:\tMNp.bat
C:\bGya5h.bat
C:\ZEcqnRu2.bat
C:\VKAKcD.bat
C:\ZEcqnRu.bat
C:\dwNqt2.bat
C:\AIX2.bat
C:\dwNqt.bat
C:\l5652.bat
C:\XNbkzC.bat
C:\l565.bat
C:\proxy.log
C:\z3o2.bat
C:\hRXmW.bat
C:\z3o.bat
C:\sKCEpW1.bat
C:\nDHO.bat
C:\bctBA8B.bat
C:\k1DJnp.bat

Folder:: 
C:\svc

Driver::
lucjfb

DDS::
uInternet Connection Wizard,ShellNext = iexplore
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} 
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} 
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} 
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

In your next reply post:
Combofix.txt
new DDS log


how's your machine now?

 

Actually, my computers running pretty well.

I'm in it as long
as you're willing to help get it fixed!.

ComboFix 09-03-12.01 - mom 2009-03-13 16:43:21.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.1106 [GMT -5:00]
Running from: c:\documents and settings\mom\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\mom\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)
* Created a new restore point

FILE ::
C:\a5c3t.bat
C:\A5Gi.bat
C:\A6c.bat
C:\A72tEh.bat
C:\a8wi4Z.bat
C:\AGBALsr.bat
C:\AIX2.bat
C:\AKiP.bat
C:\AKiP2.bat
C:\ANGOIYh.bat
C:\autorun.inf
C:\AxN5Lv.bat
C:\AYNEZ08.bat
C:\BAXeXg8.bat
C:\Bb2vQH65.bat
C:\bbm.bat
C:\bbm2.bat
C:\bc1sasDR.exe
C:\bctBA8B.bat
C:\BDffy.bat
C:\bdShK7e.bat
C:\bFyt.bat
C:\BgbH.bat
C:\bGya5h.bat
C:\bGya5h2.bat
C:\bHmsb.bat
C:\bHmsb2.bat
C:\bK8xmu.bat
C:\bK8xmu2.bat
C:\bmV.bat
C:\bmV2.bat
C:\BNeGRJ.bat
C:\BNeGRJ2.bat
C:\bNXQ4cT3.bat
C:\boHZD.bat
C:\boTC3.bat
C:\boTC32.bat
C:\bra.bat
C:\bTM9lEZ.bat
C:\bTnwkD2.exe
C:\bVDIEX.bat
C:\BvTz.bat
C:\BvTz2.bat
C:\CIalQ1.bat
C:\cJDlS.bat
C:\cJDlS2.bat
C:\cLqx.bat
C:\cLqx2.bat
C:\cmyT2.exe
C:\cnme.bat
C:\COR2.exe
C:\cR0.bat
C:\csPPD.exe
C:\csPPD2.exe
C:\cTMQULVR.bat
C:\cYA.bat
C:\cYBN.bat
C:\cYBN2.bat
C:\CzQC6Sq.bat
C:\d3A.bat
C:\d7e0gXA2.bat
C:\DDwA7Xob.bat
C:\DfeDolk.bat
C:\dhRD04Xo.exe
C:\dlR.bat
C:\dM4SOqRk.bat
C:\dMA.bat
C:\DNs.bat
C:\DNs2.bat
C:\DnyoUBGy.bat
C:\dqtfGXG.bat
C:\dSa2.bat
C:\duXo.bat
C:\duXo2.bat
C:\dwNqt.bat
C:\dwNqt2.bat
C:\dyWuy22.exe
C:\DYyb6Xh.bat
C:\e0VGIO.bat
C:\e2HY.bat
C:\e5Kx.bat
C:\e87v4b.bat
C:\Eaz.bat
C:\Eaz2.bat
C:\eE1X.bat
C:\EF4.bat
C:\EjPu.bat
C:\EjPu2.bat
C:\eMgiESd.bat
C:\eR9iq7cz.exe
C:\eR9iq7cz2.exe
C:\EuQlh.bat
C:\EVqbnI.bat
C:\F0vg.bat
C:\f6Gpln.bat
C:\Fbgi.bat
C:\fCPo9k8.bat
C:\FgPD.bat
C:\FKGVniz.bat
C:\FmZFQK9.bat
C:\FmZFQK92.bat
C:\FQj2N.bat
C:\fqter.exe
C:\fqter2.exe
C:\FRaEdI9t.bat
C:\FRaEdI9t2.bat
C:\frkYO.bat
C:\furGEZMN.exe
C:\furGEZMN2.exe
C:\fYVdb.bat
C:\FzP9.bat
C:\G06j0.bat
C:\G3HrXkeB.bat
C:\G3HrXkeB2.bat
C:\g43iV.bat
C:\g43iV2.bat
C:\G5GV.bat
C:\GBWb.bat
C:\GDN.bat
C:\GEVF9onH.bat
C:\gfcPfpSs.bat
