Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Packed.Generic.200 Second Time Around


  • This topic is locked This topic is locked
14 replies to this topic

#1 gouldluc

gouldluc

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 21 July 2009 - 05:10 AM

Hello, 2 months ago Norton anti-virus reported that it could not remove the Packed.Generic.200 from my PC. The PC slowed to a crawl and I could not run virus or spyware scans. I had Symantec remove the virus and it cost me $100.

Two week or so ago, I upgraded to Norton 360 Premier and it has started to report the same virus only this time I'm not experiencing any problems with the PC. I ran Malwarebytes and it did find and remove a trojan. Subsequent scan with Malwarebytes, Norton and SuperAntiSpyware have not found anything but the Norton alert keeps popping up. The alert shows three registry entries, 34 files and 1 browser cache being affected. One of the files is globalroot\systemroot\system32\uacawktbqxodvpqulx.dll.

Below is the DDS log and I've attached the the Attached.txt file zipped.

*******

DDS (Ver_09-06-26.01) - NTFSx86
Run by R&C at 21:30:26.57 on Mon 07/20/2009
Internet Explorer: 8.0.6001.18702

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360 premier edition\engine\3.0.0.135\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360 premier edition\engine\3.0.0.135\IPSBHO.DLL
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360 premier edition\engine\3.0.0.135\coIEPlg.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DS Clock] "c:\program files\ds clock\dsclock.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [RemoteControl] "c:\program files\cyberlink dvd solution\powerdvd\PDVDServ.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Nitro PDF Printer Monitor] "c:\program files\nitro pdf\professional\NitroPDFPrinterMonitor.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [Norton Ghost 9.0] c:\program files\symantec\norton ghost\agent\GhostTray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Kryptel Component Start] c:\program files\kryptel\Kicker.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckControl.cab
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1214610793421
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1235738886843
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360 premier edition\engine\3.0.0.135\CoIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\r&c\applic~1\mozilla\firefox\profiles\l2m8jivr.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://finance.yahoo.com/p?k=pf_22|http://finance.yahoo.com/p?k=pf_14|http://uk.finance.yahoo.com/q?s=vod&m=L&d=|http://uk.finance.yahoo.com/q?s=^SSEC&d=1b|http://uk.finance.yahoo.com/m2|http://in.finance.yahoo.com/q?s=%5EBSESN
FF - component: c:\documents and settings\all users.windows\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users.windows\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPZoneSB.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-07-14 04:44 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\SUPERAntiSpyware.com
2009-07-14 04:44 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-07-14 04:44 <DIR> --d----- c:\docume~1\r&c\applic~1\SUPERAntiSpyware.com
2009-07-14 04:42 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-07-12 16:43 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-07-12 16:34 161,792 a------- c:\windows\SWREG.exe
2009-07-12 16:34 98,816 a------- c:\windows\sed.exe
2009-07-11 07:12 <DIR> --d----- c:\docume~1\r&c\applic~1\Malwarebytes
2009-07-11 07:11 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-11 07:11 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-11 07:11 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-11 07:11 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2009-07-10 04:10 <DIR> --dsh--- c:\documents and settings\r&c\IECompatCache
2009-07-04 06:18 <DIR> --d-h--- c:\windows\PIF
2009-07-03 00:07 <DIR> --d--r-- c:\program files\Norton Support
2009-07-02 19:50 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-07-02 19:49 <DIR> --d----- c:\windows\system32\drivers\N360
2009-07-02 19:49 <DIR> --d----- c:\program files\Norton 360 Premier Edition
2009-07-02 19:45 <DIR> --d----- c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP
2009-07-02 19:41 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\PCSettings
2009-07-02 19:32 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Norton
2009-07-02 19:32 <DIR> --d----- c:\program files\NortonInstaller
2009-07-02 19:27 <DIR> --d----- c:\documents and settings\all users.windows\Symantec Temporary Files
2009-06-25 22:19 <DIR> --d----- c:\program files\Easy Excel Password Recovery Free
2009-06-25 21:59 <DIR> --d----- c:\docume~1\r&c\applic~1\Kryptel
2009-06-25 21:59 <DIR> --d----- c:\windows\system32\Kryptel.cpl
2009-06-24 04:49 52 a------- c:\windows\cool.ini
2009-06-24 04:34 11 a------- c:\windows\wordpad.ini
2009-06-24 04:31 <DIR> --d----- c:\program files\Cool2000

==================== Find3M ====================

2009-07-02 19:50 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-07-02 19:50 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-07-02 19:50 7,386 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-07-02 19:50 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-05-21 19:25 96,996,610 a------- C:\regbkp.reg
2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2004-10-01 15:00 40,960 a------- c:\program files\Uninstall_CDS.exe
2008-06-28 09:49 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008062820080629\index.dat

============= FINISH: 21:31:32.14 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:38 AM

Posted 21 July 2009 - 07:30 AM

Hello and welcome to Bleeping Computer.

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:
  • Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
  • Copy and paste all logs requested in you reply, Do not attach them unless asked too.
  • If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  • Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
  • If I do not hear back from you within 5 days of my last post, then this topic will be closed.
I have come across this Packed.Generic.200 problem with norton before, and it turned out that norton was detecting what it
had put in a backup folder, so let try this first.

It is not necesary to erase the complete Qbackup folder, neither you need to boot in safe mode also.QBackup folder (Quarantine Backup) is used by Norton AntiVirus component to store backup recoveries of repaired and removed threats when you fix/remove threats during the scan. It may also contain information about threats detected and retains the remediated data in your computer itself. It will be automatically recreated by Norton program when you run scan next time.
So to FIX this problem. Just open NIS2009 history, GO to "unresolved security risk" Press "Remove*" the item failed to remove, wait for the "failed to remove" status, this will update the "*.qbi" file which have the history of the unresolved items. Then go to NIS2009 settings, go to "miscellaneous setting" and disable the Norton Product Tamper Protection under Miscellanious Settings. Then open your windows explorer and go to
"C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup"
and erase your most recently (updated, newly) "*.QBI" file. The asteric it a long number as "{DDAB4332-ED04-4898-9C20-D231FDC4B0C5}.qbi" it will be a small file 1-10 KB. Only deleted this file. Close Windows explorer, go to NIS2009 reactived the Norton Product Tamper Protection under Miscellanious Settings and you can enter to the HISTORY and you will find it is empty (clear).


Next

Download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Next

We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs, as this process may crash your computer.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Double click on Gmer to run it.
  • Allow the gmer.sys driver to load if asked.
  • You may see a rootkit warning window, If you do, click No.
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.


Please post back with the Gmer log and let me no if the norton warning has stopped.

Thanks

unite.jpg


#3 gouldluc

gouldluc
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 22 July 2009 - 05:24 AM

Here is the GMER log file:


GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-21 22:52:26
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT 8A7A4300 ZwAlertResumeThread
SSDT 8A792650 ZwAlertThread
SSDT 8A7E0910 ZwAllocateVirtualMemory
SSDT 8A96E978 ZwAssignProcessToJobObject
SSDT 8A570DD0 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xA94A7040]
SSDT 8991C2E8 ZwCreateMutant
SSDT 8A43FB30 ZwCreateSymbolicLinkObject
SSDT 8A7F8740 ZwCreateThread
SSDT 8A7C7380 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xA94A72C0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xA94A7820]
SSDT 899B02E8 ZwDuplicateObject
SSDT 8A8CF1A8 ZwFreeVirtualMemory
SSDT 8A9434E0 ZwImpersonateAnonymousToken
SSDT 8A942C50 ZwImpersonateThread
SSDT 8A4DF790 ZwLoadDriver
SSDT 8A8BC7F0 ZwMapViewOfSection
SSDT 8A7A9CD0 ZwOpenEvent
SSDT 899902E8 ZwOpenProcess
SSDT 8A785E30 ZwOpenProcessToken
SSDT 8A7ACE30 ZwOpenSection
SSDT 89930938 ZwOpenThread
SSDT 899A4C28 ZwProtectVirtualMemory
SSDT 8A8FE428 ZwResumeThread
SSDT 8A92A2E8 ZwSetContextThread
SSDT 8A46EC40 ZwSetInformationProcess
SSDT 8A7B6460 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xA94A7A70]
SSDT 8A7A1038 ZwSuspendProcess
SSDT 8A7934A0 ZwSuspendThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA935BDF0]
SSDT 8A93E2F0 ZwTerminateThread
SSDT 8A793E30 ZwUnmapViewOfSection
SSDT 8A8291C8 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution + C2 804E48FC 4 Bytes JMP CF12D397
.text ntoskrnl.exe!ZwYieldExecution + 122 804E495C 4 Bytes CALL 2CD7DB23
.text ntoskrnl.exe!ZwYieldExecution + 186 804E49C0 4 Bytes CALL C9D7E4C7
.text ntoskrnl.exe!ZwYieldExecution + 25E 804E4A98 8 Bytes CALL B0D7E39F
.text ntoskrnl.exe!ZwYieldExecution + 3CA 804E4C04 4 Bytes CALL 76D8DEAB
? SYMEFA.SYS The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:38 AM

Posted 22 July 2009 - 05:37 AM

It is not necesary to erase the complete Qbackup folder, neither you need to boot in safe mode also.QBackup folder (Quarantine Backup) is used by Norton AntiVirus component to store backup recoveries of repaired and removed threats when you fix/remove threats during the scan. It may also contain information about threats detected and retains the remediated data in your computer itself. It will be automatically recreated by Norton program when you run scan next time.
So to FIX this problem. Just open NIS2009 history, GO to "unresolved security risk" Press "Remove*" the item failed to remove, wait for the "failed to remove" status, this will update the "*.qbi" file which have the history of the unresolved items. Then go to NIS2009 settings, go to "miscellaneous setting" and disable the Norton Product Tamper Protection under Miscellanious Settings. Then open your windows explorer and go to
"C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup"
and erase your most recently (updated, newly) "*.QBI" file. The asteric it a long number as "{DDAB4332-ED04-4898-9C20-D231FDC4B0C5}.qbi" it will be a small file 1-10 KB. Only deleted this file. Close Windows explorer, go to NIS2009 reactived the Norton Product Tamper Protection under Miscellanious Settings and you can enter to the HISTORY and you will find it is empty (clear).


