Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Continual Reinfection, Can't Seem To Get Rid Of


  • This topic is locked This topic is locked
174 replies to this topic

#1 dmslack

dmslack

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 25 July 2008 - 04:46 PM

DSS Main Log:

Deckard's System Scanner v20071014.68
Run by george.slack on 2008-07-25 16:30:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
11: 2008-07-25 20:30:21 UTC - RP11 - Deckard's System Scanner Restore Point
10: 2008-07-25 19:20:25 UTC - RP10 - System Checkpoint
9: 2008-07-24 18:39:03 UTC - RP9 - System Checkpoint
8: 2008-07-23 17:45:24 UTC - RP8 - System Checkpoint
7: 2008-07-22 17:13:39 UTC - RP7 - Installed Symantec Technical Support Web Controls


-- First Restore Point --
1: 2008-07-16 03:25:43 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as george.slack.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:31, on 2008-07-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\HP OpenView\bin\ovspmd.exe
C:\Program Files\HP OpenView\bin\OVTrace.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\HP OpenView\bin\pmd.exe
C:\Program Files\HP OpenView\bin\ovsessionmgr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\HP OpenView\bin\ovrequestd.exe
C:\Program Files\HP OpenView\bin\genannosrvr.exe
C:\Program Files\HP OpenView\bin\ovalarmsrv.exe
C:\Program Files\HP OpenView\bin\ovactiond.exe
C:\Program Files\HP OpenView\bin\ovdbcheck.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\snmptrap.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\HP OpenView\bin\wpaagt.exe
C:\Program Files\HP OpenView\bin\snmpdm.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\VMware\VMware Workstation\hqtray.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\WebEx\Productivity Tools\PTIM.exe
C:\Program Files\WebEx\Productivity Tools\ptmsgfrm.exe
C:\PROGRA~1\HPOPEN~1\bin\ovdbrun.exe
C:\Program Files\WebEx\Productivity Tools\ptSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wcnonpek.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\george.slack\Desktop\Dawn\dss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\george.slack.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061219
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 202.165.102.205 972.aksjd11.com
O1 - Hosts: 202.165.102.205 w3og.cn
O1 - Hosts: 203.208.35.100 qazc.fourtw.cn
O1 - Hosts: 203.208.35.100 www.aujoy.cn
O1 - Hosts: 203.208.35.101 www.hao601.cn
O1 - Hosts: 203.208.35.101 www.psp476.cn
O1 - Hosts: 72.14.235.99 222.1212l112.net
O1 - Hosts: 72.14.235.99 444.1212l112.netn
O1 - Hosts: 72.14.235.99 555.1212l112.net
O1 - Hosts: 72.14.235.99 111.1212l112.net
O1 - Hosts: 65.55.21.250 111.3243l24.com
O1 - Hosts: 65.55.21.250 222.3243l24.com
O1 - Hosts: 65.55.21.250 333.3243l24.com
O1 - Hosts: 125.64.8.112 kao2.gmwo03.com
O1 - Hosts: 125.64.8.112 kao.gmwo06.com
O1 - Hosts: 125.64.8.112 444.gmwo07.com
O1 - Hosts: 116.252.185.15 ru.update365.us
O1 - Hosts: 116.252.185.15 ad.update365.us
O1 - Hosts: 207.46.232.182 popmails.net
O1 - Hosts: 203.208.37.99 3.goodhh.com
O1 - Hosts: 220.181.37.55 down.rwixr.com
O1 - Hosts: 160.79.42.52 www.xdj2008.com
O1 - Hosts: 63.175.76.152 www.revtr.cn
O1 - Hosts: 219.133.40.91 qq.ljsll.com
O1 - Hosts: 203.208.35.102 www.aassccwe.cn
O1 - Hosts: 209.132.177.50 973.aksjd11.com
O1 - Hosts: 209.132.177.50 974.aksjd11.com
O1 - Hosts: 209.132.177.50 971.aksjd11.com
O1 - Hosts: 209.132.177.50 975.aksjd11.com
O1 - Hosts: 72.14.235.104 user1.12-39.net
O1 - Hosts: 72.14.235.147 www.infomt.net
O1 - Hosts: 192.150.18.101 ata1.sysions.net
O1 - Hosts: 192.150.18.101 ata2.sysions.net
O1 - Hosts: 192.150.18.101 ata3.sysions.net
O1 - Hosts: 192.150.18.101 ata4.sysions.net
O1 - Hosts: 193.120.42.226 8nnnnn99.cn
O1 - Hosts: 24.39.54.34 www.haoaoao.cn
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [3PMmUpdate] rundll32 "C:\WINDOWS\Update.dll",Main
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PTIM.exe] C:\Program Files\WebEx\Productivity Tools\PTIM.exe
O4 - HKCU\..\Run: [ptmsgfrm.exe] C:\Program Files\WebEx\Productivity Tools\ptmsgfrm.exe
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {80947ADC-151D-490B-87F1-7C8CE1B46220} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Start WebEx One-Click Meeting - {80947ADC-151D-490B-87F1-7C8CE1B46220} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (HKCU)
O9 - Extra 'Tools' menuitem: Start WebEx One-Click Meeting - {80947ADC-151D-490B-87F1-7C8CE1B46220} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O15 - Trusted Zone: http://*.intelliden-demo
O15 - Trusted Zone: http://intelliden-demo.intelliden.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab
O16 - DPF: {5879B3B0-566E-4ECB-9B77-9A8A5E62AAB8} - http://www.blackberry.com/DST2007/patch/de...teLoaderUSB.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1208281057071
O16 - DPF: {85BA505F-FD01-4A91-836C-F7D502E89C9A} (Image Uploader Control) - http://www.evite.com/html/imageUpload/ImageUploader4.cab
O16 - DPF: {9C3497D6-ED98-11D0-9647-00C04FD9B15B} (WMI Login Control) - file://C:\DOCUME~1\GEORGE~1.SLA\LOCALS~1\Temp\wbemtool.cab
O16 - DPF: {CB97291A-6603-466A-AA11-80C2EB74CB10} (CoxSelfInstallAx10 Control) - https://install.cox.net/CoxSelfInstall/CoxS...InstallAx10.ocx
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://intelliden.webex.com/client/T25L/webex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = intelliden.net
O17 - HKLM\Software\..\Telephony: DomainName = intelliden.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = intelliden.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = chi.tecnet,tecnet,chi.tecnet,tecnet,chi.tecnet,tecnet,priv.red.telefonica-wholesale.net,red.telefonica-wholesale.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = chi.tecnet,tecnet,chi.tecnet,tecnet,chi.tecnet,tecnet,priv.red.telefonica-wholesale.net,red.telefonica-wholesale.net
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: ezcron.dll longasus.dll myasemt.dll woswelc.dll caotxb.dll comremo.dll googleons.dll welycz.dll jsnoer.dll theralte.dll joliom.dll wcnonpe.dll myusemt.dll comrsdo.dll tennfs.dll mssetd.dll
O21 - SSODL: DesktopWin - {DA191DE0-AA86-4ED0-4B87-292A3D48BE99} - C:\WINDOWS\AppPatch\DesktopWin.dll
O21 - SSODL: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll (file missing)
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - PCTEL - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: SNMP EMANATE Master Agent (EMANATE) - Unknown owner - C:\Program Files\HP OpenView\bin\snmpdm.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP OpenView NNM Embedded DB - Solid Information Technology - C:\PROGRA~1\HPOPEN~1\bin\ovdbrun.exe
O23 - Service: HP OpenView Process Manager - Unknown owner - C:\Program Files\HP OpenView\bin\ovspmd.exe
O23 - Service: HP OpenView Trace Service (HPOVTrace) - Hewlett-Packard - C:\Program Files\HP OpenView\bin\OVTrace.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSSQL$OVOPS - Unknown owner - C:\Program Files\HP OpenView\MSSQL$OVOPS\Binn\sqlservr.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: SQLAgent$OVOPS - Unknown owner - C:\Program Files\HP OpenView\MSSQL$OVOPS\Binn\sqlagent.EXE (file missing)
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: WLSforIntelliden - Unknown owner - C:\icos\bea\WEBLOG~1\server\bin\beasvc.exe (file missing)
O23 - Service: SNMP EMANATE Adapter for NT (wpa) - Unknown owner - C:\Program Files\HP OpenView\bin\wpaagt.exe

--
End of file - 20762 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080614-203949-406 O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 SysPlant (SysPlant for NT) - c:\windows\system32\drivers\sysplant.sys <Not Verified; Symantec Corporation; Symantec CMC Firewall>
R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R1 tcpipBM (Bytemobile Kernel Network Provider) - c:\windows\system32\drivers\tcpipbm.sys <Not Verified; Bytemobile, Inc.; Bytemobile Optimization Client>
R1 Tosrfcom (Bluetooth RFCOMM from TOSHIBA) - c:\windows\system32\drivers\tosrfcom.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFCOMM Driver>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 tosporte (Bluetooth Port Driver from Toshiba) - c:\windows\system32\drivers\tosporte.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth Port Emulation Driver>
R3 Tosrfbd (Bluetooth RFBUS from TOSHIBA) - c:\windows\system32\drivers\tosrfbd.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth BUS Driver(WindowsXP,Windows2000)>
R3 Tosrfbnp (Bluetooth RFBNEP from TOSHIBA) - c:\windows\system32\drivers\tosrfbnp.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFBNEP Driver from TOSHIBA>
R3 Tosrfhid (Bluetooth RFHID from TOSHIBA) - c:\windows\system32\drivers\tosrfhid.sys <Not Verified; TOSHIBA Corporation.; Bluetooth HID Driver from TOSHIBA>
R3 tosrfnds (Bluetooth Personal Area Network from TOSHIBA) - c:\windows\system32\drivers\tosrfnds.sys <Not Verified; TOSHIBA Corporation.; Bluetooth BNEP Driver from TOSHIBA>
R3 Tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys <Not Verified; TOSHIBA CORPORATION; Microsoft® Windows NT® Operating System>

S3 CSVirtA (Cisco Systems SSL VPN Adapter) - c:\windows\system32\drivers\csvirta.sys (file missing)
S3 DSproct - c:\program files\dell support\gtaction\triggers\dsproct.sys <Not Verified; GTek Technologies Ltd.; processt>
S3 eth8023 - c:\windows\system32\drivers\eth8023.sys (file missing)
S3 MBAMCatchMe - c:\windows\system32\drivers\mbamcatchme.sys (file missing)
S3 NPF (NetGroup Packet Filter Driver) - c:\windows\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
S3 RimUsb (BlackBerry Device) - c:\windows\system32\drivers\rimusb.sys (file missing)
S3 toshidpt (TOSHIBA Bluetooth HID port driver) - c:\windows\system32\drivers\toshidpt.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Bluetooth HID Mini Port Driver>
S3 TosRfSnd (Bluetooth Audio Device (WDM) from TOSHIBA) - c:\windows\system32\drivers\tosrfsnd.sys <Not Verified; TOSHIBA Corporation; Bluetooth Audio Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 bmwebcfg (Bytemobile Web Configurator) - "c:\windows\system32\bmwebcfg.exe" <Not Verified; Bytemobile, Inc.; Bytemobile Optimization Client>
R2 DataSvr2 - "c:\program files\wave systems corp\common\dataserver.exe" <Not Verified; Wave Systems Corp.; Authentication Manager>
R2 EMANATE (SNMP EMANATE Master Agent) - c:\program files\hp openview\bin\snmpdm.exe
R2 HP OpenView Process Manager - "c:\program files\hp openview\bin\ovspmd.exe"
R2 HPOVTrace (HP OpenView Trace Service) - c:\program files\hp openview\bin\ovtrace.exe <Not Verified; Hewlett-Packard; Openview Cross Platform Library>
R2 NICCONFIGSVC - c:\program files\dell\quickset\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>
R2 WLANKEEPER (Intel® PROSet/Wireless SSO Service) - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel Corporation; SSO Service>
R2 wpa (SNMP EMANATE Adapter for NT) - c:\program files\hp openview\bin\wpaagt.exe
R3 HP OpenView NNM Embedded DB - c:\progra~1\hpopen~1\bin\ovdbrun.exe -sstart -cc:\progra~1\hpopen~1\databa~1\analysis\default -n "hp openview nnm embedded db" <Not Verified; Solid Information Technology; Solid Embedded Engine>

S2 MSSQL$OVOPS - c:\program files\hp openview\mssql$ovops\binn\sqlservr.exe -sovops (file missing)
S2 tcsd_win32.exe (NTRU Hybrid TSS v2.0.25 TCS) - "c:\program files\ntru cryptosystems\ntru hybrid tss v2.0.25\bin\tcsd_win32.exe"
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "c:\program files\winpcap\rpcapd.exe" -d -f "c:\program files\winpcap\rpcapd.ini" <Not Verified; CACE Technologies; Remote Packet Capture Daemon>
S3 SQLAgent$OVOPS - c:\program files\hp openview\mssql$ovops\binn\sqlagent.exe -i ovops (file missing)
S3 WLSforIntelliden - c:\icos\bea\weblog~1\server\bin\beasvc.exe (file missing)
S4 Bluetooth Hid Switch Service - "c:\program files\bluetooth\hidswitchservice\hidsw.exe" <Not Verified; Cambridge Silicon Radio; HID Switch Service>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA


-- Scheduled Tasks -------------------------------------------------------------

2008-04-28 08:47:44 314 --ah----- C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job


-- Files created between 2008-06-25 and 2008-07-25 -----------------------------

2008-07-25 05:54:44 11264 --a------ C:\WINDOWS\system32\wcnonpek.exe
2008-07-23 21:48:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-23 21:29:36 0 dr-h----- C:\Documents and Settings\george.slack\Recent
2008-07-23 21:15:04 0 d-------- C:\Program Files\CCleaner
2008-07-23 09:23:27 249856 --a------ C:\WINDOWS\Update.dll
2008-07-22 13:45:39 36864 --a------ C:\WINDOWS\system32\mssetd.dll
2008-07-22 13:45:05 24576 --a------ C:\WINDOWS\system32\tennfs.dll
2008-07-22 13:43:45 24576 --a------ C:\WINDOWS\system32\comrsdo.dll
2008-07-22 13:40:20 24576 --a------ C:\WINDOWS\system32\myusemt.dll
2008-07-22 12:36:58 24576 --a------ C:\WINDOWS\system32\wcnonpe.dll
2008-07-21 19:10:06 24576 --a------ C:\WINDOWS\system32\joliom.dll
2008-07-21 19:09:39 24576 --a------ C:\WINDOWS\system32\jsnoer.dll
2008-07-21 19:09:25 28672 --a------ C:\WINDOWS\system32\welycz.dll
2008-07-21 19:09:24 24576 --a------ C:\WINDOWS\system32\googleons.dll
2008-07-21 19:08:49 243712 --ah----- C:\WINDOWS\system32\tdfhex.dll
2008-07-21 19:08:16 268800 --ah----- C:\WINDOWS\system32\ddserh.dll
2008-07-21 19:07:57 265216 --ah----- C:\WINDOWS\system32\wzcfsw.dll
2008-07-21 17:29:46 0 d-------- C:\Documents and Settings\george\Application Data\Lavasoft
2008-07-21 17:20:16 0 d-------- C:\Documents and Settings\george\Application Data\Identities
2008-07-21 17:20:16 0 d--h----- C:\Documents and Settings\george\Application Data\Gtek
2008-07-21 17:20:15 0 dr-h----- C:\Documents and Settings\george\SendTo
2008-07-21 17:20:15 0 dr-h----- C:\Documents and Settings\george\Recent
2008-07-21 17:20:15 0 d--h----- C:\Documents and Settings\george\PrintHood
2008-07-21 17:20:15 0 d--h----- C:\Documents and Settings\george\NetHood
2008-07-21 17:20:15 0 dr------- C:\Documents and Settings\george\My Documents
2008-07-21 17:20:15 0 d--h----- C:\Documents and Settings\george\Local Settings
2008-07-21 17:20:15 0 dr------- C:\Documents and Settings\george\Favorites
2008-07-21 17:20:15 0 d-------- C:\Documents and Settings\george\Desktop
2008-07-21 17:20:15 0 d--hs---- C:\Documents and Settings\george\Cookies
2008-07-21 17:20:15 0 dr-h----- C:\Documents and Settings\george\Application Data
2008-07-21 17:20:15 0 d---s---- C:\Documents and Settings\george\Application Data\Microsoft
2008-07-21 17:20:15 0 d-------- C:\Documents and Settings\george\Application Data\Macromedia
2008-07-21 17:20:15 0 d-------- C:\Documents and Settings\george\Application Data\Intel
2008-07-21 17:20:14 0 d--h----- C:\Documents and Settings\george\Templates
2008-07-21 17:20:14 0 dr------- C:\Documents and Settings\george\Start Menu
2008-07-21 17:20:14 1048576 --ah----- C:\Documents and Settings\george\NTUSER.DAT
2008-07-21 10:16:07 24576 --a------ C:\WINDOWS\system32\theralte.dll
2008-07-19 21:45:08 28672 --a------ C:\WINDOWS\system32\woswelc.dll
2008-07-19 21:44:57 240128 --ah----- C:\WINDOWS\system32\fmcvxy.dll
2008-07-19 21:44:12 14336 --a------ C:\WINDOWS\system32\ezcronk.exe
2008-07-19 21:44:12 36864 --a------ C:\WINDOWS\system32\ezcron.dll
2008-07-15 23:30:05 0 d-------- C:\cmdcons
2008-07-15 23:25:17 68096 --a------ C:\WINDOWS\zip.exe
2008-07-15 23:25:17 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-15 23:25:17 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-15 23:25:17 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-15 23:25:17 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-15 23:25:17 98816 --a------ C:\WINDOWS\sed.exe
2008-07-15 23:25:17 80412 --a------ C:\WINDOWS\grep.exe
2008-07-15 23:25:17 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-15 14:53:44 0 dr------- C:\Documents and Settings\philip\Favorites
2008-07-15 14:53:44 0 d-------- C:\Documents and Settings\philip\Desktop
2008-07-15 14:53:44 0 d--hs---- C:\Documents and Settings\philip\Cookies
2008-07-15 14:53:44 0 dr-h----- C:\Documents and Settings\philip\Application Data
2008-07-15 14:53:44 0 d---s---- C:\Documents and Settings\philip\Application Data\Microsoft
2008-07-15 14:53:44 0 d-------- C:\Documents and Settings\philip\Application Data\Macromedia
2008-07-15 14:53:44 0 d-------- C:\Documents and Settings\philip\Application Data\Intel
2008-07-15 14:53:44 0 d-------- C:\Documents and Settings\philip\Application Data\Identities
2008-07-15 14:53:44 0 d--h----- C:\Documents and Settings\philip\Application Data\Gtek
2008-07-15 14:53:43 0 d--h----- C:\Documents and Settings\philip\Templates
2008-07-15 14:53:43 0 dr------- C:\Documents and Settings\philip\Start Menu
2008-07-15 14:53:43 0 dr-h----- C:\Documents and Settings\philip\SendTo
2008-07-15 14:53:43 0 dr-h----- C:\Documents and Settings\philip\Recent
2008-07-15 14:53:43 0 d--h----- C:\Documents and Settings\philip\PrintHood
2008-07-15 14:53:43 0 d--h----- C:\Documents and Settings\philip\NetHood
2008-07-15 14:53:43 0 dr------- C:\Documents and Settings\philip\My Documents
2008-07-15 14:53:43 0 d--h----- C:\Documents and Settings\philip\Local Settings
2008-07-15 14:53:42 1048576 --ah----- C:\Documents and Settings\philip\NTUSER.DAT
2008-07-11 10:15:31 20 --a------ C:\WINDOWS\system32\ladyapaw.sys
2008-07-09 11:47:36 0 d-------- C:\Documents and Settings\admin.philip\Application Data\Lavasoft
2008-07-09 11:40:54 0 d-------- C:\Documents and Settings\admin.philip\Application Data\Adobe
2008-07-09 11:38:28 0 d-------- C:\Documents and Settings\admin.philip\Application Data\WinRAR
2008-07-09 11:37:38 0 d-------- C:\Program Files\Lavasoft
2008-07-09 11:37:15 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-09 11:34:45 0 d-------- C:\Documents and Settings\admin.philip\Application Data\Google
2008-07-06 12:30:15 36 --a------ C:\WINDOWS\system32\qbhxaklo.sys
2008-07-02 14:25:39 0 d-------- C:\Documents and Settings\george.slack\.housecall6.6
2008-07-02 14:06:16 286720 --a------ C:\WINDOWS\system32\wxvault.dll <Not Verified; ; wxvault Dynamic Link Library>
2008-07-02 11:08:42 0 d-------- C:\Documents and Settings\george.slack\Application Data\Malwarebytes
2008-07-02 11:08:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-02 11:08:38 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-28 14:56:10 24 --a------ C:\WINDOWS\system32\ngjxakin.sys
2008-06-28 14:55:25 28672 --a------ C:\WINDOWS\system32\qflxs.dll
2008-06-28 14:54:31 10752 --a------ C:\WINDOWS\system32\mrsingdk.exe
2008-06-28 14:54:25 24576 --a------ C:\WINDOWS\system32\mrsingd.dll


-- Find3M Report ---------------------------------------------------------------

2008-07-24 13:18:17 0 d-------- C:\Documents and Settings\george.slack\Application Data\VMware
2008-07-23 19:08:15 0 d-------- C:\Program Files\Trillian
2008-07-22 13:13:48 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-21 19:57:39 0 d-------- C:\Documents and Settings\george.slack\Application Data\Canon
2008-07-21 10:12:58 0 d-------- C:\Documents and Settings\george.slack\Application Data\Lavasoft
2008-07-09 11:37:15 0 d-------- C:\Program Files\Common Files
2008-07-02 13:43:35 0 d-------- C:\Program Files\Broadcom
2008-07-02 13:43:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-02 13:43:13 0 d-------- C:\Program Files\Wave Systems Corp
2008-06-24 18:54:36 0 d-------- C:\Documents and Settings\george.slack\Application Data\Skype
2008-06-24 18:21:50 0 d-------- C:\Documents and Settings\george.slack\Application Data\skypePM
2008-06-20 20:22:31 0 d-------- C:\Program Files\Cisco Systems
2008-06-19 12:13:58 0 d-------- C:\Documents and Settings\george.slack\Application Data\U3
2008-06-13 15:20:53 0 d-------- C:\Program Files\Trend Micro
2008-06-13 11:32:40 0 d-------- C:\Program Files\Xming
2008-06-13 11:26:19 0 d-------- C:\Program Files\MSBuild
2008-06-13 11:26:03 0 d-------- C:\Program Files\Reference Assemblies
2008-06-11 14:14:21 36944 --a------ C:\WINDOWS\system32\stcevent.dll <Not Verified; Cisco Systems, Inc.; SSL VPN Client>
2008-06-11 07:14:18 0 d-------- C:\Documents and Settings\george.slack\Application Data\AVGTOOLBAR
2008-06-11 07:05:52 0 d-------- C:\Program Files\Winamp
2008-06-10 19:53:05 0 d-------- C:\Program Files\AVG
2008-06-10 08:39:31 0 d-------- C:\Program Files\Windows Media Connect 2
2008-06-07 07:42:17 0 d-------- C:\Documents and Settings\george.slack\Application Data\Adobe
2008-06-06 16:33:09 376832 --a------ C:\WINDOWS\system32\AegisI5Installer.exe <Not Verified; ; AegisInstall Application>
2008-06-06 16:28:57 0 d-------- C:\Documents and Settings\george.slack\Application Data\Intel
2008-06-05 10:46:19 0 d-------- C:\Program Files\Java
2008-06-03 13:37:55 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-03 13:37:41 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-15 07:51:02 15787 --a------ C:\WINDOWS\system32\productregistry
2008-05-11 08:00:29 49152 --a------ C:\Documents and Settings\george.slack\Application Data\olkupres.dll <Not Verified; WebEx; OlkUpRes Module>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-12-13 12:49 1185120 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{97421D0D-E07F-40DF-8F07-99597B9585AD}]
C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 12:49 1185120]