C:\GGil79e.bat
C:\GHZ.bat
C:\giw.bat
C:\Gke.bat
C:\glBDgP.bat
C:\GlFKzbj.bat
C:\Gp9a.bat
C:\gy0.bat
C:\gy02.bat
C:\GyaXJW.bat
C:\GyIzG.bat
C:\GyIzG2.bat
C:\GYzU7I.exe
C:\GYzU7I2.exe
C:\GzCUJX.bat
C:\h0Fv.bat
C:\H0YNJrj72.exe
C:\H2YR54.bat
C:\H75nD.bat
C:\hCCAbDrT.bat
C:\hGSUjh.bat
C:\hGSUjh2.bat
C:\HHSs2.exe
C:\HikrmD.bat
C:\HikrmD2.bat
C:\hMYQbigQ.bat
C:\hNzwU.exe
C:\HOg.bat
C:\hqrg.bat
C:\hRXmW.bat
C:\HtkPO.bat
C:\HxL.bat
C:\HxL2.bat
C:\HYS9MfV.bat
C:\HYySzvNE.bat
C:\HYySzvNE2.bat
C:\HZF.bat
C:\HZl.bat
C:\HZl2.bat
C:\I1ejRAJ.bat
C:\I1ejRAJ2.bat
C:\i2H6X.bat
C:\i2s.bat
C:\i5QqBjc.bat
C:\ibbA0sK.bat
C:\ibUd3.bat
C:\ife6lrfl.bat
C:\ife6lrfl2.bat
C:\ifKaH.bat
C:\ige2d.bat
C:\Igi.bat
C:\igwRcZ.bat
C:\igwRcZ2.bat
C:\iI0X9.bat
C:\IJ5IJRL22.exe
C:\iJHsX.exe
C:\ijNGdOz.bat
C:\ikU0Qi.bat
C:\ikU0Qi2.bat
C:\Imd3TrrF.bat
C:\Imd3TrrF2.bat
C:\IOVO.bat
C:\ipb5r68Y.bat
C:\ipmeIPoT.bat
C:\irit.exe
C:\Irrb.exe
C:\Irrb2.exe
C:\iS41m.bat
C:\itm22.exe
C:\IUWF7Lx.bat
C:\IUWF7Lx2.bat
C:\iZS9W4.bat
C:\j0qi.bat
C:\j0qi2.bat
C:\J3De0P.bat
C:\J3De0P2.bat
C:\J3i30Ykw.exe
C:\J3i30Ykw2.exe
C:\J4N.bat
C:\J4X8DF.exe
C:\J57.bat
C:\j8a8.bat
C:\j8a82.bat
C:\J8B.bat
C:\J9L7.bat
C:\jA8QHQ6.exe
C:\jBuT56I.bat
C:\jBzaZ.exe
C:\jCA.bat
C:\JHVF6.bat
C:\JHVF62.bat
C:\jLrQQSN.bat
C:\JNH.bat
C:\JPBryJ.bat
C:\jPHJi.bat
C:\jPm1U.bat
C:\jQ3KPdb.bat
C:\jQ3KPdb2.bat
C:\jUb.bat
C:\jUb2.bat
C:\JuBL.bat
C:\Jv10.bat
C:\JWmKK2.exe
C:\JxbiW.bat
C:\k1DJnp.bat
C:\K4x4.bat
C:\K4x42.bat
C:\K7wAb8q.bat
C:\K7wAb8q2.bat
C:\Kap.bat
C:\KBC6.bat
C:\KbYuGUd.bat
C:\KhrCpC.bat
C:\Kjcg7Ubl.bat
C:\kjRLTHI.bat
C:\kjUqxy1.bat
C:\KKGEL.bat
C:\KKGEL2.bat
C:\kMi.bat
C:\kUs.bat
C:\kVeWsVO.bat
C:\kVeWsVO2.bat
C:\KWOTVGEX.bat
C:\KWOTVGEX2.bat
C:\kz0A.bat
C:\kZkIlS.bat
C:\kZkIlS2.bat
C:\l565.bat
C:\l5652.bat
C:\L7rE5.bat
C:\l8bCNJbi.exe
C:\l8bCNJbi2.exe
C:\lAndtAf6.bat
C:\lC8.bat
C:\lc87.exe
C:\LISlzG.bat
C:\LiufxL2l.bat
C:\LiufxL2l2.bat
C:\LnhO.bat
C:\LNJ5CfL.bat
C:\LO3Pn.exe
C:\lQvfM.bat
C:\LRy62.exe
c:\ls92.exec:\mvagP.bat
C:\lUU8HkTB.bat
C:\LWm2.exe
C:\lwnzEkBB.bat
C:\M6M.exe
C:\M6M2.exe
C:\m9m8iw.bat
C:\MBfEt.bat
C:\MbK06g0.bat
C:\MHY.bat
C:\MkH6MAyx.bat
C:\Ml352.exe
C:\Mm3Wfs.bat
C:\mpGZMrYl.bat
C:\MQtMCsS.bat
C:\MTCJW1A.exe
C:\MTCJW1A2.exe
C:\MYc.exe
C:\MYc2.exe
C:\MymXnThr.bat
C:\n0zEVp.exe
C:\n0zEVp2.exe
C:\n4w.exe
C:\n4w2.exe
C:\nCxexo.bat
C:\Ndg0BLhb.bat
C:\nDHO.bat
C:\nExj01.exe
C:\nExj012.exe
C:\Nft3WPe.bat
C:\nhfbU.bat
C:\nhfbU2.bat
C:\nHN5Q2f.bat
C:\NkuGMt.bat
C:\nX72e6.bat
C:\nX72e62.bat
C:\O5LtxE.bat
C:\O5LtxE2.bat
C:\O5uw0.bat
C:\O6Fkr4.bat
C:\O8fKY.bat
C:\o9OSU.bat
C:\oCjQj1dd.bat
C:\OcN3AsD.bat
C:\OcN3AsD2.bat
C:\OKTRHBAm.bat
C:\oOakP.bat
C:\OPrJWEL.bat
C:\OSxXZ.bat
C:\OSxXZ2.bat
C:\OVgL.bat
C:\OwDtG.bat