Did you do this step? if so has the norton alerts stopped?

unite.jpg


#5 gouldluc

gouldluc
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 22 July 2009 - 09:42 PM

Hey Hey Hey. Norton has stopped complaining about the packed.generic.200.

Thanks a million.

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:38 AM

Posted 23 July 2009 - 12:51 AM

Hey Hey Hey. Norton has stopped complaining about the packed.generic.200.


:thumbup2:

Let's do a check to make sure thier are no leftovers.

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
Next

Please run a BitDefender Online Scan
  • Click on the Start Scanner button.
  • Check I Agree to agree to the EULA, then click start here.
  • Allow the ActiveX control to install when prompted.
  • Click Start scan to begin scanning.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop as results.txt and post it in your next reply.
Then please post back here with the following:
  • OTListIt.txt
  • Extra.txt
  • Bitdefender report
Thanks

unite.jpg


#7 gouldluc

gouldluc
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 23 July 2009 - 08:29 PM

The OTl program ran fine and I've pasted the results below. I am having trouble getting BitDefender to download the virus signatures. I'll reboot and try again.




OTL logfile created on: 7/23/2009 9:13:43 PM - Run 1
OTL by OldTimer - Version 3.0.10.1 Folder = C:\Documents and Settings\R&C\Desktop\Virus Removal
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 80.39% Memory free
4.00 Gb Paging File | 3.78 Gb Available in Paging File | 94.40% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.50 Gb Total Space | 35.99 Gb Free Space | 19.94% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 5.79 Gb Total Space | 0.77 Gb Free Space | 13.26% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: EDS-DJHD92VL94N
Current User Name: R&C
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/02/21 18:02:53 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2004/11/10 09:41:20 | 00,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\System32\GEARSec.exe
PRC - [2006/02/17 15:26:32 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2009/07/02 19:50:12 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360 Premier Edition\Engine\3.0.0.135\ccSvcHst.exe
PRC - [2004/11/10 10:44:30 | 01,273,856 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/09/21 10:24:02 | 00,086,016 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2005/09/21 15:32:56 | 02,807,808 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
PRC - [2004/08/20 15:55:14 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxtray.exe
PRC - [2004/08/20 15:51:14 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2004/06/29 09:06:38 | 00,088,363 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [2004/11/02 20:24:46 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
PRC - [2008/02/01 15:38:48 | 00,210,208 | ---- | M] () -- C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
PRC - [2008/08/01 23:05:56 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/10/14 21:17:32 | 00,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2004/11/10 11:03:50 | 01,126,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
PRC - [2009/04/02 16:11:02 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/05/12 21:44:46 | 00,573,510 | ---- | M] (Duality Software) -- C:\Program Files\DS Clock\dsclock.exe
PRC - [2009/06/23 11:01:38 | 01,830,128 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2007/10/14 20:38:52 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2008/05/02 02:44:08 | 00,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2002/05/08 13:43:20 | 00,303,104 | ---- | M] () -- C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
PRC - [2008/05/02 02:40:56 | 00,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
PRC - [2009/07/02 19:50:12 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360 Premier Edition\Engine\3.0.0.135\ccSvcHst.exe
PRC - [2007/10/19 20:46:08 | 00,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
PRC - [2007/11/02 18:44:16 | 00,610,304 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2007/11/02 20:12:50 | 00,262,144 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
PRC - [2009/06/23 17:38:59 | 08,501,864 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2009/07/22 22:05:06 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2007/05/11 03:06:38 | 00,341,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
PRC - [2007/11/06 01:50:44 | 00,116,032 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
PRC - [2009/07/23 21:12:57 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\R&C\Desktop\Virus Removal\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/02/21 18:02:53 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
SRV - [2007/11/15 18:05:24 | 00,151,552 | ---- | M] () -- C:\Program Files\Common Files\BCL Technologies\NitroPDF5\bepldr.exe -- (bepldr [On_Demand | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr [Auto | Running])
SRV - [2008/10/17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr [Auto | Running])
SRV - [2004/11/10 09:41:20 | 00,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\System32\GEARSec.exe -- (GEARSecurity [Auto | Running])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2007/11/06 21:16:54 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])
SRV - [2007/11/06 21:16:54 | 00,139,264 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2008/05/02 02:42:06 | 00,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ [On_Demand | Stopped])
SRV - [2006/02/17 15:26:32 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2008/08/04 11:20:16 | 03,220,856 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2009/07/02 19:50:12 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360 Premier Edition\Engine\3.0.0.135\ccSvcHst.exe -- (N360 [Auto | Running])
SRV - [2008/07/18 13:13:20 | 00,044,032 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Stopped])
SRV - [2004/11/10 10:44:30 | 01,273,856 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe -- (Norton Ghost [Auto | Running])
SRV - [2008/07/18 13:13:20 | 00,053,760 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2003/06/24 18:23:10 | 00,066,784 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe -- (SBService [Auto | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2004/06/29 09:07:18 | 01,268,204 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
DRV - [2009/07/02 19:50:15 | 00,258,608 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0300000.087\BHDrvx86.sys -- (BHDrvx86 [System | Running])
DRV - [2009/07/02 19:50:15 | 00,482,352 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0300000.087\ccHPx86.sys -- (ccHP [System | Running])
DRV - [2009/07/02 19:50:15 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2009/02/25 05:00:00 | 00,101,936 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
DRV - [2009/01/15 12:19:36 | 00,023,848 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2008/04/13 14:36:38 | 00,020,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\HidBatt.sys -- (HidBatt [On_Demand | Running])
DRV - [2007/01/17 12:37:17 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Running])
DRV - [2007/01/17 12:37:18 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Running])
DRV - [2007/01/17 12:37:19 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Running])
DRV - [2004/08/20 16:26:00 | 00,737,874 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2009/07/11 15:34:12 | 00,276,344 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090715.003\IDSxpx86.sys -- (IDSxpx86 [System | Running])
DRV - [2005/09/23 18:56:28 | 03,966,976 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2007/01/23 15:44:00 | 00,020,496 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\System32\DRIVERS\L8042Kbd.sys -- (L8042Kbd [On_Demand | Stopped])
DRV - [2007/01/23 15:44:00 | 00,062,992 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\System32\DRIVERS\L8042mou.Sys -- (L8042mou [On_Demand | Stopped])
DRV - [2008/02/29 03:13:16 | 00,035,344 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LHidFilt.Sys -- (LHidFilt [On_Demand | Running])
DRV - [2008/02/29 03:13:24 | 00,036,880 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LMouFilt.Sys -- (LMouFilt [On_Demand | Running])
DRV - [2007/01/23 15:45:00 | 00,078,864 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\System32\DRIVERS\LMouKE.Sys -- (LMouKE [On_Demand | Stopped])
DRV - [2009/07/13 04:00:00 | 00,087,888 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090723.003\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2009/07/13 04:00:00 | 00,875,728 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090723.003\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2004/11/10 10:49:56 | 00,046,800 | ---- | M] (PowerQuest Corporation) -- C:\WINDOWS\System32\drivers\PQIMount.sys -- (PQIMount [System | Running])
DRV - [2004/11/10 10:30:20 | 00,138,801 | ---- | M] (StorageCraft) -- C:\WINDOWS\System32\drivers\PQV2i.sys -- (PQV2i [Boot | Running])
DRV - [2002/09/17 15:15:43 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/06/10 20:07:16 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2008/02/25 12:54:56 | 00,105,088 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running])
DRV - [2004/08/04 01:31:32 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])
DRV - [2009/06/23 11:01:40 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009/06/23 11:01:42 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
DRV - [2009/06/23 11:01:40 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2008/04/13 12:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2009/07/02 19:50:16 | 00,307,760 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0300000.087\SRTSP.SYS -- (SRTSP [On_Demand | Running])
DRV - [2009/07/02 19:50:16 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0300000.087\SRTSPX.SYS -- (SRTSPX [System | Running])
DRV - [2009/02/19 12:31:16 | 00,013,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS [On_Demand | Stopped])
DRV - [2009/07/02 19:50:16 | 00,310,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\N360\0300000.087\SYMEFA.SYS -- (SymEFA [Boot | Running])
DRV - [2009/07/02 19:50:23 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2009/07/02 19:50:16 | 00,089,776 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0300000.087\SYMFW.SYS -- (SYMFW [On_Demand | Running])
DRV - [2009/07/02 19:50:16 | 00,034,736 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0300000.087\SYMIDS.SYS -- (SYMIDS [On_Demand | Running])
DRV - [2009/02/19 12:31:42 | 00,031,280 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIM [On_Demand | Stopped])
DRV - [2009/02/19 12:31:42 | 00,031,280 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIMMP [On_Demand | Running])
DRV - [2009/07/02 19:50:16 | 00,037,296 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0300000.087\SYMNDIS.SYS -- (SYMNDIS [On_Demand | Running])
DRV - [2009/02/19 12:31:16 | 00,022,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Stopped])
DRV - [2009/07/02 19:50:16 | 00,217,392 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0300000.087\SYMTDI.SYS -- (SYMTDI [System | Running])
DRV - [2008/08/25 20:35:28 | 00,235,840 | ---- | M] (TrueCrypt Foundation) -- C:\WINDOWS\System32\drivers\truecrypt.sys -- (truecrypt [System | Running])
DRV - [2009/03/26 15:23:46 | 00,036,864 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2008/04/13 15:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-725345543-1425521274-2147061141-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-725345543-1425521274-2147061141-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-725345543-1425521274-2147061141-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-725345543-1425521274-2147061141-1003\S-1-5-21-725345543-1425521274-2147061141-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-725345543-1425521274-2147061141-1003\S-1-5-21-725345543-1425521274-2147061141-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://finance.yahoo.com/p?k=pf_22|http://finance.yahoo.com/p?k=pf_14|http://uk.finance.yahoo.com/q?s=vod&m=L&d=|http://uk.finance.yahoo.com/q?s=^SSEC&d=1b|http://uk.finance.yahoo.com/m2|http://in.finance.yahoo.com/q?s=%5EBSESN"
FF - prefs.js..extensions.enabledItems: {8545daff-ad1e-493f-a37e-eed1ac79682b}:1.0
FF - prefs.js..extensions.enabledItems: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC}:3.5
FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.3.3.11
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.12