[-HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 14:13]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 18:44]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 18:41]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 18:45]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 18:30 C:\WINDOWS\stsystra.exe]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 07:20]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 18:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 18:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28]
"AT&T Communication Manager"="C:\Program Files\AT&T\Communication Manager\ATTCM.exe" [2007-10-18 12:08]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-12-12 15:41]
"vmware-tray"="C:\Program Files\VMware\VMware Workstation\vmware-tray.exe" [2008-03-03 20:10]
"VMware hqtray"="C:\Program Files\VMware\VMware Workstation\hqtray.exe" [2008-03-03 20:10]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 12:13]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2008-03-04 14:41]
"3PMmUpdate"="C:\WINDOWS\Update.dll" [2008-07-24 16:50]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 18:53]
"PTIM.exe"="C:\Program Files\WebEx\Productivity Tools\PTIM.exe" [2008-04-29 16:56]
"ptmsgfrm.exe"="C:\Program Files\WebEx\Productivity Tools\ptmsgfrm.exe" [2008-04-29 15:59]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Communicator"="C:\Program Files\Microsoft Office Communicator\Communicator.exe"
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-11-18 19:46:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{73AE86E6-7F03-4C3B-8980-FB1DA157D3C7}"= C:\WINDOWS\system32\fmcvxy.dll [2008-07-23 17:39 240128]
"{28766E1C-74B0-4417-8C75-F12AE309EF35}"= C:\WINDOWS\system32\wzcfsw.dll [2008-07-21 19:07 265216]
"{A9895933-6636-4281-BC58-EE6DE2AF96E3}"= C:\WINDOWS\system32\ddserh.dll [2008-07-23 17:33 268800]
"{0B846B26-BFE6-4E8E-A948-1DB17B77B483}"= C:\WINDOWS\system32\tdfhex.dll [2008-07-23 17:41 243712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"DesktopWin"= {DA191DE0-AA86-4ED0-4B87-292A3D48BE99} - C:\WINDOWS\AppPatch\DesktopWin.dll [2008-07-09 14:20 14336]
"ThunderAdvise"= {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=ezcron.dll longasus.dll myasemt.dll woswelc.dll caotxb.dll comremo.dll googleons.dll welycz.dll jsnoer.dll theralte.dll joliom.dll wcnonpe.dll myusemt.dll comrsdo.dll tennfs.dll mssetd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 wvauth

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EMBASSY Trust Suite Secure Update.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EMBASSY Trust Suite Secure Update.lnk
backup=C:\WINDOWS\pss\EMBASSY Trust Suite Secure Update.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=C:\WINDOWS\pss\VPN Client.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
C:\Program Files\NetWaiting\netWaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##csodc02#Project#acrobat]
AutoRun\command- Z:\Autoplay.exe -auto

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5bbf262-66b8-11dc-887d-00188ba65bac}]
AutoRun\command- E:\PortableRoboForm.exe
RoboForm2Go\command- E:\PortableRoboForm.exe




-- Hosts -----------------------------------------------------------------------

202.165.102.205 972.aksjd11.com
202.165.102.205 w3og.cn
203.208.35.100 qazc.fourtw.cn
203.208.35.100 www.aujoy.cn
203.208.35.101 www.hao601.cn
203.208.35.101 www.psp476.cn
72.14.235.99 222.1212l112.net
72.14.235.99 444.1212l112.netn
72.14.235.99 555.1212l112.net
72.14.235.99 111.1212l112.net

8578 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-25 16:33:07 ------------


-------------------------------------------------------------------------------


DSS Extra Log:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU T7200 @ 2.00GHz
CPU 1: Intel® Core™2 CPU T7200 @ 2.00GHz
Percentage of Memory in Use: 27%
Physical Memory (total/avail): 3318.05 MiB / 2393.88 MiB
Pagefile Memory (total/avail): 5201.56 MiB / 4355.47 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1908.62 MiB

C: is Fixed (NTFS) - 93.09 GiB total, 40.55 GiB free.
D: is CDROM (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Hitachi HTS721010G9SA00 - 93.16 GiB - 2 partitions
\PARTITION0 - Unknown - 70.57 MiB
\PARTITION1 (bootable) - Installable File System - 93.09 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Symantec Endpoint Protection v10.0 (Symantec Corporation.)
AV: Symantec Endpoint Protection v11.0.777.1008 (Symantec Corporation) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office Communicator\\communicator.exe"="C:\\Program Files\\Microsoft Office Communicator\\communicator.exe:*:Enabled:Communicator"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\WINDOWS\\system32\\ftp.exe"="C:\\WINDOWS\\system32\\ftp.exe:*:Enabled:File Transfer Program"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client\\SmartFTP.exe:*:Enabled:SmartFTP Client"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"="C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe:*:Enabled:SMC Service"
"C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"="C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE:*:Enabled:SNAC Service"
"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"="C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe:*:Enabled:Symantec Email"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office Communicator\\communicator.exe"="C:\\Program Files\\Microsoft Office Communicator\\communicator.exe:*:Enabled:Microsoft Office Communicator 2005"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Trillian\\trillian.exe"="C:\\Program Files\\Trillian\\trillian.exe:*:Enabled:Trillian"
"C:\\Program Files\\HP OpenView\\bin\\ovw.exe"="C:\\Program Files\\HP OpenView\\bin\\ovw.exe:*:Enabled:HP OpenView Network Node Manager"
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\george.slack\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=NCILGSL
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\george.slack
JAVA_HOME=C:\icos\jdk
LOGONSERVER=\\CSODC01
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn;C:\PROGRA~1\DATACO~1\DCDIRE~1\bin;C:\Program Files\Perforce;C:\Program Files\HP OpenView\bin;C:\Sun\AppServer\bin;C:\icos\bin;C:\icos\bin;%ANT_HOME%\bin;C:\icos\jdk\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Wave Systems Corp\Dell Preboot Manager\Access Client\v5\;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\PROGRA~1\DATACO~1\DCDIRE~1\bin;C:\Program Files\Perforce;C:\icos\bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\GEORGE~1.SLA\LOCALS~1\Temp
TMP=C:\DOCUME~1\GEORGE~1.SLA\LOCALS~1\Temp
USERDNSDOMAIN=INTELLIDEN.NET
USERDOMAIN=INTELLIDEN
USERNAME=george.slack
USERPROFILE=C:\Documents and Settings\george.slack
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

george.slack (admin)
admin.philip (admin)
Administrator.INTELLIDEN (admin)
temp (new local, admin)
icosuser (admin)
icosuser.NCILGSL (admin)
george (new local, admin, net ready)
philip (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> MsiExec.exe /I{9579E862-5FC7-4337-B1CC-5E37451524C5}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 8 Standard --> msiexec /I {AC76BA86-1033-0000-BA7E-000000000003}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
ALPS Touch Pad Driver --> C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
AT&T Communication Manager --> MsiExec.exe /X{A81BFA08-5D4C-4D4C-ACEF-BF558C70D99D}
Bluetooth Stack for Windows by Toshiba --> MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Boson NetSim for CCNP 7.0 --> C:\Program Files\InstallShield Installation Information\{8C1BC366-81DD-4050-B2DC-88287C90E915}\setup.exe -runfromtemp -l0x0409
Broadcom Advanced Control Suite --> MsiExec.exe /X{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
Broadcom TPM Driver Installer --> MsiExec.exe /X{35748B06-FCFC-4700-8285-DAD41689E4FE}
Canon MF Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01B93B3A-283F-411B-A648-69CABCACC986}\Setup.exe" -l0x9 -Uninstall
Canon MF Toolbox 4.7.0.0.mf04 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{132CA5D9-C745-4B0B-A3B2-8C7A6EC3EE7E}\Setup.exe" -l0x9 -Uninstall
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Cisco Press CCNA INTRO Test --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{C8BBB2A2-6A4F-46B8-9EEE-76B1C0D2091F}
Cisco Systems VPN Client 4.8.02.0010 --> MsiExec.exe /X{176130BC-99A1-41FE-A78B-56045E33AD70}
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HDA D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
Dell Embassy Trust Suite by Wave Systems --> C:\WINDOWS\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\Installer.exe
Dell Support 3.2.1 --> MsiExec.exe /X{CEE2252C-4035-4B27-8EC6-0B085DD3A413}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Driver Installer --> MsiExec.exe /X{753D852A-D86D-42C9-9978-40AE66FB8985}
EMBASSY Trust Suite by Wave Systems --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1802FA6-54E9-4B24-BD2A-B50866819795}\setup.exe" -l0x9
Ethereal 0.99.0 --> "C:\Program Files\Ethereal\uninstall.exe"
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Photos Screensaver --> MsiExec.exe /X{481E9852-DA0C-403B-ADA4-05D86C8BF9A9}
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
hp OpenView AutoPass --> MsiExec.exe /I{8B7C5096-DE75-4F2B-9C42-4E3FFB029371}
HP OpenView Event Correlation Services --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\HP OpenView\OVECS.isu" -c"C:\Program Files\HP OpenView\bin\ecsrununinst.dll"
HP OpenView Network Node Manager --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\HP OpenView\OVNNMRT.isu" -cC:\WINDOWS\system32\NMUnInst.dll
HP Openview NNM Advanced Edition Device Support for 3Com --> MsiExec.exe /I{9234BBDE-2381-481E-9033-EA8E476BE764}
HP Openview NNM Advanced Edition Device Support for Alcatel --> MsiExec.exe /I{2A4E7AE5-2388-4DAD-94DA-E814CCCCD781}
HP Openview NNM Advanced Edition Device Support for CDP --> MsiExec.exe /I{8F92EFBA-6570-43B6-BC01-EAFEDA5D96C8}
HP Openview NNM Advanced Edition Device Support for Cisco --> MsiExec.exe /I{43F2E44B-ED0D-4420-9D54-A2B294A85E12}
HP Openview NNM Advanced Edition Device Support for EDP --> MsiExec.exe /I{BD20F539-CDF6-4173-B38D-CB1B58AE8890}
HP Openview NNM Advanced Edition Device Support for Extreme --> MsiExec.exe /I{3C73F550-8C5E-45A5-AB1D-91BC75A09C19}
HP Openview NNM Advanced Edition Device Support for HP Procurve --> MsiExec.exe /I{599502BD-D4EC-42CA-BC5F-14C39F9B38A5}
HP Openview NNM Advanced Edition Device Support for Nortel Bay --> MsiExec.exe /I{77164A0F-74BC-4889-A5FF-E0CEBD782341}
HP Openview NNM Advanced Edition Device Support for Nortel Passport --> MsiExec.exe /I{29E26932-C320-454F-B582-BBC1A42C0D0D}
HP OpenView NNM Lcore Dependencies --> MsiExec.exe /I{A4DAF021-74C8-4B41-A2FB-2329A092FA5D}
HP OpenView XPL Package --> MsiExec.exe /I{7C004513-7957-406A-A3E7-1427D61D8BFD}
HP OpenView XPL Package Java Extensions --> MsiExec.exe /I{B5E01C35-D5F0-46D6-A7D1-4428E947F650}
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java 2 Platform, Enterprise Edition 1.4 SDK --> "C:\Sun\AppServer\uninstall.exe" -javahome "C:\Sun\AppServer\jdk"
Java 2 Runtime Environment, SE v1.4.2_02 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142020}
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Kiwi Syslog Daemon 8.2.8 (Standard Edition) --> "C:\Program Files\Syslogd\uninst-Syslogd.exe"
LiveUpdate 3.3 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Communicator 2005 --> MsiExec.exe /X{BE5AD430-9E0C-4243-AB3F-593835869855}
Microsoft Office Live Meeting 2005 --> MsiExec.exe /I{AB6972B2-CF5D-4CC8-AF4F-B5D6888AB120}
Microsoft Office Outlook 2003 with Business Contact Manager Update --> MsiExec.exe /I{BA68600E-96D9-4E92-80F2-26B9681B5A63}
Microsoft Office Project Professional 2003 --> MsiExec.exe /I{903B0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Small Business Edition 2003 --> MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Professional 2003 --> MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server Desktop Engine (OVOPS) --> MsiExec.exe /X{689404D2-1C94-44B3-9203-BEC5594FDA7A}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (2.0.0.16) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSCfg --> MsiExec.exe /I{829CD169-E692-48E8-9BDE-A3E8D8B65538}
mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
My WebEx Integration to Outlook --> MsiExec.exe /I{E2D7EA0E-0ABB-4D56-8E15-F94AF24272AC}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Nokia Connectivity Adapter Cable DKU-5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1BA3CD5-89DC-4273-8603-A75F33E9B335}\Setup.exe" -l0x9
NTRU Hybrid TSS v2.0.25 --> MsiExec.exe /I{0BA2A0BA-7F4D-4B7B-AE94-5F0233AC8A5A}
Packet Tracer 4.1 --> "C:\Program Files\Packet Tracer 4.1\unins000.exe"
PBCM --> C:\WINDOWS\system32\javaws.exe -uninstall -prompt "http://tpm1.chi.tecnet:7003/webstart/cmui.jnlp"
Perforce P4Win Components --> "C:\Program Files\Perforce\up4winst.exe"
Perforce Server Components --> "C:\Program Files\Perforce\uperforce.exe"
PowerDVD 5.7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickSet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
R-Series - Administrative --> C:\WINDOWS\system32\javaws.exe -uninstall -prompt "http://demosystem:7001/soap/profiles/admin.jnlp"
ReadyConference Plus Outlook Add-in --> MsiExec.exe /I{150FD07D-7F54-46AE-9373-161F0099D7F0}
Roxio DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Salesforce Outlook Edition 2.0 --> MsiExec.exe /X{38B1A0DF-8889-464D-95C0-F8715E79F640}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SmartFTP Client --> MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Symantec Endpoint Protection --> MsiExec.exe /I{FB8A4E30-9915-4814-ADF9-42E00D9FDC3D}
Symantec Technical Support Web Controls --> MsiExec.exe /X{20C53FA2-4307-4671-A93F-9463B29DFCF1}
TightVNC 1.3.9 --> "C:\Program Files\TightVNC\unins000.exe"
Time Zone Data Update Tool for Microsoft Office Outlook --> MsiExec.exe /X{95120000-0038-0409-0000-0000000FF1CE}
Trillian --> C:\Program Files\Trillian\trillian.exe /uninstall
upekmsi --> MsiExec.exe /I{D648B20B-A789-407E-8CA4-9BDDBBE342C8}
URL Assistant --> regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
Versal FileDownload ActiveX Control Trial Version --> C:\Program Files\Universal\UFileDownloadD\USetup.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
VMware Workstation --> MsiExec.exe /I{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}
Wave Infrastructure Installer --> MsiExec.exe /I{F2B8F8EE-4811-4A28-9305-6640CD007115}
WebEx --> C:\PROGRA~1\MOZILL~1\plugins\atcliun.exe
WebEx Productivity Tools --> MsiExec.exe /X{C6896059-E55C-4404-A042-60786039E1B3}
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Winamp Toolbar for Internet Explorer --> "C:\Program Files\Winamp Toolbar\uninstall.exe"
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinPcap 3.1 --> C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinSCP 4.0.4 --> "C:\Program Files\WinSCP\unins000.exe"
WordReferenceEnEs --> regsvr32 /u /s "C:\Program Files\WordReferenceEnEs\wordreferenceEnEs.dll"
Xming 6.9.0.31 --> "C:\Program Files\Xming\unins000.exe"
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type37940 / Warning
Event Submitted/Written: 07/23/2008 07:42:23 PM
Event ID/Source: 1003 / EvntAgnt
Event Description:
TraceFileName parameter not located in registry;
Default trace file used is .

Event Record #/Type37939 / Error
Event Submitted/Written: 07/23/2008 04:02:22 PM
Event ID/Source: 46 / Symantec AntiVirus
Event Description:
Security Risk Found!W32.Almanahe.B in File: C:\Documents and Settings\george.slack\Local Settings\Temporary Internet Files\Content.IE5\3E3AAKLQ\B[1].gif by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file was deleted successfully.

Event Record #/Type37937 / Error
Event Submitted/Written: 07/23/2008 10:54:15 AM
Event ID/Source: 51 / Symantec AntiVirus
Event Description:
Security Risk Found!W32.Almanahe.B in File: C:\Documents and Settings\george.slack\Local Settings\Temporary Internet Files\Content.IE5\MJGDG121\B[1].gif by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file was deleted successfully.

Event Record #/Type37936 / Error
Event Submitted/Written: 07/23/2008 10:54:14 AM
Event ID/Source: 46 / Symantec AntiVirus
Event Description:
Security Risk Found!W32.Almanahe.B in File: C:\Documents and Settings\george.slack\Local Settings\Temporary Internet Files\Content.IE5\MJGDG121\B[1].gif by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file was deleted successfully.

Event Record #/Type37935 / Error
Event Submitted/Written: 07/23/2008 10:24:14 AM
Event ID/Source: 51 / Symantec AntiVirus
Event Description:
Security Risk Found!W32.Almanahe.B in File: C:\Documents and Settings\george.slack\Local Settings\temp\B.gif by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file was deleted successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type70102 / Warning
Event Submitted/Written: 07/25/2008 01:17:39 PM
Event ID/Source: 8193 / LSASRV
Event Description:
The Security System could not establish a secured connection with the server DNS/prisoner.iana.org. No authentication protocol was available.

Event Record #/Type70101 / Warning
Event Submitted/Written: 07/25/2008 01:17:39 PM
Event ID/Source: 8192 / LSASRV
Event Description:
The Security System detected an attempted downgrade attack for
server DNS/prisoner.iana.org. The failure code from authentication protocol Kerberos
was "There are currently no logon servers available to service the logon request.
(0xc000005e)".

Event Record #/Type70091 / Error
Event Submitted/Written: 07/25/2008 09:39:13 AM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 15 minutes.
NtpClient has no source of accurate time.

Event Record #/Type70090 / Warning
Event Submitted/Written: 07/25/2008 09:39:13 AM
Event ID/Source: 14 / W32Time
Event Description:
The time provider NtpClient was unable to find a domain controller to use as a time
source. NtpClient will try again in 15 minutes.

Event Record #/Type70085 / Error
Event Submitted/Written: 07/25/2008 09:10:53 AM
Event ID/Source: 5719 / NETLOGON
Event Description:
No Domain Controller is available for domain INTELLIDEN due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.



-- End of Deckard's System Scanner: finished at 2008-07-25 16:33:07 ------------


---------------------------------------------------


Here's a Kaspersky scan we ran the other night:

KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, July 24, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, July 24, 2008 03:23:41
Records in database: 1000628


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
C:\
D:\
F:\

Scan statistics
Files scanned 172491
Threat name 89
Infected objects 1197
Suspicious objects 0
Duration of the scan 03:36:37

File name Threat name Threats count
C:\WINDOWS\system32\jhfrxz.dll/C:\WINDOWS\system32\jhfrxz.dll Infected: Trojan-GameThief.Win32.OnLineGames.sfwv 30

C:\WINDOWS\system32\fmcvxy.dll/C:\WINDOWS\system32\fmcvxy.dll Infected: Trojan-GameThief.Win32.OnLineGames.shsu 30

C:\WINDOWS\system32\jfdses.dll/C:\WINDOWS\system32\jfdses.dll Infected: Trojan-GameThief.Win32.OnLineGames.shxg 30

C:\WINDOWS\system32\wzcfsw.dll/C:\WINDOWS\system32\wzcfsw.dll Infected: Trojan-GameThief.Win32.OnLineGames.sgnr 30

C:\WINDOWS\system32\ddserh.dll/C:\WINDOWS\system32\ddserh.dll Infected: Trojan-GameThief.Win32.OnLineGames.sgud 30

C:\WINDOWS\system32\rfdswc.dll/C:\WINDOWS\system32\rfdswc.dll Infected: Trojan-GameThief.Win32.OnLineGames.sgtu 30

C:\WINDOWS\system32\tdfhex.dll/C:\WINDOWS\system32\tdfhex.dll Infected: Trojan-GameThief.Win32.OnLineGames.sevk 30

C:\WINDOWS\system32\cedafb.dll/C:\WINDOWS\system32\cedafb.dll Infected: Trojan-GameThief.Win32.OnLineGames.setb 30

C:\WINDOWS\system32\zgxfdx.dll/C:\WINDOWS\system32\zgxfdx.dll Infected: Trojan-GameThief.Win32.OnLineGames.sfuj 30

C:\WINDOWS\system32\jfrwdh.dll//data0000/C:\WINDOWS\system32\jfrwdh.dll//data0000 Infected: Trojan-GameThief.Win32.OnLineGames.sizn 30

C:\WINDOWS\system32\jfrwdh.dll//data0001/C:\WINDOWS\system32\jfrwdh.dll//data0001 Infected: Trojan-GameThief.Win32.OnLineGames.sizn 30

C:\WINDOWS\system32\jfrwdh.dll//data0002/C:\WINDOWS\system32\jfrwdh.dll//data0002 Infected: Trojan-GameThief.Win32.OnLineGames.sizn 30

C:\WINDOWS\system32\jfrwdh.dll//data0003/C:\WINDOWS\system32\jfrwdh.dll//data0003 Infected: Trojan-GameThief.Win32.OnLineGames.sizn 30

C:\WINDOWS\system32\jfrwdh.dll//data0004/C:\WINDOWS\system32\jfrwdh.dll//data0004 Infected: Trojan-GameThief.Win32.OnLineGames.sizn 30

C:\WINDOWS\system32\jfrwdh.dll//data0005/C:\WINDOWS\system32\jfrwdh.dll//data0005 Infected: Trojan-GameThief.Win32.OnLineGames.sizn 30

C:\WINDOWS\system32\dndsaf.dll/C:\WINDOWS\system32\dndsaf.dll Infected: Trojan-GameThief.Win32.OnLineGames.sexb 30

C:\WINDOWS\system32\fsrgeb.dll/C:\WINDOWS\system32\fsrgeb.dll Infected: Trojan-GameThief.Win32.OnLineGames.sgay 30

C:\WINDOWS\system32\jkhxaklo.dll/C:\WINDOWS\system32\jkhxaklo.dll Infected: Trojan-GameThief.Win32.OnLineGames.sbpt 5

C:\WINDOWS\AppPatch\AclLayer.dll/C:\WINDOWS\AppPatch\AclLayer.dll Infected: Trojan-Downloader.Win32.Small.yhf 1