C:\OX2VTyyW.bat
C:\oyhNFlOp.bat
C:\oyhNFlOp2.bat
C:\OyXzit.exe
C:\OzHGlm.bat
C:\P8r6ESx.bat
C:\PaAn6b.exe
C:\PaAn6b2.exe
C:\pbk7Lfs.exe
C:\pbk7Lfs2.exe
C:\pCI2Yn.bat
C:\PLq.bat
C:\poa92.bat
C:\poa922.bat
C:\PoWKsa.bat
C:\PoWKsa2.bat
C:\pPhJzvF.bat
C:\pPhJzvF2.bat
C:\PqS.bat
C:\Pr9zJD9B.bat
C:\proxy.log
C:\proxy.log.2009.03.01
C:\pSiH20.bat
C:\Ptg22.exe
C:\puG.bat
C:\PuncsoHa.bat
C:\PuncsoHa2.bat
C:\pv7Omd.bat
C:\PvDvm4H.bat
C:\PvDvm4H2.bat
C:\pYp9.bat
C:\pZuzJYw8.bat
C:\pZuzJYw82.bat
C:\q1YQnb.bat
C:\Q4EHA.bat
C:\q57k.bat
C:\Qay.bat
C:\qCF4o.bat
C:\qCJ.bat
C:\QJuVRhX.bat
C:\QnqUSq6m.bat
C:\qpOGafWe.bat
C:\QQw6KWu.bat
C:\QQw6KWu2.bat
C:\Qryyl.bat
C:\qs90.bat
C:\QvWO0o.exe
C:\QvWO0o2.exe
C:\qybT.bat
C:\R1DtT.bat
C:\REu.bat
C:\rgs.bat
C:\rgs2.bat
C:\Ri5HgQSW.bat
C:\rJkPiM.bat
C:\RkZ0.bat
C:\rLO.bat
C:\rLO2.bat
C:\Rsy.bat
C:\RXHr.bat
C:\RXHr2.bat
C:\RXPg.bat
C:\S1tO.exe
C:\S1tO2.exe
C:\s9kTqw18.bat
C:\s9rLQV0K.bat
C:\SadaT2GR.bat
C:\SadaT2GR2.bat
C:\sDJs0Two.bat
C:\Se6d6.bat
C:\SeZPnIr4.bat
C:\sfv.bat
C:\sHOjCin.bat
C:\ShU.bat
C:\Sjt.bat
C:\Sjt2.bat
C:\skCEDaz.bat
C:\sKCEpW1.bat
C:\slO.exe
C:\slO2.exe
C:\sm0ZBuW.bat
C:\soI3yH.bat
C:\sRFQC.bat
C:\svc10
C:\svc11
C:\SviISQ.bat
C:\SviISQ2.bat
C:\swndGc.bat
C:\swndGc2.bat
C:\SxgA28.bat
C:\syD.bat
C:\T9Gn9NV1.exe
C:\T9Gn9NV12.exe
C:\t9L.bat
C:\tC19.bat
C:\tC192.bat
C:\Tcqb.exe
C:\TcXoIaz.bat
C:\TcXoIaz2.bat
C:\TdV.bat
C:\teGg2rnV.bat
C:\teGg2rnV2.bat
C:\TER.bat
C:\TER2.bat
C:\TfxhQ.bat
C:\tHh.bat
C:\tlnq.bat
C:\TlpSx8.bat
C:\tMNp.bat
C:\Tni.exe
C:\Tni2.exe
C:\tP81Jh2m.bat
C:\tTt0.bat
C:\tTt02.bat
C:\TUGQK0fo.bat
C:\turoD0.bat
C:\tUy4jp.bat
C:\twiZS0MV.bat
C:\u1CWeQ.bat
C:\u1IXAT.exe
C:\U1Z.bat
C:\U1Z2.bat
C:\u4B.bat
C:\u4d.bat
C:\uCz.bat
C:\UFtBjdRP.bat
C:\ULBUp6Q.exe
C:\ULBUp6Q2.exe
C:\UMbk.bat
C:\uQmTBXA3.exe
C:\UTuhk.bat
C:\UutrnS2C.bat
C:\UZQxOMn8.bat
C:\v7KX9t.bat
C:\vAMt.exe
C:\vAMt2.exe
C:\VGh0NAT.bat
C:\VILA.bat
C:\vJb.bat
C:\vJXG.exe
C:\vJXG2.exe
C:\VKAKcD.bat
C:\vkd.exe
C:\vl2qOuo.bat
C:\Vnkx.bat
C:\vnypCjGl.bat
C:\vRy1.bat
C:\VTCk.bat
C:\VTCk2.bat
C:\VUrl.bat
C:\VUrl2.bat
C:\VyktLf9Y.bat
C:\VyktLf9Y2.bat
C:\VzpIrMq.exe
C:\VzpIrMq2.exe
C:\W02Kz.bat
C:\W1U.bat
C:\W7A.exe
C:\W7A2.exe
C:\W9RK.bat
C:\W9RK2.bat
C:\wa8AjGe.bat
c:\windows\system32\drivers\wggfaig.sys
C:\Wj0P6.bat
C:\wJol.bat
C:\wkmiCXE8.bat
C:\wm4QfVW.bat
C:\wPkPuzGH.bat
C:\wpuFSY.bat
C:\wpuFSY2.bat
C:\WrxbC.bat
C:\wZtUKQr.bat
C:\xbUOsH.bat
C:\XCf2xl.bat
C:\xefGQlQ.bat
C:\xefGQlQ2.bat
C:\xg6j2PX.bat
C:\xg6j2PX2.bat
C:\Xhwm7goO.exe
C:\Xhwm7goO2.exe
C:\xIK2CJo.bat
C:\Xip14.bat
C:\XiVbWkuK.bat
C:\Xlkq3.exe
C:\Xlkq32.exe
C:\XNbkzC.bat
C:\XojwoS.bat
C:\xP2zM.bat
C:\xsd.bat
C:\xSQSm3y.bat
C:\y71XbAV.bat
C:\yaP.exe
C:\yaP2.exe
C:\YAPWUGT.exe
C:\yb5.exe
C:\ybt.exe
