Infected with unknown malware/trojan

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Want a New HP LaserJet MFP? Trade in your old printer and receive $1,000 in savings!
Trade in your old printer and receive up to $1,000 in saving on a new HP LaserJet Multifunction Printer. Click here for savings!

BleepingComputer.com > Security > Virus, Trojan, Spyware, and Malware Removal Logs

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

DO NOT RUN ComboFix unless requested to.

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

3 Pages

< 1 2 3 >

Infected with unknown malware/trojan, Infection creates processes with spaces in the name

Options

syler View Member Profile	Jan 29 2010, 10:43 AM Post #16
Forum Addict Group: Malware Response Team Posts: 7,896 Joined: 7-November 07 From: Warrington, UK Member No.: 168,228	Hi Mike, My day was fine thanks, it looks like we have finally got rid of the infection, but it may have caused some problems with some of your programs, so they may need to be reinstalled. Let me know if you notice any problems with any programs, especially your AV McAfee which doesn't appear to be running. 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it: CODE RenV c:\program files\Adobe\acrotray .exe c:\program files\Analog Devices\Core\smax4pnp .exe c:\program files\Common Files\Microsoft Shared\DW\dwtrig20 .exe c:\program files\Dell\Media Experience\pcmservice .exe c:\program files\Dell Photo AIO Printer 922\dlbtbmgr .exe c:\program files\DellSupport\dsagnt .exe c:\program files\EarthLink TotalAccess\taskpanl .exe c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe c:\program files\Java\jre1.6.0_07\bin\jusched .exe c:\program files\McAfee.com\Agent\mcagent .exe c:\program files\McAfee.com\Agent\mcupdate .exe c:\program files\McAfee.com\Personal Firewall\mpftray .exe c:\program files\McAfee.com\VSO\mcmnhdlr .exe c:\program files\McAfee.com\VSO\mcvsshld .exe c:\program files\Messenger\msmsgs .exe c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask .exe c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray .exe c:\program files\Real\RealPlayer\realplay .exe c:\windows\SYSTEM32\hkcmd .exe c:\windows\SYSTEM32\igfxpers .exe c:\windows\SYSTEM32\igfxtray .exe Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update: Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop. Look for "JDK 6 Update 18 (JDK or JRE)". Click the "Download JRE" button to the right. Select your Platform: "Windows". Select your Language: "Multi-language". Read the License Agreement, and then check the box that says: "Accept License Agreement". Click Continue and the page will refresh. Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u18-windows-i586.exe to install the newest version. If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator. When the Java Setup - Welcome window opens, click the Install > button. If offered to install a Toolbar, just uncheck the box before continuing unless you want it. -- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually. -- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version. Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer. Please do a scan with ESET OnlineScan Note: If you run this in a browser other than IE you will be asked to download and install esetsmartinstaller_enu.exe Click the button. Check Click the button. Accept any security warnings from your browser and allow it to install the ActiveX control. Check Push the Start button. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. When the scan completes, push Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. Push the button. Push Then in your next reply, please let me know if you are having any more problems and post back here with the following logs: combofix.txt Eset report Thanks -------------------- If I have helped you, and you would like to make a donation to me, click here