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/22 22:29:36 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/22 22:05:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/06/23 17:39:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2008/06/28 10:05:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\R&C\Application Data\mozilla\Extensions
[2008/06/28 10:05:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\R&C\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/06/28 21:07:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\R&C\Application Data\mozilla\Firefox\Profiles\extensions
[2008/06/28 10:07:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\R&C\Application Data\mozilla\Firefox\Profiles\7ppq2iaw.default\extensions
[2008/06/28 10:07:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\R&C\Application Data\mozilla\Firefox\Profiles\7ppq2iaw.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
[2009/07/23 19:02:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\R&C\Application Data\mozilla\Firefox\Profiles\l2m8jivr.default\extensions
[2009/07/18 23:40:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\R&C\Application Data\mozilla\Firefox\Profiles\l2m8jivr.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
[2008/06/28 21:07:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\R&C\Application Data\mozilla\Firefox\Profiles\l2m8jivr.default\extensions\{DD99D76F-5129-4fd3-A2DC-AB41D6FBCF98}
[2009/06/14 06:54:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\R&C\Application Data\mozilla\Firefox\Profiles\l2m8jivr.default\extensions\foxmarks@kei.com
[2009/07/23 06:22:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/22 22:05:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/22 22:05:06 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/22 22:05:06 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/06/10 20:03:12 | 01,335,600 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2008/06/10 20:03:38 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/07/22 22:05:10 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/05/10 22:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/08/01 23:06:10 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/05/09 08:50:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/05/09 08:50:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/05/09 08:50:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/05/09 08:50:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/05/09 08:50:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/05/09 08:50:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/05/09 08:50:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/08/01 23:06:24 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2008/08/01 23:06:04 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2008/06/28 13:04:25 | 00,024,673 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files\mozilla firefox\plugins\NPZoneSB.dll
[2008/05/29 10:24:14 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/05/29 10:24:14 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/05/29 10:24:14 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/13 20:20:00 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/05/29 10:24:14 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/02 19:53:48 | 00,002,221 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SafeSearch.xml
[2008/05/29 10:24:14 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/05/29 10:24:14 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\3.0.0.135\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\3.0.0.135\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\3.0.0.135\coIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-725345543-1425521274-2147061141-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\3.0.0.135\coIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.EXE (Logitech, Inc.)
O4 - HKLM..\Run: [Kryptel Component Start] C:\Program Files\Kryptel\Kicker.exe (INV Softworks)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.EXE (Logitech, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Nitro PDF Printer Monitor] C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe ()
O4 - HKLM..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-725345543-1425521274-2147061141-1003..\Run: [DS Clock] C:\Program Files\DS Clock\dsclock.exe (Duality Software)
O4 - HKU\S-1-5-21-725345543-1425521274-2147061141-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-725345543-1425521274-2147061141-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-725345543-1425521274-2147061141-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-725345543-1425521274-2147061141-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-725345543-1425521274-2147061141-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-725345543-1425521274-2147061141-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-725345543-1425521274-2147061141-1003\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/F/D...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.microsoft.com/download/7/4...helpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1214610793421 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1235738886843 (MUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360 Premier Edition\Engine\3.0.0.135\coIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/18 13:21:35 | 00,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 00,000,000 | -HS- | M] () - H:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[8 C:\WINDOWS\*.tmp files]
[2009/07/21 19:07:48 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/07/21 06:27:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\R&C\My Documents\Nero
[2009/07/20 18:34:47 | 00,359,929 | ---- | C] () -- C:\Documents and Settings\R&C\Desktop\dds.scr
[2009/07/15 06:22:16 | 26,752,98304 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/14 04:44:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
[2009/07/14 04:44:36 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/07/14 04:44:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\R&C\Application Data\SUPERAntiSpyware.com
[2009/07/14 04:42:47 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/07/12 16:43:36 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe
[2009/07/12 16:43:36 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe
[2009/07/12 16:43:36 | 01,614,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll
[2009/07/12 16:43:36 | 01,033,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe
[2009/07/12 16:43:36 | 00,989,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll
[2009/07/12 16:43:36 | 00,927,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mfc40u.dll
[2009/07/12 16:43:36 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll
[2009/07/12 16:43:36 | 00,792,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comres.dll
[2009/07/12 16:43:36 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comctl32.dll
[2009/07/12 16:43:36 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll
[2009/07/12 16:43:36 | 00,507,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe
[2009/07/12 16:43:36 | 00,435,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntmssvc.dll
[2009/07/12 16:43:36 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rpcss.dll
[2009/07/12 16:43:36 | 00,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tcpip.sys
[2009/07/12 16:43:36 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll
[2009/07/12 16:43:36 | 00,182,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys
[2009/07/12 16:43:36 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\appmgmts.dll
[2009/07/12 16:43:36 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe
[2009/07/12 16:43:36 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll
[2009/07/12 16:43:36 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll
[2009/07/12 16:43:36 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\spoolsv.exe
[2009/07/12 16:43:36 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe
[2009/07/12 16:43:36 | 00,036,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys
[2009/07/12 16:43:36 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\msgsvc.dll
[2009/07/12 16:43:36 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe
[2009/07/12 16:43:36 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys
[2009/07/12 16:43:36 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lpk.dll
[2009/07/12 16:43:36 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll
[2009/07/12 16:43:36 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe
[2009/07/12 16:43:36 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe
[2009/07/12 16:43:36 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe
[2009/07/12 16:43:36 | 00,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\acpiec.sys
[2009/07/12 16:43:36 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfc.dll
[2009/07/12 16:43:36 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\beep.sys
[2009/07/12 16:43:36 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\null.sys
[2009/07/12 16:43:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache
[2009/07/12 16:34:03 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/07/12 16:34:03 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/07/12 16:34:03 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/07/12 16:34:03 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/07/12 16:34:03 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/07/12 16:34:03 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/07/12 16:34:03 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/07/12 16:33:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/07/12 16:33:44 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/07/12 05:03:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\R&C\Desktop\Virus Removal
[2009/07/11 07:12:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\R&C\Application Data\Malwarebytes
[2009/07/11 07:11:54 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/11 07:11:52 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/11 07:11:52 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/11 07:11:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2009/07/04 12:15:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\R&C\My Documents\Netgear
[2009/07/04 10:22:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\R&C\My Documents\New Folder
[2009/07/04 06:18:30 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/07/03 00:07:24 | 00,000,000 | R--D | C] -- C:\Program Files\Norton Support