C:\ybt2.exe
C:\YC1SBzN.bat
C:\YH86.bat
C:\Ylin.bat
C:\yNe.exe
C:\yNe2.exe
C:\YnjUgtOL.bat
C:\YnjUgtOL2.bat
C:\Yo92Z.bat
C:\yTpiQ.exe
C:\Yvl.bat
C:\yXB5.bat
C:\yXB52.bat
C:\Z1o.exe
C:\z3o.bat
C:\z3o2.bat
C:\ZAq.bat
C:\ZAq2.bat
C:\zC2Xto.bat
C:\zcKQeBTk.bat
C:\ZEcqnRu.bat
C:\ZEcqnRu2.bat
C:\zePHC.bat
C:\zePHC2.bat
C:\zfVUov.bat
C:\zG0VWh.bat
C:\ZIe9rqE.bat
C:\ZjCXCy.bat
C:\zKlkjDl.bat
C:\ZqBgDoF.bat
C:\zrT.bat
C:\ZUS3.bat
C:\zW8hbk4W.bat
C:\ZxN9.bat
C:\zzcHjyOe.bat
C:\zzcHjyOe2.bat
C:\zzz6egh.bat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\a5c3t.bat
C:\A5Gi.bat
C:\A6c.bat
C:\A72tEh.bat
C:\a8wi4Z.bat
C:\AGBALsr.bat
C:\AIX2.bat
C:\AKiP.bat
C:\AKiP2.bat
C:\ANGOIYh.bat
C:\AxN5Lv.bat
C:\AYNEZ08.bat
C:\BAXeXg8.bat
C:\Bb2vQH65.bat
C:\bbm.bat
C:\bbm2.bat
C:\bc1sasDR.exe
C:\bctBA8B.bat
C:\BDffy.bat
C:\bdShK7e.bat
C:\bFyt.bat
C:\BgbH.bat
C:\bGya5h.bat
C:\bGya5h2.bat
C:\bHmsb.bat
C:\bHmsb2.bat
C:\bK8xmu.bat
C:\bK8xmu2.bat
C:\bmV.bat
C:\bmV2.bat
C:\BNeGRJ.bat
C:\BNeGRJ2.bat
C:\bNXQ4cT3.bat
C:\boHZD.bat
C:\boTC3.bat
C:\boTC32.bat
C:\bra.bat
C:\bTM9lEZ.bat
C:\bTnwkD2.exe
C:\bVDIEX.bat
C:\BvTz.bat
C:\BvTz2.bat
C:\CIalQ1.bat
C:\cJDlS.bat
C:\cJDlS2.bat
C:\cLqx.bat
C:\cLqx2.bat
C:\cmyT2.exe
C:\cnme.bat
C:\COR2.exe
C:\cR0.bat
C:\csPPD.exe
C:\csPPD2.exe
C:\cTMQULVR.bat
C:\cYA.bat
C:\cYBN.bat
C:\cYBN2.bat
C:\CzQC6Sq.bat
C:\d3A.bat
C:\d7e0gXA2.bat
C:\DDwA7Xob.bat
C:\DfeDolk.bat
C:\dhRD04Xo.exe
C:\dlR.bat
C:\dM4SOqRk.bat
C:\dMA.bat
C:\DNs.bat
C:\DNs2.bat
C:\DnyoUBGy.bat
C:\dqtfGXG.bat
C:\dSa2.bat
C:\duXo.bat
C:\duXo2.bat
C:\dwNqt.bat
C:\dwNqt2.bat
C:\dyWuy22.exe
C:\DYyb6Xh.bat
C:\e0VGIO.bat
C:\e2HY.bat
C:\e5Kx.bat
C:\e87v4b.bat
C:\Eaz.bat
C:\Eaz2.bat
C:\eE1X.bat
C:\EF4.bat
C:\EjPu.bat
C:\EjPu2.bat
C:\eMgiESd.bat
C:\eR9iq7cz.exe
C:\eR9iq7cz2.exe
C:\EuQlh.bat
C:\EVqbnI.bat
C:\F0vg.bat
C:\f6Gpln.bat
C:\Fbgi.bat
C:\fCPo9k8.bat
C:\FgPD.bat
C:\FKGVniz.bat
C:\FmZFQK9.bat
C:\FmZFQK92.bat
C:\FQj2N.bat
C:\fqter.exe
C:\fqter2.exe
C:\FRaEdI9t.bat
C:\FRaEdI9t2.bat
C:\frkYO.bat
C:\furGEZMN.exe
C:\furGEZMN2.exe
C:\fYVdb.bat
C:\FzP9.bat
C:\G06j0.bat
C:\G3HrXkeB.bat
C:\G3HrXkeB2.bat
C:\g43iV.bat
C:\g43iV2.bat
C:\G5GV.bat
C:\GBWb.bat
C:\GDN.bat
C:\GEVF9onH.bat
C:\gfcPfpSs.bat
C:\GGil79e.bat
C:\GHZ.bat
C:\giw.bat
C:\Gke.bat
C:\glBDgP.bat
C:\GlFKzbj.bat
C:\Gp9a.bat
C:\gy0.bat
C:\gy02.bat
C:\GyaXJW.bat
C:\GyIzG.bat
C:\GyIzG2.bat
C:\GYzU7I.exe
C:\GYzU7I2.exe
C:\GzCUJX.bat
C:\h0Fv.bat
C:\H0YNJrj72.exe
C:\H2YR54.bat
C:\H75nD.bat
C:\hCCAbDrT.bat
C:\hGSUjh.bat
C:\hGSUjh2.bat
C:\HHSs2.exe
C:\HikrmD.bat
C:\HikrmD2.bat
C:\hMYQbigQ.bat
C:\hNzwU.exe
C:\HOg.bat
C:\hqrg.bat
C:\hRXmW.bat
C:\HtkPO.bat
C:\HxL.bat
C:\HxL2.bat
C:\HYS9MfV.bat
C:\HYySzvNE.bat
C:\HYySzvNE2.bat
C:\HZF.bat
C:\HZl.bat
C:\HZl2.bat