crumpms View Member Profile	Jan 30 2010, 02:33 PM Post #17
Member Group: Members Posts: 16 Joined: 16-January 10 Member No.: 435,752	syler, I've been running the system for a little while this morning and it seems to be clean and running smoothly now. Thanks so much for your help on this. I've never had one this infected before. Here are the two log files you requested. Mike ************************************************************************************ ************************************************************************************ ComboFix 10-01-26.02 - Cecilia 01/29/2010 20:12:39.4.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.295 [GMT -6:00] Running from: c:\documents and settings\Cecilia\Desktop\ComboFix.exe Command switches used :: e:\bleeping computer\1_29\CFScript.txt FW: McAfee Personal Firewall Plus disabled {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\adobe\acrotray.exe . ((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-30 ))))))))))))))))))))))))))))))) . 2010-01-26 02:35 . 2010-01-26 02:35 -------- d-----w- C:\_OTM 2010-01-26 02:28 . 2010-01-26 02:29 -------- d-----w- c:\program files\ERUNT 2010-01-24 18:32 . 2010-01-24 18:32 4232816 ----a-w- c:\temp\mbam-rules.exe 2010-01-24 18:27 . 2010-01-25 04:22 -------- d-----w- C:\rsit 2010-01-24 13:23 . 2010-01-24 13:18 293376 ----a-w- c:\temp\bhsegjts.exe 2010-01-16 14:36 . 2010-01-16 14:37 -------- d-----w- c:\windows\ERUNT 2010-01-16 05:16 . 2010-01-16 05:16 -------- d-----w- c:\documents and settings\Cecilia\Local Settings\Application Data\Sophos 2010-01-16 04:53 . 2010-01-16 05:46 -------- d-----w- c:\documents and settings\Cecilia\Application Data\SUPERAntiSpyware.com 2010-01-16 01:06 . 2010-01-16 01:06 -------- d-----w- c:\documents and settings\Cecilia\Local Settings\Application Data\Adobe 2010-01-16 01:06 . 2010-01-16 01:06 -------- d-----w- c:\documents and settings\Cecilia\Application Data\AdobeUM 2010-01-16 01:03 . 2010-01-16 01:03 -------- d-----w- c:\documents and settings\Cecilia\Application Data\Malwarebytes 2010-01-02 04:13 . 2010-01-16 01:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\ixrhdn 2010-01-02 03:15 . 2010-01-02 03:15 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe 2010-01-02 03:15 . 2010-01-02 03:15 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll 2010-01-02 03:15 . 2010-01-02 03:15 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll 2010-01-02 03:15 . 2010-01-02 03:15 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll 2010-01-02 03:15 . 2010-01-02 03:15 370744 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll 2010-01-02 03:15 . 2010-01-02 03:15 194104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll 2010-01-02 03:12 . 2010-01-16 02:00 6296864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll 2010-01-02 03:12 . 2010-01-02 03:12 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll 2010-01-02 03:12 . 2010-01-02 03:12 816272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe 2010-01-02 03:11 . 2010-01-02 03:12 822904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe 2010-01-02 03:11 . 2010-01-02 03:11 1643272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe 2010-01-02 03:11 . 2010-01-02 03:11 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe 2010-01-02 03:11 . 2010-01-02 03:11 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe 2010-01-02 02:04 . 2010-01-02 02:04 -------- dc----w- c:\windows\system32\DRVSTORE 2010-01-02 02:04 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-01-02 02:04 . 2009-12-07 14:10 2953352 -c--a-w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe 2010-01-02 02:04 . 2010-01-02 02:04 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9} 2010-01-02 02:02 . 2010-01-02 02:02 -------- d-----w- c:\program files\Lavasoft 2010-01-02 00:11 . 2010-01-16 01:05 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-01-01 21:03 . 2009-12-01 16:53 670072 ----a-w- c:\temp\autoruns.exe 2010-01-01 21:03 . 2009-12-01 16:53 559992 ----a-w- c:\temp\autorunsc.exe 2009-12-31 03:54 . 2009-12-31 03:54 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit 2009-12-31 03:53 . 2009-12-31 03:38 8043648 ----a-w- c:\temp\is360setup130.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-30 02:12 . 2007-07-16 21:04 -------- d-----w- c:\program files\DellSupport 2010-01-30 02:12 . 2005-02-21 02:05 -------- d-----w- c:\program files\Dell Photo AIO Printer 922 2010-01-30 02:12 . 2005-02-17 23:03 -------- d-----w- c:\program files\EarthLink TotalAccess 2010-01-27 23:07 . 2009-12-28 04:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-16 04:52 . 2006-03-09 20:33 -------- d-----w- c:\documents and settings\Cecilia\Application Data\McAfee.com Personal Firewall 2010-01-07 22:07 . 2009-12-28 04:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 22:07 . 2009-12-28 04:33 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-02 02:02 . 2009-12-26 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-12-29 16:42 . 2009-12-29 16:42 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2009-12-29 16:42 . 2009-12-29 15:30 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-12-29 16:37 . 2009-12-29 16:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-12-29 15:29 . 2009-12-29 15:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com 2009-12-29 04:28 . 2009-12-29 04:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos 2009-12-29 00:28 . 2009-12-29 00:28 52224 ----a-w- c:\documents and settings\Keith\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2009-12-29 00:28 . 2009-12-28 20:59 117760 ----a-w- c:\documents and settings\Keith\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-12-28 20:58 . 2009-12-28 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-12-28 20:58 . 2009-12-28 20:58 -------- d-----w- c:\documents and settings\Keith\Application Data\SUPERAntiSpyware.com 2009-12-28 04:55 . 2009-12-28 04:55 -------- d-----w- c:\program files\Trend Micro 2009-12-28 04:33 . 2009-12-28 04:33 -------- d-----w- c:\documents and settings\Keith\Application Data\Malwarebytes 2009-12-28 04:33 . 2009-12-28 04:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-12-26 16:18 . 2006-09-22 20:21 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-12-26 16:12 . 2006-09-22 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-12-26 15:47 . 2006-09-22 20:18 -------- d-----w- c:\documents and settings\Keith\Application Data\Lavasoft 2009-12-26 04:02 . 2007-11-13 21:46 325822 ----a-w- c:\documents and settings\All Users\Application Data\Dell\TransferAgent\transferagent.exe 2009-12-17 05:12 . 2009-12-17 05:12 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy) 2009-12-17 05:12 . 2009-12-17 05:12 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy) 2009-12-17 05:12 . 2009-12-17 05:12 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy) 2009-12-16 22:08 . 2009-12-16 22:08 -------- d-----w- c:\documents and settings\Keith\Application Data\Viewpoint 2009-12-11 13:41 . 2009-12-11 13:41 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AdobeUM 2009-11-21 16:36 . 2004-08-04 11:00 470528 ----a-w- c:\windows\AppPatch\aclayers.dll . ((((((((((((((((((((((((((((( SnapShot@2010-01-28_22.53.15 ))))))))))))))))))))))))))))))))))))))))) . + 1980-01-01 06:00 . 2005-09-20 15:35 94208 c:\windows\SYSTEM32\igfxtray.exe + 1980-01-01 06:00 . 2005-09-20 15:32 77824 c:\windows\SYSTEM32\hkcmd.exe + 2005-09-20 15:36 . 2005-09-20 15:36 114688 c:\windows\SYSTEM32\igfxpers.exe + 2010-01-30 02:08 . 2010-01-30 02:08 147456 c:\windows\ERDNT\AutoBackup\1-29-2010\Users\00000002\UsrClass.dat + 2010-01-30 02:08 . 2005-10-20 18:02 163328 c:\windows\ERDNT\AutoBackup\1-29-2010\ERDNT.EXE + 2010-01-30 02:08 . 2010-01-30 02:08 5246976 c:\windows\ERDNT\AutoBackup\1-29-2010\Users\00000001\NTUSER.DAT - 2010-01-28 22:42 . 2009-08-20 17:11 14120896 c:\windows\SoftwareDistribution\Download\Install\NDP1.1sp1-KB953297-X86.exe + 2009-08-10 20:09 . 2009-08-10 20:09 17254912 c:\windows\Installer\adc440.msp + 2009-08-10 20:09 . 2009-08-10 20:09 17254912 c:\windows\Installer\1d6e2.msp . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-01 425946] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "E6TaskPanel"="c:\program files\EarthLink TotalAccess\TaskPanl.exe" [2010-01-27 437174] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2010-01-27 436846] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-01-27 431314] "VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2010-01-27 462574] "MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2010-01-27 459654] "MCUpdateExe"="c:\progra~1\mcafee.com\agent\McUpdate.exe" [2010-01-27 451086] "MCAgentExe"="c:\progra~1\McAfee.com\Agent\McAgent.exe" [2010-01-27 450714] "VSOCheckTask"="c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" [2004-07-01 139264] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928] "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-02-06 26112] "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816] "MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-09-14 131072] "mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 53248] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-06-18 290816] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10b.exe" [2009-02-03 240544] c:\documents and settings\Darlene\Start Menu\Programs\Startup\ Greetings Workshop Reminders.lnk - c:\program files\Greetings Workshop\GWREMIND.EXE [1997-9-4 50688] c:\documents and settings\Cecilia\Start Menu\Programs\Startup\ ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912] c:\documents and settings\All Users\Start Menu\Programs\Startup\ America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2005-2-6 156784] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-2-6 24576] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2009-06-17 21:17 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [1/1/2010 8:04 PM 64288] S3 NaiFiltr;NaiFiltr;c:\windows\SYSTEM32\DRIVERS\NaiFiltr.sys [2/6/2005 12:38 AM 23296] S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 7:19 AM 1181328] . Contents of the 'Scheduled Tasks' folder 2010-01-28 c:\windows\Tasks\Ad-Aware Update (Daily 1).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 03:12] 2010-01-27 c:\windows\Tasks\Ad-Aware Update (Daily 2).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 03:12] 2010-01-27 c:\windows\Tasks\Ad-Aware Update (Daily 3).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 03:12] 2010-01-27 c:\windows\Tasks\Ad-Aware Update (Daily 4).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 03:12] 2010-01-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 03:12] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.dell4me.com/myway uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html . - - - - ORPHANS REMOVED - - - - HKLM-Run-OSCD_Creator - c:\dell\PreODM.EXE ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-29 20:18 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(644) c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll . Completion time: 2010-01-29 20:20:49 ComboFix-quarantined-files.txt 2010-01-30 02:20 ComboFix2.txt 2010-01-28 22:56 ComboFix3.txt 2010-01-27 23:14 ComboFix4.txt 2010-01-27 02:26 Pre-Run: 59,318,603,776 bytes free Post-Run: 59,277,549,568 bytes free Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4 - - End Of File - - DCF865545D82022C98E6D5AE604EF143 ********************************************************************************** ************************************************************************************ ESET log C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\transferagent.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\Program Files\Adobe\acrotray .exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\Program Files\Adobe\acrotray.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\Program Files\Analog Devices\Core\smax4pnp.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\Program Files\Common Files\Java\Java Update\jusched.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\Program Files\Common Files\Microsoft Shared\DW\dwtrig20 .exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\Program Files\Common Files\Microsoft Shared\DW\dwtrig20.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\Program Files\Dell\Media Experience\pcmservice.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\Program Files\DellSupport\dsagnt .exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\Program Files\DellSupport\dsagnt.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\Program Files\EarthLink TotalAccess\taskpanl .exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\Program Files\EarthLink TotalAccess\taskpanl.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\Program Files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\Program Files\Google\GoogleToolbarNotifier\googletoolbarnotifier.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\Program Files\Internet Explorer\wmpscfgs.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.delme55 a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\Program Files\McAfee.com\Agent\mcagent .exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\Program Files\McAfee.com\Agent\mcagent.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\Program Files\McAfee.com\Agent\mcupdate .exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\Program Files\McAfee.com\Agent\mcupdate.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\Program Files\McAfee.com\Agent\rundll32.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\Program Files\McAfee.com\Personal Firewall\mpftray .exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\Program Files\McAfee.com\Personal Firewall\mpftray.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\Program Files\McAfee.com\VSO\mcvsshld .exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\Program Files\McAfee.com\VSO\mcvsshld.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\Program Files\Messenger\msmsgs.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\Program Files\Real\RealPlayer\realplay.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\[4]-Submit_2010-01-27_17.01.07.zip a variant of Win32/TrojanDownloader.Unruy.AY trojan deleted - quarantined C:\Qoobox\Quarantine\[4]-Submit_2010-01-28_16.46.04.zip a variant of Win32/TrojanDownloader.Unruy.AY trojan deleted - quarantined C:\Qoobox\Quarantine\C\DELL\preodm.exe.vir a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Program Files\Adobe\acrotray.exe.vir a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Program Files\Analog Devices\Core\smax4pnp.exe.vir a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Program Files\COMMON~1\MICROS~1\DW\dwtrig20.exe.vir a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Program Files\Dell\Media Experience\pcmservice.exe.vir a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe.vir a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Program Files\DellSupport\dsagnt.exe.vir a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Program Files\EarthLink TotalAccess\taskpanl.exe.vir a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Program Files\Google\GoogleToolbarNotifier\googletoolbarnotifier.exe.vir a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\wmpscfgs.exe.vir a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Program Files\Java\jre1.6.0_07\bin\jusched.exe.vir a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Program Files\McAfee.com\Agent\mcagent.exe.vir a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Program Files\McAfee.com\Agent\mcupdate.exe.vir a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Program Files\McAfee.com\PERSON~1\mpftray.exe.vir a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Program Files\McAfee.com\VSO\mcmnhdlr.exe.vir a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Program Files\McAfee.com\VSO\mcvsshld.exe.vir a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Program Files\Messenger\msmsgs.exe.vir a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe.vir a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe.vir a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Program Files\Real\RealPlayer\realplay.exe.vir a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\hkcmd.exe.vir a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\igfxpers.exe.vir a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\igfxtray.exe.vir a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\crrwhd\gnudsysguard .exe.vir a variant of Win32/Injector.ALZ trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\crrwhd\gnudsysguard.exe.delme79.vir a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP10\A0004380.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP10\A0004381.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP10\A0004382.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP10\A0004383.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP10\A0004384.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP10\A0004385.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP10\A0004386.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004388.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004389.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004390.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004391.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004392.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004393.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004394.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004395.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004400.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004401.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004402.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004404.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004405.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004476.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004477.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004478.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004479.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004480.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004482.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004483.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004484.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004485.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004486.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004487.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004489.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004490.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004491.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004493.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004494.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004495.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004499.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004500.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004502.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004504.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004505.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004508.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004510.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004512.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004513.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004514.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004515.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004523.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004534.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004545.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004546.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004547.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004548.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004549.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004654.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004655.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004659.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004660.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004663.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004664.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004667.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004669.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004671.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004672.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004673.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004697.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004699.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004701.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004702.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004703.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004704.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004733.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004738.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004739.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004740.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004741.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004742.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004820.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0004822.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0004827.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0004831.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0004832.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0004833.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0004834.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0004841.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0004860.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0004861.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0004865.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0004870.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0004871.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0004872.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0004873.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0004939.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0004942.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0004943.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0004944.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0004945.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0004946.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0004947.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0004948.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0004949.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0004950.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0004955.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0004958.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0004959.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0004960.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0004961.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0004962.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0004963.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0004965.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0004966.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0005031.rbf a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0005958.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0005959.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0005960.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0005961.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0005963.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0005964.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0005966.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0005967.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP13\A0005990.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0006520.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0006971.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0006972.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0006973.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0006975.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0006977.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0006978.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0006979.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0007098.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0007099.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0007100.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0007101.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0007102.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0007103.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0007104.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0007115.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP18\A0007132.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP18\A0007133.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP18\A0007134.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP18\A0007136.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP18\A0007138.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP18\A0007139.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP18\A0007140.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP18\A0007141.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0000005.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0000006.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0000009.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0000010.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0000011.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0000012.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0000013.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0000014.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0000015.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP20\A0007147.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP20\A0007148.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP20\A0007149.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP20\A0007150.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP20\A0007152.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP20\A0007153.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP20\A0007154.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP20\A0007156.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP20\A0008147.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP20\A0008148.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP20\A0008150.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP20\A0008152.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP20\A0008153.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP20\A0008154.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP20\A0008155.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP20\A0008156.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP21\A0008161.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP21\A0008162.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP21\A0008163.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP21\A0008174.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP21\A0008175.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP21\A0008176.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP21\A0008177.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP21\A0008180.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP23\A0008197.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP23\A0008198.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP23\A0008201.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP23\A0008202.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP23\A0008203.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP24\A0008213.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP24\A0008214.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP24\A0008215.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP24\A0008216.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP24\A0008217.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP24\A0008218.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP24\A0008219.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP24\A0008220.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP24\A0008224.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP24\A0008230.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP24\A0008231.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP24\A0008232.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP24\A0008233.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP24\A0008235.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP24\A0008237.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP24\A0008238.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP26\A0008249.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP26\A0008250.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP26\A0008251.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP26\A0008252.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP26\A0008255.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP26\A0008256.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP26\A0008257.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP26\A0008258.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP26\A0008304.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP26\A0008305.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP26\A0008315.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP26\A0008316.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP26\A0008350.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP26\A0008376.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP26\A0008377.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP26\A0008379.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP26\A0008380.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP26\A0008384.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP26\A0008385.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0008453.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0008454.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0008455.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0008456.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0008457.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0008458.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0008459.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0008460.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0008554.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0008555.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0008564.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0008565.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0008566.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0008569.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0008575.exe a variant of Win32/Injector.ALZ trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0008717.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0008718.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0008720.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0008721.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0008722.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0008723.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0008724.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0008725.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0008726.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0008727.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0008728.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0008729.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0008730.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0008731.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0008732.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0008733.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0008734.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0008735.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0008736.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0008737.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0008738.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0008739.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0008740.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0008741.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0008749.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0008750.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0008752.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0008753.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0008754.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0008755.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0008756.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0008757.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0008758.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0008759.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0008760.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0008761.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0008762.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0008763.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0008764.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0008765.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0008766.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0008767.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0008768.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0008769.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0008770.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0008771.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0008772.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0008773.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0000189.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0000190.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0000214.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0001048.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0001050.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0001051.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0008774.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0008775.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0008776.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0008777.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0008778.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0008779.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0008780.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0008781.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0008782.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0008783.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0008784.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0008785.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0008786.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0008787.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0008788.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0008789.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0008790.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0008791.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0008792.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0008793.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0008794.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0008795.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0008817.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0008822.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0008970.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0009097.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0009098.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0009099.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0009100.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0009101.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0009102.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0009103.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0009104.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0009105.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0009106.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0009107.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0009108.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0009109.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0009110.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0009111.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0009112.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0009113.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0009114.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0009115.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0009116.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0009117.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0009118.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0009119.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP33\A0009120.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP33\A0009121.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP33\A0009122.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP33\A0009123.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP33\A0009124.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP33\A0009125.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP33\A0009126.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP33\A0009127.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP33\A0009128.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP33\A0009129.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP33\A0009130.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP33\A0009131.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP33\A0009132.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP33\A0009133.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP33\A0009134.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP33\A0009135.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP33\A0009136.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP33\A0009137.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP33\A0009141.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP33\A0009142.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP33\A0009143.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0009245.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0009246.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0009247.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0009248.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0009249.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0009250.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0009251.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0009252.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0009257.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0009258.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0009259.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0009260.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0009261.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0009262.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0009263.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0009264.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0009265.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0009266.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0009267.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0009281.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0009378.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP35\A0009379.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP35\A0009380.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP35\A0009381.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP35\A0009382.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP35\A0009383.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP35\A0009384.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP35\A0009385.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP35\A0009386.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP35\A0009388.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP35\A0009389.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP35\A0009390.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP35\A0009395.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP35\A0009396.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP35\A0009397.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP35\A0009398.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP35\A0009399.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP35\A0009400.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP35\A0009401.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP35\A0009463.rbf a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP35\A0009515.rbf a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP35\A0009516.rbf a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP35\A0009520.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP35\A0009521.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP35\A0009522.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP35\A0009523.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP35\A0009527.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP35\A0009528.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP35\A0009529.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP35\A0009530.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP35\A0009531.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP35\A0009532.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP36\A0009533.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP36\A0009534.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP36\A0009535.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP36\A0009536.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP36\A0009537.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP36\A0009538.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP36\A0009539.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP36\A0009540.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP36\A0009541.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP36\A0009542.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP36\A0009543.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP36\A0009544.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP36\A0009545.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP36\A0009546.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP36\A0009547.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP36\A0009548.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP36\A0009549.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP36\A0009550.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP36\A0009551.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP36\A0009552.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP36\A0009563.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP36\A0009564.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP36\A0009565.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP36\A0009566.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP36\A0009567.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP36\A0009568.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP36\A0009569.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP36\A0009570.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP36\A0009571.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP36\A0009572.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP36\A0009573.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP36\A0009574.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP36\A0009575.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP36\A0009576.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP36\A0009577.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP36\A0009578.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP36\A0009579.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP36\A0009580.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP36\A0009581.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP36\A0009582.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP36\A0009583.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP36\A0009584.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP36\A0009585.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP36\A0009586.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP36\A0009587.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP36\A0009588.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP36\A0009589.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP36\A0009590.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP36\A0009591.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP36\A0009592.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP4\A0001060.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP4\A0001061.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP4\A0001062.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP4\A0001433.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP4\A0001434.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP4\A0001438.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP4\A0001439.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0001454.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0001455.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0001464.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0001465.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0001466.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0001467.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0001468.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0001609.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0001610.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0001611.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0001612.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0001613.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0001614.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0001633.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0001634.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0001635.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0001636.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0001637.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0001644.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0001646.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0001648.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0001649.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0001651.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0001777.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0001778.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0001779.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0001780.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0002644.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0002652.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0002653.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0002654.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0002655.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0002666.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0002667.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0002668.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP6\A0002669.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0002670.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0002671.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0002672.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0002673.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0002674.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0002682.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0002684.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0002686.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0002687.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0002691.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0002692.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0002701.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0002706.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0002707.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0002708.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0002709.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0002712.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0002715.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0002716.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0002717.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0002718.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0002721.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0002724.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0002725.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0002726.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0002727.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0002835.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0002836.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0002837.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0002838.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0002839.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0002840.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP8\A0003378.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP8\A0003379.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP8\A0003380.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP8\A0003381.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP8\A0003382.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP8\A0003383.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0004340.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0004345.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0004346.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0004347.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0004348.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0004349.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0004350.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0004356.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0004359.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0004360.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0004361.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0004363.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0004365.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0004370.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0004372.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0004373.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0004375.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0004376.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0004377.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0004378.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0004379.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{EC9BF004-FA5A-4907-B003-74AEBE84209D}\RP792\A0253924.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{EC9BF004-FA5A-4907-B003-74AEBE84209D}\RP792\A0253926.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{EC9BF004-FA5A-4907-B003-74AEBE84209D}\RP792\A0253929.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{EC9BF004-FA5A-4907-B003-74AEBE84209D}\RP792\A0253930.exe a variant of Win32/TrojanDownloader.Unruy.AV trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{EC9BF004-FA5A-4907-B003-74AEBE84209D}\RP792\A0253934.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\WINDOWS\SYSTEM32\hkcmd.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\WINDOWS\SYSTEM32\igfxpers.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\WINDOWS\SYSTEM32\igfxtray.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\_OTM\MovedFiles\01252010_203524\C_Program Files\Internet Explorer\wmpscfgs .exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined C:\_OTM\MovedFiles\01252010_203524\C_Program Files\Internet Explorer\wmpscfgs.exe a variant of Win32/TrojanDownloader.Unruy.AY trojan cleaned by deleting - quarantined