[2009/07/02 22:13:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\R&C\My Documents\2001
[2009/07/02 20:02:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\R&C\My Documents\Symantec
[2009/07/02 19:52:45 | 00,622,166 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\Cat.DB
[2009/07/02 19:50:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2009/07/02 19:50:17 | 00,002,096 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Norton 360 Premier Edition.LNK
[2009/07/02 19:50:16 | 00,310,320 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0300000.087\SymEFA.sys
[2009/07/02 19:50:16 | 00,307,760 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0300000.087\srtsp.sys
[2009/07/02 19:50:16 | 00,217,392 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0300000.087\symtdi.sys
[2009/07/02 19:50:16 | 00,089,776 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0300000.087\symfw.sys
[2009/07/02 19:50:16 | 00,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0300000.087\srtspx.sys
[2009/07/02 19:50:16 | 00,039,984 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0300000.087\symndisv.sys
[2009/07/02 19:50:16 | 00,037,296 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0300000.087\symndis.sys
[2009/07/02 19:50:16 | 00,034,736 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0300000.087\symids.sys
[2009/07/02 19:50:15 | 00,482,352 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0300000.087\cchpx86.sys
[2009/07/02 19:50:15 | 00,258,608 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0300000.087\BHDrvx86.sys
[2009/07/02 19:49:53 | 00,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\SymEFA.inf
[2009/07/02 19:49:53 | 00,001,753 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\ccHPx86.inf
[2009/07/02 19:49:53 | 00,001,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\SymNet.inf
[2009/07/02 19:49:53 | 00,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\srtspx.inf
[2009/07/02 19:49:53 | 00,001,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\srtsp.inf
[2009/07/02 19:49:53 | 00,000,640 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\BHDrvx86.inf
[2009/07/02 19:49:53 | 00,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\isolate.ini
[2009/07/02 19:49:32 | 00,009,423 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\SymNet.cat
[2009/07/02 19:49:32 | 00,007,410 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\SymEFA.cat
[2009/07/02 19:49:32 | 00,007,372 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\srtspx.cat
[2009/07/02 19:49:32 | 00,007,364 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\BHDrvx86.CAT
[2009/07/02 19:49:32 | 00,007,355 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\srtsp.cat
[2009/07/02 19:49:32 | 00,007,347 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\ccHPx86.cat
[2009/07/02 19:49:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0300000.087
[2009/07/02 19:49:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2009/07/02 19:49:28 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2009/07/02 19:49:28 | 00,000,000 | ---D | C] -- C:\Program Files\Norton 360 Premier Edition
[2009/07/02 19:45:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
[2009/07/02 19:41:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PCSettings
[2009/07/02 19:32:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton
[2009/07/02 19:32:15 | 00,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2009/07/02 13:49:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\R&C\My Documents\My Home Improvements
[2009/06/30 23:23:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\R&C\Desktop\Family
[2009/06/25 22:19:26 | 00,000,000 | ---D | C] -- C:\Program Files\Easy Excel Password Recovery Free
[2009/06/25 21:59:56 | 00,000,684 | ---- | C] () -- C:\Documents and Settings\R&C\Desktop\Silver Key.lnk
[2009/06/25 21:59:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\R&C\Application Data\Kryptel
[2009/06/25 21:59:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Kryptel.cpl
[2009/06/24 04:52:44 | 00,037,144 | ---- | C] () -- C:\Documents and Settings\R&C\My Documents\cooledit.tpd
[2009/06/24 04:52:44 | 00,000,024 | ---- | C] () -- C:\Documents and Settings\R&C\My Documents\cooledit.tps
[2009/06/24 04:49:41 | 00,000,052 | ---- | C] () -- C:\WINDOWS\cool.ini
[2009/06/24 04:34:03 | 00,000,011 | ---- | C] () -- C:\WINDOWS\wordpad.ini
[2009/06/24 04:32:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\R&C\Application Data\Syntrillium
[2009/06/24 04:32:36 | 00,000,693 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Cool Edit 2000.lnk
[2009/06/24 04:31:20 | 00,000,000 | ---D | C] -- C:\Program Files\Cool2000
[2009/02/11 04:02:55 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/08/01 23:07:29 | 00,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/07/26 11:53:55 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2008/07/26 11:53:54 | 00,000,149 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2008/07/26 11:47:14 | 00,000,035 | ---- | C] () -- C:\WINDOWS\Ulead32.INI
[2008/07/26 11:40:32 | 00,000,492 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008/07/26 11:35:38 | 00,285,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsio.sys
[2008/07/26 11:35:38 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsreged.sys
[2008/07/04 05:45:41 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/01 19:54:59 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/06/27 20:46:48 | 00,006,413 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2008/06/10 20:07:20 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/06/10 20:03:26 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/06/10 20:03:26 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/05/22 18:18:54 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/02/04 19:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2002/09/17 15:16:33 | 00,000,772 | ---- | C] () -- C:\WINDOWS\win.ini
[2002/09/17 15:16:12 | 00,000,254 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[8 C:\WINDOWS\*.tmp files]
[2009/07/23 19:06:13 | 00,622,166 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\Cat.DB
[2009/07/23 06:23:31 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/23 06:21:45 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/23 06:21:39 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/23 06:21:32 | 26,752,98304 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/22 22:18:56 | 00,006,413 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2009/07/20 18:34:47 | 00,359,929 | ---- | M] () -- C:\Documents and Settings\R&C\Desktop\dds.scr
[2009/07/20 11:18:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/07/20 00:01:00 | 00,000,256 | ---- | M] () -- C:\WINDOWS\tasks\shutdown -s -f.job
[2009/07/15 06:58:09 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/12 16:41:41 | 00,000,254 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/07/12 16:40:19 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/07/07 11:10:56 | 24,539,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/07/04 06:30:53 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/07/02 19:50:23 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/07/02 19:50:23 | 00,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/07/02 19:50:23 | 00,007,386 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/07/02 19:50:23 | 00,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/07/02 19:50:17 | 00,002,096 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Norton 360 Premier Edition.LNK
[2009/07/02 19:50:16 | 00,310,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0300000.087\SymEFA.sys
[2009/07/02 19:50:16 | 00,307,760 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0300000.087\srtsp.sys
[2009/07/02 19:50:16 | 00,217,392 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0300000.087\symtdi.sys
[2009/07/02 19:50:16 | 00,089,776 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0300000.087\symfw.sys
[2009/07/02 19:50:16 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0300000.087\srtspx.sys
[2009/07/02 19:50:16 | 00,039,984 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0300000.087\symndisv.sys
[2009/07/02 19:50:16 | 00,037,296 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0300000.087\symndis.sys
[2009/07/02 19:50:16 | 00,034,736 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0300000.087\symids.sys
[2009/07/02 19:50:15 | 00,482,352 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0300000.087\cchpx86.sys
[2009/07/02 19:50:15 | 00,258,608 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0300000.087\BHDrvx86.sys
[2009/07/02 19:49:53 | 00,003,373 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\SymEFA.inf
[2009/07/02 19:49:53 | 00,001,753 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\ccHPx86.inf
[2009/07/02 19:49:53 | 00,001,528 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\SymNet.inf
[2009/07/02 19:49:53 | 00,001,389 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\srtspx.inf
[2009/07/02 19:49:53 | 00,001,383 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\srtsp.inf
[2009/07/02 19:49:53 | 00,000,640 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\BHDrvx86.inf
[2009/07/02 19:49:53 | 00,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\isolate.ini
[2009/07/02 19:49:32 | 00,009,423 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\SymNet.cat
[2009/07/02 19:49:32 | 00,007,410 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\SymEFA.cat
[2009/07/02 19:49:32 | 00,007,372 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\srtspx.cat
[2009/07/02 19:49:32 | 00,007,364 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\BHDrvx86.CAT
[2009/07/02 19:49:32 | 00,007,355 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\srtsp.cat
[2009/07/02 19:49:32 | 00,007,347 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0300000.087\ccHPx86.cat
[2009/06/25 21:59:56 | 00,000,684 | ---- | M] () -- C:\Documents and Settings\R&C\Desktop\Silver Key.lnk
[2009/06/24 04:52:47 | 00,037,144 | ---- | M] () -- C:\Documents and Settings\R&C\My Documents\cooledit.tpd
[2009/06/24 04:52:46 | 00,000,024 | ---- | M] () -- C:\Documents and Settings\R&C\My Documents\cooledit.tps
[2009/06/24 04:52:22 | 00,000,772 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/06/24 04:49:55 | 00,000,011 | ---- | M] () -- C:\WINDOWS\wordpad.ini
[2009/06/24 04:49:41 | 00,000,052 | ---- | M] () -- C:\WINDOWS\cool.ini
[2009/06/24 04:32:36 | 00,000,693 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Cool Edit 2000.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\R&C\Desktop\action_plan_english.pdf:SummaryInformation
< End of report >