C:\I1ejRAJ.bat
C:\I1ejRAJ2.bat
C:\i2H6X.bat
C:\i2s.bat
C:\i5QqBjc.bat
C:\ibbA0sK.bat
C:\ibUd3.bat
C:\ife6lrfl.bat
C:\ife6lrfl2.bat
C:\ifKaH.bat
C:\ige2d.bat
C:\Igi.bat
C:\igwRcZ.bat
C:\igwRcZ2.bat
C:\iI0X9.bat
C:\IJ5IJRL22.exe
C:\iJHsX.exe
C:\ijNGdOz.bat
C:\ikU0Qi.bat
C:\ikU0Qi2.bat
C:\Imd3TrrF.bat
C:\Imd3TrrF2.bat
C:\IOVO.bat
C:\ipb5r68Y.bat
C:\ipmeIPoT.bat
C:\irit.exe
C:\Irrb.exe
C:\Irrb2.exe
C:\iS41m.bat
C:\itm22.exe
C:\IUWF7Lx.bat
C:\IUWF7Lx2.bat
C:\iZS9W4.bat
C:\j0qi.bat
C:\j0qi2.bat
C:\J3De0P.bat
C:\J3De0P2.bat
C:\J3i30Ykw.exe
C:\J3i30Ykw2.exe
C:\J4N.bat
C:\J4X8DF.exe
C:\J57.bat
C:\j8a8.bat
C:\j8a82.bat
C:\J8B.bat
C:\J9L7.bat
C:\jA8QHQ6.exe
C:\jBuT56I.bat
C:\jBzaZ.exe
C:\jCA.bat
C:\JHVF6.bat
C:\JHVF62.bat
C:\jLrQQSN.bat
C:\JNH.bat
C:\JPBryJ.bat
C:\jPHJi.bat
C:\jPm1U.bat
C:\jQ3KPdb.bat
C:\jQ3KPdb2.bat
C:\jUb.bat
C:\jUb2.bat
C:\JuBL.bat
C:\Jv10.bat
C:\JWmKK2.exe
C:\JxbiW.bat
C:\k1DJnp.bat
C:\K4x4.bat
C:\K4x42.bat
C:\K7wAb8q.bat
C:\K7wAb8q2.bat
C:\Kap.bat
C:\KBC6.bat
C:\KbYuGUd.bat
C:\KhrCpC.bat
C:\Kjcg7Ubl.bat
C:\kjRLTHI.bat
C:\kjUqxy1.bat
C:\KKGEL.bat
C:\KKGEL2.bat
C:\kMi.bat
C:\kUs.bat
C:\kVeWsVO.bat
C:\kVeWsVO2.bat
C:\KWOTVGEX.bat
C:\KWOTVGEX2.bat
C:\kz0A.bat
C:\kZkIlS.bat
C:\kZkIlS2.bat
C:\l565.bat
C:\l5652.bat
C:\L7rE5.bat
C:\l8bCNJbi.exe
C:\l8bCNJbi2.exe
C:\lAndtAf6.bat
C:\lC8.bat
C:\lc87.exe
C:\LISlzG.bat
C:\LiufxL2l.bat
C:\LiufxL2l2.bat
C:\LnhO.bat
C:\LNJ5CfL.bat
C:\LO3Pn.exe
C:\lQvfM.bat
C:\LRy62.exe
C:\lUU8HkTB.bat
C:\LWm2.exe
C:\lwnzEkBB.bat
C:\M6M.exe
C:\M6M2.exe
C:\m9m8iw.bat
C:\MBfEt.bat
C:\MbK06g0.bat
C:\MHY.bat
C:\MkH6MAyx.bat
C:\Ml352.exe
C:\Mm3Wfs.bat
C:\mpGZMrYl.bat
C:\MQtMCsS.bat
C:\MTCJW1A.exe
C:\MTCJW1A2.exe
C:\MYc.exe
C:\MYc2.exe
C:\MymXnThr.bat
C:\n0zEVp.exe
C:\n0zEVp2.exe
C:\n4w.exe
C:\n4w2.exe
C:\nCxexo.bat
C:\Ndg0BLhb.bat
C:\nDHO.bat
C:\nExj01.exe
C:\nExj012.exe
C:\Nft3WPe.bat
C:\nhfbU.bat
C:\nhfbU2.bat
C:\nHN5Q2f.bat
C:\NkuGMt.bat
C:\nX72e6.bat
C:\nX72e62.bat
C:\O5LtxE.bat
C:\O5LtxE2.bat
C:\O5uw0.bat
C:\O6Fkr4.bat
C:\O8fKY.bat
C:\o9OSU.bat
C:\oCjQj1dd.bat
C:\OcN3AsD.bat
C:\OcN3AsD2.bat
C:\OKTRHBAm.bat
C:\oOakP.bat
C:\OPrJWEL.bat
C:\OSxXZ.bat
C:\OSxXZ2.bat
C:\OVgL.bat
C:\OwDtG.bat
C:\OX2VTyyW.bat
C:\oyhNFlOp.bat
C:\oyhNFlOp2.bat
C:\OyXzit.exe
C:\OzHGlm.bat
C:\P8r6ESx.bat
C:\PaAn6b.exe
C:\PaAn6b2.exe
C:\pbk7Lfs.exe
C:\pbk7Lfs2.exe
C:\pCI2Yn.bat
C:\PLq.bat
C:\poa92.bat
C:\poa922.bat
C:\PoWKsa.bat
C:\PoWKsa2.bat
C:\pPhJzvF.bat
C:\pPhJzvF2.bat
C:\PqS.bat
C:\Pr9zJD9B.bat
C:\proxy.log.2009.03.01
C:\pSiH20.bat
C:\Ptg22.exe
C:\puG.bat
C:\PuncsoHa.bat
C:\PuncsoHa2.bat
C:\pv7Omd.bat
C:\PvDvm4H.bat
C:\PvDvm4H2.bat
C:\pYp9.bat
C:\pZuzJYw8.bat
C:\pZuzJYw82.bat
C:\q1YQnb.bat
C:\Q4EHA.bat
C:\q57k.bat
C:\Qay.bat
C:\qCF4o.bat
C:\qCJ.bat