syler View Member Profile	Jan 30 2010, 04:02 PM Post #18
Forum Addict Group: Malware Response Team Posts: 7,896 Joined: 7-November 07 From: Warrington, UK Member No.: 168,228	Hi, Im not sure if you are clean yet but we need to get a working AntiVirus running. McAfee doesn't appear to be working correctly so if you still have a subscription left for it then uninstall then reinstall it, if it's out of date and you don't want to keep it please install another AV. Download and install an antivirus program, and make sure that you keep it updated New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software. Two good antivirus programs free for non-commercial home use are Avast! and Antivir Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC. One you have an AV installed please run Rsit and post the new log. Thanks -------------------- If I have helped you, and you would like to make a donation to me, click here

crumpms View Member Profile	Jan 30 2010, 04:16 PM Post #19
Member Group: Members Posts: 16 Joined: 16-January 10 Member No.: 435,752	OK, I'll contact the owner today and see if they still have the installation disk for McAfee so I can reinstall it. If they don't I'll get something else on here and run a Rsit scan again. I'll post the log also. Thanks again, Mike

syler View Member Profile	Jan 30 2010, 04:22 PM Post #20
Forum Addict Group: Malware Response Team Posts: 7,896 Joined: 7-November 07 From: Warrington, UK Member No.: 168,228	ok -------------------- If I have helped you, and you would like to make a donation to me, click here