C:\WINDOWS\AppPatch\AcXtrnel.bpl/C:\WINDOWS\AppPatch\AcXtrnel.bpl Infected: Trojan-Spy.Win32.FtpSend.b 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01E00000\49F77633.VBN Infected: Trojan-Downloader.Win32.Small.hlp 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\024C0000\4ACCF0D2.VBN Infected: Trojan-Downloader.Win32.Small.hlp 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\024C0001\4ACCF0DC.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\024C0002\4ACCF0DE.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\024C0003\4ACCF0DE.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\024C0004\4ACCF1AA.VBN Infected: Trojan-Downloader.Win32.Small.hlp 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\024C0005\4ACCF214.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\024C0006\4ACCF215.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\024C0007\4ACCF216.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\024C0008\4ACCF3BB.VBN Infected: Trojan-Downloader.Win32.Small.hlp 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05640000\4D6E8B0F.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05640001\4D6E8B11.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05640002\4D6E8B12.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05640003\4D6E921C.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05640004\4D6E921F.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05640005\4D6E9220.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05640006\4D6E992B.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05640007\4D6E992F.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05640008\4D6E9930.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05640009\4D6EA038.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0564000A\4D6EA03A.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0564000B\4D6EA03B.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0564000C\4D6EA747.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0564000D\4D6EA748.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0564000E\4D6EA74A.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0564000F\4D6EAE54.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05640010\4D6EAE56.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05640011\4D6EAE58.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05640012\4D6EB5FC.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05640013\4D6EB603.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05640014\4D6EB605.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05640015\4D6EBD0D.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05640016\4D6EBD15.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05640017\4D6EBD17.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05640018\4D6EC3BC.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05640019\4D6EC3C0.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0564001A\4D6EC3C1.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0564001B\4D6ECAA0.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0564001C\4D6ECAA2.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0564001D\4D6ECAA3.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0564001E\4D6ED1B5.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0564001F\4D6ED1B6.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05640020\4D6ED1B7.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05CC0000\4DFD018C.VBN Infected: Trojan-Downloader.Win32.Small.hlp 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05CC0001\4DFD02DF.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05CC0002\4DFD02E1.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05CC0003\4DFD02E2.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05CC0004\4DFD0A2F.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05CC0005\4DFD0A35.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05CC0006\4DFD0A37.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05CC0007\4DFD1115.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05CC0008\4DFD1118.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05CC0009\4DFD1119.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05CC000A\4DFD1809.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05CC000B\4DFD180A.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05CC000C\4DFD180C.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05CC000D\4DFD1F17.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05CC000E\4DFD1F19.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05CC000F\4DFD1F1A.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05CC0010\4DFD2629.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05CC0011\4DFD262A.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05CC0012\4DFD262C.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05CC0013\4DFD3269.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05CC0014\4DFD326B.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05CC0015\4DFD326F.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08880000\48FD7077.VBN Infected: Trojan-Downloader.Win32.Small.hlp 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09680000\496F62D4.VBN Infected: Trojan-Downloader.Win32.Small.hlp 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09680001\496F640C.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09680002\496F6410.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09680003\496F6411.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09680004\496F6B3B.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09680005\496F6B3E.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09680006\496F6B3F.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09680007\496F7262.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09680008\496F7266.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09680009\496F7267.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0968000A\496F7999.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0968000B\496F799A.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0968000C\496F799B.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0968000D\496F80D0.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0968000E\496F80D4.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0968000F\496F80D5.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09680010\496F87F9.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09680011\496F87FB.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09680012\496F87FC.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09680013\496F8F21.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09680014\496F8F23.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09680015\496F8F24.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09680016\496F964A.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09680017\496F9D85.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09680018\496F9D87.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09680019\496F9DB5.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0968001A\496FA4F0.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0968001B\496FA4F2.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0968001C\496FA4F3.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0968001D\496FAD18.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0968001E\496FAD4C.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0968001F\496FAD4D.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09FC0000\49FCDB23.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09FC0001\49FCDB27.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09FC0002\49FCDB28.VBN Infected: Trojan-Downloader.Win32.Small.hlp 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09FC0003\49FCDB29.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09FC0004\49FCE20D.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09FC0005\49FCE20F.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09FC0006\49FCE210.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B380000\4B7BAFAF.VBN Infected: Trojan-Downloader.Win32.Small.hlp 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BBC0000\4BFD46B6.VBN Infected: Trojan-Downloader.Win32.Small.hlp 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BBC0001\4BFD46B9.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CA00000\4CFD76F3.VBN Infected: Trojan-Downloader.Win32.Small.hlp 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CB40000\4CB4E5A0.VBN Infected: Trojan-Downloader.Win32.Small.hlp 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CB40001\4CB4E5AA.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CB40002\4CB4E5AB.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CB40003\4CB4E5AC.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CBC0000\4CFCE9CA.VBN Infected: Trojan-Downloader.Win32.Small.hlp 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D180000\4D9CF810.VBN Infected: Trojan-Downloader.Win32.Small.hlp 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D180001\4D9CF84D.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D180002\4D9CF84E.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D180003\4D9CF84F.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D180004\4D9CF8E8.VBN Infected: Trojan-Downloader.Win32.Small.hlp 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D180005\4D9CF979.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D180006\4D9CF97A.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D180007\4D9CF97B.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D180008\4D9CFBD0.VBN Infected: Trojan-Downloader.Win32.Small.hlp 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80000\4DBD0F89.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80001\4DBD0F8A.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80002\4DBD0F8B.VBN Infected: Trojan-Downloader.Win32.Small.hlp 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80003\4DBD0F8C.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80004\4DBD1777.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80005\4DBD177B.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80006\4DBD17A6.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80007\4DBD1ECA.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80008\4DBD1ECD.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80009\4DBD1ECE.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8000A\4DBD26BB.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8000B\4DBD26C9.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8000C\4DBD26CB.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8000D\4DBD2D1F.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8000E\4DBD2D22.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8000F\4DBD2D23.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80010\4DBD3411.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80011\4DBD3413.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80012\4DBD3414.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80013\4DBD3B33.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80014\4DBD3B35.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80015\4DBD3B35.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80016\4DBD426E.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80017\4DBD4270.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80018\4DBD4271.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80019\4DBD4987.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8001A\4DBD4989.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8001B\4DBD498A.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8001C\4DBD50A8.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8001D\4DBD57C6.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8001E\4DBD57C8.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8001F\4DBD57C9.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80020\4DBD5EEB.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80021\4DBD5EED.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80022\4DBD5EEE.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80023\4DBD6606.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80024\4DBD6608.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80025\4DBD6609.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80026\4DBD6D3A.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80027\4DBD6D3C.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80028\4DBD6D3C.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80029\4DBD745A.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8002A\4DBD745E.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8002B\4DBD745F.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8002C\4DBD7B7C.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8002D\4DBD7B7D.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8002E\4DBD7B7E.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8002F\4DBD8293.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80030\4DBD8295.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80031\4DBD8296.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80032\4DBD8997.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80033\4DBD8999.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80034\4DBD899A.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80035\4DBD90D3.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80036\4DBD90D5.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80037\4DBD90D6.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80038\4DBD97EB.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80039\4DBD97ED.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8003A\4DBD97EE.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8003B\4DBD9EF0.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8003C\4DBD9EF1.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8003D\4DBD9EF2.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8003E\4DBDA604.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8003F\4DBDA605.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80040\4DBDA606.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80041\4DBDAD17.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80042\4DBDAD19.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80043\4DBDAD1A.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80044\4DBDB42D.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80045\4DBDB42E.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80046\4DBDB42F.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80047\4DBDBB39.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80048\4DBDBB3B.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80049\4DBDBB3C.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8004A\4DBDC252.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8004B\4DBDC254.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8004C\4DBDC255.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8004D\4DBDC973.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8004E\4DBDC975.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8004F\4DBDC975.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80050\4DBDD08D.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80051\4DBDD08F.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80052\4DBDD08F.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80053\4DBDD7B7.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80054\4DBDD7B9.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80055\4DBDD7BA.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80056\4DBDDED7.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80057\4DBDDED8.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80058\4DBDDED9.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80059\4DBDE5F5.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8005A\4DBDE5F6.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8005B\4DBDE5F7.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8005C\4DBDED32.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8005D\4DBDED35.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8005E\4DBDED36.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8005F\4DBDF46C.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80060\4DBDF474.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80061\4DBDF475.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80062\4DBDF732.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80063\4DBDF735.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80064\4DBDF739.VBN Infected: Trojan-Downloader.Win32.Small.hlp 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80065\4DBDF73B.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80066\4DBDFE98.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80067\4DBDFE9D.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80068\4DBDFE9E.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80069\4DBE0665.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8006A\4DBE0676.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8006B\4DBE0679.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8006C\4DBE0D23.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8006D\4DBE0D2B.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8006E\4DBE0D2D.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8006F\4DBE149D.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80070\4DBE14A1.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80071\4DBE14A2.VBN Infected: Trojan-Downloader.Win32.Small.hlp 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80072\4DBE14A3.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80073\4DBE1D59.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80074\4DBE1D67.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80075\4DBE1D68.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80076\4DBE24D8.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80077\4DBE24E3.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80078\4DBE24E6.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80079\4DBE2B89.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8007A\4DBE2B93.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8007B\4DBE2B94.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8007C\4DBE3287.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8007D\4DBE328C.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8007E\4DBE328F.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8007F\4DBE3974.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80080\4DBE3977.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80081\4DBE3979.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80082\4DBE4084.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80083\4DBE4089.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80084\4DBE408A.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80085\4DBE47A2.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80086\4DBE47A4.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80087\4DBE47A5.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80088\4DBE4E8D.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80089\4DBE4E8F.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8008A\4DBE4E90.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8008B\4DBE558B.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8008C\4DBE558E.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8008D\4DBE558F.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8008E\4DBE5C9D.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8008F\4DBE5CA2.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80090\4DBE5CA4.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80091\4DBE63B8.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80092\4DBE63BA.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80093\4DBE63BC.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80094\4DBE6AB1.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80095\4DBE6AB3.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80096\4DBE6AB4.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80097\4DBE71BD.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80098\4DBE71BF.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80099\4DBE71C0.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8009A\4DBE78C9.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8009B\4DBE78CE.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8009C\4DBE78CF.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8009D\4DBE7FDC.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8009E\4DBE7FDE.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8009F\4DBE7FDF.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800A0\4DBE86EE.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800A1\4DBE86F1.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800A2\4DBE86F2.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800A3\4DBE8E24.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800A4\4DBE8E26.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800A5\4DBE8E27.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800A6\4DBE9537.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800A7\4DBE953A.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800A8\4DBE953B.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800A9\4DBE9C6E.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800AA\4DBE9C70.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800AB\4DBE9C70.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800AC\4DBEA383.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800AD\4DBEA384.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800AE\4DBEA385.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800AF\4DBEAA8F.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800B0\4DBEAA91.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800B1\4DBEAA92.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800B2\4DBEB1A5.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800B3\4DBEB1A7.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800B4\4DBEB1A8.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800B5\4DBEB944.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800B6\4DBEB949.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800B7\4DBEB94B.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800B8\4DBEC006.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800B9\4DBEC00C.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800BA\4DBEC00F.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800BB\4DBEC75D.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800BC\4DBEC761.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800BD\4DBEC763.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800BE\4DBECE15.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800BF\4DBECE17.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800C0\4DBECE18.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800C1\4DBED53F.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800C2\4DBED541.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800C3\4DBED543.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800C4\4DBEDC2D.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800C5\4DBEDC2F.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800C6\4DBEDC30.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800C7\4DBEE37F.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800C8\4DBEE382.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800C9\4DBEE383.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800CA\4DBEEA99.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800CB\4DBEEA9D.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800CC\4DBEEA9E.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800CD\4DBEF189.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800CE\4DBEF18D.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800CF\4DBEF18E.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800D0\4DBEF8EA.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800D1\4DBEF8EC.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800D2\4DBEF8EE.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800D3\4DBEFF9F.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800D4\4DBEFFA1.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800D5\4DBEFFA2.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800D6\4DBF06BB.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800D7\4DBF06BD.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800D8\4DBF06BE.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800D9\4DBF08F2.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800DA\4DBF08F5.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800DB\4DBF08F6.VBN Infected: Trojan-Downloader.Win32.Small.hlp 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800DC\4DBF08F7.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800DD\4DBF0FFA.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800DE\4DBF0FFB.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800DF\4DBF0FFC.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800E0\4DBF170B.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800E1\4DBF170E.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800E2\4DBF170F.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800E3\4DBF1E1A.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800E4\4DBF1E1C.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800E5\4DBF1E1D.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800E6\4DBF264F.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800E7\4DBF3107.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800E8\4DBF3109.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800E9\4DBF380E.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800EA\4DBF3810.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800EB\4DBF3F0B.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800EC\4DBF3F0D.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800ED\4DBF4616.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800EE\4DBF4618.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800EF\4DBF4D21.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800F0\4DBF4D23.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800F1\4DBF542A.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800F2\4DBF542B.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800F3\4DBF542C.VBN Infected: Trojan-Downloader.Win32.Small.hlp 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800F4\4DBF542D.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800F5\4DBF5B3B.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800F6\4DBF5B3F.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800F7\4DBF5B40.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800F8\4DBF6281.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800F9\4DBF6285.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800FA\4DBF6286.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800FB\4DBF640C.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800FC\4DBF640E.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800FD\4DBF640F.VBN Infected: Trojan-Downloader.Win32.Small.hlp 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800FE\4DBF6410.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB800FF\4DBF6B18.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80100\4DBF6B19.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80101\4DBF6B1A.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80102\4DBF7223.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80103\4DBF7225.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80104\4DBF7225.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80105\4DBF792D.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80106\4DBF792E.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80107\4DBF792F.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80108\4DBF8039.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80109\4DBF803B.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8010A\4DBF803B.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8010B\4DBF8742.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8010C\4DBF8745.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8010D\4DBF8746.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8010E\4DBF8E4E.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8010F\4DBF8E4F.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80110\4DBF8E50.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80111\4DBF955A.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80112\4DBF955E.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80113\4DBF955E.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80114\4DBF9CAC.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80115\4DBF9CAE.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80116\4DBF9CAF.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80117\4DBFA66B.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80118\4DBFA671.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80119\4DBFA672.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8011A\4DBFA673.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8011B\4DBFAD3C.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8011C\4DBFAD3D.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8011D\4DBFB44C.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8011E\4DBFB44D.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB8011F\4DBFBB5B.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB80120\4DBFBB5D.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10100000\58776BA2.VBN Infected: Trojan-Downloader.Win32.Small.hlp 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11840000\59FCF11F.VBN Infected: Trojan-Downloader.Win32.Small.hlp 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12040000\5A869930.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12040001\5A869934.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12040002\5A869935.VBN Infected: Trojan-Downloader.Win32.Small.hlp 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12040003\5A869936.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12040004\5A86A043.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12040005\5A86A047.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12040006\5A86A048.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12040007\5A86A75D.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12040008\5A86A75F.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12040009\5A86A75F.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1204000A\5A86AE6D.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1204000B\5A86AE6F.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1204000C\5A86AE6F.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1204000D\5A86B58C.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1204000E\5A86B58D.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1204000F\5A86B58F.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12040010\5A86BCBD.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12040011\5A86BCBF.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12040012\5A86BCC0.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12040013\5A86C3DA.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12040014\5A86C3DD.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12040015\5A86C3DE.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12040016\5A86CAF9.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12040017\5A86CAFB.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12040018\5A86CAFC.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12040019\5A86D20A.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1204001A\5A86D20C.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1204001B\5A86D20E.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1204001C\5A86D957.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1204001D\5A86D95C.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1204001E\5A86D95D.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1204001F\5A86E06A.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12040020\5A86E06C.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12040021\5A86E06D.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12040022\5A86E767.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12040023\5A86E768.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12040024\5A86E76A.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12040025\5A86EE88.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12040026\5A86EE8A.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12040027\5A86EE8B.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12040028\5A86F599.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12040029\5A86F59B.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1204002A\5A86F59C.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1204002B\5A86FCAE.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1204002C\5A86FCAF.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1204002D\5A86FCB0.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1204002E\5A8703C6.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1204002F\5A8703C8.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12040030\5A8703C9.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12040031\5A870AE6.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12040032\5A871201.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12040033\5A871202.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12040034\5A871203.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12040035\5A871926.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12040036\5A871927.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12040037\5A871928.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12040038\5A872039.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12040039\5A87203B.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1204003A\5A87203B.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1204003B\5A87274B.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1204003C\5A87274C.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1204003D\5A87274D.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1204003E\5A872E5F.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1204003F\5A872E61.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12040040\5A872E62.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12040041\5A873579.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12040042\5A87357B.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12040043\5A87357C.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12040044\5A873C97.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12040045\5A873C98.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12040046\5A873C99.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12040047\5A8743AB.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12040048\5A8743AC.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12040049\5A8743AD.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1204004A\5A874ACF.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1204004B\5A874AD1.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1204004C\5A874AD2.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1204004D\5A8751E2.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1204004E\5A8751E3.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1204004F\5A8751E4.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12040050\5A8758F5.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12040051\5A8758F7.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12040052\5A8758F7.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12040053\5A87600A.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12040054\5A87600B.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12040055\5A87600C.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\123C0000\5A7D64F7.VBN Infected: Trojan-Downloader.Win32.Small.hlp 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12600000\5AE7CE57.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12600001\5AE7CE5B.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12600002\5AE7CE5C.VBN Infected: Trojan-Downloader.Win32.Small.hlp 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12600003\5AE7CE5E.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12600004\5AE7D554.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12600005\5AE7D557.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12600006\5AE7D557.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12600007\5AE7DC65.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12600008\5AE7DC67.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12600009\5AE7DC68.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1260000A\5AE7E381.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1260000B\5AE7E386.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1260000C\5AE7E388.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\151C0000\5D9C998F.VBN Infected: Trojan-Downloader.Win32.Small.hlp 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\151C0001\5D9C9A3D.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\151C0002\5D9C9A41.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\151C0003\5D9C9A58.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\151C0004\5D9CA1AF.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\151C0005\5D9CA1B2.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\151C0006\5D9CA1B3.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\151C0007\5D9CA894.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\151C0008\5D9CA895.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\151C0009\5D9CA896.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\151C000A\5D9CAFAB.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\151C000B\5D9CAFAD.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\151C000C\5D9CAFAE.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\151C000D\5D9CB6BF.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\151C000E\5D9CB6C1.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\151C000F\5D9CB6C2.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\151C0010\5D9CBDD1.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\151C0011\5D9CBDD2.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\151C0012\5D9CBDD3.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\151C0013\5D9CC4E1.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\151C0014\5D9CC4E3.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\151C0015\5D9CC4E4.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16C40000\5EF4F2DA.VBN Infected: Trojan-Downloader.Win32.Small.hlp 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16C40001\5EF4F2F5.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16C40002\5EF4F2F8.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16C40003\5EF4F2FC.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16E00000\5EE7E6ED.VBN Infected: Trojan-Downloader.Win32.Small.hlp 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16E00001\5EE7E6F2.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16E00002\5EE7E6F3.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16E00003\5EE7E6F4.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16E00004\5EE7EE5B.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16E00005\5EE7EE63.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16E00006\5EE7EE64.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16E00007\5EE7F55A.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16E00008\5EE7F55E.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16E00009\5EE7F55F.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16E0000A\5EE7FC69.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16E0000B\5EE7FC6F.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16E0000C\5EE7FC70.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16E0000D\5EE8035B.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16E0000E\5EE8035D.VBN Infected: Virus.Win32.Alman.a 1

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16E0000F\5EE8035E.VBN Infected: Trojan-Spy.Win32.FtpSend.a 1

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\3IMZXCGX\update[1].gif Infected: Trojan-Downloader.Win32.Small.xwr 1

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\AYI565PJ\root[1].gif Infected: Trojan-Downloader.Win32.Murlo.nn 1

C:\QooBox\Quarantine\C\WINDOWS\AppPatch\AcXtrnel.dll.vir Infected: Trojan-Downloader.Win32.Agent.nwl 1

C:\QooBox\Quarantine\C\WINDOWS\AppPatch\Jview.dll.vir Infected: Trojan-Downloader.Win32.Agent.nwl 1

C:\QooBox\Quarantine\C\WINDOWS\system32\aitlasys.exe.vir Infected: Trojan-GameThief.Win32.OnLineGames.sasz 1

C:\QooBox\Quarantine\C\WINDOWS\system32\apzhctde.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.rxyp 1

C:\QooBox\Quarantine\C\WINDOWS\system32\apzhdtde.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.scex 1

C:\QooBox\Quarantine\C\WINDOWS\system32\azwlaime.exe.vir Infected: Trojan-GameThief.Win32.OnLineGames.satp 1

C:\QooBox\Quarantine\C\WINDOWS\system32\azwmaime.exe.vir Infected: Trojan-GameThief.Win32.OnLineGames.satp 1

C:\QooBox\Quarantine\C\WINDOWS\system32\caotxb.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.siyy 1

C:\QooBox\Quarantine\C\WINDOWS\system32\cedafb.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.setb 1

C:\QooBox\Quarantine\C\WINDOWS\system32\ceshleo.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.sark 1

C:\QooBox\Quarantine\C\WINDOWS\system32\ddserh.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.sgud 1

C:\QooBox\Quarantine\C\WINDOWS\system32\dehxaklo.exe.vir Infected: Trojan-GameThief.Win32.OnLineGames.sbpv 1

C:\QooBox\Quarantine\C\WINDOWS\system32\dndsaf.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.sexb 1

C:\QooBox\Quarantine\C\WINDOWS\system32\dsdyapaw.exe.vir Infected: Trojan-GameThief.Win32.OnLineGames.sats 1

C:\QooBox\Quarantine\C\WINDOWS\system32\fd233ds4f4.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.savu 1

C:\QooBox\Quarantine\C\WINDOWS\system32\fsrgeb.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.sgay 1

C:\QooBox\Quarantine\C\WINDOWS\system32\googleons.dll.vir Infected: Trojan.Win32.Agent.ugd 1

C:\QooBox\Quarantine\C\WINDOWS\system32\hdf453d.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.rxxu 1

C:\QooBox\Quarantine\C\WINDOWS\system32\ijdybpaw.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.satv 1

C:\QooBox\Quarantine\C\WINDOWS\system32\isdsasrv.exe.vir Infected: Trojan-GameThief.Win32.OnLineGames.sasu 1

C:\QooBox\Quarantine\C\WINDOWS\system32\ismhasrv.exe.vir Infected: Trojan-GameThief.Win32.OnLineGames.satq 1

C:\QooBox\Quarantine\C\WINDOWS\system32\jfrwdh.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.seut 1

C:\QooBox\Quarantine\C\WINDOWS\system32\jkhxaklo.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.sbpt 1

C:\QooBox\Quarantine\C\WINDOWS\system32\joliom.dll.vir Infected: Trojan-Spy.Win32.Agent.dhv 1

C:\QooBox\Quarantine\C\WINDOWS\system32\jsnoer.dll.vir Infected: Trojan-Spy.Win32.Agent.dfm 1

C:\QooBox\Quarantine\C\WINDOWS\system32\lofsdjbo.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.savg 1

C:\QooBox\Quarantine\C\WINDOWS\system32\lpmxajkl.exe.vir Infected: Trojan-GameThief.Win32.OnLineGames.sata 1

C:\QooBox\Quarantine\C\WINDOWS\system32\lpsgajba.exe.vir Infected: Trojan-GameThief.Win32.OnLineGames.sasz 1

C:\QooBox\Quarantine\C\WINDOWS\system32\lpzhatde.exe.vir Infected: Trojan-GameThief.Win32.OnLineGames.sasu 1