C:\QJuVRhX.bat
C:\QnqUSq6m.bat
C:\qpOGafWe.bat
C:\QQw6KWu.bat
C:\QQw6KWu2.bat
C:\Qryyl.bat
C:\qs90.bat
C:\QvWO0o.exe
C:\QvWO0o2.exe
C:\qybT.bat
C:\R1DtT.bat
C:\REu.bat
C:\rgs.bat
C:\rgs2.bat
C:\Ri5HgQSW.bat
C:\rJkPiM.bat
C:\RkZ0.bat
C:\rLO.bat
C:\rLO2.bat
C:\Rsy.bat
C:\RXHr.bat
C:\RXHr2.bat
C:\RXPg.bat
C:\S1tO.exe
C:\S1tO2.exe
C:\s9kTqw18.bat
C:\s9rLQV0K.bat
C:\SadaT2GR.bat
C:\SadaT2GR2.bat
C:\sDJs0Two.bat
C:\Se6d6.bat
C:\SeZPnIr4.bat
C:\sfv.bat
C:\sHOjCin.bat
C:\ShU.bat
C:\Sjt.bat
C:\Sjt2.bat
C:\skCEDaz.bat
C:\sKCEpW1.bat
C:\slO.exe
C:\slO2.exe
C:\sm0ZBuW.bat
C:\soI3yH.bat
C:\sRFQC.bat
C:\svc
c:\svc\svc.bat
c:\svc\svc.cfg
C:\svc10
C:\svc11
C:\SviISQ.bat
C:\SviISQ2.bat
C:\swndGc.bat
C:\swndGc2.bat
C:\SxgA28.bat
C:\syD.bat
C:\T9Gn9NV1.exe
C:\T9Gn9NV12.exe
C:\t9L.bat
C:\tC19.bat
C:\tC192.bat
C:\Tcqb.exe
C:\TcXoIaz.bat
C:\TcXoIaz2.bat
C:\TdV.bat
C:\teGg2rnV.bat
C:\teGg2rnV2.bat
C:\TER.bat
C:\TER2.bat
C:\TfxhQ.bat
C:\tHh.bat
C:\tlnq.bat
C:\TlpSx8.bat
C:\tMNp.bat
C:\Tni.exe
C:\Tni2.exe
C:\tP81Jh2m.bat
C:\tTt0.bat
C:\tTt02.bat
C:\TUGQK0fo.bat
C:\turoD0.bat
C:\tUy4jp.bat
C:\twiZS0MV.bat
C:\u1CWeQ.bat
C:\u1IXAT.exe
C:\U1Z.bat
C:\U1Z2.bat
C:\u4B.bat
C:\u4d.bat
C:\uCz.bat
C:\UFtBjdRP.bat
C:\ULBUp6Q.exe
C:\ULBUp6Q2.exe
C:\UMbk.bat
C:\uQmTBXA3.exe
C:\UTuhk.bat
C:\UutrnS2C.bat
C:\UZQxOMn8.bat
C:\v7KX9t.bat
C:\vAMt.exe
C:\vAMt2.exe
C:\VGh0NAT.bat
C:\VILA.bat
C:\vJb.bat
C:\vJXG.exe
C:\vJXG2.exe
C:\VKAKcD.bat
C:\vkd.exe
C:\vl2qOuo.bat
C:\Vnkx.bat
C:\vnypCjGl.bat
C:\vRy1.bat
C:\VTCk.bat
C:\VTCk2.bat
C:\VUrl.bat
C:\VUrl2.bat
C:\VyktLf9Y.bat
C:\VyktLf9Y2.bat
C:\VzpIrMq.exe
C:\VzpIrMq2.exe
C:\W02Kz.bat
C:\W1U.bat
C:\W7A.exe
C:\W7A2.exe
C:\W9RK.bat
C:\W9RK2.bat
C:\wa8AjGe.bat
C:\Wj0P6.bat
C:\wJol.bat
C:\wkmiCXE8.bat
C:\wm4QfVW.bat
C:\wPkPuzGH.bat
C:\wpuFSY.bat
C:\wpuFSY2.bat
C:\WrxbC.bat
C:\wZtUKQr.bat
C:\xbUOsH.bat
C:\XCf2xl.bat
C:\xefGQlQ.bat
C:\xefGQlQ2.bat
C:\xg6j2PX.bat
C:\xg6j2PX2.bat
C:\Xhwm7goO.exe
C:\Xhwm7goO2.exe
C:\xIK2CJo.bat
C:\Xip14.bat
C:\XiVbWkuK.bat
C:\Xlkq3.exe
C:\Xlkq32.exe
C:\XNbkzC.bat
C:\XojwoS.bat
C:\xP2zM.bat
C:\xsd.bat
C:\xSQSm3y.bat
C:\y71XbAV.bat
C:\yaP.exe
C:\yaP2.exe
C:\YAPWUGT.exe
C:\yb5.exe
C:\ybt.exe
C:\ybt2.exe
C:\YC1SBzN.bat
C:\YH86.bat
C:\Ylin.bat
C:\yNe.exe
C:\yNe2.exe
C:\YnjUgtOL.bat
C:\YnjUgtOL2.bat
C:\Yo92Z.bat
C:\yTpiQ.exe
C:\Yvl.bat
C:\yXB5.bat
C:\yXB52.bat
C:\Z1o.exe
C:\z3o.bat
C:\z3o2.bat
C:\ZAq.bat
C:\ZAq2.bat
C:\zC2Xto.bat
C:\zcKQeBTk.bat
C:\ZEcqnRu.bat
C:\ZEcqnRu2.bat
C:\zePHC.bat
C:\zePHC2.bat
C:\zfVUov.bat
C:\zG0VWh.bat
C:\ZIe9rqE.bat
C:\ZjCXCy.bat
C:\zKlkjDl.bat
C:\ZqBgDoF.bat
C:\zrT.bat
C:\ZUS3.bat
C:\zW8hbk4W.bat
C:\ZxN9.bat
C:\zzcHjyOe.bat
C:\zzcHjyOe2.bat
C:\zzz6egh.bat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_lucjfb