********************************






OTL Extras logfile created on: 7/23/2009 9:13:43 PM - Run 1
OTL by OldTimer - Version 3.0.10.1 Folder = C:\Documents and Settings\R&C\Desktop\Virus Removal
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 80.39% Memory free
4.00 Gb Paging File | 3.78 Gb Available in Paging File | 94.40% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.50 Gb Total Space | 35.99 Gb Free Space | 19.94% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 5.79 Gb Total Space | 0.77 Gb Free Space | 13.26% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: EDS-DJHD92VL94N
Current User Name: R&C
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-725345543-1425521274-2147061141-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{2EA45803-BEB7-46C4-9ADC-46A5F9E7BB77}" = GEAR driver installer for x86 and x64
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{345C90FB-FA10-11D5-9C2A-0080C85A0C2D}" = Microtek FineReader OCR Engine
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3C759736-8347-4031-BB9C-D75ADFE6B101}" = Norton Ghost 9.0
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{96609FE3-CF92-4f17-A379-0387B165FEF5}" = Silver Key
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A4ABFA60-DE8E-4237-BDF9-4015FE673AD1}" = Nitro PDF Professional
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D327AFC9-7BAA-473A-8319-6EB7A0D40138}" = Symantec Script Blocking Installer
"{D755C7A3-C03E-4460-8C00-AC6E55505FB5}" = LightScribe 1.4.74.1
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}" = ccCommon
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E47EE8FB-ACC0-4608-859C-4E2851B18A6A}" = SymNet
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton AntiVirus Parent MSI
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{FC37ABD0-2108-4beb-B010-1254E0662B5A}" = MSRedist
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"ABBYY FineReader 4.0 Sprint" = ABBYY FineReader 4.0 Sprint
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 5.0 Limited Edition" = Adobe Photoshop 5.0 Limited Edition
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"AnyTime Deluxe" = AnyTime Deluxe
"Cool Edit 2000" = Cool Edit 2000
"DS Clock_is1" = DS Clock
"DVD Decrypter" = DVD Decrypter (Remove Only)
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IrfanView" = IrfanView (remove only)
"KeyNote_is1" = KeyNote 1.6.5
"Kryptel Lite" = Kryptel Lite
"LP Recorder" = LP Recorder
"LP Ripper" = LP Ripper
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.12)" = Mozilla Firefox (3.0.12)
"Mozilla Thunderbird (2.0.0.22)" = Mozilla Thunderbird (2.0.0.22)
"N360" = Norton 360 Premier Edition
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"RealPlayer 6.0" = RealPlayer
"Totalcmd" = Total Commander (Remove or Repair)
"TreePadBiz" = TreePad Business Edition 7.5.1
"TrueCrypt" = TrueCrypt
"Wave Corrector DeClick_is1" = Wave Corrector DeClick version 1.1
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"ZoneAlarmSB Uninstall" = ZoneAlarm Spy Blocker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/2/2009 10:30:18 PM | Computer Name = EDS-DJHD92VL94N | Source = Application Hang | ID = 1002
Description = Hanging application thunderbird.exe, version 1.8.20090.60502, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/2/2009 10:32:08 PM | Computer Name = EDS-DJHD92VL94N | Source = Application Hang | ID = 1002
Description = Hanging application thunderbird.exe, version 1.8.20090.60502, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/11/2009 7:07:15 PM | Computer Name = EDS-DJHD92VL94N | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 7/11/2009 10:00:28 PM | Computer Name = EDS-DJHD92VL94N | Source = Application Error | ID = 1000
Description = Faulting application mcui32.exe, version 16.5.0.134, faulting module
symhtml.dll, version 3.5.0.43, fault address 0x00028360.

Error - 7/20/2009 5:39:10 AM | Computer Name = EDS-DJHD92VL94N | Source = Application Error | ID = 1000
Description = Faulting application hpqtra08.exe, version 100.0.170.0, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x000101b3.

Error - 7/21/2009 4:57:51 PM | Computer Name = EDS-DJHD92VL94N | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 10.0.6854.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/21/2009 4:58:30 PM | Computer Name = EDS-DJHD92VL94N | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 10.0.6854.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/21/2009 4:59:06 PM | Computer Name = EDS-DJHD92VL94N | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 10.0.6854.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 7/18/2009 10:11:06 PM | Computer Name = EDS-DJHD92VL94N | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 7/19/2009 7:52:34 AM | Computer Name = EDS-DJHD92VL94N | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 7/19/2009 3:07:25 PM | Computer Name = EDS-DJHD92VL94N | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 7/20/2009 6:16:09 AM | Computer Name = EDS-DJHD92VL94N | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 7/21/2009 5:54:38 AM | Computer Name = EDS-DJHD92VL94N | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 7/21/2009 9:22:39 AM | Computer Name = EDS-DJHD92VL94N | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.3 for the Network Card with network
address 00112F57222B has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 7/21/2009 9:24:20 AM | Computer Name = EDS-DJHD92VL94N | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 7/22/2009 6:17:31 AM | Computer Name = EDS-DJHD92VL94N | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 7/22/2009 10:27:19 PM | Computer Name = EDS-DJHD92VL94N | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 7/23/2009 6:23:29 AM | Computer Name = EDS-DJHD92VL94N | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.


< End of report >






**************************************

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:38 AM

Posted 24 July 2009 - 05:55 PM

Any look with the Bitdefender scan?

unite.jpg


#9 gouldluc

gouldluc
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 25 July 2009 - 04:09 AM

After several attempts I finally got BitDenfender to run, here's the results:





BitDefender Online Scanner



Scan report generated at: Sat, Jul 25, 2009 - 01:54:42





Scan path: C:\;E:\;F:\;G:\;H:\;I:\;J:\;K:\;







Statistics

Time
04:07:20

Files
1172544

Folders
12566

Boot Sectors
0

Archives
247546

Packed Files
35239




Results

Identified Viruses
19

Infected Files
140

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
138




Engines Info

Virus Definitions
3849533

Engine build
AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)

Scan plugins
17

Archive plugins
45

Unpack plugins
7

E-mail plugins
6

System plugins
4




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{47E403D1-BA49-4EA8-AB03-FD9357A77F75}\{0CAEE3B5-E638-4A92-BCD2-086F84BAD0FE}.qbd
Infected with: Rootkit.Alureon.A

C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{47E403D1-BA49-4EA8-AB03-FD9357A77F75}\{0CAEE3B5-E638-4A92-BCD2-086F84BAD0FE}.qbd
Disinfection failed

C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{47E403D1-BA49-4EA8-AB03-FD9357A77F75}\{0CAEE3B5-E638-4A92-BCD2-086F84BAD0FE}.qbd
Delete failed

C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{47E403D1-BA49-4EA8-AB03-FD9357A77F75}\{38683DA8-5C36-4421-8D66-532B6B31D8A5}.qbd
Infected with: Rootkit.Alureon.A

C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{47E403D1-BA49-4EA8-AB03-FD9357A77F75}\{38683DA8-5C36-4421-8D66-532B6B31D8A5}.qbd
Disinfection failed

C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{47E403D1-BA49-4EA8-AB03-FD9357A77F75}\{38683DA8-5C36-4421-8D66-532B6B31D8A5}.qbd
Delete failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7239)
Infected with: Generic.Peed.Eml.AE0EEFAF

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7239)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7239)
Deleted

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox
Update failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7240)
Infected with: Generic.Peed.Eml.D7178664

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7240)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7240)
Deleted

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox
Update failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7279)
Infected with: Generic.Peed.Eml.FE07D598

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7279)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7279)
Deleted

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox
Update failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7287)
Infected with: Generic.Peed.Eml.5EF96A63

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7287)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7287)
Deleted

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox
Update failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7289)
Infected with: Generic.Peed.Eml.5EE6BD42

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7289)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7289)
Deleted

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox
Update failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7292)
Infected with: Generic.Peed.Eml.42741918

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7292)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7292)
Deleted

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox
Update failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7411)
Infected with: Generic.Peed.Eml.EFAD19F7

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7411)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7411)
Deleted

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox
Update failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7460)
Infected with: Generic.Peed.Eml.A1078799

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7460)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7460)
Deleted

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox
Update failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7467)
Infected with: Generic.Peed.Eml.326AB0C2

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7467)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7467)
Deleted

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox
Update failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7557)
Infected with: Generic.Peed.Eml.99D8E963

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7557)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7557)
Deleted

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox
Update failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7565)
Infected with: Generic.Peed.Eml.68FAF6A8

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7565)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7565)
Deleted

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox
Update failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7650)
Infected with: Generic.Peed.Eml.18FEE7B5

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7650)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7650)
Deleted

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox
Update failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox=>(message 8013)
Infected with: Generic.Peed.Eml.CF9BB3C2

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox=>(message 8013)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox=>(message 8013)
Deleted

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox
Update failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox=>(message 8112)
Infected with: Generic.Peed.Eml.75F1A42A

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox=>(message 8112)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox=>(message 8112)
Deleted

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox
Update failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox=>(message 8114)
Infected with: Generic.Peed.Eml.1CB05E2A

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox=>(message 8114)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox=>(message 8114)
Deleted

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox
Update failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox=>(message 8117)
Infected with: Generic.Peed.Eml.673B0C0B