C:\QooBox\Quarantine\C\WINDOWS\system32\mnmhgsrv.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.rxxl 1

C:\QooBox\Quarantine\C\WINDOWS\system32\mnmhhsrv.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.scuy 1

C:\QooBox\Quarantine\C\WINDOWS\system32\mpwdeapi.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.ryts 1

C:\QooBox\Quarantine\C\WINDOWS\system32\onjzalit.exe.vir Infected: Trojan-GameThief.Win32.OnLineGames.savj 1

C:\QooBox\Quarantine\C\WINDOWS\system32\ozfyebyt.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.satt 1

C:\QooBox\Quarantine\C\WINDOWS\system32\posqatyu.exe.vir Infected: Trojan-GameThief.Win32.OnLineGames.rxyb 1

C:\QooBox\Quarantine\C\WINDOWS\system32\pqzfajke.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.rxyh 1

C:\QooBox\Quarantine\C\WINDOWS\system32\ptjhehlp.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.satf 1

C:\QooBox\Quarantine\C\WINDOWS\system32\rfdswc.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.sgtu 1

C:\QooBox\Quarantine\C\WINDOWS\system32\sgdewg.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.sdlo 1

C:\QooBox\Quarantine\C\WINDOWS\system32\spjhahlp.exe.vir Infected: Trojan-GameThief.Win32.OnLineGames.sasz 1

C:\QooBox\Quarantine\C\WINDOWS\system32\stjxakin.exe.vir Infected: Trojan-GameThief.Win32.OnLineGames.satq 1

C:\QooBox\Quarantine\C\WINDOWS\system32\tdfhex.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.sevk 1

C:\QooBox\Quarantine\C\WINDOWS\system32\welycz.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.sijx 1

C:\QooBox\Quarantine\C\WINDOWS\system32\wzcfsw.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.sgnr 1

C:\QooBox\Quarantine\C\WINDOWS\system32\ypcqghlp.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.sasj 1

C:\QooBox\Quarantine\C\WINDOWS\system32\yxcschlp.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.rxya 1

C:\QooBox\Quarantine\C\WINDOWS\system32\yxcsdhlp.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.sbow 1

C:\QooBox\Quarantine\C\WINDOWS\system32\zgxfdx.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.sfuj 1

C:\QooBox\Quarantine\C\WINDOWS\system32\zptlcsys.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.rxxm 1

C:\QooBox\Quarantine\C\WINDOWS\system32\zptldsys.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.sbpf 1

C:\QooBox\Quarantine\C\WINDOWS\system32\zsdjabmp.exe.vir Infected: Trojan-GameThief.Win32.OnLineGames.sasv 1

C:\QooBox\Quarantine\C\WINDOWS\system32\zxcsahlp.exe.vir Infected: Trojan-GameThief.Win32.OnLineGames.sasu 1

C:\QooBox\Quarantine\C\WINDOWS\system32\zycbdime.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.rzqw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\zycdex.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.sftw 1

C:\QooBox\Quarantine\C\WINDOWS\system32\zywlcime.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.saua 1

C:\QooBox\Quarantine\C\WINDOWS\system32\zyzxjime.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.rxys 1

C:\TFTP\SolarWinds-TFTP-Server.exe Infected: not-a-virus:Server-FTP.Win32.Tftp.500 1

C:\WINDOWS\AppPatch\AclLayer.dll Infected: Trojan-Downloader.Win32.Small.yhf 1

C:\WINDOWS\AppPatch\AcXtrnel.bpl Infected: Trojan-Spy.Win32.FtpSend.b 1

C:\WINDOWS\AppPatch\DesktopWin.dll Infected: Trojan-Downloader.Win32.Small.xwr 1

C:\WINDOWS\system32\akjsfkaq.dll Infected: Trojan-GameThief.Win32.OnLineGames.save 1

C:\WINDOWS\system32\apsggjba.dll Infected: Trojan-GameThief.Win32.OnLineGames.serv 1

C:\WINDOWS\system32\caotxb.dll Infected: Trojan-GameThief.Win32.OnLineGames.siyy 1

C:\WINDOWS\system32\cedafb.dll Infected: Trojan-GameThief.Win32.OnLineGames.setb 1

C:\WINDOWS\system32\comremo.dll Infected: Trojan-Spy.Win32.Agent.dex 1

C:\WINDOWS\system32\comrsdo.dll Infected: Trojan-Spy.Win32.Agent.dhz 1

C:\WINDOWS\system32\ddserh.dll Infected: Trojan-GameThief.Win32.OnLineGames.sgud 1

C:\WINDOWS\system32\dehxaklo.exe Infected: Trojan-GameThief.Win32.OnLineGames.sbpv 1

C:\WINDOWS\system32\detxbiua.dll Infected: Trojan-GameThief.Win32.OnLineGames.saia 1

C:\WINDOWS\system32\detxdiua.dll Infected: Trojan-GameThief.Win32.OnLineGames.sbbj 1

C:\WINDOWS\system32\dndsaf.dll Infected: Trojan-GameThief.Win32.OnLineGames.sexb 1

C:\WINDOWS\system32\ezcron.dll Infected: Trojan-GameThief.Win32.OnLineGames.sjaj 1

C:\WINDOWS\system32\ezcronk.exe Infected: Trojan-GameThief.Win32.OnLineGames.sfyx 1

C:\WINDOWS\system32\fd233ds4f3.dll Infected: Trojan-GameThief.Win32.OnLineGames.savu 1

C:\WINDOWS\system32\fdtxaiua.exe Infected: Trojan-GameThief.Win32.OnLineGames.sasv 1

C:\WINDOWS\system32\fmcvxy.dll Infected: Trojan-GameThief.Win32.OnLineGames.shsu 1

C:\WINDOWS\system32\fsrgeb.dll Infected: Trojan-GameThief.Win32.OnLineGames.sgay 1

C:\WINDOWS\system32\googleons.dll Infected: Trojan.Win32.Agent.ugd 1

C:\WINDOWS\system32\hdf453d1.dll Infected: Trojan-GameThief.Win32.OnLineGames.sasl 1

C:\WINDOWS\system32\ietzdpaq.dll Infected: Trojan-GameThief.Win32.OnLineGames.satk 1

C:\WINDOWS\system32\jfdses.dll Infected: Trojan-GameThief.Win32.OnLineGames.shxg 1

C:\WINDOWS\system32\jfrwdh.dll Infected: Trojan-GameThief.Win32.OnLineGames.sizn 6

C:\WINDOWS\system32\jhfrxz.dll Infected: Trojan-GameThief.Win32.OnLineGames.sfwv 1

C:\WINDOWS\system32\jkhxaklo.dll Infected: Trojan-GameThief.Win32.OnLineGames.sbpt 1

C:\WINDOWS\system32\joliom.dll Infected: Trojan-Spy.Win32.Agent.dhv 1

C:\WINDOWS\system32\jsnoer.dll Infected: Trojan-Spy.Win32.Agent.dfm 1

C:\WINDOWS\system32\longasus.dll Infected: Trojan-GameThief.Win32.OnLineGames.siyp 1

C:\WINDOWS\system32\mndhfdwd.dll Infected: Trojan-GameThief.Win32.OnLineGames.rxzz 1

C:\WINDOWS\system32\mndshsrv.dll Infected: Trojan-GameThief.Win32.OnLineGames.sazn 1

C:\WINDOWS\system32\mndsisrv.dll Infected: Trojan-GameThief.Win32.OnLineGames.sazn 1

C:\WINDOWS\system32\mrsingd.dll Infected: Trojan-GameThief.Win32.OnLineGames.sark 1

C:\WINDOWS\system32\mrsingdk.exe Infected: Trojan-GameThief.Win32.OnLineGames.shal 1

C:\WINDOWS\system32\mssetd.dll Infected: Trojan-GameThief.Win32.OnLineGames.sjgt 1

C:\WINDOWS\system32\myasemt.dll Infected: Trojan-GameThief.Win32.OnLineGames.siym 1

C:\WINDOWS\system32\myusemt.dll Infected: Trojan.Win32.Agent.von 1

C:\WINDOWS\system32\nhmxejkl.dll Infected: Trojan-GameThief.Win32.OnLineGames.satg 1

C:\WINDOWS\system32\oltzapaq.exe Infected: Trojan-GameThief.Win32.OnLineGames.sasu 1

C:\WINDOWS\system32\ozfyfbyt.dll Infected: Trojan-GameThief.Win32.OnLineGames.satt 1

C:\WINDOWS\system32\qflxs.dll Infected: Trojan-Spy.Win32.Agent.dbe 1

C:\WINDOWS\system32\rfdswc.dll Infected: Trojan-GameThief.Win32.OnLineGames.sgtu 1

C:\WINDOWS\system32\rijxbkin.dll Infected: Trojan-GameThief.Win32.OnLineGames.sauz 1

C:\WINDOWS\system32\sgdewg.dll Infected: Trojan-GameThief.Win32.OnLineGames.sdlo 1

C:\WINDOWS\system32\tdfhex.dll Infected: Trojan-GameThief.Win32.OnLineGames.sevk 1

C:\WINDOWS\system32\tennfs.dll Infected: Trojan-GameThief.Win32.OnLineGames.sjea 1

C:\WINDOWS\system32\theralte.dll Infected: Trojan-GameThief.Win32.OnLineGames.sitv 1

C:\WINDOWS\system32\tisqctyu.dll Infected: Trojan-GameThief.Win32.OnLineGames.rxxh 1

C:\WINDOWS\system32\tjfyabyt.exe Infected: Trojan-GameThief.Win32.OnLineGames.sata 1

C:\WINDOWS\system32\tpfsajbo.exe Infected: Trojan-GameThief.Win32.OnLineGames.sava 1

C:\WINDOWS\system32\wcnonpe.dll Infected: Trojan.Win32.Agent.vro 1

C:\WINDOWS\system32\welycz.dll Infected: Trojan-GameThief.Win32.OnLineGames.sijx 1

C:\WINDOWS\system32\wzcfsw.dll Infected: Trojan-GameThief.Win32.OnLineGames.sgnr 1

C:\WINDOWS\system32\ypdjhbmp.dll Infected: Trojan-GameThief.Win32.OnLineGames.scey 1

C:\WINDOWS\system32\zgxfdx.dll Infected: Trojan-GameThief.Win32.OnLineGames.sfuj 1

C:\WINDOWS\system32\zxmsewin.dll Infected: Trojan-GameThief.Win32.OnLineGames.sask 1

C:\WINDOWS\system32\zycdex.dll Infected: Trojan-GameThief.Win32.OnLineGames.sftw 1

C:\WINDOWS\system32\zywmgime.dll Infected: Trojan-GameThief.Win32.OnLineGames.sawi 1

C:\WINDOWS\system32\zywmiime.dll Infected: Trojan-GameThief.Win32.OnLineGames.sawi 1

The selected area was scanned.


-------------------------------------------------------------

Please help!

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:27 PM

Posted 25 July 2008 - 08:36 PM

Hello, my name is fenzodahl512 and welcome to BC.. Please do the following....


Please download the HostsXpert by funkytoad.
  • Unzip HostsXpert to a convenient folder such as C:\HostsXpert
  • Double-click HostsXpert.exe to run HostsXpert - Hosts File Manager from its new home
  • Click "Make Hosts Writable?" in the upper right corner (If available).
  • Click Restore Ms Hosts File and then click OK.
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.


NEXT


Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.



NEXT


Please visit below webpage for instructions for downloading and running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. DO NOT select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix (located in C:\combofix.txt) when you've accomplished that, along with a new HijackThis log.



Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 dmslack

dmslack
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 26 July 2008 - 03:04 PM

Thanks for the reply! I did as you requested, but not everything was successful.

1) HostsXpert

I immediately get this error:

---
Your HOSTS file is marked as a "system file" and can NOT be manipulated.
Press OK to remove the system file attribute, CANCEL to Quit.

***HostsXpert will NOT reset these attributed.***
---

When I press OK, I get:

---
ERROR: Cannot open file C:\WINDOWS\system32\DRIVERS\ETC\hosts
---

When I press OK there, the program closes.

I opened that etc\ directory in explorer, and I can see the hosts file. Try to delete it, and I get the normal message about things may not work properly. I choose to continue and it looks like it is deleted, but it reappears immediately.

In DOS, I cannot see the hosts file at all, but also get 'access denied' when trying to modify it. Gave up on it and moved onto the next step.

2) ATF Cleaner - ran as requested and it removed 244 MB from Main and 14 from Firefox.

3) Installed XP Recovery Console and ComboFix. Combofix ran, rebooted in the middle and started again. Upon the reboot, there was a message complaining about Update.dll missing. Here is ComboFix's log:

ComboFix 08-07-25.7 - george.slack 2008-07-26 14:55:09.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2612 [GMT -4:00]
Running from: C:\Documents and Settings\george.slack\Desktop\Dawn\BleepingComputer\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\aoqnabib.sys
C:\WINDOWS\system32\caotxb.dll
C:\WINDOWS\system32\cedafb.dll
C:\WINDOWS\system32\comrsdo.dll
C:\WINDOWS\system32\ddserh.dll
C:\WINDOWS\system32\erjxakin.sys
C:\WINDOWS\system32\fsrgeb.dll
C:\WINDOWS\system32\googleons.dll
C:\WINDOWS\system32\hhrdxd.dll
C:\WINDOWS\system32\jfrwdh.dll
C:\WINDOWS\system32\jolin0.dll
C:\WINDOWS\system32\joliom.dll
C:\WINDOWS\system32\jsnoer.dll
C:\WINDOWS\system32\ladyapaw.sys
C:\WINDOWS\system32\ngjxakin.sys
C:\WINDOWS\system32\rfdswc.dll
C:\WINDOWS\system32\sgdewg.dll
C:\WINDOWS\system32\snfybbyt.sys
C:\WINDOWS\system32\tdfhex.dll
C:\WINDOWS\system32\tdggrz.dll
C:\WINDOWS\system32\theralte.dll
C:\WINDOWS\system32\unxxx.bat
C:\WINDOWS\system32\wcnonpe.dll
C:\WINDOWS\system32\wcnonpek.exe
C:\WINDOWS\system32\welycz.dll
C:\WINDOWS\system32\woswelc.dll
C:\WINDOWS\system32\wzcfsw.dll
C:\WINDOWS\system32\zgxfdx.dll
C:\WINDOWS\system32\zycdex.dll
C:\WINDOWS\Update.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-26 to 2008-07-26 )))))))))))))))))))))))))))))))
.

2008-07-25 18:53 . 2008-07-25 18:53 24,576 --a------ C:\WINDOWS\system32\xboxdo.dll
2008-07-25 18:52 . 2008-07-25 18:52 225,792 --ah----- C:\WINDOWS\system32\jfdses.dll
2008-07-25 18:52 . 2008-07-25 18:52 28,672 --a------ C:\WINDOWS\system32\welyri.dll
2008-07-25 18:51 . 2008-07-25 18:51 225,792 --ah----- C:\WINDOWS\system32\jhfrxz.dll
2008-07-25 18:51 . 2008-07-25 18:51 24,576 --a------ C:\WINDOWS\system32\longasus.dll
2008-07-25 16:29 . 2008-07-25 16:29 <DIR> d-------- C:\Deckard
2008-07-24 13:05 . 2008-07-23 20:21 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-24 13:05 . 2008-07-23 20:21 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-23 21:48 . 2008-07-23 22:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-23 21:47 . 2008-07-23 21:48 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-23 21:15 . 2008-07-23 21:15 <DIR> d-------- C:\Program Files\CCleaner
2008-07-22 13:45 . 2008-07-26 14:02 36,864 --a------ C:\WINDOWS\system32\mssetd.dll
2008-07-22 13:45 . 2008-07-25 18:53 24,576 --a------ C:\WINDOWS\system32\tennfs.dll
2008-07-22 13:40 . 2008-07-25 18:51 24,576 --a------ C:\WINDOWS\system32\myusemt.dll
2008-07-21 17:29 . 2008-07-21 17:29 <DIR> d-------- C:\Documents and Settings\george\Application Data\Lavasoft
2008-07-21 17:20 . 2008-06-06 16:31 <DIR> d-------- C:\Documents and Settings\george\Application Data\Intel
2008-07-21 17:20 . 2006-12-19 17:04 <DIR> d--h----- C:\Documents and Settings\george\Application Data\Gtek
2008-07-21 17:20 . 2008-07-21 17:20 <DIR> d-------- C:\Documents and Settings\george
2008-07-19 21:44 . 2008-07-25 18:52 240,128 --ah----- C:\WINDOWS\system32\fmcvxy.dll
2008-07-19 21:44 . 2008-07-21 19:10 36,864 --a------ C:\WINDOWS\system32\ezcron.dll
2008-07-19 21:44 . 2008-07-21 18:36 14,336 --a------ C:\WINDOWS\system32\ezcronk.exe
2008-07-15 14:53 . 2008-06-06 16:31 <DIR> d-------- C:\Documents and Settings\philip\Application Data\Intel
2008-07-15 14:53 . 2006-12-19 17:04 <DIR> d--h----- C:\Documents and Settings\philip\Application Data\Gtek
2008-07-15 14:53 . 2008-07-15 14:53 <DIR> d-------- C:\Documents and Settings\philip
2008-07-09 11:47 . 2008-07-09 11:47 <DIR> d-------- C:\Documents and Settings\admin.philip\Application Data\Lavasoft
2008-07-09 11:37 . 2008-07-09 11:37 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-09 11:37 . 2008-07-09 11:37 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-06 12:30 . 2008-07-24 13:00 36 --a------ C:\WINDOWS\system32\qbhxaklo.sys
2008-07-02 14:25 . 2008-07-24 00:12 <DIR> d-------- C:\Documents and Settings\george.slack\.housecall6.6
2008-07-02 14:06 . 2006-05-16 14:34 286,720 --a------ C:\WINDOWS\system32\wxvault.dll
2008-07-02 11:08 . 2008-07-24 13:06 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-02 11:08 . 2008-07-02 11:08 <DIR> d-------- C:\Documents and Settings\george.slack\Application Data\Malwarebytes
2008-07-02 11:08 . 2008-07-02 11:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-28 14:55 . 2008-06-29 04:39 28,672 --a------ C:\WINDOWS\system32\qflxs.dll
2008-06-28 14:54 . 2008-06-29 04:37 24,576 --a------ C:\WINDOWS\system32\mrsingd.dll
2008-06-28 14:54 . 2008-06-28 14:54 10,752 --a------ C:\WINDOWS\system32\mrsingdk.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-26 19:09 9,728 ----a-w C:\WINDOWS\AppPatch\AclLayer.dll
2008-07-26 19:09 --------- d-----w C:\Documents and Settings\george.slack\Application Data\VMware
2008-07-26 19:06 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware
2008-07-26 19:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware
2008-07-26 18:02 27,136 ----a-w C:\WINDOWS\AppPatch\AcPlugin.dll
2008-07-25 18:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-23 23:08 --------- d-----w C:\Program Files\Trillian
2008-07-22 17:13 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-22 17:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-21 23:57 --------- d-----w C:\Documents and Settings\george.slack\Application Data\Canon
2008-07-21 14:12 --------- d-----w C:\Documents and Settings\george.slack\Application Data\Lavasoft
2008-07-16 14:20 --------- d-----w C:\Documents and Settings\admin.philip\Application Data\VMware
2008-07-09 18:20 14,336 ----a-w C:\WINDOWS\AppPatch\DesktopWin.dll
2008-07-02 17:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-02 17:43 --------- d-----w C:\Program Files\Wave Systems Corp
2008-07-02 17:43 --------- d-----w C:\Program Files\Broadcom
2008-06-24 22:54 --------- d-----w C:\Documents and Settings\george.slack\Application Data\Skype
2008-06-24 22:21 --------- d-----w C:\Documents and Settings\george.slack\Application Data\skypePM
2008-06-21 00:22 --------- d-----w C:\Program Files\Cisco Systems
2008-06-20 16:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 16:13 --------- d-----w C:\Documents and Settings\george.slack\Application Data\U3
2008-06-13 19:20 --------- d-----w C:\Program Files\Trend Micro
2008-06-13 15:32 --------- d-----w C:\Program Files\Xming
2008-06-13 15:26 --------- d-----w C:\Program Files\Reference Assemblies
2008-06-13 15:26 --------- d-----w C:\Program Files\MSBuild
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 01:19 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AVGTOOLBAR
2008-06-11 11:14 --------- d-----w C:\Documents and Settings\george.slack\Application Data\AVGTOOLBAR
2008-06-11 11:05 --------- d-----w C:\Program Files\Winamp
2008-06-10 23:53 --------- d-----w C:\Program Files\AVG
2008-06-10 12:39 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-06-06 20:33 21,361 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-06-06 20:33 21,361 ----a-w C:\WINDOWS\AegisP.sys
2008-06-06 20:31 --------- d-----w C:\Documents and Settings\temp\Application Data\Intel
2008-06-06 20:31 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Intel
2008-06-06 20:31 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Intel
2008-06-06 20:31 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Intel
2008-06-06 20:31 --------- d-----w C:\Documents and Settings\Administrator.INTELLIDEN\Application Data\Intel
2008-06-06 20:31 --------- d-----w C:\Documents and Settings\admin.philip\Application Data\Intel
2008-06-06 20:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel
2008-06-06 20:28 --------- d-----w C:\Documents and Settings\george.slack\Application Data\Intel
2008-06-05 14:46 --------- d-----w C:\Program Files\Java
2008-06-03 17:37 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-06-03 17:37 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-03 17:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-11 12:00 49,152 ----a-w C:\Documents and Settings\george.slack\Application Data\olkupres.dll
2008-05-11 12:00 202,056 ----a-w C:\Documents and Settings\george.slack\Application Data\OI31Upd.exe
2008-04-10 15:11 949 ----a-w C:\Documents and Settings\george.slack\Application Data\MT.dat
2008-03-26 15:20 853,058,175 ----a-w C:\Documents and Settings\george.slack\r-series_r5.0.1-aa03_Linux.bin
2008-01-12 22:58 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-05-13 14:56 27,976 ----a-w C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
2008-05-13 14:56 125,848 ----a-w C:\Program Files\mozilla firefox\plugins\atgpcext.dll
2008-05-13 14:56 46,408 ----a-w C:\Program Files\mozilla firefox\plugins\atmccli.dll
2008-05-13 14:57 98,712 ----a-w C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
2004-08-08 21:32 3,120 --sh--w C:\WINDOWS\system32\ictxaiua.sys
2004-08-08 08:39 1,040 --sh--w C:\WINDOWS\system32\igxyaloe.sys
2004-08-08 08:29 1,040 --sh--w C:\WINDOWS\system32\iujraler.sys
2004-08-08 21:39 520 --sh--w C:\WINDOWS\system32\nttzapaq.sys
2004-08-08 08:35 1,040 --sh--w C:\WINDOWS\system32\sbsqakol.sys
2004-08-08 21:38 1,560 --sh--w C:\WINDOWS\system32\smdsbsrv.sys
2004-08-08 23:09 3,640 --sh--w C:\WINDOWS\system32\vlhxaklo.sys
2004-08-08 21:27 2,600 --sh--w C:\WINDOWS\system32\xbfsbjbo.sys
2004-08-08 21:28 1,040 --sh--w C:\WINDOWS\system32\xscqbhlp.sys
.

((((((((((((((((((((((((((((( snapshot@2008-07-15_23.53.46.00 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-09 18:26:14 45,056 ----a-w C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
+ 2008-07-26 18:02:30 45,056 ----a-w C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
- 2008-07-16 03:44:07 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-07-26 18:03:17 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-07-16 03:44:07 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-07-26 18:03:17 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-07-16 03:44:07 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-26 18:03:17 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2004-08-04 11:00:00 244,736 ----a-w C:\WINDOWS\system32\dllcache\acspecfc.dll
- 2008-07-16 03:46:50 230,802 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-07-26 19:10:24 230,799 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-07-26 19:06:16 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_54c.dat
+ 2008-07-26 19:08:11 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_c8c.dat
+ 2008-07-26 19:06:27 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_e48.dat
+ 2008-07-26 19:06:34 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_f20.dat
+ 2008-07-26 19:06:28 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_ff0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPCheckoutOverlay]
@="{80E008A4-EAE7-4867-AEB0-1A245F070F25}"
[HKEY_CLASSES_ROOT\CLSID\{80E008A4-EAE7-4867-AEB0-1A245F070F25}]
2007-01-25 14:47 540672 --------- C:\Program Files\Perforce\p4exp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPSyncdOverlay]
@="{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}"
[HKEY_CLASSES_ROOT\CLSID\{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}]
2007-01-25 14:47 540672 --------- C:\Program Files\Perforce\p4exp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPUpdateOverlay]
@="{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}"
[HKEY_CLASSES_ROOT\CLSID\{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}]
2007-01-25 14:47 540672 --------- C:\Program Files\Perforce\p4exp.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 18:53 68856]
"PTIM.exe"="C:\Program Files\WebEx\Productivity Tools\PTIM.exe" [2008-04-29 16:56 210248]
"ptmsgfrm.exe"="C:\Program Files\WebEx\Productivity Tools\ptmsgfrm.exe" [2008-04-29 15:59 42312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 14:13 176128]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 18:44 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 18:41 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 18:45 118784]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 07:20 122940]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 18:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 18:50 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"AT&T Communication Manager"="C:\Program Files\AT&T\Communication Manager\ATTCM.exe" [2007-10-18 12:08 33280]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-12-12 15:41 115560]
"vmware-tray"="C:\Program Files\VMware\VMware Workstation\vmware-tray.exe" [2008-03-03 20:10 72240]
"VMware hqtray"="C:\Program Files\VMware\VMware Workstation\hqtray.exe" [2008-03-03 20:10 55856]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 12:13 988584]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2008-03-04 14:41 1101824]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 18:30 282624 C:\WINDOWS\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Communicator"="C:\Program Files\Microsoft Office Communicator\Communicator.exe" [2005-05-12 13:40 4167376]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 01:01 437160]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-11-18 19:46:00 1724416]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{73AE86E6-7F03-4C3B-8980-FB1DA157D3C7}"= "C:\WINDOWS\system32\fmcvxy.dll" [2008-07-25 18:52 240128]
"{7914E0AA-ECCB-4311-B584-C49538227824}"= "C:\WINDOWS\system32\jhfrxz.dll" [2008-07-25 18:51 225792]
"{81AF1CF6-D1C9-4C6A-AC01-EDE54E71945B}"= "C:\WINDOWS\system32\jfdses.dll" [2008-07-25 18:52 225792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"DesktopWin"= {DA191DE0-AA86-4ED0-4B87-292A3D48BE99} - C:\WINDOWS\AppPatch\DesktopWin.dll [2008-07-09 14:20 14336]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EMBASSY Trust Suite Secure Update.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EMBASSY Trust Suite Secure Update.lnk
backup=C:\WINDOWS\pss\EMBASSY Trust Suite Secure Update.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=C:\WINDOWS\pss\VPN Client.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--------- 2006-08-28 23:57 395776 C:\Program Files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-12-09 22:29 49152 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--------- 2007-02-22 10:19 220160 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
--------- 2003-09-10 04:24 20480 C:\Program Files\NetWaiting\netwaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--------- 2006-11-09 16:07 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--------- 2007-04-04 18:53 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Trillian\\trillian.exe"=
"C:\\Program Files\\HP OpenView\\bin\\ovw.exe"=
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 EMANATE;SNMP EMANATE Master Agent;C:\Program Files\HP OpenView\bin\snmpdm.exe [2004-01-21 22:51]
R2 HP OpenView Process Manager;HP OpenView Process Manager;C:\Program Files\HP OpenView\bin\ovspmd.exe [2004-01-21 21:40]
R2 HPOVTrace;HP OpenView Trace Service;C:\Program Files\HP OpenView\bin\OVTrace.exe [2003-08-27 13:34]
R2 wpa;SNMP EMANATE Adapter for NT;C:\Program Files\HP OpenView\bin\wpaagt.exe [2004-01-21 22:51]
R3 HP OpenView NNM Embedded DB;HP OpenView NNM Embedded DB;C:\PROGRA~1\HPOPEN~1\bin\ovdbrun.exe [2004-01-21 22:45]
R3 swmsflt;swmsflt;C:\WINDOWS\system32\drivers\swmsflt.sys [2007-10-18 12:08]
S2 cdralw;NVIDIA Compatible Windows Miniport Driver;C:\WINDOWS\system32\DRIVERS\nvmini.sys []
S2 MSSQL$OVOPS;MSSQL$OVOPS;C:\Program Files\HP OpenView\MSSQL$OVOPS\Binn\sqlservr.exe []
S3 ATTRcAppSvc;AT&T RcAppSvc;C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe [2007-10-18 12:08]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-12-12 15:41]
S3 CSVirtA;Cisco Systems SSL VPN Adapter;C:\WINDOWS\system32\DRIVERS\CSVirtA.sys []
S3 eth8023;eth8023;C:\WINDOWS\system32\drivers\eth8023.sys []
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys []
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 17:10]
S3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-10-18 12:08]
S3 SQLAgent$OVOPS;SQLAgent$OVOPS;C:\Program Files\HP OpenView\MSSQL$OVOPS\Binn\sqlagent.EXE []
S3 WLSforIntelliden;WLSforIntelliden;C:\icos\bea\WEBLOG~1\server\bin\beasvc.exe []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##csodc02#Project#acrobat]
\Shell\AutoRun\command - Z:\Autoplay.exe -auto

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5bbf262-66b8-11dc-887d-00188ba65bac}]
\Shell\AutoRun\command - E:\PortableRoboForm.exe
\Shell\RoboForm2Go\command - E:\PortableRoboForm.exe
.
Contents of the 'Scheduled Tasks' folder
2008-04-28 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job - C:\Program Files\Microsoft IntelliType Pro\itype.exe [2007-08-31 12:13]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-3PMmUpdate - C:\WINDOWS\Update.dll


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061219
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 -: Add to Google Photos Screensa&ver - C:\WINDOWS\system32\GPhotos.scr/200
O8 -: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 -: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 -: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O16 -: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
C:\WINDOWS\Downloaded Program Files\ewidoOnlineScan.dll

O16 -: {5879B3B0-566E-4ECB-9B77-9A8A5E62AAB8} - hxxp://www.blackberry.com/DST2007/patch/desktop/DSTUpdateLoaderUSB.cab
C:\WINDOWS\Downloaded Program Files\DSTUpdateLoaderUSB.inf

O16 -: {85BA505F-FD01-4A91-836C-F7D502E89C9A} - hxxp://www.evite.com/html/imageUpload/ImageUploader4.cab
C:\WINDOWS\Downloaded Program Files\ImageUploader4.inf
C:\WINDOWS\system32\unicows.dll
C:\WINDOWS\Downloaded Program Files\ImageUploader4.ocx

O16 -: {9C3497D6-ED98-11D0-9647-00C04FD9B15B} - file://C:\DOCUME~1\GEORGE~1.SLA\LOCALS~1\Temp\wbemtool.cab
C:\WINDOWS\Downloaded Program Files\WBEMTool.inf
C:\WINDOWS\system32\mfc42u.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\msvcirt.dll
C:\WINDOWS\system32\WBEMLoginDlg.dll
C:\WINDOWS\system32\WBEMGrid.dll
C:\WINDOWS\system32\WBEMUtils.dll
C:\WINDOWS\system32\moengine.dll
C:\WINDOWS\system32\WBEMEventList.ocx
C:\WINDOWS\system32\WBEMEventReg.ocx
C:\WINDOWS\system32\WBEMHelp.ocx
C:\WINDOWS\system32\WBEMLogin.ocx
C:\WINDOWS\system32\WBEMNSPicker.ocx
C:\WINDOWS\system32\WBEMProvwiz.ocx
C:\WINDOWS\system32\WBEMmofwiz.ocx
C:\WINDOWS\system32\WBEMmofcomp.ocx
C:\WINDOWS\system32\WBEMclassnav.ocx
C:\WINDOWS\system32\WBEMMultiView.ocx
C:\WINDOWS\system32\WBEMInstNav.ocx
C:\WINDOWS\system32\WBEMSingleView.ocx
C:\WINDOWS\system32\WBEMObjView.ocx

O16 -: {CB97291A-6603-466A-AA11-80C2EB74CB10} - hxxps://install.cox.net/CoxSelfInstall/CoxSelfInstallAx10.ocx
C:\WINDOWS\Downloaded Program Files\CoxSelfInstallAx10.ocx


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-26 15:09:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\Documents and Settings\george.slack\Local Settings\Application Data\Toshiba\BluetoothStack\V1.0\SDP00513.sdb

scan completed successfully
hidden files: 1

**************************************************************************
"ServiceDll"="%SystemRoot%\System32\browser.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\C:]
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\AppPatch\AclLayer.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\scardsvr.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Wave Systems Corp\common\DataServer.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\HP OpenView\bin\pmd.exe
C:\Program Files\HP OpenView\bin\ovsessionmgr.exe
C:\Program Files\HP OpenView\bin\ovrequestd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\Program Files\HP OpenView\bin\genannosrvr.exe
C:\Program Files\HP OpenView\bin\ovalarmsrv.exe
C:\Program Files\HP OpenView\bin\ovactiond.exe
C:\Program Files\HP OpenView\bin\ovdbcheck.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\snmp.exe
C:\WINDOWS\system32\snmptrap.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\Apoint\hidfind.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\WebEx\Productivity Tools\ptSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-07-26 15:16:25 - machine was rebooted [george.slack]
ComboFix-quarantined-files.txt 2008-07-26 19:16:13
ComboFix2.txt 2008-07-21 21:29:32
ComboFix3.txt 2008-07-21 21:00:24
ComboFix4.txt 2008-07-21 20:29:19
ComboFix5.txt 2008-07-26 18:53:42

Pre-Run: 43,743,756,288 bytes free
Post-Run: 43,710,562,304 bytes free

424 --- E O F --- 2008-07-16 07:03:55


4) Re-ran HijackThis. Here is the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:22, on 2008-07-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\HP OpenView\bin\ovspmd.exe
C:\Program Files\HP OpenView\bin\OVTrace.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\HP OpenView\bin\pmd.exe
C:\Program Files\HP OpenView\bin\ovsessionmgr.exe
C:\Program Files\HP OpenView\bin\ovrequestd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\HP OpenView\bin\genannosrvr.exe
C:\Program Files\HP OpenView\bin\ovalarmsrv.exe
C:\Program Files\HP OpenView\bin\ovactiond.exe
C:\Program Files\HP OpenView\bin\ovdbcheck.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\snmptrap.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\HP OpenView\bin\wpaagt.exe
C:\Program Files\HP OpenView\bin\snmpdm.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\PROGRA~1\HPOPEN~1\bin\ovdbrun.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\VMware\VMware Workstation\hqtray.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\WebEx\Productivity Tools\PTIM.exe
C:\Program Files\WebEx\Productivity Tools\ptmsgfrm.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\WebEx\Productivity Tools\ptSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061219
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PTIM.exe] C:\Program Files\WebEx\Productivity Tools\PTIM.exe
O4 - HKCU\..\Run: [ptmsgfrm.exe] C:\Program Files\WebEx\Productivity Tools\ptmsgfrm.exe
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {80947ADC-151D-490B-87F1-7C8CE1B46220} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Start WebEx One-Click Meeting - {80947ADC-151D-490B-87F1-7C8CE1B46220} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (HKCU)
O9 - Extra 'Tools' menuitem: Start WebEx One-Click Meeting - {80947ADC-151D-490B-87F1-7C8CE1B46220} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O15 - Trusted Zone: http://*.intelliden-demo
O15 - Trusted Zone: http://intelliden-demo.intelliden.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab
O16 - DPF: {5879B3B0-566E-4ECB-9B77-9A8A5E62AAB8} - http://www.blackberry.com/DST2007/patch/de...teLoaderUSB.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1208281057071
O16 - DPF: {85BA505F-FD01-4A91-836C-F7D502E89C9A} (Image Uploader Control) - http://www.evite.com/html/imageUpload/ImageUploader4.cab
O16 - DPF: {9C3497D6-ED98-11D0-9647-00C04FD9B15B} (WMI Login Control) - file://C:\DOCUME~1\GEORGE~1.SLA\LOCALS~1\Temp\wbemtool.cab
O16 - DPF: {CB97291A-6603-466A-AA11-80C2EB74CB10} (CoxSelfInstallAx10 Control) - https://install.cox.net/CoxSelfInstall/CoxS...InstallAx10.ocx
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://intelliden.webex.com/client/T25L/webex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = intelliden.net
O17 - HKLM\Software\..\Telephony: DomainName = intelliden.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = intelliden.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = chi.tecnet,tecnet,chi.tecnet,tecnet,chi.tecnet,tecnet,priv.red.telefonica-wholesale.net,red.telefonica-wholesale.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = chi.tecnet,tecnet,chi.tecnet,tecnet,chi.tecnet,tecnet,priv.red.telefonica-wholesale.net,red.telefonica-wholesale.net
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: DesktopWin - {DA191DE0-AA86-4ED0-4B87-292A3D48BE99} - C:\WINDOWS\AppPatch\DesktopWin.dll
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - PCTEL - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: SNMP EMANATE Master Agent (EMANATE) - Unknown owner - C:\Program Files\HP OpenView\bin\snmpdm.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP OpenView NNM Embedded DB - Solid Information Technology - C:\PROGRA~1\HPOPEN~1\bin\ovdbrun.exe
O23 - Service: HP OpenView Process Manager - Unknown owner - C:\Program Files\HP OpenView\bin\ovspmd.exe
O23 - Service: HP OpenView Trace Service (HPOVTrace) - Hewlett-Packard - C:\Program Files\HP OpenView\bin\OVTrace.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSSQL$OVOPS - Unknown owner - C:\Program Files\HP OpenView\MSSQL$OVOPS\Binn\sqlservr.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: SQLAgent$OVOPS - Unknown owner - C:\Program Files\HP OpenView\MSSQL$OVOPS\Binn\sqlagent.EXE (file missing)
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: WLSforIntelliden - Unknown owner - C:\icos\bea\WEBLOG~1\server\bin\beasvc.exe (file missing)
O23 - Service: SNMP EMANATE Adapter for NT (wpa) - Unknown owner - C:\Program Files\HP OpenView\bin\wpaagt.exe

--
End of file - 18571 bytes

------------------------------------------------------

I'm not sure if it is relevant, but even with Symantec disabled, I still receive popups about "Risk detected" from Endpoint Security. After running ComboFix, the latest popup warning was for "W32.Almanahe.B!inf" in the system restore. I did check the hosts file, and it looks OK now.

Thanks!

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:27 PM

Posted 27 July 2008 - 02:17 PM

Hello... I see you open the same topic at CastleCops.. Please close that topic or ask moderator at CastleCops to close that topic...

I see you run ComboFix several times before.. Do you do this under supervision or on your own?..


1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Driver::
eth8023

File::
C:\WINDOWS\system32\xboxdo.dll
C:\WINDOWS\system32\jfdses.dll
C:\WINDOWS\system32\welyri.dll
C:\WINDOWS\system32\jhfrxz.dll
C:\WINDOWS\system32\longasus.dll
C:\WINDOWS\system32\mssetd.dll
C:\WINDOWS\system32\tennfs.dll
C:\WINDOWS\system32\myusemt.dll
C:\WINDOWS\system32\fmcvxy.dll
C:\WINDOWS\system32\ezcron.dll
C:\WINDOWS\system32\ezcronk.exe
C:\WINDOWS\system32\qbhxaklo.sys
C:\WINDOWS\system32\qflxs.dll
C:\WINDOWS\system32\mrsingd.dll
C:\WINDOWS\system32\mrsingdk.exe
C:\WINDOWS\AppPatch\AclLayer.dll
C:\WINDOWS\AppPatch\AcPlugin.dll
C:\WINDOWS\AppPatch\DesktopWin.dll
C:\WINDOWS\system32\ictxaiua.sys
C:\WINDOWS\system32\igxyaloe.sys
C:\WINDOWS\system32\iujraler.sys
C:\WINDOWS\system32\nttzapaq.sys
C:\WINDOWS\system32\sbsqakol.sys
C:\WINDOWS\system32\smdsbsrv.sys
C:\WINDOWS\system32\vlhxaklo.sys
C:\WINDOWS\system32\xbfsbjbo.sys
C:\WINDOWS\system32\xscqbhlp.sys
C:\WINDOWS\system32\drivers\eth8023.sys

Registry::
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{73AE86E6-7F03-4C3B-8980-FB1DA157D3C7}"=-
"{7914E0AA-ECCB-4311-B584-C49538227824}"=-
"{81AF1CF6-D1C9-4C6A-AC01-EDE54E71945B}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"DesktopWin"=-

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 dmslack

dmslack
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 27 July 2008 - 06:19 PM

Initially I couldn't open any programs - Notepad, Firefox, etc would open, appear quickly and then close on their own. I had to reboot twice to get things working again. Then I dropped the CFScript.txt onto ComboFix, and it opened properly. The DOS window opened and the AutoScan started. I got the acceptance screen and agreed to the terms. It started to run, but stalled at "Deleting Files/Folders: C:\windows\system32\cedafb.dll". I let it sit for over an hour and there was no hard drive activity or other activity.

I had to reboot again, and the same thing happened again. The 'Symantec Endpoint Protection Notification' continues to pop up warnings even though it is disabled. Any ideas on how to get around this?

Regarding running ComboFIx before - one of my IT guys had tried to remove this malware and wasn't able to do so. I assume that's where it came from.

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:27 PM

Posted 27 July 2008 - 07:30 PM

Hello, Is your computer working right now?.. Can you find me the log at C:\combofix.txt and post it here...

One more thing.. Please go to C:\WINDOWS\System32 and check whether the System32 folder (under C\WINDOWS directopry) is there..

I have class right now and will be back after four hours.. If you can't find System32 folder at C:\Windows directorty, please tell me and DONT turn off/restart your computer..

Edited by fenzodahl512, 27 July 2008 - 07:32 PM.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 dmslack

dmslack
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 27 July 2008 - 08:45 PM

I had to power the machine off to get it back. c:\windows\system32 directory is there, but there is no c:\combofix.txt ..... I did find one in c:\combofix\combofix.txt ... here it is:

C:\ComboFix>more combofix.txt
ComboFix 08-07-25.7 - george.slack 2008-07-27 21:23:28.9 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2779 [GMT -4:00]
Running from: C:\Documents and Settings\george.slack\Desktop\Dawn\BleepingComputer\ComboFix.exe
Command switches used :: C:\Documents and Settings\george.slack\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\AppPatch\AclLayer.dll
C:\WINDOWS\AppPatch\AcPlugin.dll
C:\WINDOWS\AppPatch\DesktopWin.dll
C:\WINDOWS\system32\drivers\eth8023.sys
C:\WINDOWS\system32\ezcron.dll
C:\WINDOWS\system32\ezcronk.exe
C:\WINDOWS\system32\fmcvxy.dll
C:\WINDOWS\system32\ictxaiua.sys
C:\WINDOWS\system32\igxyaloe.sys
C:\WINDOWS\system32\iujraler.sys
C:\WINDOWS\system32\jfdses.dll
C:\WINDOWS\system32\jhfrxz.dll
C:\WINDOWS\system32\longasus.dll
C:\WINDOWS\system32\mrsingd.dll
C:\WINDOWS\system32\mrsingdk.exe
C:\WINDOWS\system32\mssetd.dll
C:\WINDOWS\system32\myusemt.dll
C:\WINDOWS\system32\nttzapaq.sys
C:\WINDOWS\system32\qbhxaklo.sys
C:\WINDOWS\system32\qflxs.dll
C:\WINDOWS\system32\sbsqakol.sys
C:\WINDOWS\system32\smdsbsrv.sys
C:\WINDOWS\system32\tennfs.dll
C:\WINDOWS\system32\vlhxaklo.sys
C:\WINDOWS\system32\welyri.dll
C:\WINDOWS\system32\xbfsbjbo.sys
C:\WINDOWS\system32\xboxdo.dll
C:\WINDOWS\system32\xscqbhlp.sys
.

C:\ComboFix>

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:27 PM

Posted 27 July 2008 - 10:54 PM

Ok.. Lets do this then...


Please download FileAssassin and unzip it to your Desktop.
  • Double-click FileASSASSIN and tick on Attempt FileASSASSIN's method of file processing
  • Make sure ALL four options are selected (including "Delete file")
  • Copy/paste below file to the box
    • C:\windows\system32\cedafb.dll
  • Press Execute button..



NEXT


We need to get rid of some of the services running on your machine. To do this, copy (Ctrl +C) and paste (Ctrl +V) the text in the code box below to Notepad.

@echo off
sc stop eth8023
sc delete eth8023
exit

Save it to your desktop as File name: Service.bat
Save as type: All Files

Once done, double click Service.bat to run it. A command window will open briefly, then close. This is quite normal.

If you do not sure how to make a batch file, please visit HERE for the tutorial.




NEXT


Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\WINDOWS\system32\xboxdo.dll
    C:\WINDOWS\system32\jfdses.dll
    C:\WINDOWS\system32\welyri.dll
    C:\WINDOWS\system32\jhfrxz.dll
    C:\WINDOWS\system32\longasus.dll
    C:\WINDOWS\system32\mssetd.dll
    C:\WINDOWS\system32\tennfs.dll
    C:\WINDOWS\system32\myusemt.dll
    C:\WINDOWS\system32\fmcvxy.dll
    C:\WINDOWS\system32\ezcron.dll
    C:\WINDOWS\system32\ezcronk.exe
    C:\WINDOWS\system32\qbhxaklo.sys
    C:\WINDOWS\system32\qflxs.dll
    C:\WINDOWS\system32\mrsingd.dll
    C:\WINDOWS\system32\mrsingdk.exe
    C:\WINDOWS\AppPatch\AclLayer.dll
    C:\WINDOWS\AppPatch\AcPlugin.dll
    C:\WINDOWS\AppPatch\DesktopWin.dll
    C:\WINDOWS\system32\ictxaiua.sys
    C:\WINDOWS\system32\igxyaloe.sys
    C:\WINDOWS\system32\iujraler.sys
    C:\WINDOWS\system32\nttzapaq.sys
    C:\WINDOWS\system32\sbsqakol.sys
    C:\WINDOWS\system32\smdsbsrv.sys
    C:\WINDOWS\system32\vlhxaklo.sys
    C:\WINDOWS\system32\xbfsbjbo.sys
    C:\WINDOWS\system32\xscqbhlp.sys
    C:\WINDOWS\system32\drivers\eth8023.sys
    hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks\\{73AE86E6-7F03-4C3B-8980-FB1DA157D3C7}
    hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks\\{7914E0AA-ECCB-4311-B584-C49538227824}
    hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks\\{81AF1CF6-D1C9-4C6A-AC01-EDE54E71945B}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\DesktopWin
    EmptyTemp
    purity
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




Ok.. Please post the following logs in your next reply..

1. OTMoveIt2
2. A fresh DSS log (after OTMoveIt2 step)


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 dmslack

dmslack
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 28 July 2008 - 09:12 AM

Downloaded FileAssassin and did as you requested. It started to process, but then my desktop icons, taskbar, etc disappeared. There was a memory error "the memory could not be written to" and a run32.dll error as well. The FA said the file could not be deleted. I had to log out and log back in to restore my desktop.

I tried again and the same thing happened, without the run32.dll error, so instead of logging off and on, I did the Execute a second time in FA, and got "An error occurred in the function Delete file. FindRemoteFileHandles returned NULL value. This may affect deletion of file. Please report this error to the FileAssassin support team." I had to log out and in again, and when I logged back in, the file had been deleted.

Downloaded OTMoveIt2 and ran as requested. It did ask for a reboot and the log came up after I logged back in.

The OTMoveIt2 and DSS logs will be up shortly.

#10 dmslack

dmslack
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 28 July 2008 - 09:20 AM

Here's the OTMovieIt2 log:


Explorer killed successfully
LoadLibrary failed for C:\WINDOWS\system32\xboxdo.dll
C:\WINDOWS\system32\xboxdo.dll NOT unregistered.
C:\WINDOWS\system32\xboxdo.dll moved successfully.
C:\WINDOWS\system32\jfdses.dll unregistered successfully.
C:\WINDOWS\system32\jfdses.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\welyri.dll
C:\WINDOWS\system32\welyri.dll NOT unregistered.
C:\WINDOWS\system32\welyri.dll moved successfully.
C:\WINDOWS\system32\jhfrxz.dll unregistered successfully.
C:\WINDOWS\system32\jhfrxz.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\longasus.dll
C:\WINDOWS\system32\longasus.dll NOT unregistered.
C:\WINDOWS\system32\longasus.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\mssetd.dll
C:\WINDOWS\system32\mssetd.dll NOT unregistered.
C:\WINDOWS\system32\mssetd.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\tennfs.dll
C:\WINDOWS\system32\tennfs.dll NOT unregistered.
C:\WINDOWS\system32\tennfs.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\myusemt.dll
C:\WINDOWS\system32\myusemt.dll NOT unregistered.
C:\WINDOWS\system32\myusemt.dll moved successfully.
C:\WINDOWS\system32\fmcvxy.dll unregistered successfully.
C:\WINDOWS\system32\fmcvxy.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\ezcron.dll
C:\WINDOWS\system32\ezcron.dll NOT unregistered.
C:\WINDOWS\system32\ezcron.dll moved successfully.
C:\WINDOWS\system32\ezcronk.exe moved successfully.
C:\WINDOWS\system32\qbhxaklo.sys moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\qflxs.dll
C:\WINDOWS\system32\qflxs.dll NOT unregistered.
C:\WINDOWS\system32\qflxs.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\mrsingd.dll
C:\WINDOWS\system32\mrsingd.dll NOT unregistered.
C:\WINDOWS\system32\mrsingd.dll moved successfully.
C:\WINDOWS\system32\mrsingdk.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\AppPatch\AclLayer.dll
C:\WINDOWS\AppPatch\AclLayer.dll NOT unregistered.
C:\WINDOWS\AppPatch\AclLayer.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\AppPatch\AcPlugin.dll
C:\WINDOWS\AppPatch\AcPlugin.dll NOT unregistered.
C:\WINDOWS\AppPatch\AcPlugin.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\AppPatch\DesktopWin.dll
C:\WINDOWS\AppPatch\DesktopWin.dll NOT unregistered.
C:\WINDOWS\AppPatch\DesktopWin.dll moved successfully.
C:\WINDOWS\system32\ictxaiua.sys moved successfully.
C:\WINDOWS\system32\igxyaloe.sys moved successfully.
C:\WINDOWS\system32\iujraler.sys moved successfully.
C:\WINDOWS\system32\nttzapaq.sys moved successfully.
C:\WINDOWS\system32\sbsqakol.sys moved successfully.
C:\WINDOWS\system32\smdsbsrv.sys moved successfully.
C:\WINDOWS\system32\vlhxaklo.sys moved successfully.
C:\WINDOWS\system32\xbfsbjbo.sys moved successfully.
C:\WINDOWS\system32\xscqbhlp.sys moved successfully.
File/Folder C:\WINDOWS\system32\drivers\eth8023.sys not found.
< hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks\\{73AE86E6-7F03-4C3B-8980-FB1DA157D3C7} >
Registry value hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks\\{73AE86E6-7F03-4C3B-8980-FB1DA157D3C7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73AE86E6-7F03-4C3B-8980-FB1DA157D3C7}\ deleted successfully.
< hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks\\{7914E0AA-ECCB-4311-B584-C49538227824} >
Registry value hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks\\{7914E0AA-ECCB-4311-B584-C49538227824} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7914E0AA-ECCB-4311-B584-C49538227824}\ deleted successfully.
< hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks\\{81AF1CF6-D1C9-4C6A-AC01-EDE54E71945B} >
Registry value hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks\\{81AF1CF6-D1C9-4C6A-AC01-EDE54E71945B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81AF1CF6-D1C9-4C6A-AC01-EDE54E71945B}\ deleted successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\DesktopWin >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\DesktopWin deleted successfully.
< EmptyTemp >
File delete failed. C:\DOCUME~1\GEORGE~1.SLA\LOCALS~1\Temp\vmware-george.slack\vmware-vix-george.slack-2576.log scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5c0.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_a54.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_b24.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_c7c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_e0c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\vmware-vmount.log scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07282008_095406

Files moved on Reboot...
C:\DOCUME~1\GEORGE~1.SLA\LOCALS~1\Temp\vmware-george.slack\vmware-vix-george.slack-2576.log moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_5c0.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_a54.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_b24.dat moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_c7c.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_e0c.dat not found!
File move failed. C:\WINDOWS\temp\vmware-vmount.log scheduled to be moved on reboot.




And the DSS Main log:

Deckard's System Scanner v20071014.68
Run by george.slack on 2008-07-28 10:13:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as george.slack.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:13, on 2008-07-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\HP OpenView\bin\ovspmd.exe
C:\Program Files\HP OpenView\bin\OVTrace.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\HP OpenView\bin\pmd.exe
C:\Program Files\HP OpenView\bin\ovsessionmgr.exe
C:\Program Files\HP OpenView\bin\ovrequestd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\HP OpenView\bin\genannosrvr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\HP OpenView\bin\ovalarmsrv.exe
C:\Program Files\HP OpenView\bin\ovactiond.exe
C:\Program Files\HP OpenView\bin\ovdbcheck.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\HP OpenView\bin\wpaagt.exe
C:\Program Files\HP OpenView\bin\snmpdm.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\PROGRA~1\HPOPEN~1\bin\ovdbrun.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\VMware\VMware Workstation\hqtray.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WebEx\Productivity Tools\PTIM.exe
C:\Program Files\WebEx\Productivity Tools\ptmsgfrm.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\WebEx\Productivity Tools\ptSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\george.slack\Desktop\Dawn\BleepingComputer\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\GEORGE~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061219
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 202.165.102.205 972.aksjd11.com
O1 - Hosts: 202.165.102.205 w3og.cn
O1 - Hosts: 203.208.35.100 qazc.fourtw.cn
O1 - Hosts: 203.208.35.100 www.aujoy.cn
O1 - Hosts: 203.208.35.101 www.hao601.cn
O1 - Hosts: 203.208.35.101 www.psp476.cn
O1 - Hosts: 72.14.235.99 222.1212l112.net
O1 - Hosts: 72.14.235.99 444.1212l112.netn
O1 - Hosts: 72.14.235.99 555.1212l112.net
O1 - Hosts: 72.14.235.99 111.1212l112.net
O1 - Hosts: 65.55.21.250 111.3243l24.com
O1 - Hosts: 65.55.21.250 222.3243l24.com
O1 - Hosts: 65.55.21.250 333.3243l24.com
O1 - Hosts: 125.64.8.112 kao2.gmwo03.com
O1 - Hosts: 125.64.8.112 kao.gmwo06.com
O1 - Hosts: 125.64.8.112 444.gmwo07.com
O1 - Hosts: 116.252.185.15 ru.update365.us
O1 - Hosts: 116.252.185.15 ad.update365.us
O1 - Hosts: 207.46.232.182 popmails.net
O1 - Hosts: 203.208.37.99 3.goodhh.com
O1 - Hosts: 220.181.37.55 down.rwixr.com
O1 - Hosts: 160.79.42.52 www.xdj2008.com
O1 - Hosts: 63.175.76.152 www.revtr.cn
O1 - Hosts: 219.133.40.91 qq.ljsll.com
O1 - Hosts: 203.208.35.102 www.aassccwe.cn
O1 - Hosts: 209.132.177.50 973.aksjd11.com
O1 - Hosts: 209.132.177.50 974.aksjd11.com
O1 - Hosts: 209.132.177.50 971.aksjd11.com
O1 - Hosts: 209.132.177.50 975.aksjd11.com
O1 - Hosts: 72.14.235.104 user1.12-39.net
O1 - Hosts: 72.14.235.147 www.infomt.net
O1 - Hosts: 192.150.18.101 ata1.sysions.net
O1 - Hosts: 192.150.18.101 ata2.sysions.net
O1 - Hosts: 192.150.18.101 ata3.sysions.net
O1 - Hosts: 192.150.18.101 ata4.sysions.net
O1 - Hosts: 193.120.42.226 8nnnnn99.cn
O1 - Hosts: 24.39.54.34 www.haoaoao.cn
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [3PMmUpdate] rundll32 "C:\WINDOWS\Update.dll",Main
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PTIM.exe] C:\Program Files\WebEx\Productivity Tools\PTIM.exe
O4 - HKCU\..\Run: [ptmsgfrm.exe] C:\Program Files\WebEx\Productivity Tools\ptmsgfrm.exe
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {80947ADC-151D-490B-87F1-7C8CE1B46220} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Start WebEx One-Click Meeting - {80947ADC-151D-490B-87F1-7C8CE1B46220} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (HKCU)
O9 - Extra 'Tools' menuitem: Start WebEx One-Click Meeting - {80947ADC-151D-490B-87F1-7C8CE1B46220} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O15 - Trusted Zone: http://*.intelliden-demo
O15 - Trusted Zone: http://intelliden-demo.intelliden.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab
O16 - DPF: {5879B3B0-566E-4ECB-9B77-9A8A5E62AAB8} - http://www.blackberry.com/DST2007/patch/de...teLoaderUSB.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1208281057071
O16 - DPF: {85BA505F-FD01-4A91-836C-F7D502E89C9A} (Image Uploader Control) - http://www.evite.com/html/imageUpload/ImageUploader4.cab
O16 - DPF: {9C3497D6-ED98-11D0-9647-00C04FD9B15B} (WMI Login Control) - file://C:\DOCUME~1\GEORGE~1.SLA\LOCALS~1\Temp\wbemtool.cab
O16 - DPF: {CB97291A-6603-466A-AA11-80C2EB74CB10} (CoxSelfInstallAx10 Control) - https://install.cox.net/CoxSelfInstall/CoxS...InstallAx10.ocx
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://intelliden.webex.com/client/T25L/webex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = intelliden.net
O17 - HKLM\Software\..\Telephony: DomainName = intelliden.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = intelliden.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = chi.tecnet,tecnet,chi.tecnet,tecnet,chi.tecnet,tecnet,priv.red.telefonica-wholesale.net,red.telefonica-wholesale.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = chi.tecnet,tecnet,chi.tecnet,tecnet,chi.tecnet,tecnet,priv.red.telefonica-wholesale.net,red.telefonica-wholesale.net
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - PCTEL - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: SNMP EMANATE Master Agent (EMANATE) - Unknown owner - C:\Program Files\HP OpenView\bin\snmpdm.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP OpenView NNM Embedded DB - Solid Information Technology - C:\PROGRA~1\HPOPEN~1\bin\ovdbrun.exe
O23 - Service: HP OpenView Process Manager - Unknown owner - C:\Program Files\HP OpenView\bin\ovspmd.exe
O23 - Service: HP OpenView Trace Service (HPOVTrace) - Hewlett-Packard - C:\Program Files\HP OpenView\bin\OVTrace.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSSQL$OVOPS - Unknown owner - C:\Program Files\HP OpenView\MSSQL$OVOPS\Binn\sqlservr.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: SQLAgent$OVOPS - Unknown owner - C:\Program Files\HP OpenView\MSSQL$OVOPS\Binn\sqlagent.EXE (file missing)
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: WLSforIntelliden - Unknown owner - C:\icos\bea\WEBLOG~1\server\bin\beasvc.exe (file missing)
O23 - Service: SNMP EMANATE Adapter for NT (wpa) - Unknown owner - C:\Program Files\HP OpenView\bin\wpaagt.exe

--
End of file - 20139 bytes

-- Files created between 2008-06-28 and 2008-07-28 -----------------------------

2008-07-27 19:54:27 68096 --a------ C:\WINDOWS\zip.exe
2008-07-27 19:54:27 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-27 19:54:27 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-27 19:54:27 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-27 19:54:27 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-27 19:54:27 98816 --a------ C:\WINDOWS\sed.exe
2008-07-27 19:54:27 80412 --a------ C:\WINDOWS\grep.exe
2008-07-27 19:54:27 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-27 11:04:33 28672 --a------ C:\WINDOWS\system32\crtnumo.dll
2008-07-27 11:02:42 28672 --a------ C:\WINDOWS\system32\esceps.dll
2008-07-27 01:28:28 24576 --a------ C:\WINDOWS\system32\offecao.dll
2008-07-27 01:25:49 232960 --ah----- C:\WINDOWS\system32\zgtwfx.dll
2008-07-27 00:54:54 24576 --a------ C:\WINDOWS\system32\xfimerl.dll
2008-07-27 00:54:48 225792 --ah----- C:\WINDOWS\system32\zsdgff.dll
2008-07-26 18:21:23 258048 --a------ C:\WINDOWS\Update.dll
2008-07-26 18:20:45 218624 --ah----- C:\WINDOWS\system32\tdggrz.dll
2008-07-26 18:20:33 24576 --a------ C:\WINDOWS\system32\jolin0.dll
2008-07-26 18:20:27 24576 --a------ C:\WINDOWS\system32\theralte.dll
2008-07-26 18:20:22 222208 --ah----- C:\WINDOWS\system32\fsrgeb.dll
2008-07-26 18:20:21 24576 --a------ C:\WINDOWS\system32\jsnoer.dll
2008-07-26 18:20:13 229376 --ah----- C:\WINDOWS\system32\jfrwdh.dll
2008-07-26 18:20:09 225792 --ah----- C:\WINDOWS\system32\zycdex.dll
2008-07-26 18:20:01 28672 --a------ C:\WINDOWS\system32\caotxb.dll
2008-07-26 18:19:55 225792 --ah----- C:\WINDOWS\system32\sgdewg.dll
2008-07-26 18:19:45 240128 --ah----- C:\WINDOWS\system32\hhrdxd.dll
2008-07-26 18:19:44 28672 --a------ C:\WINDOWS\system32\woswelc.dll
2008-07-26 18:19:28 247296 --ah----- C:\WINDOWS\system32\tdfhex.dll
2008-07-26 18:19:23 24576 --a------ C:\WINDOWS\system32\googleons.dll
2008-07-26 18:19:16 232960 --ah----- C:\WINDOWS\system32\zgxfdx.dll
2008-07-26 18:19:11 258048 --ah----- C:\WINDOWS\system32\rfdswc.dll
2008-07-26 18:19:01 272384 --ah----- C:\WINDOWS\system32\ddserh.dll
2008-07-26 18:19:00 24576 --a------ C:\WINDOWS\system32\wcnonpe.dll
2008-07-26 16:18:27 14336 --a------ C:\WINDOWS\system32\mssetdk.exe
2008-07-23 21:48:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-23 21:29:36 0 dr-h----- C:\Documents and Settings\george.slack\Recent
2008-07-23 21:15:04 0 d-------- C:\Program Files\CCleaner
2008-07-21 17:29:46 0 d-------- C:\Documents and Settings\george\Application Data\Lavasoft
2008-07-21 17:20:16 0 d-------- C:\Documents and Settings\george\Application Data\Identities
2008-07-21 17:20:16 0 d--h----- C:\Documents and Settings\george\Application Data\Gtek
2008-07-21 17:20:15 0 dr-h----- C:\Documents and Settings\george\SendTo
2008-07-21 17:20:15 0 dr-h----- C:\Documents and Settings\george\Recent
2008-07-21 17:20:15 0 d--h----- C:\Documents and Settings\george\PrintHood
2008-07-21 17:20:15 0 d--h----- C:\Documents and Settings\george\NetHood
2008-07-21 17:20:15 0 dr------- C:\Documents and Settings\george\My Documents
2008-07-21 17:20:15 0 d--h----- C:\Documents and Settings\george\Local Settings
2008-07-21 17:20:15 0 dr------- C:\Documents and Settings\george\Favorites
2008-07-21 17:20:15 0 d-------- C:\Documents and Settings\george\Desktop
2008-07-21 17:20:15 0 d--hs---- C:\Documents and Settings\george\Cookies
2008-07-21 17:20:15 0 dr-h----- C:\Documents and Settings\george\Application Data
2008-07-21 17:20:15 0 d---s---- C:\Documents and Settings\george\Application Data\Microsoft
2008-07-21 17:20:15 0 d-------- C:\Documents and Settings\george\Application Data\Macromedia
2008-07-21 17:20:15 0 d-------- C:\Documents and Settings\george\Application Data\Intel
2008-07-21 17:20:14 0 d--h----- C:\Documents and Settings\george\Templates
2008-07-21 17:20:14 0 dr------- C:\Documents and Settings\george\Start Menu
2008-07-21 17:20:14 1048576 --ah----- C:\Documents and Settings\george\NTUSER.DAT
2008-07-15 23:30:05 0 d-------- C:\cmdcons
2008-07-15 14:53:44 0 dr------- C:\Documents and Settings\philip\Favorites
2008-07-15 14:53:44 0 d-------- C:\Documents and Settings\philip\Desktop
2008-07-15 14:53:44 0 d--hs---- C:\Documents and Settings\philip\Cookies
2008-07-15 14:53:44 0 dr-h----- C:\Documents and Settings\philip\Application Data
2008-07-15 14:53:44 0 d---s---- C:\Documents and Settings\philip\Application Data\Microsoft
2008-07-15 14:53:44 0 d-------- C:\Documents and Settings\philip\Application Data\Macromedia
2008-07-15 14:53:44 0 d-------- C:\Documents and Settings\philip\Application Data\Intel
2008-07-15 14:53:44 0 d-------- C:\Documents and Settings\philip\Application Data\Identities
2008-07-15 14:53:44 0 d--h----- C:\Documents and Settings\philip\Application Data\Gtek
2008-07-15 14:53:43 0 d--h----- C:\Documents and Settings\philip\Templates
2008-07-15 14:53:43 0 dr------- C:\Documents and Settings\philip\Start Menu
2008-07-15 14:53:43 0 dr-h----- C:\Documents and Settings\philip\SendTo
2008-07-15 14:53:43 0 dr-h----- C:\Documents and Settings\philip\Recent
2008-07-15 14:53:43 0 d--h----- C:\Documents and Settings\philip\PrintHood
2008-07-15 14:53:43 0 d--h----- C:\Documents and Settings\philip\NetHood
2008-07-15 14:53:43 0 dr------- C:\Documents and Settings\philip\My Documents
2008-07-15 14:53:43 0 d--h----- C:\Documents and Settings\philip\Local Settings
2008-07-15 14:53:42 1048576 --ah----- C:\Documents and Settings\philip\NTUSER.DAT
2008-07-09 11:47:36 0 d-------- C:\Documents and Settings\admin.philip\Application Data\Lavasoft
2008-07-09 11:40:54 0 d-------- C:\Documents and Settings\admin.philip\Application Data\Adobe
2008-07-09 11:38:28 0 d-------- C:\Documents and Settings\admin.philip\Application Data\WinRAR
2008-07-09 11:37:38 0 d-------- C:\Program Files\Lavasoft
2008-07-09 11:37:15 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-09 11:34:45 0 d-------- C:\Documents and Settings\admin.philip\Application Data\Google
2008-07-02 14:25:39 0 d-------- C:\Documents and Settings\george.slack\.housecall6.6
2008-07-02 14:06:16 286720 --a------ C:\WINDOWS\system32\wxvault.dll <Not Verified; ; wxvault Dynamic Link Library>
2008-07-02 11:08:42 0 d-------- C:\Documents and Settings\george.slack\Application Data\Malwarebytes
2008-07-02 11:08:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-02 11:08:38 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware


-- Find3M Report ---------------------------------------------------------------

2008-07-28 10:10:27 0 d-------- C:\Documents and Settings\george.slack\Application Data\VMware
2008-07-26 15:00:41 0 d-------- C:\Program Files\Common Files
2008-07-23 19:08:15 0 d-------- C:\Program Files\Trillian
2008-07-22 13:13:48 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-21 19:57:39 0 d-------- C:\Documents and Settings\george.slack\Application Data\Canon
2008-07-21 10:12:58 0 d-------- C:\Documents and Settings\george.slack\Application Data\Lavasoft
2008-07-02 13:43:35 0 d-------- C:\Program Files\Broadcom
2008-07-02 13:43:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-02 13:43:13 0 d-------- C:\Program Files\Wave Systems Corp
2008-06-24 18:54:36 0 d-------- C:\Documents and Settings\george.slack\Application Data\Skype
2008-06-24 18:21:50 0 d-------- C:\Documents and Settings\george.slack\Application Data\skypePM
2008-06-20 20:22:31 0 d-------- C:\Program Files\Cisco Systems
2008-06-19 12:13:58 0 d-------- C:\Documents and Settings\george.slack\Application Data\U3
2008-06-13 15:20:53 0 d-------- C:\Program Files\Trend Micro
2008-06-13 11:32:40 0 d-------- C:\Program Files\Xming
2008-06-13 11:26:19 0 d-------- C:\Program Files\MSBuild
2008-06-13 11:26:03 0 d-------- C:\Program Files\Reference Assemblies
2008-06-11 14:14:21 36944 --a------ C:\WINDOWS\system32\stcevent.dll <Not Verified; Cisco Systems, Inc.; SSL VPN Client>
2008-06-11 07:14:18 0 d-------- C:\Documents and Settings\george.slack\Application Data\AVGTOOLBAR
2008-06-11 07:05:52 0 d-------- C:\Program Files\Winamp
2008-06-10 19:53:05 0 d-------- C:\Program Files\AVG
2008-06-10 08:39:31 0 d-------- C:\Program Files\Windows Media Connect 2
2008-06-07 07:42:17 0 d-------- C:\Documents and Settings\george.slack\Application Data\Adobe
2008-06-06 16:33:09 376832 --a------ C:\WINDOWS\system32\AegisI5Installer.exe <Not Verified; ; AegisInstall Application>
2008-06-06 16:28:57 0 d-------- C:\Documents and Settings\george.slack\Application Data\Intel
2008-06-05 10:46:19 0 d-------- C:\Program Files\Java
2008-06-03 13:37:55 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-03 13:37:41 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-15 07:51:02 15787 --a------ C:\WINDOWS\system32\productregistry
2008-05-11 08:00:29 49152 --a------ C:\Documents and Settings\george.slack\Application Data\olkupres.dll <Not Verified; WebEx; OlkUpRes Module>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-12-13 12:49 1185120 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{97421D0D-E07F-40DF-8F07-99597B9585AD}]
2008-07-26 18:21 45056 --a------ C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 12:49 1185120]