((((((((((((((((((((((((( Files Created from 2009-02-13 to 2009-03-13 )))))))))))))))))))))))))))))))
.

2009-03-12 21:23 . 2009-03-12 21:33 <DIR> d-------- c:\documents and settings\Administrator.HAYTER-A18A2C97.000\DoctorWeb
2009-03-12 21:19 . 2009-03-12 21:23 <DIR> d-------- c:\documents and settings\Administrator.HAYTER-A18A2C97.000
2009-03-11 21:00 . 2009-03-11 21:00 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-11 21:00 . 2009-03-11 21:00 <DIR> d-------- c:\documents and settings\mom\Application Data\Malwarebytes
2009-03-11 21:00 . 2009-03-11 21:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-11 21:00 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-11 21:00 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-11 14:44 . 2009-03-11 14:47 <DIR> d-------- C:\Lop SD
2009-03-06 13:54 . 2009-03-06 13:56 4,344 --a------ C:\Ls92.exe
2009-03-06 13:47 . 2009-03-06 13:47 8,150 --a------ C:\mvagP.bat
2009-03-03 21:27 . 2009-03-03 21:27 <DIR> d-------- c:\program files\Trend Micro
2009-03-03 21:25 . 2009-03-03 21:27 <DIR> d-------- C:\hjt
2009-03-02 01:00 . 2009-03-02 01:00 0 --a------ C:\proxy.log.2009.03.02
2009-02-28 17:34 . 2009-03-01 01:00 3,576 --a------ C:\proxy.log.2009.02.28
2009-02-28 16:00 . 2009-01-20 09:35 <DIR> d-------- c:\program files\Maxis
2009-02-20 00:40 . 2009-03-12 06:44 54,156 --ah----- c:\windows\QTFont.qfn
2009-02-20 00:40 . 2009-02-20 00:40 1,409 --a------ c:\windows\QTFont.for
2009-02-17 17:28 . 2009-03-06 23:20 <DIR> d-------- c:\documents and settings\mom\Application Data\U3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-13 21:50 --------- d-----w c:\program files\Steam
2009-03-11 17:58 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-03-09 02:31 --------- d-----w c:\program files\BitComet
2009-03-01 02:10 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-27 14:37 --------- d-----w c:\documents and settings\mom\Application Data\LimeWire
2009-02-22 01:28 --------- d-----w c:\program files\StepMania
2009-02-08 06:25 --------- d-----w c:\program files\Shockwave.com
2009-01-31 00:13 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-31 00:13 --------- d-----w c:\documents and settings\All Users\Application Data\Age of Empires 3
2009-01-30 23:42 --------- d-----w c:\program files\Microsoft Games
2009-01-23 21:45 --------- d-----w c:\program files\Kap.SATr
2009-01-23 03:30 --------- d-----w c:\documents and settings\mom\Application Data\My The Lord of the Rings, The Rise of the Witch-king Files
2009-01-21 00:18 --------- d-----w c:\program files\Electronic Arts
2009-01-17 02:42 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-10 01:42 31 ----a-w c:\documents and settings\mom\jagex_runescape_preferences.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam "= "c:\program files\steam\steam.exe" [2008-10-07 1410296]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Yahoo! Pager "= "c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"NeroFilterCheck "= "c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-07 185896]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-01-31 385024]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2008-08-17 1232152]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"ATICCC "= "c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"nwiz "= "nwiz.exe" [2007-10-04 c:\windows\system32\nwiz.exe]
"CTHelper "= "CTHELPER.EXE" [2006-08-11 c:\windows\CTHELPER.EXE]
"CTxfiHlp "= "CTXFIHLP.EXE" [2006-08-11 c:\windows\system32\CTXFIHLP.EXE]