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox=>(message 8117)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox=>(message 8117)
Deleted

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox
Update failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox=>(message 8137)
Infected with: Generic.Peed.Eml.DA78129B

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox=>(message 8137)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox=>(message 8137)
Deleted

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Inbox
Update failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash=>(message 8012)
Infected with: Generic.Peed.Eml.AE0EEFAF

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash=>(message 8012)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash=>(message 8012)
Deleted

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash
Update failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash=>(message 8013)
Infected with: Generic.Peed.Eml.D7178664

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash=>(message 8013)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash=>(message 8013)
Deleted

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash
Update failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash=>(message 8059)
Infected with: Generic.Peed.Eml.FE07D598

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash=>(message 8059)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash=>(message 8059)
Deleted

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash
Update failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash=>(message 8066)
Infected with: Generic.Peed.Eml.5EF96A63

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash=>(message 8066)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash=>(message 8066)
Deleted

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash
Update failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash=>(message 8068)
Infected with: Generic.Peed.Eml.5EE6BD42

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash=>(message 8068)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash=>(message 8068)
Deleted

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash
Update failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash=>(message 8070)
Infected with: Generic.Peed.Eml.42741918

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash=>(message 8070)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash=>(message 8070)
Deleted

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash
Update failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash=>(message 8210)
Infected with: Generic.Peed.Eml.EFAD19F7

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash=>(message 8210)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash=>(message 8210)
Deleted

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash
Update failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash=>(message 8266)
Infected with: Generic.Peed.Eml.A1078799

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash=>(message 8266)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash=>(message 8266)
Deleted

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash
Update failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash=>(message 8273)
Infected with: Generic.Peed.Eml.326AB0C2

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash=>(message 8273)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash=>(message 8273)
Deleted

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash
Update failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash=>(message 8362)
Infected with: Generic.Peed.Eml.99D8E963

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash=>(message 8362)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash=>(message 8362)
Deleted

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash
Update failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash=>(message 8369)
Infected with: Generic.Peed.Eml.68FAF6A8

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash=>(message 8369)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash=>(message 8369)
Deleted

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash
Update failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash=>(message 8455)
Infected with: Generic.Peed.Eml.18FEE7B5

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash=>(message 8455)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash=>(message 8455)
Deleted

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash
Update failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash=>(message 8848)
Infected with: Generic.Peed.Eml.CF9BB3C2

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash=>(message 8848)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash=>(message 8848)
Deleted

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash
Update failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash=>(message 8917)
Infected with: Generic.Peed.Eml.1CB05E2A

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash=>(message 8917)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash=>(message 8917)
Deleted

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash
Update failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash=>(message 8920)
Infected with: Generic.Peed.Eml.75F1A42A

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash=>(message 8920)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash=>(message 8920)
Deleted

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash
Update failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash=>(message 8921)
Infected with: Generic.Peed.Eml.DA78129B

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash=>(message 8921)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash=>(message 8921)
Deleted

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash
Update failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash=>(message 8922)
Infected with: Generic.Peed.Eml.673B0C0B

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash=>(message 8922)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash=>(message 8922)
Deleted

C:\Documents and Settings\R&C\Application Data\Mozilla\Profiles\default\bda5pbd7.slt\Mail\pop3.mail.wowway-1.com\Trash
Update failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7239)
Infected with: Generic.Peed.Eml.AE0EEFAF

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7239)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7239)
Deleted

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox
Update failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7240)
Infected with: Generic.Peed.Eml.D7178664

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7240)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7240)
Deleted

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox
Update failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7279)
Infected with: Generic.Peed.Eml.FE07D598

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7279)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7279)
Deleted

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox
Update failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7287)
Infected with: Generic.Peed.Eml.5EF96A63

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7287)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7287)
Deleted

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox
Update failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7289)
Infected with: Generic.Peed.Eml.5EE6BD42

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7289)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7289)
Deleted

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox
Update failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7292)
Infected with: Generic.Peed.Eml.42741918

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7292)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7292)
Deleted

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox
Update failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7411)
Infected with: Generic.Peed.Eml.EFAD19F7

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7411)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7411)
Deleted

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox
Update failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7460)
Infected with: Generic.Peed.Eml.A1078799

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7460)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7460)
Deleted

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox
Update failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7467)
Infected with: Generic.Peed.Eml.326AB0C2

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7467)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7467)
Deleted

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox
Update failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7557)
Infected with: Generic.Peed.Eml.99D8E963

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7557)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7557)
Deleted

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox
Update failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7565)
Infected with: Generic.Peed.Eml.68FAF6A8

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7565)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7565)
Deleted

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox
Update failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7650)
Infected with: Generic.Peed.Eml.18FEE7B5

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7650)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7650)
Deleted

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox
Update failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 8013)
Infected with: Generic.Peed.Eml.CF9BB3C2

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 8013)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 8013)
Deleted

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox
Update failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 8112)
Infected with: Generic.Peed.Eml.75F1A42A

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 8112)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 8112)
Deleted

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox
Update failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 8114)
Infected with: Generic.Peed.Eml.1CB05E2A

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 8114)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 8114)
Deleted

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox
Update failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 8117)
Infected with: Generic.Peed.Eml.673B0C0B

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 8117)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 8117)
Deleted

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox
Update failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 8137)
Infected with: Generic.Peed.Eml.DA78129B

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 8137)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 8137)
Deleted

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox
Update failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8012)
Infected with: Generic.Peed.Eml.AE0EEFAF

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8012)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8012)
Deleted

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash
Update failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8013)
Infected with: Generic.Peed.Eml.D7178664

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8013)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8013)
Deleted

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash
Update failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8059)
Infected with: Generic.Peed.Eml.FE07D598

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8059)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8059)
Deleted

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash
Update failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8066)
Infected with: Generic.Peed.Eml.5EF96A63

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8066)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8066)
Deleted

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash
Update failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8068)
Infected with: Generic.Peed.Eml.5EE6BD42

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8068)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8068)
Deleted

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash
Update failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8070)
Infected with: Generic.Peed.Eml.42741918

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8070)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8070)
Deleted

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash
Update failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8210)
Infected with: Generic.Peed.Eml.EFAD19F7

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8210)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8210)
Deleted

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash
Update failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8266)
Infected with: Generic.Peed.Eml.A1078799

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8266)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8266)
Deleted

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash
Update failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8273)
Infected with: Generic.Peed.Eml.326AB0C2

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8273)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8273)
Deleted

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash
Update failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8362)
Infected with: Generic.Peed.Eml.99D8E963

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8362)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8362)
Deleted

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash
Update failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8369)
Infected with: Generic.Peed.Eml.68FAF6A8

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8369)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8369)
Deleted

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash
Update failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8455)
Infected with: Generic.Peed.Eml.18FEE7B5

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8455)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8455)
Deleted

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash
Update failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8848)
Infected with: Generic.Peed.Eml.CF9BB3C2

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8848)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8848)
Deleted

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash
Update failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8917)
Infected with: Generic.Peed.Eml.1CB05E2A

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8917)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8917)
Deleted

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash
Update failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8920)
Infected with: Generic.Peed.Eml.75F1A42A

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8920)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8920)
Deleted

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash
Update failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8921)
Infected with: Generic.Peed.Eml.DA78129B

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8921)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8921)
Deleted

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash
Update failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8922)
Infected with: Generic.Peed.Eml.673B0C0B

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8922)
Disinfection failed

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8922)
Deleted

C:\Documents and Settings\R&C\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash
Update failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7239)
Infected with: Generic.Peed.Eml.AE0EEFAF

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7239)
Disinfection failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7239)
Deleted

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox
Update failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7240)
Infected with: Generic.Peed.Eml.D7178664

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7240)
Disinfection failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7240)
Deleted

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox
Update failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7279)
Infected with: Generic.Peed.Eml.FE07D598

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7279)
Disinfection failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7279)
Deleted

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox
Update failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7287)
Infected with: Generic.Peed.Eml.5EF96A63

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7287)
Disinfection failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7287)
Deleted

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox
Update failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7289)
Infected with: Generic.Peed.Eml.5EE6BD42

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7289)
Disinfection failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7289)
Deleted

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox
Update failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7292)
Infected with: Generic.Peed.Eml.42741918

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7292)
Disinfection failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7292)
Deleted

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox
Update failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7411)
Infected with: Generic.Peed.Eml.EFAD19F7

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7411)
Disinfection failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7411)
Deleted

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox
Update failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7460)
Infected with: Generic.Peed.Eml.A1078799

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7460)
Disinfection failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7460)
Deleted

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox
Update failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7467)
Infected with: Generic.Peed.Eml.326AB0C2

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7467)
Disinfection failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7467)
Deleted

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox
Update failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7557)
Infected with: Generic.Peed.Eml.99D8E963

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7557)
Disinfection failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7557)
Deleted

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox
Update failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7565)
Infected with: Generic.Peed.Eml.68FAF6A8

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7565)
Disinfection failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7565)
Deleted

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox
Update failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7650)
Infected with: Generic.Peed.Eml.18FEE7B5

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7650)
Disinfection failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 7650)
Deleted

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox
Update failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 8013)
Infected with: Generic.Peed.Eml.CF9BB3C2

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 8013)
Disinfection failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 8013)
Deleted

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox
Update failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 8112)
Infected with: Generic.Peed.Eml.75F1A42A

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 8112)
Disinfection failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 8112)
Deleted

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox
Update failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 8114)
Infected with: Generic.Peed.Eml.1CB05E2A

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 8114)
Disinfection failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 8114)
Deleted

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox
Update failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 8117)
Infected with: Generic.Peed.Eml.673B0C0B

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 8117)
Disinfection failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 8117)
Deleted

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox
Update failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 8137)
Infected with: Generic.Peed.Eml.DA78129B

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 8137)
Disinfection failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox=>(message 8137)
Deleted

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Inbox
Update failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8012)
Infected with: Generic.Peed.Eml.AE0EEFAF

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8012)
Disinfection failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8012)
Deleted

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash
Update failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8013)
Infected with: Generic.Peed.Eml.D7178664

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8013)
Disinfection failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8013)
Deleted

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash
Update failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8059)
Infected with: Generic.Peed.Eml.FE07D598

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8059)
Disinfection failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8059)
Deleted

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash
Update failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8066)
Infected with: Generic.Peed.Eml.5EF96A63

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8066)
Disinfection failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8066)
Deleted

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash
Update failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8068)
Infected with: Generic.Peed.Eml.5EE6BD42

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8068)
Disinfection failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8068)
Deleted

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash
Update failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8070)
Infected with: Generic.Peed.Eml.42741918

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8070)
Disinfection failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8070)
Deleted

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash
Update failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8210)
Infected with: Generic.Peed.Eml.EFAD19F7

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8210)
Disinfection failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8210)
Deleted

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash
Update failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8266)
Infected with: Generic.Peed.Eml.A1078799

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8266)
Disinfection failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8266)
Deleted

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash
Update failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8273)
Infected with: Generic.Peed.Eml.326AB0C2

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8273)
Disinfection failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8273)
Deleted

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash
Update failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8362)
Infected with: Generic.Peed.Eml.99D8E963

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8362)
Disinfection failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8362)
Deleted

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash
Update failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8369)
Infected with: Generic.Peed.Eml.68FAF6A8

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8369)
Disinfection failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8369)
Deleted

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash
Update failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8455)
Infected with: Generic.Peed.Eml.18FEE7B5

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8455)
Disinfection failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8455)
Deleted

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash
Update failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8848)
Infected with: Generic.Peed.Eml.CF9BB3C2

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8848)
Disinfection failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8848)
Deleted

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash
Update failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8917)
Infected with: Generic.Peed.Eml.1CB05E2A

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8917)
Disinfection failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8917)
Deleted

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash
Update failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8920)
Infected with: Generic.Peed.Eml.75F1A42A

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8920)
Disinfection failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8920)
Deleted

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash
Update failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8921)
Infected with: Generic.Peed.Eml.DA78129B

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8921)
Disinfection failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8921)
Deleted

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash
Update failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8922)
Infected with: Generic.Peed.Eml.673B0C0B

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8922)
Disinfection failed

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash=>(message 8922)
Deleted

C:\Documents and Settings\Rita's\Application Data\Thunderbird\Profiles\00phyqmq.default\Mail\pop3.mail.wowway-1.com\Trash
Update failed

C:\hp\bin\KillWind.exe
Infected with: Virtool.1992

C:\hp\bin\KillWind.exe
Deleted

C:\System Volume Information\_restore{E1C06BEC-E3DF-4AD2-A34B-B7FE1884EF96}\RP12\A0003077.exe
Infected with: Virtool.1992

C:\System Volume Information\_restore{E1C06BEC-E3DF-4AD2-A34B-B7FE1884EF96}\RP12\A0003077.exe
Deleted

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox=>(message 7239)
Infected with: Generic.Peed.Eml.AE0EEFAF

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox=>(message 7239)
Disinfection failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox=>(message 7239)
Deleted

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox
Update failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox=>(message 7240)
Infected with: Generic.Peed.Eml.D7178664

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox=>(message 7240)
Disinfection failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox=>(message 7240)
Deleted

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox
Update failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox=>(message 7279)
Infected with: Generic.Peed.Eml.FE07D598

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox=>(message 7279)
Disinfection failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox=>(message 7279)
Deleted

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox
Update failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox=>(message 7287)
Infected with: Generic.Peed.Eml.5EF96A63

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox=>(message 7287)
Disinfection failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox=>(message 7287)
Deleted

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox
Update failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox=>(message 7289)
Infected with: Generic.Peed.Eml.5EE6BD42

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox=>(message 7289)
Disinfection failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox=>(message 7289)
Deleted

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox
Update failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox=>(message 7292)
Infected with: Generic.Peed.Eml.42741918

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox=>(message 7292)
Disinfection failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox=>(message 7292)
Deleted

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox
Update failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox=>(message 7411)
Infected with: Generic.Peed.Eml.EFAD19F7

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox=>(message 7411)
Disinfection failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox=>(message 7411)
Deleted

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox
Update failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox=>(message 7460)
Infected with: Generic.Peed.Eml.A1078799

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox=>(message 7460)
Disinfection failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox=>(message 7460)
Deleted

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox
Update failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox=>(message 7467)
Infected with: Generic.Peed.Eml.326AB0C2

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox=>(message 7467)
Disinfection failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox=>(message 7467)
Deleted

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox
Update failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox=>(message 7557)
Infected with: Generic.Peed.Eml.99D8E963

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox=>(message 7557)
Disinfection failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox=>(message 7557)
Deleted

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox
Update failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox=>(message 7565)
Infected with: Generic.Peed.Eml.68FAF6A8

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox=>(message 7565)
Disinfection failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox=>(message 7565)
Deleted

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox
Update failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox=>(message 7650)
Infected with: Generic.Peed.Eml.18FEE7B5

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox=>(message 7650)
Disinfection failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox=>(message 7650)
Deleted

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox
Update failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox=>(message 8013)
Infected with: Generic.Peed.Eml.CF9BB3C2

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox=>(message 8013)
Disinfection failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox=>(message 8013)
Deleted

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox
Update failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox=>(message 8112)
Infected with: Generic.Peed.Eml.75F1A42A

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox=>(message 8112)
Disinfection failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox=>(message 8112)
Deleted

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox
Update failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox=>(message 8114)
Infected with: Generic.Peed.Eml.1CB05E2A

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox=>(message 8114)
Disinfection failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox=>(message 8114)
Deleted

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox
Update failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox=>(message 8117)
Infected with: Generic.Peed.Eml.673B0C0B

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox=>(message 8117)
Disinfection failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox=>(message 8117)
Deleted

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox
Update failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox=>(message 8137)
Infected with: Generic.Peed.Eml.DA78129B

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox=>(message 8137)
Disinfection failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox=>(message 8137)
Deleted

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Inbox
Update failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash=>(message 8012)
Infected with: Generic.Peed.Eml.AE0EEFAF

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash=>(message 8012)
Disinfection failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash=>(message 8012)
Deleted

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash
Update failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash=>(message 8013)
Infected with: Generic.Peed.Eml.D7178664

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash=>(message 8013)
Disinfection failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash=>(message 8013)
Deleted

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash
Update failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash=>(message 8059)
Infected with: Generic.Peed.Eml.FE07D598

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash=>(message 8059)
Disinfection failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash=>(message 8059)
Deleted

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash
Update failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash=>(message 8066)
Infected with: Generic.Peed.Eml.5EF96A63

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash=>(message 8066)
Disinfection failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash=>(message 8066)
Deleted

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash
Update failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash=>(message 8068)
Infected with: Generic.Peed.Eml.5EE6BD42

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash=>(message 8068)
Disinfection failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash=>(message 8068)
Deleted

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash
Update failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash=>(message 8070)
Infected with: Generic.Peed.Eml.42741918

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash=>(message 8070)
Disinfection failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash=>(message 8070)
Deleted