[-HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 14:13]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 18:44]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 18:41]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 18:45]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 18:30 C:\WINDOWS\stsystra.exe]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 07:20]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 18:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 18:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28]
"AT&T Communication Manager"="C:\Program Files\AT&T\Communication Manager\ATTCM.exe" [2007-10-18 12:08]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-12-12 15:41]
"vmware-tray"="C:\Program Files\VMware\VMware Workstation\vmware-tray.exe" [2008-03-03 20:10]
"VMware hqtray"="C:\Program Files\VMware\VMware Workstation\hqtray.exe" [2008-03-03 20:10]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 12:13]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2008-03-04 14:41]
"3PMmUpdate"="C:\WINDOWS\Update.dll" [2008-07-28 09:14]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 18:53]
"PTIM.exe"="C:\Program Files\WebEx\Productivity Tools\PTIM.exe" [2008-04-29 16:56]
"ptmsgfrm.exe"="C:\Program Files\WebEx\Productivity Tools\ptmsgfrm.exe" [2008-04-29 15:59]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Communicator"="C:\Program Files\Microsoft Office Communicator\Communicator.exe"
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-11-18 19:46:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{A9895933-6636-4281-BC58-EE6DE2AF96E3}"= C:\WINDOWS\system32\ddserh.dll [2008-07-27 11:35 272384]
"{461D2AB4-29A5-45C2-9134-D52272D3DE38}"= C:\WINDOWS\system32\rfdswc.dll [2008-07-27 01:25 258048]
"{6E6CA8A1-81BC-4707-A54C-F4903DD70BAD}"= C:\WINDOWS\system32\zgxfdx.dll [2008-07-26 18:19 232960]
"{0B846B26-BFE6-4E8E-A948-1DB17B77B483}"= C:\WINDOWS\system32\tdfhex.dll [2008-07-27 11:04 247296]
"{17DFD111-BF3A-4CB4-ADB0-88FCBFE69821}"= C:\WINDOWS\system32\hhrdxd.dll [2008-07-27 11:03 240128]
"{84143967-B645-4BFF-B873-DA1DC886E9A7}"= C:\WINDOWS\system32\cedafb.dll [ ]
"{8C41B7F7-3168-400D-A702-0E7EFE0BA304}"= C:\WINDOWS\system32\sgdewg.dll [2008-07-27 11:03 225792]
"{45AADFAA-DD36-42AB-83AD-0521BBF58C24}"= C:\WINDOWS\system32\zycdex.dll [2008-07-27 11:03 225792]
"{841529CB-7F77-4B99-A895-B5441E0D302F}"= C:\WINDOWS\system32\jfrwdh.dll [2008-07-27 11:03 229376]
"{EA5D4B0E-B8CE-4761-8C7E-5D26369F0EC6}"= C:\WINDOWS\system32\fsrgeb.dll [2008-07-27 11:04 222208]
"{4D165A2A-4BC1-4CA8-8299-08E05AAAB5A4}"= C:\WINDOWS\system32\tdggrz.dll [2008-07-27 11:04 218624]
"{53D44DB6-E22B-4B17-97D3-572C96CCA6E1}"= C:\WINDOWS\system32\zsdgff.dll [2008-07-27 11:01 225792]
"{006CA8A1-61BC-4774-A54C-F49034270BAD}"= C:\WINDOWS\system32\zgtwfx.dll [2008-07-27 11:02 232960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"ThunderAdvise"= {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll [2008-07-26 18:21 45056]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EMBASSY Trust Suite Secure Update.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EMBASSY Trust Suite Secure Update.lnk
backup=C:\WINDOWS\pss\EMBASSY Trust Suite Secure Update.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=C:\WINDOWS\pss\VPN Client.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
C:\Program Files\NetWaiting\netWaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##csodc02#Project#acrobat]
AutoRun\command- Z:\Autoplay.exe -auto

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5bbf262-66b8-11dc-887d-00188ba65bac}]
AutoRun\command- E:\PortableRoboForm.exe
RoboForm2Go\command- E:\PortableRoboForm.exe




-- End of Deckard's System Scanner: finished at 2008-07-28 10:14:40 ------------










And the DSS extra log:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU T7200 @ 2.00GHz
CPU 1: Intel® Core™2 CPU T7200 @ 2.00GHz
Percentage of Memory in Use: 27%
Physical Memory (total/avail): 3318.05 MiB / 2393.88 MiB
Pagefile Memory (total/avail): 5201.56 MiB / 4355.47 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1908.62 MiB

C: is Fixed (NTFS) - 93.09 GiB total, 40.55 GiB free.
D: is CDROM (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Hitachi HTS721010G9SA00 - 93.16 GiB - 2 partitions
\PARTITION0 - Unknown - 70.57 MiB
\PARTITION1 (bootable) - Installable File System - 93.09 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Symantec Endpoint Protection v10.0 (Symantec Corporation.)
AV: Symantec Endpoint Protection v11.0.777.1008 (Symantec Corporation) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office Communicator\\communicator.exe"="C:\\Program Files\\Microsoft Office Communicator\\communicator.exe:*:Enabled:Communicator"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\WINDOWS\\system32\\ftp.exe"="C:\\WINDOWS\\system32\\ftp.exe:*:Enabled:File Transfer Program"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client\\SmartFTP.exe:*:Enabled:SmartFTP Client"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"="C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe:*:Enabled:SMC Service"
"C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"="C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE:*:Enabled:SNAC Service"
"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"="C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe:*:Enabled:Symantec Email"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office Communicator\\communicator.exe"="C:\\Program Files\\Microsoft Office Communicator\\communicator.exe:*:Enabled:Microsoft Office Communicator 2005"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Trillian\\trillian.exe"="C:\\Program Files\\Trillian\\trillian.exe:*:Enabled:Trillian"
"C:\\Program Files\\HP OpenView\\bin\\ovw.exe"="C:\\Program Files\\HP OpenView\\bin\\ovw.exe:*:Enabled:HP OpenView Network Node Manager"
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\george.slack\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=NCILGSL
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\george.slack
JAVA_HOME=C:\icos\jdk
LOGONSERVER=\\CSODC01
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn;C:\PROGRA~1\DATACO~1\DCDIRE~1\bin;C:\Program Files\Perforce;C:\Program Files\HP OpenView\bin;C:\Sun\AppServer\bin;C:\icos\bin;C:\icos\bin;%ANT_HOME%\bin;C:\icos\jdk\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Wave Systems Corp\Dell Preboot Manager\Access Client\v5\;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\PROGRA~1\DATACO~1\DCDIRE~1\bin;C:\Program Files\Perforce;C:\icos\bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\GEORGE~1.SLA\LOCALS~1\Temp
TMP=C:\DOCUME~1\GEORGE~1.SLA\LOCALS~1\Temp
USERDNSDOMAIN=INTELLIDEN.NET
USERDOMAIN=INTELLIDEN
USERNAME=george.slack
USERPROFILE=C:\Documents and Settings\george.slack
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

george.slack (admin)
admin.philip (admin)
Administrator.INTELLIDEN (admin)
temp (new local, admin)
icosuser (admin)
icosuser.NCILGSL (admin)
george (new local, admin, net ready)
philip (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> MsiExec.exe /I{9579E862-5FC7-4337-B1CC-5E37451524C5}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 8 Standard --> msiexec /I {AC76BA86-1033-0000-BA7E-000000000003}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
ALPS Touch Pad Driver --> C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
AT&T Communication Manager --> MsiExec.exe /X{A81BFA08-5D4C-4D4C-ACEF-BF558C70D99D}
Bluetooth Stack for Windows by Toshiba --> MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Boson NetSim for CCNP 7.0 --> C:\Program Files\InstallShield Installation Information\{8C1BC366-81DD-4050-B2DC-88287C90E915}\setup.exe -runfromtemp -l0x0409
Broadcom Advanced Control Suite --> MsiExec.exe /X{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
Broadcom TPM Driver Installer --> MsiExec.exe /X{35748B06-FCFC-4700-8285-DAD41689E4FE}
Canon MF Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01B93B3A-283F-411B-A648-69CABCACC986}\Setup.exe" -l0x9 -Uninstall
Canon MF Toolbox 4.7.0.0.mf04 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{132CA5D9-C745-4B0B-A3B2-8C7A6EC3EE7E}\Setup.exe" -l0x9 -Uninstall
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Cisco Press CCNA INTRO Test --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{C8BBB2A2-6A4F-46B8-9EEE-76B1C0D2091F}
Cisco Systems VPN Client 4.8.02.0010 --> MsiExec.exe /X{176130BC-99A1-41FE-A78B-56045E33AD70}
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HDA D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
Dell Embassy Trust Suite by Wave Systems --> C:\WINDOWS\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\Installer.exe
Dell Support 3.2.1 --> MsiExec.exe /X{CEE2252C-4035-4B27-8EC6-0B085DD3A413}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Driver Installer --> MsiExec.exe /X{753D852A-D86D-42C9-9978-40AE66FB8985}
EMBASSY Trust Suite by Wave Systems --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1802FA6-54E9-4B24-BD2A-B50866819795}\setup.exe" -l0x9
Ethereal 0.99.0 --> "C:\Program Files\Ethereal\uninstall.exe"
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Photos Screensaver --> MsiExec.exe /X{481E9852-DA0C-403B-ADA4-05D86C8BF9A9}
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
hp OpenView AutoPass --> MsiExec.exe /I{8B7C5096-DE75-4F2B-9C42-4E3FFB029371}
HP OpenView Event Correlation Services --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\HP OpenView\OVECS.isu" -c"C:\Program Files\HP OpenView\bin\ecsrununinst.dll"
HP OpenView Network Node Manager --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\HP OpenView\OVNNMRT.isu" -cC:\WINDOWS\system32\NMUnInst.dll
HP Openview NNM Advanced Edition Device Support for 3Com --> MsiExec.exe /I{9234BBDE-2381-481E-9033-EA8E476BE764}
HP Openview NNM Advanced Edition Device Support for Alcatel --> MsiExec.exe /I{2A4E7AE5-2388-4DAD-94DA-E814CCCCD781}
HP Openview NNM Advanced Edition Device Support for CDP --> MsiExec.exe /I{8F92EFBA-6570-43B6-BC01-EAFEDA5D96C8}
HP Openview NNM Advanced Edition Device Support for Cisco --> MsiExec.exe /I{43F2E44B-ED0D-4420-9D54-A2B294A85E12}
HP Openview NNM Advanced Edition Device Support for EDP --> MsiExec.exe /I{BD20F539-CDF6-4173-B38D-CB1B58AE8890}
HP Openview NNM Advanced Edition Device Support for Extreme --> MsiExec.exe /I{3C73F550-8C5E-45A5-AB1D-91BC75A09C19}
HP Openview NNM Advanced Edition Device Support for HP Procurve --> MsiExec.exe /I{599502BD-D4EC-42CA-BC5F-14C39F9B38A5}
HP Openview NNM Advanced Edition Device Support for Nortel Bay --> MsiExec.exe /I{77164A0F-74BC-4889-A5FF-E0CEBD782341}
HP Openview NNM Advanced Edition Device Support for Nortel Passport --> MsiExec.exe /I{29E26932-C320-454F-B582-BBC1A42C0D0D}
HP OpenView NNM Lcore Dependencies --> MsiExec.exe /I{A4DAF021-74C8-4B41-A2FB-2329A092FA5D}
HP OpenView XPL Package --> MsiExec.exe /I{7C004513-7957-406A-A3E7-1427D61D8BFD}
HP OpenView XPL Package Java Extensions --> MsiExec.exe /I{B5E01C35-D5F0-46D6-A7D1-4428E947F650}
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java 2 Platform, Enterprise Edition 1.4 SDK --> "C:\Sun\AppServer\uninstall.exe" -javahome "C:\Sun\AppServer\jdk"
Java 2 Runtime Environment, SE v1.4.2_02 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142020}
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Kiwi Syslog Daemon 8.2.8 (Standard Edition) --> "C:\Program Files\Syslogd\uninst-Syslogd.exe"
LiveUpdate 3.3 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Communicator 2005 --> MsiExec.exe /X{BE5AD430-9E0C-4243-AB3F-593835869855}
Microsoft Office Live Meeting 2005 --> MsiExec.exe /I{AB6972B2-CF5D-4CC8-AF4F-B5D6888AB120}
Microsoft Office Outlook 2003 with Business Contact Manager Update --> MsiExec.exe /I{BA68600E-96D9-4E92-80F2-26B9681B5A63}
Microsoft Office Project Professional 2003 --> MsiExec.exe /I{903B0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Small Business Edition 2003 --> MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Professional 2003 --> MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server Desktop Engine (OVOPS) --> MsiExec.exe /X{689404D2-1C94-44B3-9203-BEC5594FDA7A}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (2.0.0.16) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSCfg --> MsiExec.exe /I{829CD169-E692-48E8-9BDE-A3E8D8B65538}
mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
My WebEx Integration to Outlook --> MsiExec.exe /I{E2D7EA0E-0ABB-4D56-8E15-F94AF24272AC}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Nokia Connectivity Adapter Cable DKU-5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1BA3CD5-89DC-4273-8603-A75F33E9B335}\Setup.exe" -l0x9
NTRU Hybrid TSS v2.0.25 --> MsiExec.exe /I{0BA2A0BA-7F4D-4B7B-AE94-5F0233AC8A5A}
Packet Tracer 4.1 --> "C:\Program Files\Packet Tracer 4.1\unins000.exe"
PBCM --> C:\WINDOWS\system32\javaws.exe -uninstall -prompt "http://tpm1.chi.tecnet:7003/webstart/cmui.jnlp"
Perforce P4Win Components --> "C:\Program Files\Perforce\up4winst.exe"
Perforce Server Components --> "C:\Program Files\Perforce\uperforce.exe"
PowerDVD 5.7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickSet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
R-Series - Administrative --> C:\WINDOWS\system32\javaws.exe -uninstall -prompt "http://demosystem:7001/soap/profiles/admin.jnlp"
ReadyConference Plus Outlook Add-in --> MsiExec.exe /I{150FD07D-7F54-46AE-9373-161F0099D7F0}
Roxio DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Salesforce Outlook Edition 2.0 --> MsiExec.exe /X{38B1A0DF-8889-464D-95C0-F8715E79F640}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SmartFTP Client --> MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Symantec Endpoint Protection --> MsiExec.exe /I{FB8A4E30-9915-4814-ADF9-42E00D9FDC3D}
Symantec Technical Support Web Controls --> MsiExec.exe /X{20C53FA2-4307-4671-A93F-9463B29DFCF1}
TightVNC 1.3.9 --> "C:\Program Files\TightVNC\unins000.exe"
Time Zone Data Update Tool for Microsoft Office Outlook --> MsiExec.exe /X{95120000-0038-0409-0000-0000000FF1CE}
Trillian --> C:\Program Files\Trillian\trillian.exe /uninstall
upekmsi --> MsiExec.exe /I{D648B20B-A789-407E-8CA4-9BDDBBE342C8}
URL Assistant --> regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
Versal FileDownload ActiveX Control Trial Version --> C:\Program Files\Universal\UFileDownloadD\USetup.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
VMware Workstation --> MsiExec.exe /I{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}
Wave Infrastructure Installer --> MsiExec.exe /I{F2B8F8EE-4811-4A28-9305-6640CD007115}
WebEx --> C:\PROGRA~1\MOZILL~1\plugins\atcliun.exe
WebEx Productivity Tools --> MsiExec.exe /X{C6896059-E55C-4404-A042-60786039E1B3}
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Winamp Toolbar for Internet Explorer --> "C:\Program Files\Winamp Toolbar\uninstall.exe"
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinPcap 3.1 --> C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinSCP 4.0.4 --> "C:\Program Files\WinSCP\unins000.exe"
WordReferenceEnEs --> regsvr32 /u /s "C:\Program Files\WordReferenceEnEs\wordreferenceEnEs.dll"
Xming 6.9.0.31 --> "C:\Program Files\Xming\unins000.exe"
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type37940 / Warning
Event Submitted/Written: 07/23/2008 07:42:23 PM
Event ID/Source: 1003 / EvntAgnt
Event Description:
TraceFileName parameter not located in registry;
Default trace file used is .

Event Record #/Type37939 / Error
Event Submitted/Written: 07/23/2008 04:02:22 PM
Event ID/Source: 46 / Symantec AntiVirus
Event Description:
Security Risk Found!W32.Almanahe.B in File: C:\Documents and Settings\george.slack\Local Settings\Temporary Internet Files\Content.IE5\3E3AAKLQ\B[1].gif by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file was deleted successfully.

Event Record #/Type37937 / Error
Event Submitted/Written: 07/23/2008 10:54:15 AM
Event ID/Source: 51 / Symantec AntiVirus
Event Description:
Security Risk Found!W32.Almanahe.B in File: C:\Documents and Settings\george.slack\Local Settings\Temporary Internet Files\Content.IE5\MJGDG121\B[1].gif by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file was deleted successfully.

Event Record #/Type37936 / Error
Event Submitted/Written: 07/23/2008 10:54:14 AM
Event ID/Source: 46 / Symantec AntiVirus
Event Description:
Security Risk Found!W32.Almanahe.B in File: C:\Documents and Settings\george.slack\Local Settings\Temporary Internet Files\Content.IE5\MJGDG121\B[1].gif by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file was deleted successfully.

Event Record #/Type37935 / Error
Event Submitted/Written: 07/23/2008 10:24:14 AM
Event ID/Source: 51 / Symantec AntiVirus
Event Description:
Security Risk Found!W32.Almanahe.B in File: C:\Documents and Settings\george.slack\Local Settings\temp\B.gif by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file was deleted successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type70102 / Warning
Event Submitted/Written: 07/25/2008 01:17:39 PM
Event ID/Source: 8193 / LSASRV
Event Description:
The Security System could not establish a secured connection with the server DNS/prisoner.iana.org. No authentication protocol was available.

Event Record #/Type70101 / Warning
Event Submitted/Written: 07/25/2008 01:17:39 PM
Event ID/Source: 8192 / LSASRV
Event Description:
The Security System detected an attempted downgrade attack for
server DNS/prisoner.iana.org. The failure code from authentication protocol Kerberos
was "There are currently no logon servers available to service the logon request.
(0xc000005e)".

Event Record #/Type70091 / Error
Event Submitted/Written: 07/25/2008 09:39:13 AM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 15 minutes.
NtpClient has no source of accurate time.

Event Record #/Type70090 / Warning
Event Submitted/Written: 07/25/2008 09:39:13 AM
Event ID/Source: 14 / W32Time
Event Description:
The time provider NtpClient was unable to find a domain controller to use as a time
source. NtpClient will try again in 15 minutes.

Event Record #/Type70085 / Error
Event Submitted/Written: 07/25/2008 09:10:53 AM
Event ID/Source: 5719 / NETLOGON
Event Description:
No Domain Controller is available for domain INTELLIDEN due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.



-- End of Deckard's System Scanner: finished at 2008-07-25 16:33:07 ------------

Thanks so much!

#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:27 PM

Posted 28 July 2008 - 10:56 AM

Somehow you get re-infected.. This is probably due to that file which unable to delete.. Lets do this..

Please save this instruction on Notepad or MS-Words as we will need to enter Safe Mode..


Please download these programs and save it to the Desktop.. Don't do anything with it yet.. We will use it in Safe Mode..

The Avenger by Swandog46

Now, Please reboot into Safe Mode



NEXT


In Safe Mode,


Please run HostsXpert again..
  • Double-click HostsXpert.exe to run HostsXpert - Hosts File Manager from its new home
  • Click "Make Hosts Writable?" in the upper right corner (If available).
  • Click Restore Ms Hosts File and then click OK.
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
NEXT


In Safe Mode,
  • Double-click FileASSASSIN and tick on Attempt FileASSASSIN's method of file processing
  • Make sure ALL four options are selected (including "Delete file")
  • Copy/paste below file to the box
    • C:\WINDOWS\system32\cedafb.dll
  • Press Execute button..
NEXT


In Safe Mode..
  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Begin copying here:
Files to delete:
C:\WINDOWS\system32\cedafb.dll
C:\WINDOWS\system32\crtnumo.dll
C:\WINDOWS\system32\esceps.dll
C:\WINDOWS\system32\offecao.dll
C:\WINDOWS\system32\zgtwfx.dll
C:\WINDOWS\system32\xfimerl.dll
C:\WINDOWS\system32\zsdgff.dll
C:\WINDOWS\Update.dll
C:\WINDOWS\system32\tdggrz.dll
C:\WINDOWS\system32\jolin0.dll
C:\WINDOWS\system32\theralte.dll
C:\WINDOWS\system32\fsrgeb.dll
C:\WINDOWS\system32\jsnoer.dll
C:\WINDOWS\system32\jfrwdh.dll
C:\WINDOWS\system32\zycdex.dll
C:\WINDOWS\system32\caotxb.dll
C:\WINDOWS\system32\sgdewg.dll
C:\WINDOWS\system32\hhrdxd.dll
C:\WINDOWS\system32\woswelc.dll
C:\WINDOWS\system32\tdfhex.dll
C:\WINDOWS\system32\googleons.dll
C:\WINDOWS\system32\zgxfdx.dll
C:\WINDOWS\system32\rfdswc.dll
C:\WINDOWS\system32\ddserh.dll
C:\WINDOWS\system32\wcnonpe.dll
C:\WINDOWS\system32\mssetdk.exe
C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
C:\WINDOWS\AppPatch\AclLayer.dll
C:\WINDOWS\system32\ddserh.dll
C:\WINDOWS\system32\rfdswc.dll
C:\WINDOWS\system32\zgxfdx.dll
C:\WINDOWS\system32\tdfhex.dll
C:\WINDOWS\system32\hhrdxd.dll
C:\WINDOWS\system32\sgdewg.dll
C:\WINDOWS\system32\zycdex.dll
C:\WINDOWS\system32\jfrwdh.dll
C:\WINDOWS\system32\fsrgeb.dll
C:\WINDOWS\system32\tdggrz.dll
C:\WINDOWS\system32\zsdgff.dll
C:\WINDOWS\system32\zgtwfx.dll

Registry keys to delete:
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A9895933-6636-4281-BC58-EE6DE2AF96E3}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{461D2AB4-29A5-45C2-9134-D52272D3DE38}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{6E6CA8A1-81BC-4707-A54C-F4903DD70BAD}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0B846B26-BFE6-4E8E-A948-1DB17B77B483}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{17DFD111-BF3A-4CB4-ADB0-88FCBFE69821}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{84143967-B645-4BFF-B873-DA1DC886E9A7}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8C41B7F7-3168-400D-A702-0E7EFE0BA304}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{45AADFAA-DD36-42AB-83AD-0521BBF58C24}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{841529CB-7F77-4B99-A895-B5441E0D302F}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EA5D4B0E-B8CE-4761-8C7E-5D26369F0EC6}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{4D165A2A-4BC1-4CA8-8299-08E05AAAB5A4}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{53D44DB6-E22B-4B17-97D3-572C96CCA6E1}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{006CA8A1-61BC-4774-A54C-F49034270BAD}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{97421D0D-E07F-40DF-8F07-99597B9585AD}

Registry values to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | 3PMmUpdate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks | {A9895933-6636-4281-BC58-EE6DE2AF96E3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks | {461D2AB4-29A5-45C2-9134-D52272D3DE38}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks | {6E6CA8A1-81BC-4707-A54C-F4903DD70BAD}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks | {0B846B26-BFE6-4E8E-A948-1DB17B77B483}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks | {17DFD111-BF3A-4CB4-ADB0-88FCBFE69821}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks | {84143967-B645-4BFF-B873-DA1DC886E9A7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks | {8C41B7F7-3168-400D-A702-0E7EFE0BA304}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks | {45AADFAA-DD36-42AB-83AD-0521BBF58C24}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks | {841529CB-7F77-4B99-A895-B5441E0D302F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks | {EA5D4B0E-B8CE-4761-8C7E-5D26369F0EC6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks | {4D165A2A-4BC1-4CA8-8299-08E05AAAB5A4}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks | {53D44DB6-E22B-4B17-97D3-572C96CCA6E1}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks | {006CA8A1-61BC-4774-A54C-F49034270BAD}

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Right click on the window under Input script here:, and select Paste.
  • You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh Hijackthis log .



Please post the following logs in your next reply.. Post each log in separate post if possible..

1. The Avenger
2. A fresh DSS log (in Normal mode after Avenger step)


Regards
fenzodahl512

Edited by fenzodahl512, 28 July 2008 - 10:58 AM.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#12 dmslack

dmslack
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 28 July 2008 - 12:07 PM

Downloaded and booted into Safe Mode. Once there, ran HostsXpert. It was able to reset System tag on the hosts file, and I was able to make it writable. I couldn't find the "restore MS" option, but I deleted all entries other than the initial comments and one entry for localhost (127.0.0.1 localhost). I believe that is the default file.

Ran FileAssassin, but it claimed the file wasn't there. Went to the directory and verified that it was not there anymore.

Ran Avenger as requested w/no issues. The machine is rebooting, logs will follow.

#13 dmslack

dmslack
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 28 July 2008 - 12:12 PM

Here is the Avenger log:

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "C:\WINDOWS\system32\cedafb.dll" not found!
Deletion of file "C:\WINDOWS\system32\cedafb.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\crtnumo.dll" deleted successfully.
File "C:\WINDOWS\system32\esceps.dll" deleted successfully.
File "C:\WINDOWS\system32\offecao.dll" deleted successfully.
File "C:\WINDOWS\system32\zgtwfx.dll" deleted successfully.
File "C:\WINDOWS\system32\xfimerl.dll" deleted successfully.
File "C:\WINDOWS\system32\zsdgff.dll" deleted successfully.
File "C:\WINDOWS\Update.dll" deleted successfully.
File "C:\WINDOWS\system32\tdggrz.dll" deleted successfully.
File "C:\WINDOWS\system32\jolin0.dll" deleted successfully.
File "C:\WINDOWS\system32\theralte.dll" deleted successfully.
File "C:\WINDOWS\system32\fsrgeb.dll" deleted successfully.
File "C:\WINDOWS\system32\jsnoer.dll" deleted successfully.
File "C:\WINDOWS\system32\jfrwdh.dll" deleted successfully.
File "C:\WINDOWS\system32\zycdex.dll" deleted successfully.
File "C:\WINDOWS\system32\caotxb.dll" deleted successfully.
File "C:\WINDOWS\system32\sgdewg.dll" deleted successfully.
File "C:\WINDOWS\system32\hhrdxd.dll" deleted successfully.
File "C:\WINDOWS\system32\woswelc.dll" deleted successfully.
File "C:\WINDOWS\system32\tdfhex.dll" deleted successfully.
File "C:\WINDOWS\system32\googleons.dll" deleted successfully.
File "C:\WINDOWS\system32\zgxfdx.dll" deleted successfully.
File "C:\WINDOWS\system32\rfdswc.dll" deleted successfully.
File "C:\WINDOWS\system32\ddserh.dll" deleted successfully.
File "C:\WINDOWS\system32\wcnonpe.dll" deleted successfully.
File "C:\WINDOWS\system32\mssetdk.exe" deleted successfully.
File "C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll" deleted successfully.
File "C:\WINDOWS\AppPatch\AclLayer.dll" deleted successfully.

Error: file "C:\WINDOWS\system32\ddserh.dll" not found!
Deletion of file "C:\WINDOWS\system32\ddserh.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\rfdswc.dll" not found!
Deletion of file "C:\WINDOWS\system32\rfdswc.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\zgxfdx.dll" not found!
Deletion of file "C:\WINDOWS\system32\zgxfdx.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\tdfhex.dll" not found!
Deletion of file "C:\WINDOWS\system32\tdfhex.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\hhrdxd.dll" not found!
Deletion of file "C:\WINDOWS\system32\hhrdxd.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\sgdewg.dll" not found!
Deletion of file "C:\WINDOWS\system32\sgdewg.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\zycdex.dll" not found!
Deletion of file "C:\WINDOWS\system32\zycdex.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\jfrwdh.dll" not found!
Deletion of file "C:\WINDOWS\system32\jfrwdh.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\fsrgeb.dll" not found!
Deletion of file "C:\WINDOWS\system32\fsrgeb.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\tdggrz.dll" not found!
Deletion of file "C:\WINDOWS\system32\tdggrz.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\zsdgff.dll" not found!
Deletion of file "C:\WINDOWS\system32\zsdgff.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\zgtwfx.dll" not found!
Deletion of file "C:\WINDOWS\system32\zgtwfx.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Registry key "HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A9895933-6636-4281-BC58-EE6DE2AF96E3}" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{461D2AB4-29A5-45C2-9134-D52272D3DE38}" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{6E6CA8A1-81BC-4707-A54C-F4903DD70BAD}" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0B846B26-BFE6-4E8E-A948-1DB17B77B483}" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{17DFD111-BF3A-4CB4-ADB0-88FCBFE69821}" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{84143967-B645-4BFF-B873-DA1DC886E9A7}" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8C41B7F7-3168-400D-A702-0E7EFE0BA304}" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{45AADFAA-DD36-42AB-83AD-0521BBF58C24}" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{841529CB-7F77-4B99-A895-B5441E0D302F}" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EA5D4B0E-B8CE-4761-8C7E-5D26369F0EC6}" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{4D165A2A-4BC1-4CA8-8299-08E05AAAB5A4}" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{53D44DB6-E22B-4B17-97D3-572C96CCA6E1}" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{006CA8A1-61BC-4774-A54C-F49034270BAD}" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{97421D0D-E07F-40DF-8F07-99597B9585AD}" deleted successfully.
Registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|3PMmUpdate" deleted successfully.
Registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks|{A9895933-6636-4281-BC58-EE6DE2AF96E3}" deleted successfully.
Registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks|{461D2AB4-29A5-45C2-9134-D52272D3DE38}" deleted successfully.
Registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks|{6E6CA8A1-81BC-4707-A54C-F4903DD70BAD}" deleted successfully.
Registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks|{0B846B26-BFE6-4E8E-A948-1DB17B77B483}" deleted successfully.
Registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks|{17DFD111-BF3A-4CB4-ADB0-88FCBFE69821}" deleted successfully.
Registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks|{84143967-B645-4BFF-B873-DA1DC886E9A7}" deleted successfully.
Registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks|{8C41B7F7-3168-400D-A702-0E7EFE0BA304}" deleted successfully.
Registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks|{45AADFAA-DD36-42AB-83AD-0521BBF58C24}" deleted successfully.
Registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks|{841529CB-7F77-4B99-A895-B5441E0D302F}" deleted successfully.
Registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks|{EA5D4B0E-B8CE-4761-8C7E-5D26369F0EC6}" deleted successfully.
Registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks|{4D165A2A-4BC1-4CA8-8299-08E05AAAB5A4}" deleted successfully.
Registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks|{53D44DB6-E22B-4B17-97D3-572C96CCA6E1}" deleted successfully.
Registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks|{006CA8A1-61BC-4774-A54C-F49034270BAD}" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Edited by dmslack, 28 July 2008 - 12:13 PM.


#14 dmslack

dmslack
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 28 July 2008 - 12:13 PM

Here is the DSS Main log:

Deckard's System Scanner v20071014.68
Run by george.slack on 2008-07-28 13:06:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as george.slack.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:07, on 2008-07-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\HP OpenView\bin\ovspmd.exe
C:\Program Files\HP OpenView\bin\OVTrace.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\HP OpenView\bin\pmd.exe
C:\Program Files\HP OpenView\bin\ovsessionmgr.exe
C:\Program Files\HP OpenView\bin\ovrequestd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\HP OpenView\bin\genannosrvr.exe
C:\Program Files\HP OpenView\bin\ovalarmsrv.exe
C:\Program Files\HP OpenView\bin\ovactiond.exe
C:\Program Files\HP OpenView\bin\ovdbcheck.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\HP OpenView\bin\wpaagt.exe
C:\Program Files\HP OpenView\bin\snmpdm.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\HPOPEN~1\bin\ovdbrun.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\VMware\VMware Workstation\hqtray.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WebEx\Productivity Tools\PTIM.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\WebEx\Productivity Tools\ptmsgfrm.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\WebEx\Productivity Tools\ptSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Documents and Settings\george.slack\Desktop\Dawn\BleepingComputer\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\GEORGE~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061219
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PTIM.exe] C:\Program Files\WebEx\Productivity Tools\PTIM.exe
O4 - HKCU\..\Run: [ptmsgfrm.exe] C:\Program Files\WebEx\Productivity Tools\ptmsgfrm.exe
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {80947ADC-151D-490B-87F1-7C8CE1B46220} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Start WebEx One-Click Meeting - {80947ADC-151D-490B-87F1-7C8CE1B46220} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (HKCU)
O9 - Extra 'Tools' menuitem: Start WebEx One-Click Meeting - {80947ADC-151D-490B-87F1-7C8CE1B46220} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O15 - Trusted Zone: http://*.intelliden-demo
O15 - Trusted Zone: http://intelliden-demo.intelliden.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab
O16 - DPF: {5879B3B0-566E-4ECB-9B77-9A8A5E62AAB8} - http://www.blackberry.com/DST2007/patch/de...teLoaderUSB.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1208281057071
O16 - DPF: {85BA505F-FD01-4A91-836C-F7D502E89C9A} (Image Uploader Control) - http://www.evite.com/html/imageUpload/ImageUploader4.cab
O16 - DPF: {9C3497D6-ED98-11D0-9647-00C04FD9B15B} (WMI Login Control) - file://C:\DOCUME~1\GEORGE~1.SLA\LOCALS~1\Temp\wbemtool.cab
O16 - DPF: {CB97291A-6603-466A-AA11-80C2EB74CB10} (CoxSelfInstallAx10 Control) - https://install.cox.net/CoxSelfInstall/CoxS...InstallAx10.ocx
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://intelliden.webex.com/client/T25L/webex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = intelliden.net
O17 - HKLM\Software\..\Telephony: DomainName = intelliden.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = intelliden.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = chi.tecnet,tecnet,chi.tecnet,tecnet,chi.tecnet,tecnet,priv.red.telefonica-wholesale.net,red.telefonica-wholesale.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = chi.tecnet,tecnet,chi.tecnet,tecnet,chi.tecnet,tecnet,priv.red.telefonica-wholesale.net,red.telefonica-wholesale.net
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll (file missing)
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - PCTEL - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: SNMP EMANATE Master Agent (EMANATE) - Unknown owner - C:\Program Files\HP OpenView\bin\snmpdm.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP OpenView NNM Embedded DB - Solid Information Technology - C:\PROGRA~1\HPOPEN~1\bin\ovdbrun.exe
O23 - Service: HP OpenView Process Manager - Unknown owner - C:\Program Files\HP OpenView\bin\ovspmd.exe
O23 - Service: HP OpenView Trace Service (HPOVTrace) - Hewlett-Packard - C:\Program Files\HP OpenView\bin\OVTrace.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSSQL$OVOPS - Unknown owner - C:\Program Files\HP OpenView\MSSQL$OVOPS\Binn\sqlservr.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: SQLAgent$OVOPS - Unknown owner - C:\Program Files\HP OpenView\MSSQL$OVOPS\Binn\sqlagent.EXE (file missing)
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: WLSforIntelliden - Unknown owner - C:\icos\bea\WEBLOG~1\server\bin\beasvc.exe (file missing)
O23 - Service: SNMP EMANATE Adapter for NT (wpa) - Unknown owner - C:\Program Files\HP OpenView\bin\wpaagt.exe

--
End of file - 18377 bytes

-- Files created between 2008-06-28 and 2008-07-28 -----------------------------

2008-07-28 12:59:14 0 d-------- C:\Documents and Settings\george\Application Data\WinRAR
2008-07-27 19:54:27 68096 --a------ C:\WINDOWS\zip.exe
2008-07-27 19:54:27 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-27 19:54:27 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-27 19:54:27 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-27 19:54:27 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-27 19:54:27 98816 --a------ C:\WINDOWS\sed.exe
2008-07-27 19:54:27 80412 --a------ C:\WINDOWS\grep.exe
2008-07-27 19:54:27 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-23 21:48:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-23 21:29:36 0 dr-h----- C:\Documents and Settings\george.slack\Recent
2008-07-23 21:15:04 0 d-------- C:\Program Files\CCleaner
2008-07-21 17:29:46 0 d-------- C:\Documents and Settings\george\Application Data\Lavasoft
2008-07-21 17:20:16 0 d-------- C:\Documents and Settings\george\Application Data\Identities
2008-07-21 17:20:16 0 d--h----- C:\Documents and Settings\george\Application Data\Gtek
2008-07-21 17:20:15 0 dr-h----- C:\Documents and Settings\george\SendTo
2008-07-21 17:20:15 0 dr-h----- C:\Documents and Settings\george\Recent
2008-07-21 17:20:15 0 d--h----- C:\Documents and Settings\george\PrintHood
2008-07-21 17:20:15 0 d--h----- C:\Documents and Settings\george\NetHood
2008-07-21 17:20:15 0 dr------- C:\Documents and Settings\george\My Documents
2008-07-21 17:20:15 0 d--h----- C:\Documents and Settings\george\Local Settings
2008-07-21 17:20:15 0 dr------- C:\Documents and Settings\george\Favorites
2008-07-21 17:20:15 0 d-------- C:\Documents and Settings\george\Desktop
2008-07-21 17:20:15 0 d--hs---- C:\Documents and Settings\george\Cookies
2008-07-21 17:20:15 0 dr-h----- C:\Documents and Settings\george\Application Data
2008-07-21 17:20:15 0 d---s---- C:\Documents and Settings\george\Application Data\Microsoft
2008-07-21 17:20:15 0 d-------- C:\Documents and Settings\george\Application Data\Macromedia
2008-07-21 17:20:15 0 d-------- C:\Documents and Settings\george\Application Data\Intel
2008-07-21 17:20:14 0 d--h----- C:\Documents and Settings\george\Templates
2008-07-21 17:20:14 0 dr------- C:\Documents and Settings\george\Start Menu
2008-07-21 17:20:14 1048576 --ah----- C:\Documents and Settings\george\NTUSER.DAT
2008-07-15 23:30:05 0 d-------- C:\cmdcons
2008-07-15 14:53:44 0 dr------- C:\Documents and Settings\philip\Favorites
2008-07-15 14:53:44 0 d-------- C:\Documents and Settings\philip\Desktop
2008-07-15 14:53:44 0 d--hs---- C:\Documents and Settings\philip\Cookies
2008-07-15 14:53:44 0 dr-h----- C:\Documents and Settings\philip\Application Data
2008-07-15 14:53:44 0 d---s---- C:\Documents and Settings\philip\Application Data\Microsoft
2008-07-15 14:53:44 0 d-------- C:\Documents and Settings\philip\Application Data\Macromedia
2008-07-15 14:53:44 0 d-------- C:\Documents and Settings\philip\Application Data\Intel
2008-07-15 14:53:44 0 d-------- C:\Documents and Settings\philip\Application Data\Identities
2008-07-15 14:53:44 0 d--h----- C:\Documents and Settings\philip\Application Data\Gtek
2008-07-15 14:53:43 0 d--h----- C:\Documents and Settings\philip\Templates
2008-07-15 14:53:43 0 dr------- C:\Documents and Settings\philip\Start Menu
2008-07-15 14:53:43 0 dr-h----- C:\Documents and Settings\philip\SendTo
2008-07-15 14:53:43 0 dr-h----- C:\Documents and Settings\philip\Recent
2008-07-15 14:53:43 0 d--h----- C:\Documents and Settings\philip\PrintHood
2008-07-15 14:53:43 0 d--h----- C:\Documents and Settings\philip\NetHood
2008-07-15 14:53:43 0 dr------- C:\Documents and Settings\philip\My Documents
2008-07-15 14:53:43 0 d--h----- C:\Documents and Settings\philip\Local Settings
2008-07-15 14:53:42 1048576 --ah----- C:\Documents and Settings\philip\NTUSER.DAT
2008-07-09 11:47:36 0 d-------- C:\Documents and Settings\admin.philip\Application Data\Lavasoft
2008-07-09 11:40:54 0 d-------- C:\Documents and Settings\admin.philip\Application Data\Adobe
2008-07-09 11:38:28 0 d-------- C:\Documents and Settings\admin.philip\Application Data\WinRAR
2008-07-09 11:37:38 0 d-------- C:\Program Files\Lavasoft
2008-07-09 11:37:15 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-09 11:34:45 0 d-------- C:\Documents and Settings\admin.philip\Application Data\Google
2008-07-02 14:25:39 0 d-------- C:\Documents and Settings\george.slack\.housecall6.6
2008-07-02 14:06:16 286720 --a------ C:\WINDOWS\system32\wxvault.dll <Not Verified; ; wxvault Dynamic Link Library>
2008-07-02 11:08:42 0 d-------- C:\Documents and Settings\george.slack\Application Data\Malwarebytes
2008-07-02 11:08:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-02 11:08:38 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware


-- Find3M Report ---------------------------------------------------------------

2008-07-28 13:05:58 0 d-------- C:\Documents and Settings\george.slack\Application Data\VMware
2008-07-26 15:00:41 0 d-------- C:\Program Files\Common Files
2008-07-23 19:08:15 0 d-------- C:\Program Files\Trillian
2008-07-22 13:13:48 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-21 19:57:39 0 d-------- C:\Documents and Settings\george.slack\Application Data\Canon
2008-07-21 10:12:58 0 d-------- C:\Documents and Settings\george.slack\Application Data\Lavasoft
2008-07-02 13:43:35 0 d-------- C:\Program Files\Broadcom
2008-07-02 13:43:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-02 13:43:13 0 d-------- C:\Program Files\Wave Systems Corp
2008-06-24 18:54:36 0 d-------- C:\Documents and Settings\george.slack\Application Data\Skype
2008-06-24 18:21:50 0 d-------- C:\Documents and Settings\george.slack\Application Data\skypePM
2008-06-20 20:22:31 0 d-------- C:\Program Files\Cisco Systems
2008-06-19 12:13:58 0 d-------- C:\Documents and Settings\george.slack\Application Data\U3
2008-06-13 15:20:53 0 d-------- C:\Program Files\Trend Micro
2008-06-13 11:32:40 0 d-------- C:\Program Files\Xming
2008-06-13 11:26:19 0 d-------- C:\Program Files\MSBuild
2008-06-13 11:26:03 0 d-------- C:\Program Files\Reference Assemblies
2008-06-11 14:14:21 36944 --a------ C:\WINDOWS\system32\stcevent.dll <Not Verified; Cisco Systems, Inc.; SSL VPN Client>
2008-06-11 07:14:18 0 d-------- C:\Documents and Settings\george.slack\Application Data\AVGTOOLBAR
2008-06-11 07:05:52 0 d-------- C:\Program Files\Winamp
2008-06-10 19:53:05 0 d-------- C:\Program Files\AVG
2008-06-10 08:39:31 0 d-------- C:\Program Files\Windows Media Connect 2
2008-06-07 07:42:17 0 d-------- C:\Documents and Settings\george.slack\Application Data\Adobe
2008-06-06 16:33:09 376832 --a------ C:\WINDOWS\system32\AegisI5Installer.exe <Not Verified; ; AegisInstall Application>
2008-06-06 16:28:57 0 d-------- C:\Documents and Settings\george.slack\Application Data\Intel
2008-06-05 10:46:19 0 d-------- C:\Program Files\Java
2008-06-03 13:37:55 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-03 13:37:41 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-15 07:51:02 15787 --a------ C:\WINDOWS\system32\productregistry
2008-05-11 08:00:29 49152 --a------ C:\Documents and Settings\george.slack\Application Data\olkupres.dll <Not Verified; WebEx; OlkUpRes Module>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-12-13 12:49 1185120 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 12:49 1185120]

[-HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 14:13]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 18:44]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 18:41]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 18:45]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 18:30 C:\WINDOWS\stsystra.exe]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 07:20]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 18:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 18:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28]
"AT&T Communication Manager"="C:\Program Files\AT&T\Communication Manager\ATTCM.exe" [2007-10-18 12:08]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-12-12 15:41]
"vmware-tray"="C:\Program Files\VMware\VMware Workstation\vmware-tray.exe" [2008-03-03 20:10]
"VMware hqtray"="C:\Program Files\VMware\VMware Workstation\hqtray.exe" [2008-03-03 20:10]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 12:13]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2008-03-04 14:41]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 18:53]
"PTIM.exe"="C:\Program Files\WebEx\Productivity Tools\PTIM.exe" [2008-04-29 16:56]
"ptmsgfrm.exe"="C:\Program Files\WebEx\Productivity Tools\ptmsgfrm.exe" [2008-04-29 15:59]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Communicator"="C:\Program Files\Microsoft Office Communicator\Communicator.exe"
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-11-18 19:46:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"ThunderAdvise"= {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll [ ]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EMBASSY Trust Suite Secure Update.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EMBASSY Trust Suite Secure Update.lnk
backup=C:\WINDOWS\pss\EMBASSY Trust Suite Secure Update.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=C:\WINDOWS\pss\VPN Client.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
C:\Program Files\NetWaiting\netWaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##csodc02#Project#acrobat]
AutoRun\command- Z:\Autoplay.exe -auto

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5bbf262-66b8-11dc-887d-00188ba65bac}]
AutoRun\command- E:\PortableRoboForm.exe
RoboForm2Go\command- E:\PortableRoboForm.exe




-- End of Deckard's System Scanner: finished at 2008-07-28 13:08:04 ------------

#15 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:27 PM

Posted 28 July 2008 - 05:21 PM

Log looks good.. Please do a fresh Kaspersky Webscanner Online scan (you have done it before :thumbsup: ) and post the log here... Also, tell me about your computer behaviour now..


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users