crumpms View Member Profile	Feb 1 2010, 07:47 AM Post #21
Member Group: Members Posts: 16 Joined: 16-January 10 Member No.: 435,752	syler, I got McAfee installed last night and ran a scan. It found about 8 items in a system restore point. They were quaranteened and deleted. I've just run RSIT again. Here's the log. Mike ************************************************************************** ************************************************************************** Logfile of random's system information tool 1.06 (written by random/random) Run by Cecilia at 2010-02-01 06:32:36 Microsoft Windows XP Home Edition Service Pack 2 System drive C: has 56 GB (77%) free of 73 GB Total RAM: 510 MB (43% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:37:33 AM, on 2/1/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16981) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\System32\svchost.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Documents and Settings\Cecilia\Desktop\RSIT.exe C:\Program Files\trend micro\Cecilia.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -noauth O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe (User 'Default user') O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1261854862937 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- End of file - 6321 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job C:\WINDOWS\tasks\At1.job C:\WINDOWS\tasks\At10.job C:\WINDOWS\tasks\At11.job C:\WINDOWS\tasks\At12.job C:\WINDOWS\tasks\At13.job C:\WINDOWS\tasks\At14.job C:\WINDOWS\tasks\At15.job C:\WINDOWS\tasks\At16.job C:\WINDOWS\tasks\At17.job C:\WINDOWS\tasks\At18.job C:\WINDOWS\tasks\At19.job C:\WINDOWS\tasks\At2.job C:\WINDOWS\tasks\At20.job C:\WINDOWS\tasks\At21.job C:\WINDOWS\tasks\At22.job C:\WINDOWS\tasks\At23.job C:\WINDOWS\tasks\At24.job C:\WINDOWS\tasks\At3.job C:\WINDOWS\tasks\At4.job C:\WINDOWS\tasks\At5.job C:\WINDOWS\tasks\At6.job C:\WINDOWS\tasks\At7.job C:\WINDOWS\tasks\At8.job C:\WINDOWS\tasks\At9.job C:\WINDOWS\tasks\McDefragTask.job C:\WINDOWS\tasks\McQcTask.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}] scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-11-04 62784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-27 263280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-29 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-29 79648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {BA52B914-B692-46c4-B683-905236F6F655} {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-27 263280] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"=C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe -t [] "MPFExe"=C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe [] "mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-10-29 1218008] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe /background [] "E6TaskPanel"=C:\Program Files\EarthLink TotalAccess\TaskPanl.exe -noauth [] "DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe /startup [] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist] C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2009-06-17 10536] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rootrepeal.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe::Enabled:AOL" "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe::Enabled:AOL" "C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe::Enabled:AOL" "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe::Enabled:McAfee Network Agent" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe::Enabled:AOL" "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe::Enabled:AOL" "C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL" ======List of files/folders created in the last 1 months====== 2010-01-31 21:36:49 ----D---- C:\Program Files\McAfee 2010-01-31 21:36:48 ----D---- C:\Program Files\Common Files\McAfee 2010-01-31 21:19:53 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee 2010-01-30 13:10:50 ----SHD---- C:\RECYCLER 2010-01-29 21:11:58 ----D---- C:\Program Files\ESET 2010-01-29 21:01:44 ----D---- C:\Documents and Settings\All Users\Application Data\Sun 2010-01-29 21:01:43 ----D---- C:\Program Files\Common Files\Java 2010-01-29 21:01:27 ----A---- C:\WINDOWS\system32\javaws.exe 2010-01-29 21:01:27 ----A---- C:\WINDOWS\system32\javaw.exe 2010-01-29 21:01:27 ----A---- C:\WINDOWS\system32\java.exe 2010-01-29 21:01:27 ----A---- C:\WINDOWS\system32\deploytk.dll 2010-01-29 21:00:59 ----D---- C:\Program Files\Java 2010-01-29 20:20:51 ----D---- C:\WINDOWS\temp 2010-01-29 20:20:49 ----A---- C:\ComboFix.txt 2010-01-27 17:00:20 ----A---- C:\WINDOWS\zip.exe 2010-01-27 17:00:20 ----A---- C:\WINDOWS\SWXCACLS.exe 2010-01-27 17:00:20 ----A---- C:\WINDOWS\SWSC.exe 2010-01-27 17:00:20 ----A---- C:\WINDOWS\SWREG.exe 2010-01-27 17:00:20 ----A---- C:\WINDOWS\sed.exe 2010-01-27 17:00:20 ----A---- C:\WINDOWS\PEV.exe 2010-01-27 17:00:20 ----A---- C:\WINDOWS\NIRCMD.exe 2010-01-27 17:00:20 ----A---- C:\WINDOWS\MBR.exe 2010-01-27 17:00:20 ----A---- C:\WINDOWS\grep.exe 2010-01-26 20:11:34 ----A---- C:\Boot.bak 2010-01-26 20:11:27 ----RASHD---- C:\cmdcons 2010-01-26 20:09:00 ----D---- C:\Qoobox 2010-01-25 20:35:24 ----D---- C:\_OTM 2010-01-25 20:30:36 ----D---- C:\WINDOWS\ERDNT 2010-01-24 12:27:44 ----D---- C:\rsit 2010-01-19 22:48:48 ----A---- C:\RootRepeal report 01-19-10 (22-48-48).txt 2010-01-16 09:50:40 ----A---- C:\RootRepeal report 01-16-10 (09-50-40).txt 2010-01-16 08:36:46 ----D---- C:\WINDOWS\ERUNT 2010-01-16 03:03:24 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$ 2010-01-15 22:53:28 ----D---- C:\Documents and Settings\Cecilia\Application Data\SUPERAntiSpyware.com 2010-01-15 19:06:52 ----D---- C:\Documents and Settings\Cecilia\Application Data\AdobeUM 2010-01-15 19:03:56 ----D---- C:\Documents and Settings\Cecilia\Application Data\Malwarebytes ======List of files/folders modified in the last 1 months====== 2010-02-01 06:37:33 ----D---- C:\Program Files\Trend Micro 2010-02-01 06:35:46 ----D---- C:\WINDOWS\Prefetch 2010-02-01 06:30:24 ----D---- C:\WINDOWS 2010-02-01 06:30:15 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt 2010-02-01 06:29:06 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-02-01 03:00:54 ----SHD---- C:\WINDOWS\Installer 2010-02-01 01:00:17 ----D---- C:\found.001 2010-02-01 01:00:17 ----D---- C:\found.000 2010-01-31 21:50:23 ----D---- C:\Program Files\McAfee.com 2010-01-31 21:50:23 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee.com 2010-01-31 21:41:11 ----HD---- C:\WINDOWS\INF 2010-01-31 21:38:39 ----D---- C:\WINDOWS\system32\DRIVERS 2010-01-31 21:37:41 ----SD---- C:\WINDOWS\Tasks 2010-01-31 21:36:49 ----RD---- C:\Program Files 2010-01-31 21:36:48 ----D---- C:\Program Files\Common Files 2010-01-31 21:31:12 ----D---- C:\WINDOWS\system32\CatRoot2 2010-01-30 14:24:29 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft 2010-01-30 14:24:27 ----DC---- C:\WINDOWS\system32\DRVSTORE 2010-01-30 14:22:15 ----RSHD---- C:\WINDOWS\system32\DLLCACHE 2010-01-30 13:25:23 ----D---- C:\WINDOWS\system32\FxsTmp 2010-01-30 13:25:15 ----D---- C:\WINDOWS\SYSTEM32 2010-01-30 13:22:37 ----D---- C:\Program Files\Greetings Workshop 2010-01-30 03:18:02 ----D---- C:\Program Files\Internet Explorer 2010-01-30 03:01:39 ----D---- C:\WINDOWS\system32\en-US 2010-01-29 22:16:27 ----A---- C:\WINDOWS\ntbtlog.txt 2010-01-29 21:39:22 ----D---- C:\Program Files\Messenger 2010-01-29 21:38:38 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-01-29 21:36:02 ----D---- C:\Program Files\EarthLink TotalAccess 2010-01-29 21:35:15 ----D---- C:\Program Files\DellSupport 2010-01-29 21:35:11 ----D---- C:\Program Files\Dell Photo AIO Printer 922 2010-01-29 21:33:27 ----D---- C:\Program Files\Adobe 2010-01-29 21:12:02 ----SD---- C:\WINDOWS\Downloaded Program Files 2010-01-29 20:18:21 ----A---- C:\WINDOWS\system.ini 2010-01-29 20:16:40 ----D---- C:\WINDOWS\AppPatch 2010-01-28 16:52:40 ----D---- C:\DELL 2010-01-27 16:54:36 ----RASH---- C:\BOOT.INI 2010-01-27 16:54:36 ----A---- C:\WINDOWS\WIN.INI 2010-01-27 16:54:30 ----D---- C:\WINDOWS\pss 2010-01-27 16:53:26 ----D---- C:\WINDOWS\system32\CatRoot 2010-01-26 20:17:25 ----D---- C:\WINDOWS\system32\CONFIG 2010-01-26 20:09:18 ----HD---- C:\WINDOWS\$hf_mig$ 2010-01-24 14:23:27 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$ 2010-01-24 07:39:55 ----HDC---- C:\WINDOWS\$NtUninstallKB905915$ 2010-01-24 07:23:01 ----D---- C:\Temp 2010-01-15 23:48:41 ----D---- C:\WINDOWS\WinSxS 2010-01-15 23:42:36 ----SD---- C:\Documents and Settings\Cecilia\Application Data\Microsoft 2010-01-15 22:52:35 ----D---- C:\Documents and Settings\Cecilia\Application Data\McAfee.com Personal Firewall 2010-01-15 19:55:58 ----D---- C:\WINDOWS\ie7updates 2010-01-15 19:06:32 ----D---- C:\Documents and Settings\Cecilia\Application Data\Adobe 2010-01-05 04:00:29 ----A---- C:\WINDOWS\system32\wininet.dll 2010-01-05 04:00:28 ----A---- C:\WINDOWS\system32\webcheck.dll 2010-01-05 04:00:28 ----A---- C:\WINDOWS\system32\urlmon.dll 2010-01-05 04:00:28 ----A---- C:\WINDOWS\system32\url.dll 2010-01-05 04:00:28 ----A---- C:\WINDOWS\system32\pngfilt.dll 2010-01-05 04:00:28 ----A---- C:\WINDOWS\system32\occache.dll 2010-01-05 04:00:28 ----A---- C:\WINDOWS\system32\mstime.dll 2010-01-05 04:00:27 ----A---- C:\WINDOWS\system32\msrating.dll 2010-01-05 04:00:27 ----A---- C:\WINDOWS\system32\mshtmled.dll 2010-01-05 04:00:26 ----A---- C:\WINDOWS\system32\mshtml.dll 2010-01-05 04:00:25 ----A---- C:\WINDOWS\system32\msfeedsbs.dll 2010-01-05 04:00:24 ----A---- C:\WINDOWS\system32\msfeeds.dll 2010-01-05 04:00:24 ----A---- C:\WINDOWS\system32\jsproxy.dll 2010-01-05 04:00:24 ----A---- C:\WINDOWS\system32\iertutil.dll 2010-01-05 04:00:24 ----A---- C:\WINDOWS\system32\iernonce.dll 2010-01-05 04:00:24 ----A---- C:\WINDOWS\system32\iepeers.dll 2010-01-05 04:00:23 ----A---- C:\WINDOWS\system32\ieframe.dll 2010-01-05 04:00:21 ----A---- C:\WINDOWS\system32\ieencode.dll 2010-01-05 04:00:21 ----A---- C:\WINDOWS\system32\iedkcs32.dll 2010-01-05 04:00:21 ----A---- C:\WINDOWS\system32\ieapfltr.dll 2010-01-05 04:00:21 ----A---- C:\WINDOWS\system32\ieaksie.dll 2010-01-05 04:00:21 ----A---- C:\WINDOWS\system32\ieakeng.dll 2010-01-05 04:00:21 ----A---- C:\WINDOWS\system32\icardie.dll 2010-01-05 04:00:21 ----A---- C:\WINDOWS\system32\extmgr.dll 2010-01-05 04:00:21 ----A---- C:\WINDOWS\system32\dxtrans.dll 2010-01-05 04:00:20 ----A---- C:\WINDOWS\system32\dxtmsft.dll 2010-01-05 04:00:20 ----A---- C:\WINDOWS\system32\corpol.dll 2010-01-05 04:00:20 ----A---- C:\WINDOWS\system32\advpack.dll 2010-01-04 16:17:48 ----A---- C:\WINDOWS\system32\mrt.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096] R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-11-04 214664] R1 MPFIREWL;MPFIREWL; C:\WINDOWS\System32\Drivers\MpFirewall.sys [2004-08-09 83325] R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2009-07-16 120136] R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2005-02-06 8552] R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043] R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112] R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432] R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332] R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-11-04 79816] R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-11-04 35272] R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-11-04 40552] R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128] R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928] R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480] R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704] S3 catchme;catchme; \??\C:\DOCUME~1\Cecilia\LOCALS~1\Temp\catchme.sys [] S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [] S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-11-04 34248] S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408] S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe [2004-04-07 1135728] R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-09-30 96341] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-01-29 153376] R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-10-29 865832] R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848] R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952] R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-11-04 144704] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-09-15 38912] R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-11-04 606736] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768] S3 dlbt_device;dlbt_device; C:\WINDOWS\system32\dlbtcoms.exe [2004-03-16 421888] S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848] S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [2009-06-17 16680] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-22 182768] S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-10-28 365072] S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360] S4 MpfService;McAfee Personal Firewall Service; C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe [2004-08-22 577536] -----------------EOF-----------------

syler View Member Profile	Feb 1 2010, 01:16 PM Post #22
Forum Addict Group: Malware Response Team Posts: 7,896 Joined: 7-November 07 From: Warrington, UK Member No.: 168,228	Hi, Looks like your not clean yet, delete your copy of combofix then download a new copy and run it, then please post the log. Thanks -------------------- If I have helped you, and you would like to make a donation to me, click here