c:\documents and settings\mom\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-07-17 106496]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop "= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\\Program Files\\Steam\\Steam.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\BitComet\\BitComet.exe "=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD "=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Gold\\Civilization4.exe "=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Gold\\Warlords\\Civ4Warlords.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
"c:\\Program Files\\Microsoft Games\\Combat Flight Simulator\\COMBATFS.EXE "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\PopCap Games\\Typer Shark Deluxe\\WinTS.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\Program Files\\Electronic Arts\\The Lord of the Rings, The Rise of the Witch-king\\game.dat "=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe "=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe "=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7715:TCP "= 7715:TCP:BitCometBeta 7715 TCP
"7715:UDP "= 7715:UDP:BitCometBeta 7715 UDP

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-08-17 96520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-17 231192]
S3 mgau;mgau;c:\windows\system32\drivers\mgaum.sys [2009-01-08 320384]
S3 PCnetHL;AMD PCnet-Home Adapter Driver;c:\windows\system32\DRIVERS\pcntn5hl.sys --> c:\windows\system32\DRIVERS\pcntn5hl.sys [?]
S3 XPAD910;XPADFilter Service 910;c:\windows\system32\drivers\xpad910.sys [2008-09-10 29405]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8fc89fb-fbc4-11dd-b5d7-00301b3a532e}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\mom\Application Data\Mozilla\Firefox\Profiles\c9cxfovx.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - component: c:\documents and settings\mom\Application Data\Mozilla\Firefox\Profiles\c9cxfovx.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\wildblue.js - pref( "network.proxy.type ", 2);
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-13 16:49:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1123561945-343818398-725345543-1003\Software\SecuROM\License information*]
"datasecu "=hex:01,0d,ff,c3,ff,c1,98,3c,1f,c0,bf,0a,51,aa,b5,fc,17,03,aa,ad,bb,
83,93,9b,b1,bb,e0,8c,54,12,1b,20,f8,68,d9,21,cd,ec,78,13,2b,de,11,10,43,c8,\
"rkeysecu "=hex:c5,61,7a,13,89,99,85,1c,32,8f,0c,85,3d,dd,17,c8
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\agrsmsvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wscntfy.exe
c:\program files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2009-03-13 16:53:32 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-13 21:53:30
ComboFix2.txt 2009-03-12 00:36:28
ComboFix3.txt 2009-03-11 18:34:54
ComboFix4.txt 2009-03-10 03:01:31
ComboFix5.txt 2009-03-13 21:42:44

Pre-Run: 64,668,680,192 bytes free
Post-Run: 64,651,771,904 bytes free

1272 --- E O F --- 2008-11-13 09:05:15