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash
Update failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash=>(message 8210)
Infected with: Generic.Peed.Eml.EFAD19F7

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash=>(message 8210)
Disinfection failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash=>(message 8210)
Deleted

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash
Update failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash=>(message 8266)
Infected with: Generic.Peed.Eml.A1078799

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash=>(message 8266)
Disinfection failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash=>(message 8266)
Deleted

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash
Update failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash=>(message 8273)
Infected with: Generic.Peed.Eml.326AB0C2

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash=>(message 8273)
Disinfection failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash=>(message 8273)
Deleted

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash
Update failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash=>(message 8362)
Infected with: Generic.Peed.Eml.99D8E963

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash=>(message 8362)
Disinfection failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash=>(message 8362)
Deleted

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash
Update failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash=>(message 8369)
Infected with: Generic.Peed.Eml.68FAF6A8

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash=>(message 8369)
Disinfection failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash=>(message 8369)
Deleted

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash
Update failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash=>(message 8455)
Infected with: Generic.Peed.Eml.18FEE7B5

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash=>(message 8455)
Disinfection failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash=>(message 8455)
Deleted

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash
Update failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash=>(message 8848)
Infected with: Generic.Peed.Eml.CF9BB3C2

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash=>(message 8848)
Disinfection failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash=>(message 8848)
Deleted

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash
Update failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash=>(message 8917)
Infected with: Generic.Peed.Eml.1CB05E2A

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash=>(message 8917)
Disinfection failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash=>(message 8917)
Deleted

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash
Update failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash=>(message 8920)
Infected with: Generic.Peed.Eml.75F1A42A

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash=>(message 8920)
Disinfection failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash=>(message 8920)
Deleted

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash
Update failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash=>(message 8921)
Infected with: Generic.Peed.Eml.DA78129B

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash=>(message 8921)
Disinfection failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash=>(message 8921)
Deleted

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash
Update failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash=>(message 8922)
Infected with: Generic.Peed.Eml.673B0C0B

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash=>(message 8922)
Disinfection failed

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash=>(message 8922)
Deleted

C:\Temp\Thunderbird_05212009.zip=>Thunderbird/Profiles/00phyqmq.default/Mail/pop3.mail.wowway-1.com/Trash
Update failed

#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:38 AM

Posted 25 July 2009 - 04:21 AM

That looks good to me just some quarantined and mailbox items, how is your computer running, anymore problems?


Please download [color=redSystemLook[/color] from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • A blank Windows shall open with the title "SystemLook v1.0-by Jpshortstuff".
  • Copy the content of the following codebox into the main textfield :
    :contents
    C:\AUTOEXEC.BAT
  • Please Confirm everything is copied and Pasted as I have provided above
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan, Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

unite.jpg


#11 gouldluc

gouldluc
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 25 July 2009 - 08:14 AM

The system is running fine, I haven't seen any slow downs or programs not opening.

Here's the log of SystemLook:



SystemLook v1.0 by jpshortstuff (22.05.09)
Log created at 09:12 on 25/07/2009 by R&C (Administrator - Elevation successful)

========== contents ==========

C:\AUTOEXEC.BAT - Opened succesfully.

PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625


-=End Of File=-

#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:38 AM

Posted 25 July 2009 - 12:36 PM

Please copy the contents of the code box below, open notepad and paste it there. On the top toolbar in notepad select file, then save as.
In the box that opens type in Regfix.reg for the file name. Right below that click the down arrow in the line for "save as" and select
all files. Save this to your desktop and close notepad.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000

NOTICE: This file was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Now locate Regfix.reg on your desktop and double click it. Select Yes when it prompts you then Ok


Then post back with a new DDS log.

Thanks

unite.jpg


#13 gouldluc

gouldluc
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 25 July 2009 - 10:17 PM

DDS (Ver_09-06-26.01) - NTFSx86
Run by R&C at 23:12:59.51 on Sat 07/25/2009
Internet Explorer: 8.0.6001.18702

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360 premier edition\engine\3.0.0.135\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360 premier edition\engine\3.0.0.135\IPSBHO.DLL
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360 premier edition\engine\3.0.0.135\coIEPlg.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DS Clock] "c:\program files\ds clock\dsclock.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [RemoteControl] "c:\program files\cyberlink dvd solution\powerdvd\PDVDServ.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckControl.cab
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1214610793421
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1235738886843
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360 premier edition\engine\3.0.0.135\CoIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\r&c\applic~1\mozilla\firefox\profiles\l2m8jivr.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://finance.yahoo.com/p?k=pf_22|http://finance.yahoo.com/p?k=pf_14|http://uk.finance.yahoo.com/q?s=vod&m=L&d=|http://uk.finance.yahoo.com/q?s=^SSEC&d=1b|http://uk.finance.yahoo.com/m2|http://in.finance.yahoo.com/q?s=%5EBSESN
FF - component: c:\documents and settings\all users.windows\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users.windows\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPZoneSB.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-07-25 19:39 4,096 a--sh--- C:\VSNAP.IDX
2009-07-14 04:44 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\SUPERAntiSpyware.com
2009-07-14 04:44 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-07-14 04:44 <DIR> --d----- c:\docume~1\r&c\applic~1\SUPERAntiSpyware.com
2009-07-14 04:42 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-07-12 16:43 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-07-12 16:34 161,792 a------- c:\windows\SWREG.exe
2009-07-12 16:34 98,816 a------- c:\windows\sed.exe
2009-07-11 07:12 <DIR> --d----- c:\docume~1\r&c\applic~1\Malwarebytes
2009-07-11 07:11 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-11 07:11 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-11 07:11 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-11 07:11 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2009-07-10 04:10 <DIR> --dsh--- c:\documents and settings\r&c\IECompatCache
2009-07-04 06:18 <DIR> --d-h--- c:\windows\PIF
2009-07-03 00:07 <DIR> --d--r-- c:\program files\Norton Support
2009-07-02 19:50 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-07-02 19:49 <DIR> --d----- c:\windows\system32\drivers\N360
2009-07-02 19:49 <DIR> --d----- c:\program files\Norton 360 Premier Edition
2009-07-02 19:45 <DIR> --d----- c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP
2009-07-02 19:41 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\PCSettings
2009-07-02 19:32 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Norton
2009-07-02 19:32 <DIR> --d----- c:\program files\NortonInstaller
2009-07-02 19:27 <DIR> --d----- c:\documents and settings\all users.windows\Symantec Temporary Files

==================== Find3M ====================

2009-07-02 19:50 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-07-02 19:50 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-07-02 19:50 7,386 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-07-02 19:50 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-05-21 19:25 96,996,610 a------- C:\regbkp.reg
2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2004-10-01 15:00 40,960 a------- c:\program files\Uninstall_CDS.exe
2008-06-28 09:49 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008062820080629\index.dat

============= FINISH: 23:15:03.40 ===============

#14 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:38 AM

Posted 26 July 2009 - 06:03 AM

Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
Congratulations! You now appear clean! :thumbup2:

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Cleaning and creating restore points
  • Click Start, right click My Computer and select properties.
  • Select the System Restore tab then check the box "Turn off System Restore".
  • Click Apply then Ok, then restart your computer
  • Now follow these steps again, but instead of checking "Turn off System Restore" Uncheck it.
Now that you have cleaned out you restore points you need to set a new restore point
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Select "Create a restore point" then click Next.
  • Type a name under Restore point description then click Create.
Additional instructions can be found here if needed.

Note: This does not need to be done on a regular basis.

Keeping Windows updated
It is extremley important to keep windows upto date with the latest service pack and patches. This will prevent you
from getting the malware which uses vulnerabilities found in windows to exploit your computer. The easiest way to
do this this is by making sure that Automatic Updates is always enabled.

To do this Click on Start >> Control Panel >> Automatic updates and click Automatic (recommended) then Apply and Ok

Update your AntiVirus Software
It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not
update your antivirus software then it will not be able to catch any of the new variants that may come out. If you
use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your
subscription runs out, you may not be able to update the programs virus definitions.

Make sure your applications have all of their updates
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you.
Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly
patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Install an AntiSpyware Program
A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.
Other recommended, and free, AntiSpyware programs are Spybot - Search and Destroy and Ad-Aware Personal.
Installing these programs will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.
Tutorials on using these programs can be found below:
Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

Install SpywareBlaster
SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you
from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware

Use MVPS hosts file
Using a custom host file like the MVPS HOSTS file can help to block ads, banners, 3rd party Cookies,
3rd party page counters, web bugs, and even most hijackers. It doesn't use up any extra system resources
and may even speed up the loading of web pages. You can download and find instructions below.

http://www.mvps.org/winhelp2002/hosts.htm

Update all these programs regularly
Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Happy surfing :)
Syler

Edited by syler, 26 July 2009 - 06:04 AM.

unite.jpg


#15 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:38 AM

Posted 26 July 2009 - 06:49 PM

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users