crumpms View Member Profile	Feb 1 2010, 11:46 PM Post #23
Member Group: Members Posts: 16 Joined: 16-January 10 Member No.: 435,752	Hi syler, here's the ComboFix log. Mike ******************************************************************************* ******************************************************************************* ComboFix 10-02-01.02 - Cecilia 02/01/2010 20:59:07.5.1 - x86 MINIMAL Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.356 [GMT -6:00] Running from: c:\documents and settings\Cecilia\Desktop\ComboFix.exe AV: McAfee VirusScan On-access scanning enabled (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall Plus enabled {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\ctfmon .exe c:\windows\system32\hkcmd .exe c:\windows\system32\igfxpers .exe c:\windows\system32\igfxtray .exe . ((((((((((((((((((((((((( Files Created from 2010-01-02 to 2010-02-02 ))))))))))))))))))))))))))))))) . 2010-02-01 03:38 . 2009-11-04 22:54 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2010-02-01 03:38 . 2009-11-04 22:54 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys 2010-02-01 03:38 . 2009-11-04 22:54 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2010-02-01 03:38 . 2009-07-16 18:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys 2010-02-01 03:36 . 2010-02-01 12:30 -------- d-----w- c:\program files\McAfee 2010-02-01 03:36 . 2010-02-01 03:38 -------- d-----w- c:\program files\Common Files\McAfee 2010-02-01 03:31 . 2009-11-04 22:53 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys 2010-02-01 03:19 . 2010-02-01 12:36 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2010-01-30 20:22 . 2004-08-04 12:00 158208 ----a-w- c:\windows\system32\dllcache\msconfig.exe 2010-01-30 03:11 . 2010-01-30 03:11 -------- d-----w- c:\program files\ESET 2010-01-30 03:01 . 2010-01-30 03:01 -------- d-----w- c:\program files\Common Files\Java 2010-01-30 03:01 . 2010-01-30 03:01 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-01-30 03:00 . 2010-01-30 03:00 -------- d-----w- c:\program files\Java 2010-01-26 02:35 . 2010-01-26 02:35 -------- d-----w- C:\_OTM 2010-01-24 18:32 . 2010-01-24 18:32 4232816 ----a-w- c:\temp\mbam-rules.exe 2010-01-24 18:27 . 2010-01-25 04:22 -------- d-----w- C:\rsit 2010-01-24 13:23 . 2010-01-24 13:18 293376 ----a-w- c:\temp\bhsegjts.exe 2010-01-16 14:36 . 2010-01-16 14:37 -------- d-----w- c:\windows\ERUNT 2010-01-16 05:16 . 2010-01-16 05:16 -------- d-----w- c:\documents and settings\Cecilia\Local Settings\Application Data\Sophos 2010-01-16 04:53 . 2010-01-16 05:46 -------- d-----w- c:\documents and settings\Cecilia\Application Data\SUPERAntiSpyware.com 2010-01-16 01:06 . 2010-01-16 01:06 -------- d-----w- c:\documents and settings\Cecilia\Local Settings\Application Data\Adobe 2010-01-16 01:06 . 2010-01-16 01:06 -------- d-----w- c:\documents and settings\Cecilia\Application Data\AdobeUM 2010-01-16 01:03 . 2010-01-16 01:03 -------- d-----w- c:\documents and settings\Cecilia\Application Data\Malwarebytes . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-01 12:37 . 2009-12-28 04:55 -------- d-----w- c:\program files\Trend Micro 2010-02-01 03:50 . 2005-02-06 06:38 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com 2010-02-01 03:50 . 2005-02-06 06:38 -------- d-----w- c:\program files\McAfee.com 2010-01-30 20:24 . 2009-12-26 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-01-30 19:22 . 2005-11-03 02:46 -------- d-----w- c:\program files\Greetings Workshop 2010-01-30 16:40 . 2006-09-22 21:21 75152 ----a-w- c:\documents and settings\Keith\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-01-30 03:38 . 2009-12-28 04:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-30 03:36 . 2005-02-17 23:03 -------- d-----w- c:\program files\EarthLink TotalAccess 2010-01-30 03:35 . 2007-07-16 21:04 -------- d-----w- c:\program files\DellSupport 2010-01-30 03:35 . 2005-02-21 02:05 -------- d-----w- c:\program files\Dell Photo AIO Printer 922 2010-01-16 04:52 . 2006-03-09 20:33 -------- d-----w- c:\documents and settings\Cecilia\Application Data\McAfee.com Personal Firewall 2010-01-16 01:05 . 2010-01-02 00:11 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-01-07 22:07 . 2009-12-28 04:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 22:07 . 2009-12-28 04:33 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-05 10:00 . 2004-08-04 11:00 832512 ----a-w- c:\windows\system32\wininet.dll 2010-01-05 10:00 . 2004-08-04 11:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-01-05 10:00 . 2004-08-04 11:00 17408 ----a-w- c:\windows\system32\corpol.dll 2009-12-31 03:54 . 2009-12-31 03:54 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit 2009-12-29 16:42 . 2009-12-29 16:42 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2009-12-29 16:42 . 2009-12-29 15:30 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-12-29 16:37 . 2009-12-29 16:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-12-29 15:29 . 2009-12-29 15:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com 2009-12-29 04:28 . 2009-12-29 04:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos 2009-12-29 00:28 . 2009-12-29 00:28 52224 ----a-w- c:\documents and settings\Keith\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2009-12-29 00:28 . 2009-12-28 20:59 117760 ----a-w- c:\documents and settings\Keith\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-12-28 20:58 . 2009-12-28 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-12-28 20:58 . 2009-12-28 20:58 -------- d-----w- c:\documents and settings\Keith\Application Data\SUPERAntiSpyware.com 2009-12-28 04:33 . 2009-12-28 04:33 -------- d-----w- c:\documents and settings\Keith\Application Data\Malwarebytes 2009-12-28 04:33 . 2009-12-28 04:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-12-26 16:18 . 2006-09-22 20:21 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-12-26 16:12 . 2006-09-22 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-12-26 15:47 . 2006-09-22 20:18 -------- d-----w- c:\documents and settings\Keith\Application Data\Lavasoft 2009-12-17 05:12 . 2009-12-17 05:12 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy) 2009-12-17 05:12 . 2009-12-17 05:12 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy) 2009-12-17 05:12 . 2009-12-17 05:12 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy) 2009-12-16 22:08 . 2009-12-16 22:08 -------- d-----w- c:\documents and settings\Keith\Application Data\Viewpoint 2009-12-11 13:41 . 2009-12-11 13:41 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AdobeUM 2009-11-21 16:36 . 2004-08-04 11:00 470528 ----a-w- c:\windows\AppPatch\aclayers.dll 2009-11-04 22:54 . 2009-11-04 22:54 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys . CODE <pre> c:\program files\Analog Devices\Core\smax4pnp .exe c:\program files\Common Files\Java\Java Update\jusched .exe c:\program files\Dell\Media Experience\pcmservice .exe c:\program files\Dell Photo AIO Printer 922\dlbtbmgr .exe c:\program files\Messenger\msmsgs .exe c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask .exe c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray .exe c:\program files\Real\RealPlayer\realplay .exe </pre> ((((((((((((((((((((((((((((( SnapShot@2010-01-28_22.53.15 ))))))))))))))))))))))))))))))))))))))))) . - 2009-12-26 19:21 . 2008-07-08 13:02 17272 c:\windows\SYSTEM32\spmsg.dll + 2009-12-26 19:21 . 2009-05-26 11:40 17272 c:\windows\SYSTEM32\spmsg.dll + 2004-08-04 11:00 . 2010-01-05 10:00 44544 c:\windows\SYSTEM32\pngfilt.dll - 2004-08-04 11:00 . 2009-10-29 07:46 44544 c:\windows\SYSTEM32\pngfilt.dll - 2007-08-14 00:54 . 2009-10-29 07:46 52224 c:\windows\SYSTEM32\msfeedsbs.dll + 2007-08-14 00:54 . 2010-01-05 10:00 52224 c:\windows\SYSTEM32\msfeedsbs.dll - 2004-08-04 11:00 . 2009-10-29 07:46 27648 c:\windows\SYSTEM32\jsproxy.dll + 2004-08-04 11:00 . 2010-01-05 10:00 27648 c:\windows\SYSTEM32\jsproxy.dll + 2007-08-14 00:39 . 2009-12-31 15:33 13824 c:\windows\SYSTEM32\ieudinit.exe - 2007-08-14 00:39 . 2009-10-28 14:36 13824 c:\windows\SYSTEM32\ieudinit.exe - 2004-08-04 11:00 . 2009-10-29 07:46 44544 c:\windows\SYSTEM32\iernonce.dll + 2004-08-04 11:00 . 2010-01-05 10:00 44544 c:\windows\SYSTEM32\iernonce.dll + 2004-08-04 11:00 . 2009-12-31 15:33 70656 c:\windows\SYSTEM32\ie4uinit.exe - 2004-08-04 11:00 . 2009-10-28 14:36 70656 c:\windows\SYSTEM32\ie4uinit.exe + 2007-08-14 00:36 . 2010-01-05 10:00 63488 c:\windows\SYSTEM32\icardie.dll - 2007-08-14 00:36 . 2009-10-29 07:46 63488 c:\windows\SYSTEM32\icardie.dll + 2004-08-04 11:00 . 2010-01-05 10:00 44544 c:\windows\SYSTEM32\DLLCACHE\pngfilt.dll - 2004-08-04 11:00 . 2009-10-29 07:46 44544 c:\windows\SYSTEM32\DLLCACHE\pngfilt.dll - 2009-10-29 07:46 . 2009-10-29 07:46 52224 c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll + 2009-10-29 07:46 . 2010-01-05 10:00 52224 c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll - 2004-08-04 11:00 . 2009-10-29 07:46 27648 c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll + 2004-08-04 11:00 . 2010-01-05 10:00 27648 c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll - 2009-10-28 14:36 . 2009-10-28 14:36 13824 c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe + 2009-10-28 14:36 . 2009-12-31 15:33 13824 c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe + 2004-08-04 11:00 . 2010-01-05 10:00 44544 c:\windows\SYSTEM32\DLLCACHE\iernonce.dll - 2004-08-04 11:00 . 2009-10-29 07:46 44544 c:\windows\SYSTEM32\DLLCACHE\iernonce.dll + 2004-08-04 11:00 . 2010-01-05 10:00 78336 c:\windows\SYSTEM32\DLLCACHE\ieencode.dll - 2004-08-04 11:00 . 2009-10-29 07:46 78336 c:\windows\SYSTEM32\DLLCACHE\ieencode.dll - 2004-08-04 11:00 . 2009-10-28 14:36 70656 c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe + 2004-08-04 11:00 . 2009-12-31 15:33 70656 c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe - 2009-10-29 07:46 . 2009-10-29 07:46 63488 c:\windows\SYSTEM32\DLLCACHE\icardie.dll + 2009-10-29 07:46 . 2010-01-05 10:00 63488 c:\windows\SYSTEM32\DLLCACHE\icardie.dll - 2004-08-04 11:00 . 2009-10-29 07:46 17408 c:\windows\SYSTEM32\DLLCACHE\corpol.dll + 2004-08-04 11:00 . 2010-01-05 10:00 17408 c:\windows\SYSTEM32\DLLCACHE\corpol.dll + 2010-02-01 03:57 . 2010-02-02 02:12 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2009-09-21 05:17 . 2010-02-02 02:12 16384 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat - 2009-09-21 05:17 . 2010-01-16 15:00 16384 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat + 2010-02-01 03:57 . 2010-02-02 02:12 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat + 2010-01-30 09:01 . 2009-10-29 07:46 44544 c:\windows\ie7updates\KB978207-IE7\pngfilt.dll + 2010-01-30 09:01 . 2009-10-29 07:46 52224 c:\windows\ie7updates\KB978207-IE7\msfeedsbs.dll + 2010-01-30 09:01 . 2009-10-29 07:46 27648 c:\windows\ie7updates\KB978207-IE7\jsproxy.dll + 2010-01-30 09:01 . 2009-10-28 14:36 13824 c:\windows\ie7updates\KB978207-IE7\ieudinit.exe + 2010-01-30 09:01 . 2009-10-29 07:46 44544 c:\windows\ie7updates\KB978207-IE7\iernonce.dll + 2010-01-30 09:01 . 2009-10-29 07:46 78336 c:\windows\ie7updates\KB978207-IE7\ieencode.dll + 2010-01-30 09:01 . 2009-10-28 14:36 70656 c:\windows\ie7updates\KB978207-IE7\ie4uinit.exe + 2010-01-30 09:01 . 2009-10-29 07:46 63488 c:\windows\ie7updates\KB978207-IE7\icardie.dll + 2010-01-30 09:01 . 2009-10-29 07:46 17408 c:\windows\ie7updates\KB978207-IE7\corpol.dll + 2004-08-04 11:00 . 2010-01-05 10:00 233472 c:\windows\SYSTEM32\webcheck.dll - 2004-08-04 11:00 . 2009-10-29 07:46 233472 c:\windows\SYSTEM32\webcheck.dll + 2004-08-04 11:00 . 2010-01-05 10:00 105984 c:\windows\SYSTEM32\url.dll - 2004-08-04 11:00 . 2009-10-29 07:46 105984 c:\windows\SYSTEM32\url.dll - 2004-08-04 11:00 . 2009-10-29 07:46 102912 c:\windows\SYSTEM32\occache.dll + 2004-08-04 11:00 . 2010-01-05 10:00 102912 c:\windows\SYSTEM32\occache.dll - 2004-08-04 11:00 . 2009-10-29 07:46 671232 c:\windows\SYSTEM32\mstime.dll + 2004-08-04 11:00 . 2010-01-05 10:00 671232 c:\windows\SYSTEM32\mstime.dll - 2004-08-04 11:00 . 2009-10-29 07:46 193024 c:\windows\SYSTEM32\msrating.dll + 2004-08-04 11:00 . 2010-01-05 10:00 193024 c:\windows\SYSTEM32\msrating.dll - 2004-08-04 11:00 . 2009-10-29 07:46 477696 c:\windows\SYSTEM32\mshtmled.dll + 2004-08-04 11:00 . 2010-01-05 10:00 477696 c:\windows\SYSTEM32\mshtmled.dll - 2007-08-14 00:54 . 2009-10-29 07:46 459264 c:\windows\SYSTEM32\msfeeds.dll + 2007-08-14 00:54 . 2010-01-05 10:00 459264 c:\windows\SYSTEM32\msfeeds.dll + 2010-01-30 03:01 . 2010-01-30 03:01 153376 c:\windows\SYSTEM32\javaws.exe + 2010-01-30 03:01 . 2010-01-30 03:01 145184 c:\windows\SYSTEM32\javaw.exe + 2010-01-30 03:01 . 2010-01-30 03:01 145184 c:\windows\SYSTEM32\java.exe - 2007-08-14 00:34 . 2009-10-29 07:46 268288 c:\windows\SYSTEM32\iertutil.dll + 2007-08-14 00:34 . 2010-01-05 10:00 268288 c:\windows\SYSTEM32\iertutil.dll + 2004-08-04 11:00 . 2010-01-05 10:00 192512 c:\windows\SYSTEM32\iepeers.dll - 2004-08-04 11:00 . 2009-10-29 07:46 385024 c:\windows\SYSTEM32\iedkcs32.dll + 2004-08-04 11:00 . 2010-01-05 10:00 385024 c:\windows\SYSTEM32\iedkcs32.dll + 2007-07-11 18:27 . 2010-01-05 10:00 380928 c:\windows\SYSTEM32\ieapfltr.dll - 2007-07-11 18:27 . 2009-10-29 07:46 380928 c:\windows\SYSTEM32\ieapfltr.dll + 2004-08-04 11:00 . 2009-12-18 13:04 161792 c:\windows\SYSTEM32\ieakui.dll - 2004-08-04 11:00 . 2009-10-28 06:52 161792 c:\windows\SYSTEM32\ieakui.dll - 2004-08-04 11:00 . 2009-10-29 07:46 230400 c:\windows\SYSTEM32\ieaksie.dll + 2004-08-04 11:00 . 2010-01-05 10:00 230400 c:\windows\SYSTEM32\ieaksie.dll + 2004-08-04 11:00 . 2010-01-05 10:00 153088 c:\windows\SYSTEM32\ieakeng.dll - 2004-08-04 11:00 . 2009-10-29 07:46 153088 c:\windows\SYSTEM32\ieakeng.dll + 2004-08-04 11:00 . 2010-01-05 10:00 133120 c:\windows\SYSTEM32\extmgr.dll - 2004-08-04 11:00 . 2009-10-29 07:46 133120 c:\windows\SYSTEM32\extmgr.dll - 2004-08-04 11:00 . 2009-10-29 07:46 214528 c:\windows\SYSTEM32\dxtrans.dll + 2004-08-04 11:00 . 2010-01-05 10:00 214528 c:\windows\SYSTEM32\dxtrans.dll + 2004-08-04 11:00 . 2010-01-05 10:00 347136 c:\windows\SYSTEM32\dxtmsft.dll - 2004-08-04 11:00 . 2009-10-29 07:46 347136 c:\windows\SYSTEM32\dxtmsft.dll + 2004-08-04 11:00 . 2010-01-05 10:00 832512 c:\windows\SYSTEM32\DLLCACHE\wininet.dll - 2004-08-04 11:00 . 2009-10-29 07:46 832512 c:\windows\SYSTEM32\DLLCACHE\wininet.dll - 2004-08-04 11:00 . 2009-10-29 07:46 233472 c:\windows\SYSTEM32\DLLCACHE\webcheck.dll + 2004-08-04 11:00 . 2010-01-05 10:00 233472 c:\windows\SYSTEM32\DLLCACHE\webcheck.dll - 2004-08-04 11:00 . 2009-10-29 07:46 105984 c:\windows\SYSTEM32\DLLCACHE\url.dll + 2004-08-04 11:00 . 2010-01-05 10:00 105984 c:\windows\SYSTEM32\DLLCACHE\url.dll - 2004-08-04 11:00 . 2009-10-29 07:46 102912 c:\windows\SYSTEM32\DLLCACHE\occache.dll + 2004-08-04 11:00 . 2010-01-05 10:00 102912 c:\windows\SYSTEM32\DLLCACHE\occache.dll - 2004-08-04 11:00 . 2009-10-29 07:46 671232 c:\windows\SYSTEM32\DLLCACHE\mstime.dll + 2004-08-04 11:00 . 2010-01-05 10:00 671232 c:\windows\SYSTEM32\DLLCACHE\mstime.dll + 2004-08-04 11:00 . 2010-01-05 10:00 193024 c:\windows\SYSTEM32\DLLCACHE\msrating.dll - 2004-08-04 11:00 . 2009-10-29 07:46 193024 c:\windows\SYSTEM32\DLLCACHE\msrating.dll + 2004-08-04 11:00 . 2010-01-05 10:00 477696 c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll - 2004-08-04 11:00 . 2009-10-29 07:46 477696 c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll - 2009-10-29 07:46 . 2009-10-29 07:46 459264 c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll + 2009-10-29 07:46 . 2010-01-05 10:00 459264 c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll + 2004-08-04 11:00 . 2009-12-18 13:05 634648 c:\windows\SYSTEM32\DLLCACHE\iexplore.exe - 2009-10-29 07:46 . 2009-10-29 07:46 268288 c:\windows\SYSTEM32\DLLCACHE\iertutil.dll + 2009-10-29 07:46 . 2010-01-05 10:00 268288 c:\windows\SYSTEM32\DLLCACHE\iertutil.dll + 2004-08-04 11:00 . 2010-01-05 10:00 192512 c:\windows\SYSTEM32\DLLCACHE\iepeers.dll - 2004-08-04 11:00 . 2009-10-29 07:46 385024 c:\windows\SYSTEM32\DLLCACHE\iedkcs32.dll + 2004-08-04 11:00 . 2010-01-05 10:00 385024 c:\windows\SYSTEM32\DLLCACHE\iedkcs32.dll + 2009-10-29 07:46 . 2010-01-05 10:00 380928 c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dll - 2009-10-29 07:46 . 2009-10-29 07:46 380928 c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dll + 2004-08-04 11:00 . 2009-12-18 13:04 161792 c:\windows\SYSTEM32\DLLCACHE\ieakui.dll - 2004-08-04 11:00 . 2009-10-28 06:52 161792 c:\windows\SYSTEM32\DLLCACHE\ieakui.dll - 2004-08-04 11:00 . 2009-10-29 07:46 230400 c:\windows\SYSTEM32\DLLCACHE\ieaksie.dll + 2004-08-04 11:00 . 2010-01-05 10:00 230400 c:\windows\SYSTEM32\DLLCACHE\ieaksie.dll - 2004-08-04 11:00 . 2009-10-29 07:46 153088 c:\windows\SYSTEM32\DLLCACHE\ieakeng.dll + 2004-08-04 11:00 . 2010-01-05 10:00 153088 c:\windows\SYSTEM32\DLLCACHE\ieakeng.dll + 2004-08-04 11:00 . 2010-01-05 10:00 133120 c:\windows\SYSTEM32\DLLCACHE\extmgr.dll - 2004-08-04 11:00 . 2009-10-29 07:46 133120 c:\windows\SYSTEM32\DLLCACHE\extmgr.dll + 2004-08-04 11:00 . 2010-01-05 10:00 214528 c:\windows\SYSTEM32\DLLCACHE\dxtrans.dll - 2004-08-04 11:00 . 2009-10-29 07:46 214528 c:\windows\SYSTEM32\DLLCACHE\dxtrans.dll + 2004-08-04 11:00 . 2010-01-05 10:00 347136 c:\windows\SYSTEM32\DLLCACHE\dxtmsft.dll - 2004-08-04 11:00 . 2009-10-29 07:46 347136 c:\windows\SYSTEM32\DLLCACHE\dxtmsft.dll - 2004-08-04 11:00 . 2009-10-29 07:46 124928 c:\windows\SYSTEM32\DLLCACHE\advpack.dll + 2004-08-04 11:00 . 2010-01-05 10:00 124928 c:\windows\SYSTEM32\DLLCACHE\advpack.dll - 2004-08-04 11:00 . 2009-10-29 07:46 124928 c:\windows\SYSTEM32\advpack.dll + 2004-08-04 11:00 . 2010-01-05 10:00 124928 c:\windows\SYSTEM32\advpack.dll + 2010-01-30 20:22 . 2004-08-04 12:00 158208 c:\windows\PCHEALTH\HELPCTR\BINARIES\msconfig.exe + 2010-01-30 03:01 . 2010-01-30 03:01 178176 c:\windows\Installer\39a36.msi + 2010-01-30 03:01 . 2010-01-30 03:01 577536 c:\windows\Installer\39a31.msi + 2010-01-30 09:01 . 2009-10-29 07:46 832512 c:\windows\ie7updates\KB978207-IE7\wininet.dll + 2010-01-30 09:01 . 2009-10-29 07:46 233472 c:\windows\ie7updates\KB978207-IE7\webcheck.dll + 2010-01-30 09:01 . 2009-10-29 07:46 105984 c:\windows\ie7updates\KB978207-IE7\url.dll + 2010-01-30 09:01 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB978207-IE7\spuninst\updspapi.dll + 2010-01-30 09:01 . 2009-05-26 11:40 231288 c:\windows\ie7updates\KB978207-IE7\spuninst\spuninst.exe + 2010-01-30 09:01 . 2009-10-29 07:46 102912 c:\windows\ie7updates\KB978207-IE7\occache.dll + 2010-01-30 09:01 . 2009-10-29 07:46 671232 c:\windows\ie7updates\KB978207-IE7\mstime.dll + 2010-01-30 09:01 . 2009-10-29 07:46 193024 c:\windows\ie7updates\KB978207-IE7\msrating.dll + 2010-01-30 09:01 . 2009-10-29 07:46 477696 c:\windows\ie7updates\KB978207-IE7\mshtmled.dll + 2010-01-30 09:01 . 2009-10-29 07:46 459264 c:\windows\ie7updates\KB978207-IE7\msfeeds.dll + 2010-01-30 09:01 . 2009-10-28 06:54 634632 c:\windows\ie7updates\KB978207-IE7\iexplore.exe + 2010-01-30 09:01 . 2009-10-29 07:46 268288 c:\windows\ie7updates\KB978207-IE7\iertutil.dll + 2010-01-30 09:01 . 2007-08-14 00:54 191488 c:\windows\ie7updates\KB978207-IE7\iepeers.dll + 2010-01-30 09:01 . 2009-10-29 07:46 385024 c:\windows\ie7updates\KB978207-IE7\iedkcs32.dll + 2010-01-30 09:01 . 2009-10-29 07:46 380928 c:\windows\ie7updates\KB978207-IE7\ieapfltr.dll + 2010-01-30 09:01 . 2009-10-28 06:52 161792 c:\windows\ie7updates\KB978207-IE7\ieakui.dll + 2010-01-30 09:01 . 2009-10-29 07:46 230400 c:\windows\ie7updates\KB978207-IE7\ieaksie.dll + 2010-01-30 09:01 . 2009-10-29 07:46 153088 c:\windows\ie7updates\KB978207-IE7\ieakeng.dll + 2010-01-30 09:01 . 2009-10-29 07:46 133120 c:\windows\ie7updates\KB978207-IE7\extmgr.dll + 2010-01-30 09:01 . 2009-10-29 07:46 214528 c:\windows\ie7updates\KB978207-IE7\dxtrans.dll + 2010-01-30 09:01 . 2009-10-29 07:46 347136 c:\windows\ie7updates\KB978207-IE7\dxtmsft.dll + 2010-01-30 09:01 . 2009-10-29 07:46 124928 c:\windows\ie7updates\KB978207-IE7\advpack.dll + 2010-01-30 14:08 . 2010-01-30 14:08 172032 c:\windows\ERDNT\AutoBackup\1-30-2010\Users\00000002\UsrClass.dat + 2010-01-30 14:08 . 2005-10-20 18:02 163328 c:\windows\ERDNT\AutoBackup\1-30-2010\ERDNT.EXE + 2010-01-30 02:08 . 2010-01-30 02:08 147456 c:\windows\ERDNT\AutoBackup\1-29-2010\Users\00000002\UsrClass.dat + 2010-01-30 02:08 . 2005-10-20 18:02 163328 c:\windows\ERDNT\AutoBackup\1-29-2010\ERDNT.EXE - 2004-08-04 11:00 . 2009-10-29 07:46 1168384 c:\windows\SYSTEM32\urlmon.dll + 2004-08-04 11:00 . 2010-01-05 10:00 1168384 c:\windows\SYSTEM32\urlmon.dll + 2004-08-04 11:00 . 2010-01-05 10:00 3599360 c:\windows\SYSTEM32\mshtml.dll + 2007-08-14 00:54 . 2010-01-05 10:00 6067200 c:\windows\SYSTEM32\ieframe.dll - 2007-08-14 00:54 . 2009-10-29 07:46 6067200 c:\windows\SYSTEM32\ieframe.dll + 2004-08-04 11:00 . 2010-01-05 10:00 1168384 c:\windows\SYSTEM32\DLLCACHE\urlmon.dll - 2004-08-04 11:00 . 2009-10-29 07:46 1168384 c:\windows\SYSTEM32\DLLCACHE\urlmon.dll + 2004-08-04 11:00 . 2010-01-05 10:00 3599360 c:\windows\SYSTEM32\DLLCACHE\mshtml.dll + 2009-10-29 07:46 . 2010-01-05 10:00 6067200 c:\windows\SYSTEM32\DLLCACHE\ieframe.dll - 2009-10-29 07:46 . 2009-10-29 07:46 6067200 c:\windows\SYSTEM32\DLLCACHE\ieframe.dll + 2010-01-30 09:01 . 2009-10-29 07:46 1168384 c:\windows\ie7updates\KB978207-IE7\urlmon.dll + 2010-01-30 09:01 . 2009-10-29 07:46 3598336 c:\windows\ie7updates\KB978207-IE7\mshtml.dll + 2010-01-30 09:01 . 2009-10-29 07:46 6067200 c:\windows\ie7updates\KB978207-IE7\ieframe.dll + 2010-01-30 14:08 . 2010-01-30 14:08 5263360 c:\windows\ERDNT\AutoBackup\1-30-2010\Users\00000001\NTUSER.DAT + 2010-01-30 02:08 . 2010-01-30 02:08 5246976 c:\windows\ERDNT\AutoBackup\1-29-2010\Users\00000001\NTUSER.DAT + 2009-08-10 20:09 . 2009-08-10 20:09 17254912 c:\windows\Installer\adc440.msp + 2009-08-10 20:09 . 2009-08-10 20:09 17254912 c:\windows\Installer\1d6e2.msp + 2009-08-10 20:09 . 2009-08-10 20:09 17254912 c:\windows\Installer\11c8576.msp + 2009-08-10 20:09 . 2009-08-10 20:09 17254912 c:\windows\Installer\11404c4.msp + 2009-08-10 20:09 . 2009-08-10 20:09 17254912 c:\windows\Installer\111a6b.msp + 2009-08-10 20:09 . 2009-08-10 20:09 17254912 c:\windows\Installer\1016213.msp . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [N/A] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [N/A] "E6TaskPanel"="c:\program files\EarthLink TotalAccess\TaskPanl.exe" [N/A] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [N/A] "MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [N/A] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10b.exe" [2009-02-03 240544] c:\documents and settings\Darlene\Start Menu\Programs\Startup\ Greetings Workshop Reminders.lnk - c:\program files\Greetings Workshop\GWREMIND.EXE [1997-9-4 50688] c:\documents and settings\All Users\Start Menu\Programs\Startup\ America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2005-2-6 156784] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-2-6 24576] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2009-06-17 21:17 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= . Contents of the 'Scheduled Tasks' folder 2010-02-01 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2010-02-01 18:22] 2010-02-01 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2010-02-01 18:22] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.dell4me.com/myway uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-01 21:06 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(212) c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll c:\windows\system32\l3codeca.acm . Completion time: 2010-02-01 21:10:14 ComboFix-quarantined-files.txt 2010-02-02 03:10 ComboFix2.txt 2010-01-30 02:20 ComboFix3.txt 2010-01-28 22:56 ComboFix4.txt 2010-01-27 23:14 ComboFix5.txt 2010-02-02 02:57 Pre-Run: 59,434,332,160 bytes free Post-Run: 59,407,458,304 bytes free Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4 - - End Of File - - 47314BBC715DA58A57B70E52DA3813F0

syler View Member Profile	Feb 2 2010, 09:23 AM Post #24
Forum Addict Group: Malware Response Team Posts: 7,896 Joined: 7-November 07 From: Warrington, UK Member No.: 168,228	Hi, Please click this link-->Virustotal When the Virustotal page has finished loading, click the Browse button and navigate to the following file and click Submit. c:\windows\PCHEALTH\HELPCTR\BINARIES\msconfig.exe c:\program files\Dell\Media Experience\pcmservice .exe c:\program files\Dell Photo AIO Printer 922\dlbtbmgr .exe c:\program files\Messenger\msmsgs .exe Please post back with the link to the scan results, in your next post. If Virustotal is busy, try the same at Jotti: http://virusscan.jotti.org/ Then please update Malwarebytes, run a full scan and post back with the Virustotal results and MBAM log. Thanks -------------------- If I have helped you, and you would like to make a donation to me, click here

crumpms View Member Profile	Feb 3 2010, 12:04 AM Post #25
Member Group: Members Posts: 16 Joined: 16-January 10 Member No.: 435,752	Hi syler, here are the links to the files you wanted uploaded and scanned. I think I did this correctly; if not, let me know and I'll try again. Mike msconfig.exe http://www.virustotal.com/reanalisis.html?...9f06-1265166967 pcmservice .exe http://www.virustotal.com/reanalisis.html?...29f4-1265167384 dlbtbmgr .exe http://www.virustotal.com/reanalisis.html?...767e-1265167500 msmsgs .exe http://www.virustotal.com/reanalisis.html?...d0d1-1265167701 Here is the MalwareBytes log: Malwarebytes' Anti-Malware 1.44 Database version: 3681 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.13 2/2/2010 10:57:55 PM mbam-log-2010-02-02 (22-57-55).txt Scan type: Full Scan (C:\\|) Objects scanned: 209241 Time elapsed: 1 hour(s), 19 minute(s), 24 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

syler View Member Profile	Feb 3 2010, 11:25 AM Post #26
Forum Addict Group: Malware Response Team Posts: 7,896 Joined: 7-November 07 From: Warrington, UK Member No.: 168,228	Hi Mike, The VT links are not correct so you will need to scan them again, you should see a scanning page which will display the results, copy the links from that page please. If you are still having problems with VT use the other link I provided for Jotti. -------------------- If I have helped you, and you would like to make a donation to me, click here

crumpms View Member Profile	Feb 3 2010, 10:07 PM Post #27
Member Group: Members Posts: 16 Joined: 16-January 10 Member No.: 435,752	Hi syler, let me see if I got it right this time. I used the Jotti site. msconfig http://virusscan.jotti.org/en/scanresult/1...7b14de6ab29eebb pcmservice .exe http://virusscan.jotti.org/en/scanresult/c...97b13bbfbbefb5a dlbtbmgr .exe http://virusscan.jotti.org/en/scanresult/d...847ee492559206f msmsgs .exe http://virusscan.jotti.org/en/scanresult/f...26b2d68c653d6b5 Mike

syler View Member Profile	Feb 5 2010, 09:18 AM Post #28
Forum Addict Group: Malware Response Team Posts: 7,896 Joined: 7-November 07 From: Warrington, UK Member No.: 168,228	Hi, Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546 I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player. 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it: CODE RenV:: c:\program files\Analog Devices\Core\smax4pnp .exe c:\program files\Common Files\Java\Java Update\jusched .exe c:\program files\Dell\Media Experience\pcmservice .exe c:\program files\Dell Photo AIO Printer 922\dlbtbmgr .exe c:\program files\Messenger\msmsgs .exe c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask .exe c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray .exe c:\program files\Real\RealPlayer\realplay .exe Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000000 Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. Please do a scan with Kaspersky Online Scanner Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan. Click on the Accept button and install any components it needs. The program will install and then begin downloading the latest definition files. After the files have been downloaded on the left side of the page in the Scan section select My Computer This will start the program and scan your system. The scan will take a while, so be patient and let it run. Once the scan is complete, click on View scan report Now, click on the Save Report as button. Save the file to your desktop. Copy and paste that information in your next post. Then in your next reply, please let me know if you are having any more problems and post back here with the following logs: Combofix.txt Kaspersky report Thanks -------------------- If I have helped you, and you would like to make a donation to me, click here

crumpms View Member Profile	Feb 6 2010, 02:09 PM Post #29
Member Group: Members Posts: 16 Joined: 16-January 10 Member No.: 435,752	Hi syler, sorry this took so long. Here are the ComboFix and Kaspersky log files. The system seems to be running fine; I don't see any processes in the Task Manager that indicate there is anything unusual going on (like processes that spontaneously start or ones that have embedded spaces in the name). Mike *************************************************************************** *************************************************************************** ComboFix 10-02-05.02 - Cecilia 02/05/2010 22:13:46.6.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.285 [GMT -6:00] Running from: c:\documents and settings\Cecilia\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Cecilia\Desktop\CFScript.txt AV: McAfee VirusScan On-access scanning enabled (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} . ((((((((((((((((((((((((( Files Created from 2010-01-06 to 2010-02-06 ))))))))))))))))))))))))))))))) . 2010-02-01 03:38 . 2009-11-04 22:54 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2010-02-01 03:38 . 2009-11-04 22:54 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys 2010-02-01 03:38 . 2009-11-04 22:54 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2010-02-01 03:38 . 2009-07-16 18:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys 2010-02-01 03:36 . 2010-02-01 12:30 -------- d-----w- c:\program files\McAfee 2010-02-01 03:36 . 2010-02-01 03:38 -------- d-----w- c:\program files\Common Files\McAfee 2010-02-01 03:31 . 2009-11-04 22:53 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys 2010-02-01 03:19 . 2010-02-01 12:36 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2010-01-30 20:22 . 2004-08-04 12:00 158208 ----a-w- c:\windows\system32\dllcache\msconfig.exe 2010-01-30 03:11 . 2010-01-30 03:11 -------- d-----w- c:\program files\ESET 2010-01-30 03:01 . 2010-01-30 03:01 -------- d-----w- c:\program files\Common Files\Java 2010-01-30 03:01 . 2010-01-30 03:01 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-01-30 03:00 . 2010-01-30 03:00 -------- d-----w- c:\program files\Java 2010-01-26 02:35 . 2010-01-26 02:35 -------- d-----w- C:\_OTM 2010-01-24 18:32 . 2010-01-24 18:32 4232816 ----a-w- c:\temp\mbam-rules.exe 2010-01-24 18:27 . 2010-01-25 04:22 -------- d-----w- C:\rsit 2010-01-24 13:23 . 2010-01-24 13:18 293376 ----a-w- c:\temp\bhsegjts.exe 2010-01-16 14:36 . 2010-01-16 14:37 -------- d-----w- c:\windows\ERUNT 2010-01-16 05:16 . 2010-01-16 05:16 -------- d-----w- c:\documents and settings\Cecilia\Local Settings\Application Data\Sophos 2010-01-16 04:53 . 2010-01-16 05:46 -------- d-----w- c:\documents and settings\Cecilia\Application Data\SUPERAntiSpyware.com 2010-01-16 01:06 . 2010-01-16 01:06 -------- d-----w- c:\documents and settings\Cecilia\Local Settings\Application Data\Adobe 2010-01-16 01:06 . 2010-01-16 01:06 -------- d-----w- c:\documents and settings\Cecilia\Application Data\AdobeUM 2010-01-16 01:03 . 2010-01-16 01:03 -------- d-----w- c:\documents and settings\Cecilia\Application Data\Malwarebytes . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-06 04:13 . 2005-02-21 02:05 -------- d-----w- c:\program files\Dell Photo AIO Printer 922 2010-02-06 03:54 . 2008-05-26 15:15 -------- d-----w- c:\program files\Google 2010-02-03 03:32 . 2009-12-28 04:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-02-03 03:32 . 2010-01-02 00:11 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-02-03 03:09 . 2008-06-18 22:00 75152 ----a-w- c:\documents and settings\Cecilia\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-02-01 12:37 . 2009-12-28 04:55 -------- d-----w- c:\program files\Trend Micro 2010-02-01 03:50 . 2005-02-06 06:38 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com 2010-02-01 03:50 . 2005-02-06 06:38 -------- d-----w- c:\program files\McAfee.com 2010-01-30 20:24 . 2009-12-26 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-01-30 19:22 . 2005-11-03 02:46 -------- d-----w- c:\program files\Greetings Workshop 2010-01-30 16:40 . 2006-09-22 21:21 75152 ----a-w- c:\documents and settings\Keith\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-01-30 03:36 . 2005-02-17 23:03 -------- d-----w- c:\program files\EarthLink TotalAccess 2010-01-30 03:35 . 2007-07-16 21:04 -------- d-----w- c:\program files\DellSupport 2010-01-16 04:52 . 2006-03-09 20:33 -------- d-----w- c:\documents and settings\Cecilia\Application Data\McAfee.com Personal Firewall 2010-01-07 22:07 . 2009-12-28 04:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 22:07 . 2009-12-28 04:33 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-05 10:00 . 2004-08-04 11:00 832512 ------w- c:\windows\system32\wininet.dll 2010-01-05 10:00 . 2004-08-04 11:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-01-05 10:00 . 2004-08-04 11:00 17408 ----a-w- c:\windows\system32\corpol.dll 2009-12-31 03:54 . 2009-12-31 03:54 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit 2009-12-29 16:42 . 2009-12-29 16:42 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2009-12-29 16:42 . 2009-12-29 15:30 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-12-29 16:37 . 2009-12-29 16:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-12-29 15:29 . 2009-12-29 15:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com 2009-12-29 04:28 . 2009-12-29 04:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos 2009-12-29 00:28 . 2009-12-29 00:28 52224 ----a-w- c:\documents and settings\Keith\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2009-12-29 00:28 . 2009-12-28 20:59 117760 ----a-w- c:\documents and settings\Keith\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-12-28 20:58 . 2009-12-28 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-12-28 20:58 . 2009-12-28 20:58 -------- d-----w- c:\documents and settings\Keith\Application Data\SUPERAntiSpyware.com 2009-12-28 04:33 . 2009-12-28 04:33 -------- d-----w- c:\documents and settings\Keith\Application Data\Malwarebytes 2009-12-28 04:33 . 2009-12-28 04:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-12-26 16:18 . 2006-09-22 20:21 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-12-26 16:12 . 2006-09-22 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-12-26 15:47 . 2006-09-22 20:18 -------- d-----w- c:\documents and settings\Keith\Application Data\Lavasoft 2009-12-17 05:12 . 2009-12-17 05:12 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy) 2009-12-17 05:12 . 2009-12-17 05:12 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy) 2009-12-17 05:12 . 2009-12-17 05:12 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy) 2009-12-16 22:08 . 2009-12-16 22:08 -------- d-----w- c:\documents and settings\Keith\Application Data\Viewpoint 2009-12-11 13:41 . 2009-12-11 13:41 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AdobeUM 2009-11-21 16:36 . 2004-08-04 11:00 470528 ----a-w- c:\windows\AppPatch\aclayers.dll . ((((((((((((((((((((((((((((( SnapShot_2010-02-02_03.06.14 ))))))))))))))))))))))))))))))))))))))))) . + 2010-02-06 03:58 . 2010-02-06 03:58 16384 c:\windows\temp\Perflib_Perfdata_654.dat - 2010-02-01 03:57 . 2010-02-02 02:12 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2010-02-01 03:57 . 2010-02-06 03:41 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2009-09-21 05:17 . 2010-02-02 02:12 16384 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat + 2009-09-21 05:17 . 2010-02-06 03:41 16384 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat - 2010-02-01 03:57 . 2010-02-02 02:12 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat + 2010-02-03 03:13 . 2010-02-06 03:41 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat + 2010-02-06 04:06 . 2010-02-06 04:06 22528 c:\windows\Installer\6d538.msi + 2009-08-10 20:09 . 2009-08-10 20:09 17254912 c:\windows\Installer\6d5522.msp + 2009-08-10 20:09 . 2009-08-10 20:09 17254912 c:\windows\Installer\273318.msp . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-06 39408] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10b.exe" [2009-02-03 240544] c:\documents and settings\Darlene\Start Menu\Programs\Startup\ Greetings Workshop Reminders.lnk - c:\program files\Greetings Workshop\GWREMIND.EXE [1997-9-4 50688] c:\documents and settings\All Users\Start Menu\Programs\Startup\ America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2005-2-6 156784] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-2-6 24576] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2009-06-17 21:17 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe] 2009-10-29 12:54 1218008 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "McSysmon"=3 (0x3) "McShield"=2 (0x2) "McProxy"=2 (0x2) "McODS"=3 (0x3) "McNASvc"=2 (0x2) "mcmscsvc"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 9:54 PM 135664] --- Other Services/Drivers In Memory --- NewlyCreated - GUPDATE . Contents of the 'Scheduled Tasks' folder 2010-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 03:54] 2010-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 03:54] 2010-02-01 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2010-02-01 18:22] 2010-02-01 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2010-02-01 18:22] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.dell4me.com/myway uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html . - - - - ORPHANS REMOVED - - - - HKCU-Run-E6TaskPanel - c:\program files\EarthLink TotalAccess\TaskPanl.exe HKCU-Run-DellSupport - c:\program files\DellSupport\DSAgnt.exe HKLM-Run-DWQueuedReporting - c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe MSConfigStartUp-MPFExe - c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-05 22:19 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(648) c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll - - - - - - - > 'explorer.exe'(3748) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll . Completion time: 2010-02-05 22:22:47 ComboFix-quarantined-files.txt 2010-02-06 04:22 ComboFix2.txt 2010-02-02 03:10 ComboFix3.txt 2010-01-30 02:20 ComboFix4.txt 2010-01-28 22:56 ComboFix5.txt 2010-02-06 04:12 Pre-Run: 58,550,648,832 bytes free Post-Run: 58,554,617,856 bytes free Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4 - - End Of File - - 5DED2DD99E5675C327A00A0DD8DC5970 ************************************************************** **************************************************************** -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Saturday, February 6, 2010 Operating system: Microsoft Windows XP Home Edition Service Pack 2 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Saturday, February 06, 2010 14:02:35 Records in database: 3440093 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ Scan statistics: Objects scanned: 65260 Threats found: 0 Infected objects found: 0 Suspicious objects found: 0 Scan duration: 02:16:31 No threats found. Scanned area is clean. Selected area has been scanned.

syler View Member Profile	Feb 6 2010, 03:15 PM Post #30
Forum Addict Group: Malware Response Team Posts: 7,896 Joined: 7-November 07 From: Warrington, UK Member No.: 168,228	Hi, Your logs look fine to me now so here's the final clean up steps and prevention tips. Uninstall ComboFix Click START then RUN Now type Combofix /uninstall in the run box and click OK. Note the space between the X and the /, it needs to be there. Download and Run OTC We will now remove the tools we used during this fix using OTC. Download OTC by OldTimer and save it to your desktop. Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator Then Click the big button. You will get a prompt saying "Begin Cleanup Process". Please select Yes. Restart your computer when prompted. Congratulations! You now appear clean! Now that you are clean, please follow these simple steps in order to keep your computer clean and secure: Update Windows You don't have the latest service pack for windows, The service packs patch security vulnerabilities found in windows. You should keep these upto date to keep you protected against malware, that can take advantage of these security vulnerabilities to attack your system.The latest service pack is SP3, Click on Start >> All programs >> Windows update then select Express and allow it to install all updates including SP3. Note: If it prompts you to install an ActiveX control allow it to install it. Update your AntiVirus Software It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions. Make sure your applications have all of their updates It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates. Install a Firewall I can not stress how important it is that you use a third party Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. Windows firewall is good for blocking inbound connections but it does not block outbound connections. So if Malware manages to get onto your computer it will be able to send data out when it wants. Here are some free firewalls I would recomend, only install one of these. Zone Alarm comodo..........Note: Only Install the Firewall as a standalone if you already have an AntiVirus installed on your computer. After you install the third party firewall, please disable your Windows firewall. Please go to My Computer >> Control Panel >> Windows Firewall and choose Off (not recommended) option. Then click Apply and Ok. Install an AntiSpyware Program A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period. Other recommended, and free, AntiSpyware programs are Spybot - Search and Destroy and Ad-Aware Personal. Installing these programs will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software. Tutorials on using these programs can be found below: Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer Install SpywareBlaster SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A tutorial on installing & using this product can be found here: Using SpywareBlaster to protect your computer from Spyware and Malware Use MVPS hosts file Using a custom host file like the MVPS HOSTS file can help to block ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and even most hijackers. It doesn't use up any extra system resources and may even speed up the loading of web pages. You can download and find instructions below. http://www.mvps.org/winhelp2002/hosts.htm Update all these programs regularly Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. Follow this list and your potential for being infected again will reduce dramatically. Happy surfing Syler -------------------- If I have helped you, and you would like to make a donation to me, click here

« Next Oldest · Virus, Trojan, Spyware, and Malware Removal Logs · Next Newest »

3 Pages

< 1 2 3 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 9th September 2010 - 06:04 AM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides