Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Small.NEK\ Trojan.Agent/Gen-Backdoor \ System Security?


  • Please log in to reply
21 replies to this topic

#1 maged918

maged918

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:27 PM

Posted 15 August 2009 - 06:29 AM

Ok, so my computer has been messed up for over a week now. It all started with a System Security 2009 infection, which I think I was able to remove. Right now there are the following problems:

1) B.exe running at startup, and occasionally playing sounds through my speakers. (I know its from this process because when i terminate it from process manager the sounds stop_

2) Numerous attempts of download of "small.NEK trojan" from malicious sites caught by NOD32 each time I open my computer and at various points through the day.

3) Blue Screen of Death every now and then, I never am able to record the error.

4) Malware Bytes' anti malware refusing to run. And the DDS scan tool too.

5) C drive becoming almost full because of hundreds of hidden files in the system32 folder , listed as "Trojan.Agent/Gen-Backdoor" each time I run SUPERantispyware. Each time I remove them they'd come back again.

Here's the topic I created in Am I Infected forums : http://www.bleepingcomputer.com/forums/t/247464/smallnek-trojanagentgen-backdoor-system-security/

And since DDS didn't run, I was asked to use another tool; RSIT. Here are the logs:

Logfile of random's system information tool 1.06 (written by random/random)
Run by XPPRESP3 at 2009-08-15 14:14:44
Microsoft Windows XP Professional Service Pack 2
System drive C: has 972 MB (10%) free of 10 GB
Total RAM: 511 MB (20% free)


======Scheduled tasks folder======

C:\WINDOWS\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
C:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00011268-E188-40DF-A514-835FCD78B1BF}]
IE7Pro BHO - C:\Program Files\IE7Pro\IE7Pro.dll [2007-08-10 1674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06 322880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-07-23 1410344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d}]
XML Class

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-03 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-03 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-03 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f0626a63-410b-45e2-99a1-3f2475b2d695}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-08-08 691656]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"MSConfig"=C:\WINDOWS\system32\msconfig.exe [2007-08-08 184320]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
"ter8m"=C:\WINDOWS\system32\msxm192z.dll [2004-08-17 49152]
"MSxmlHpr"=C:\WINDOWS\system32\msxm192z.dll [2004-08-17 49152]
"SGPUpdater"=C:\Program Files\Search Guard PlusU\sgpUpdaters.exe [2009-05-15 67456]
"FBSearch"=C:\Program Files\Search Guard Plus\SearchGuardPlus.exe [2009-05-04 194432]
"Microsoft Driver Setup"=C:\WINDOWS\mscth32.exe [2009-08-15 75264]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"exec"=C:\WINDOWS\system32\msnmc.exe [2004-08-04 245760]
"Microsoft Driver Setup"=C:\WINDOWS\mscth32.exe [2009-08-15 75264]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-07-23 21738792]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"DAEMON Tools Lite"=E:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]
"SUPERAntiSpyware"=C:\Documents and Settings\Administrator.WW\My Documents\Downloads\SUPERAntiSpywarePro\SUPERAntiSpyware.exe [2009-07-28 1830128]
"Monopod"=C:\DOCUME~1\XPPRESP3\LOCALS~1\Temp\b.exe [2009-08-12 144384]
"12CFG214-K641-11SF-N33P"=C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1077\vslmq.exe [2009-08-15 39936]
"12CFG515-K641-55SF-N66P"=C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe [2009-08-15 39936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\12CFG515-K641-55SF-N55P]
C:\RECYCLER\S-1-5-21-0243336035-3055115375-381863305-1553\vslmq.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\12CFG515-K641-55SF-N66P]
C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe [2009-08-15 39936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\16682]
c:\hmicb.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\system32\msdzolb.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monopod]
C:\DOCUME~1\XPPRESP3\LOCALS~1\Temp\c.exe [2009-08-12 152064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSxmlHpr]
C:\WINDOWS\system32\msxm192z.dll [2004-08-17 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
C:\WINDOWS\system32\msgiuug.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\csbdll]
C:\WINDOWS\system32\csbdll.dll [2009-08-07 36352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=5F000000
"NoSMHelp"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceClassicControlPanel"=
""=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Messenger"
"C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player"
"E:\Program Files\J River\Media Center 12\Media Center 12.exe"="E:\Program Files\J River\Media Center 12\Media Center 12.exe:*:Enabled:Media Center"
"E:\Program Files\SoulseekNS\slsk.exe"="E:\Program Files\SoulseekNS\slsk.exe:*:Enabled:SoulSeek"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"E:\Program Files\iTunes\iTunes.exe"="E:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"E:\Program Files\J River\Media Center 13\Media Center 13.exe"="E:\Program Files\J River\Media Center 13\Media Center 13.exe:*:Enabled:Media Center"
"C:\Documents and Settings\XPPRESP3\Desktop\maha\new\ArchiCAD.exe"="C:\Documents and Settings\XPPRESP3\Desktop\maha\new\ArchiCAD.exe:*:Enabled:ArchiCAD 12.0.0 Component"
"C:\Documents and Settings\XPPRESP3\Desktop\Maged\Programs\utorrent-1.6.exe"="C:\Documents and Settings\XPPRESP3\Desktop\Maged\Programs\utorrent-1.6.exe:*:Enabled:µTorrent"
"C:\WINDOWS\system32\bndmss.exe"="C:\WINDOWS\system32\bndmss.exe:*:Enabled:BNDMSS"
"C:\WINDOWS\fonts\services.exe"="C:\WINDOWS\fonts\services.exe:*:Enabled:services.exe"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"%windir%"="mscth32.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ad6b5d1-34db-11dc-ad72-806d6172696f}]
shell\AutoRun\command - D:\setup.exe


======File associations======

.exe - open - C:\WINDOWS\system32\mssjnmi.exe "%1" %*
.bat - open - C:\WINDOWS\system32\mssjnmi.exe "%1" %*
.bat - edit -
.com - open - C:\WINDOWS\system32\mssjnmi.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-08-15 14:14:48 ----D---- C:\Program Files\trend micro
2009-08-15 14:14:44 ----D---- C:\rsit
2009-08-15 12:54:44 ----A---- C:\gcdppgxd.exe
2009-08-15 11:03:56 ----A---- C:\logfile32.txt
2009-08-15 11:03:54 ----RSH---- C:\WINDOWS\mscth32.exe
2009-08-14 21:50:38 ----H---- C:\WINDOWS\system32\msozgbhe.exe
2009-08-14 21:50:33 ----A---- C:\WINDOWS\msd.exe
2009-08-13 16:55:11 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-08-13 03:18:47 ----A---- C:\WINDOWS\system32\minix32.exe
2009-08-13 03:18:17 ----D---- C:\Program Files\Windows Antivirus Pro
2009-08-12 22:49:54 ----D---- C:\Program Files\Search Guard PlusU
2009-08-12 22:49:54 ----D---- C:\Program Files\Search Guard Plus
2009-08-12 22:49:53 ----D---- C:\Program Files\SGPSA
2009-08-12 22:48:13 ----D---- C:\Program Files\Fast Browser Search
2009-08-12 22:48:05 ----D---- C:\users
2009-08-12 20:18:26 ----A---- C:\WINDOWS\msc.exe
2009-08-12 08:19:53 ----H---- C:\WINDOWS\system32\msziqlzm.exe
2009-08-11 19:01:11 ----H---- C:\WINDOWS\system32\msnxmljh.exe
2009-08-11 16:36:56 ----A---- C:\jnvcbaox.exe
2009-08-11 16:21:09 ----D---- C:\Program Files\Sophos
2009-08-09 20:39:15 ----A---- C:\RootRepeal report 08-09-09 (20-39-15).txt
2009-08-09 20:22:26 ----A---- C:\ccuh.exe
2009-08-09 20:19:32 ----A---- C:\WINDOWS\msb.exe
2009-08-09 19:57:00 ----A---- C:\nayojmty.exe
2009-08-09 19:56:30 ----A---- C:\WINDOWS\system32\vhosts.exe
2009-08-09 19:26:45 ----H---- C:\WINDOWS\system32\mslgxtag.exe
2009-08-09 19:07:54 ----A---- C:\WINDOWS\system32\msxml71.dll
2009-08-09 17:01:11 ----A---- C:\WINDOWS\msa.exe
2009-08-07 21:33:55 ----A---- C:\WINDOWS\system32\csbdll.dll
2009-08-06 16:54:07 ----D---- C:\Documents and Settings\XPPRESP3\Application Data\SUPERAntiSpyware.com
2009-08-06 16:52:30 ----A---- C:\yaewfl.exe
2009-08-06 16:52:25 ----A---- C:\lyusoqm.exe
2009-08-06 14:17:09 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-08-05 21:57:49 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2009-08-05 21:55:08 ----A---- C:\WINDOWS\ntbtlog.txt
2009-08-05 21:49:58 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-08-05 21:16:33 ----D---- C:\WINDOWS\pss
2009-08-05 20:35:39 ----D---- C:\WINDOWS\Minidump
2009-08-03 02:52:32 ----D---- C:\Documents and Settings\XPPRESP3\Application Data\AOL_Janes_Realty
2009-07-31 16:33:54 ----A---- C:\WINDOWS\system32\LMRTREND.dll
2009-07-31 16:33:51 ----A---- C:\WINDOWS\system32\dxtmsft3.dll
2009-07-31 16:33:47 ----A---- C:\WINDOWS\system32\unam4ie.exe
2009-07-31 16:33:40 ----A---- C:\WINDOWS\system32\vidx16.dll
2009-07-31 16:33:39 ----A---- C:\WINDOWS\system32\qcut.dll
2009-07-31 15:35:46 ----A---- C:\WINDOWS\system32\MGIIpl2PX.dll
2009-07-31 15:35:45 ----A---- C:\WINDOWS\system32\PCDLIB32.DLL
2009-07-31 15:35:45 ----A---- C:\WINDOWS\system32\EnrouteStitch.dll
2009-07-31 15:35:45 ----A---- C:\WINDOWS\system32\DC120fc7_32.dll
2009-07-31 15:35:44 ----D---- C:\Program Files\Common Files\MGI Shared
2009-07-31 15:34:00 ----D---- C:\Program Files\Intel
2009-07-31 15:33:54 ----A---- C:\WINDOWS\system32\icam6ext.dll
2009-07-31 15:33:54 ----A---- C:\WINDOWS\system32\dmsnapst.dll
2009-07-31 15:33:54 ----A---- C:\WINDOWS\system32\dmjpeg.dll
2009-07-31 15:33:54 ----A---- C:\WINDOWS\system32\dmgraph.dll
2009-07-31 15:33:54 ----A---- C:\WINDOWS\system32\dmdnload.dll
2009-07-31 15:33:54 ----A---- C:\WINDOWS\system32\dm630api.dll
2009-07-31 15:33:53 ----A---- C:\WINDOWS\system32\LTKRN80N.DLL
2009-07-31 15:33:53 ----A---- C:\WINDOWS\system32\LTFIL80N.DLL
2009-07-31 15:33:53 ----A---- C:\WINDOWS\system32\Lfcmp80n.dll
2009-07-31 15:33:53 ----A---- C:\WINDOWS\system32\Lfbmp80n.dll
2009-07-31 15:33:53 ----A---- C:\WINDOWS\system32\icam6sti.dll
2009-07-31 15:33:53 ----A---- C:\WINDOWS\system32\icam6jpg.dll
2009-07-31 15:33:53 ----A---- C:\WINDOWS\system32\icam6com.dll
2009-07-31 15:33:14 ----A---- C:\WINDOWS\system32\w95inf32.dll
2009-07-31 15:33:14 ----A---- C:\WINDOWS\system32\w95inf16.dll
2009-07-31 15:32:41 ----A---- C:\WINDOWS\system32\WAVMIX16.DLL
2009-07-27 20:10:58 ----D---- C:\Documents and Settings\XPPRESP3\Application Data\IronCode
2009-07-19 21:56:28 ----D---- C:\Documents and Settings\XPPRESP3\Application Data\Graphisoft
2009-07-18 03:22:49 ----N---- C:\WINDOWS\system32\MC13.exe
2009-07-18 03:22:49 ----N---- C:\WINDOWS\system32\BBInstaller.exe
2009-07-16 23:48:26 ----D---- C:\Program Files\iPod
2009-07-16 23:47:37 ----D---- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-16 23:42:53 ----D---- C:\Program Files\QuickTime
2009-07-16 23:41:52 ----SHD---- C:\Config.Msi
2009-07-16 23:40:16 ----A---- C:\WINDOWS\system32\usbaaplrc.dll

======List of files/folders modified in the last 1 months======

2009-08-15 14:16:13 ----D---- C:\Documents and Settings\XPPRESP3\Application Data\uTorrent
2009-08-15 14:16:10 ----D---- C:\WINDOWS\system32
2009-08-15 14:14:48 ----RD---- C:\Program Files
2009-08-15 14:00:05 ----SD---- C:\WINDOWS\Tasks
2009-08-15 13:53:02 ----D---- C:\Documents and Settings\XPPRESP3\Application Data\Skype
2009-08-15 13:29:29 ----D---- C:\WINDOWS\Prefetch
2009-08-15 12:57:03 ----D---- C:\WINDOWS\Temp
2009-08-15 12:56:11 ----RSHD---- C:\RECYCLER
2009-08-15 12:52:02 ----SHD---- C:\WINDOWS\CSC
2009-08-15 12:40:50 ----D---- C:\Documents and Settings\XPPRESP3\Application Data\skypePM
2009-08-15 12:37:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-15 11:03:54 ----D---- C:\WINDOWS
2009-08-14 22:18:35 ----A---- C:\WINDOWS\{00000002-00000000-0000000B-00001102-00000002-80651102}.BAK
2009-08-14 21:56:55 ----D---- C:\WINDOWS\system32\drivers
2009-08-14 21:51:26 ----SH---- C:\boot.ini
2009-08-14 21:51:26 ----A---- C:\WINDOWS\win.ini
2009-08-14 21:51:26 ----A---- C:\WINDOWS\system.ini
2009-08-13 07:25:12 ----D---- C:\Documents and Settings\XPPRESP3\Application Data\HPAppData
2009-08-12 15:21:16 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-08-11 16:19:56 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-08-10 16:34:25 ----D---- C:\Efa
2009-08-10 16:34:25 ----A---- C:\WINDOWS\Mistwsi.INI
2009-08-10 13:48:03 ----A---- C:\WINDOWS\ODBC.INI
2009-08-09 20:39:08 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-09 19:08:07 ----RSD---- C:\WINDOWS\Fonts
2009-08-06 16:48:52 ----D---- C:\Program Files\Common Files
2009-08-06 13:55:31 ----A---- C:\WINDOWS\ModemLog_Communications cable between two computers.txt
2009-08-05 22:22:26 ----D---- C:\Documents and Settings
2009-08-05 21:48:57 ----SHD---- C:\WINDOWS\Installer
2009-08-03 02:41:05 ----D---- C:\Program Files\AOL Games
2009-07-31 16:33:58 ----HD---- C:\WINDOWS\inf
2009-07-31 16:33:54 ----D---- C:\Program Files\Windows Media Player
2009-07-31 16:33:47 ----D---- C:\WINDOWS\Help
2009-07-31 15:33:54 ----D---- C:\WINDOWS\twain_32
2009-07-31 15:33:52 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-24 01:13:37 ----D---- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2009-07-19 21:16:32 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-07-19 20:55:35 ----D---- C:\WINDOWS\WinSxS
2009-07-19 20:55:35 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-07-18 03:20:32 ----D---- C:\Documents and Settings\XPPRESP3\Application Data\J River
2009-07-16 23:49:16 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-07-16 23:48:25 ----D---- C:\Program Files\Common Files\Apple
2009-07-16 23:44:16 ----D---- C:\Program Files\Bonjour

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2007-08-08 36096]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2008-04-05 15424]
R1 SASDIFSV;SASDIFSV; \??\C:\Documents and Settings\Administrator.WW\My Documents\Downloads\SUPERAntiSpywarePro\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Documents and Settings\Administrator.WW\My Documents\Downloads\SUPERAntiSpywarePro\SASKUTIL.sys []
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-07-07 56108]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2008-04-05 512096]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\PfModNT.sys []
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2007-08-08 62336]
R3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
R3 AKSIFDH;Aladdin IFD Handler; C:\WINDOWS\system32\DRIVERS\aksifdh.sys [2006-01-22 90346]
R3 AKSUP;AKSUP; C:\WINDOWS\system32\drivers\aksup.sys [2006-01-22 34406]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-04 701440]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2002-07-19 127948]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2002-07-19 837548]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2002-07-19 11068]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2002-07-19 213860]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2002-07-19 156604]
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2002-10-29 40960]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2002-07-24 998004]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2002-07-19 195432]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 SASENUM;SASENUM; \??\C:\Documents and Settings\Administrator.WW\My Documents\Downloads\SUPERAntiSpywarePro\SASENUM.SYS []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2007-08-08 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2007-08-08 59392]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2007-08-08 20608]
S1 a2fd3a99;a2fd3a99; C:\WINDOWS\System32\drivers\a2fd3a99.sys []
S1 d306ef5e;d306ef5e; C:\WINDOWS\System32\drivers\d306ef5e.sys []
S1 rpmd570;rpmd570; C:\WINDOWS\System32\drivers\rpmd570.sys [2009-08-09 179648]
S3 azgd64kg;azgd64kg; C:\WINDOWS\system32\drivers\azgd64kg.sys []
S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-04 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-04 100992]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2004-08-04 274304]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-04 18944]
S3 cpuz130;cpuz130; \??\C:\DOCUME~1\XPPRESP3\LOCALS~1\Temp\cpuz130\cpuz_x32.sys []
S3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-10-30 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-10-30 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-10-30 21568]
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\9EFA.tmp []
S3 netcard;netcard; \??\C:\WINDOWS\system32\netcard.sys []
S3 netskt;netskt; \??\C:\WINDOWS\system32\netskt.sys []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-04 59648]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0017bus.sys [2008-10-17 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0017mdfl.sys [2008-10-17 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0017mdm.sys [2008-10-17 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0017mgmt.sys [2008-10-17 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS); C:\WINDOWS\system32\DRIVERS\s0017nd5.sys [2008-10-17 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0017obex.sys [2008-10-17 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM); C:\WINDOWS\system32\DRIVERS\s0017unic.sys [2008-10-17 117672]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-07-09 39424]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00 []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-04 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]
R2 ETOKSRV;eToken Notification Service; C:\WINDOWS\system32\eTSrv.exe [2006-01-25 90112]
R2 hpqddsvc;خدمة HP CUE DeviceDiscovery (الكشف على أجهزة CUE لـ HP); C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 iprip;Network Security; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-03 152984]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2008-04-05 552064]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 6to4;Network Security; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S2 bndmss;Windows Network Data Management System Service; C:\WINDOWS\system32\bndmss.exe []
S2 ias;Microsoft Security Services Management; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S2 irmon;Irmon; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S2 msupdate;Microsoft security update service; c:\windows\system32\vhosts.exe [2009-08-09 81408]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-08-17 654848]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2005-07-25 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\wmpnetwk.exe [2006-08-24 911872]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------



info.txt logfile of random's system information tool 1.06 2009-08-15 14:16:25

======Uninstall list======

-->"C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
7-Zip 4.62-->"C:\Program Files\7-Zip\Uninstall.exe"
AC3Filter (remove only)-->e:\Program Files\AC3Filter\uninstall.exe
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup-->MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArchiCAD 12 INT-->C:\Documents and Settings\XPPRESP3\Desktop\maha\new\Uninstall.AC\uninstaller.exe
Artlantis Studio 2.1-->H:\Artlantis Studio 2\uninst.exe
Audacity 1.2.6-->"E:\Program Files\Audacity\unins000.exe"
AutoFX Suites-->"C:\WINDOWS\AutoFX Suites\uninstall.exe" "/U:E:\Program Files\Adobe\Adobe Photoshop CS3\Plug-Ins\Uninstall\uninstall.xml"
Avanquest update-->C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
Avidemux 2.4-->C:\Program Files\Avidemux 2.4\uninstall.exe
AviSynth 2.5-->"E:\Program Files\AviSynth 2.5\Uninstall.exe"
Big Kahuna Reef (remove only)-->"C:\Program Files\AOL Games\Big Kahuna Reef\Uninstall.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Caribbean Hideaway-->C:\PROGRA~1\AOLGAM~1\CARIBB~1\UNWISE.EXE C:\PROGRA~1\AOLGAM~1\CARIBB~1\INSTALL.LOG
DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe
EphPod-->C:\PROGRA~1\EphPod\UNWISE.EXE C:\PROGRA~1\EphPod\INSTALL.LOG
eToken Run Time Environment 3.65-->MsiExec.exe /I{C002C4EC-18E4-4B2F-83BF-AFD49827CFBD}
ffdshow [rev 2073] [2008-08-11]-->"E:\Program Files\ffdshow\unins000.exe"
G-Force-->C:\Program Files\SoundSpectrum\G-Force\Uninstall.exe
Guitar Pro 5.2-->"E:\Program Files\Guitar Pro 5\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HP Customer Participation Program 10.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3-->C:\Program Files\HP\Digital Imaging\{AE9A67F9-ADF1-4a44-BAB5-C1DB302B37A2}\setup\hpzscr01.exe -datfile hposcr28.dat -onestop
HP Imaging Device Functions 10.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential 2.5-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 10.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
IE7Pro-->"C:\Program Files\IE7Pro\unins000.exe"
ieSpell-->"C:\Program Files\ieSpell\uninst.exe"
Intel® PC Camera CS630-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F562C2D-E000-4B4E-B00D-D8108175D213}\setup.exe"
iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}
Jane's Realty (remove only)-->"C:\Program Files\AOL Games\Jane's Realty\Uninstall.exe"
Java™ 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Last.fm 1.5.2.38918-->"E:\Program Files\Last.fm\unins000.exe"
last.fm plugin v1.0.0.6-->"E:\Program Files\J River\Media Center 14\Plugins\last.fm v1.0\unins000.exe"
Malwarebytes' Anti-Malware-->"E:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Media Center 13-->E:\Program Files\J River\Media Center 13\JRMediaUninstall.exe
Messenger Plus! Live-->"E:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 2.0-->MsiExec.exe /X{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mistws Internet-->MsiExec.exe /I{C919600E-54E4-4D4D-B88F-1476CC352C9D}
Mozilla Firefox (3.5.2)-->E:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 7 Lite v7.7.5.1-->"C:\Program Files\Nero\unins000.exe"
NirSoft Collection-->rundll32 advpack.dll,LaunchINFSection Nirsoft.inf,UninstallNirsoft
NOD32 antivirus system-->C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
NOD32 FiX v2.1-->"C:\Program Files\Eset\unins000.exe"
OCR Software by I.R.I.S. 10.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
Pahelika: Secret Legends (remove only)-->"C:\Program Files\AOL Games\Pahelika Secret Legends\Uninstall.exe"
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PowerISO-->"E:\Program Files\PowerISO\uninstall.exe"
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Search Guard Plus (My Tattoons)-->C:\Program Files\Search Guard Plus\uninstalSGP.exe
Search Guard Plus Updater (My Tattoons)-->C:\Program Files\Search Guard PlusU\uninstalSGPU.exe
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sony Ericsson PC Suite 4.010.00-->C:\Program Files\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\ISAdmin.exe -runfromtemp -l0x0009 -removeonly
Sophos Anti-Rootkit 1.5.0-->C:\Program Files\Sophos\Sophos Anti-Rootkit\helper.exe remove
SoulSeek 157 NS 13c-->"E:\Program Files\SoulseekNS\uninstall.exe"
Sound Blaster Live!-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9115E7DB-3B29-445A-802D-11E0AA945B7F}\SETUP.EXE" -l0x9
VideoLAN VLC media player 0.8.6i-->E:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
WinRAR archiver-->E:\Program Files\WinRAR\uninstall.exe
Xvid 1.1.3 final uninstall-->"e:\Program Files\Xvid\unins000.exe"

Securitycenter WMI appears to be broken

======System event log======

Computer Name: WW
Event Code: 7022
Message: The خدمة HP CUE DeviceDiscovery (الكشف على أجهزة CUE لـ HP) service hung on starting.

Record Number: 808
Source Name: Service Control Manager
Time Written: 20090702093319.000000+180
Event Type: error
User:

Computer Name: WW
Event Code: 7022
Message: The خدمة HP CUE DeviceDiscovery (الكشف على أجهزة CUE لـ HP) service hung on starting.

Record Number: 783
Source Name: Service Control Manager
Time Written: 20090702042448.000000+180
Event Type: error
User:

Computer Name: WW
Event Code: 8003
Message: The master browser has received a server announcement from the computer TOSHIBA-USER
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{452266EC-0696-4.
The master browser is stopping or an election is being forced.

Record Number: 780
Source Name: MRxSmb
Time Written: 20090702025712.000000+180
Event Type: error
User:

Computer Name: WW
Event Code: 7022
Message: The خدمة HP CUE DeviceDiscovery (الكشف على أجهزة CUE لـ HP) service hung on starting.

Record Number: 754
Source Name: Service Control Manager
Time Written: 20090701201251.000000+180
Event Type: error
User:

Computer Name: WW
Event Code: 7022
Message: The خدمة HP CUE DeviceDiscovery (الكشف على أجهزة CUE لـ HP) service hung on starting.

Record Number: 729
Source Name: Service Control Manager
Time Written: 20090701192411.000000+180
Event Type: error
User:

=====Application event log=====

Computer Name: WW
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.

Record Number: 5112
Source Name: usnjsvc
Time Written: 20090428115235.000000+120
Event Type:
User:

Computer Name: WW
Event Code: 1517
Message: Windows saved user WW\XPPRESP3 registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 5059
Source Name: Userenv
Time Written: 20090421133313.000000+120
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: WW
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.

Record Number: 5031
Source Name: usnjsvc
Time Written: 20090418194024.000000+120
Event Type:
User:

Computer Name: WW
Event Code: 3011
Message: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.

Record Number: 4995
Source Name: LoadPerf
Time Written: 20090413083148.000000+120
Event Type: error
User:

Computer Name: WW
Event Code: 3012
Message: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.

Record Number: 4994
Source Name: LoadPerf
Time Written: 20090413083148.000000+120
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------


Thanks in advance.

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:27 PM

Posted 16 August 2009 - 12:48 PM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.



=============


The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 maged918

maged918
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:27 PM

Posted 17 August 2009 - 08:51 AM

OTL

OTL logfile created on: 17/08/2009 01:05:38 - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\XPPRESP3\Desktop\Maged\Virus Reports
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.47 Mb Total Physical Memory | 89.75 Mb Available Physical Memory | 17.55% Memory free
1.22 Gb Paging File | 0.51 Gb Available in Paging File | 41.58% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.32 Gb Total Space | 0.43 Gb Free Space | 4.65% Space Free | Partition Type: NTFS
Drive D: | 13.97 Gb Total Space | 0.53 Gb Free Space | 3.82% Space Free | Partition Type: NTFS
Drive E: | 9.31 Gb Total Space | 0.18 Gb Free Space | 1.89% Space Free | Partition Type: FAT32
Drive F: | 9.31 Gb Total Space | 0.32 Gb Free Space | 3.48% Space Free | Partition Type: FAT32
Drive G: | 9.31 Gb Total Space | 1.23 Gb Free Space | 13.22% Space Free | Partition Type: FAT32
Drive H: | 46.55 Gb Total Space | 1.52 Gb Free Space | 3.26% Space Free | Partition Type: FAT32
Drive I: | 51.24 Gb Total Space | 3.95 Gb Free Space | 7.70% Space Free | Partition Type: FAT32

Computer Name: WW
Current User Name: XPPRESP3
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2007/08/08 19:40:41 | 00,950,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/08/15 17:27:58 | 00,148,480 | ---- | M] () -- C:\WINDOWS\mse.exe
PRC - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [1999/12/13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe
PRC - [2006/01/25 16:02:48 | 00,090,112 | ---- | M] (Aladdin Knowledge Systems, Ltd.) -- C:\WINDOWS\System32\eTSrv.exe
PRC - [2008/12/03 16:06:55 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/04/05 21:22:29 | 00,552,064 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32krn.exe
PRC - [2000/06/26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe
PRC - [2009/05/04 16:08:28 | 00,194,432 | ---- | M] () -- C:\Program Files\Search Guard Plus\SearchGuardPlus.exe
PRC - [2008/07/23 15:11:34 | 21,738,792 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2007/01/19 13:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\MsnMsgr.Exe
PRC - [2009/07/28 10:53:12 | 01,830,128 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Administrator.WW\My Documents\Downloads\SUPERAntiSpywarePro\SUPERAntiSpyware.exe
PRC - [2008/08/08 15:11:12 | 00,490,952 | ---- | M] (DT Soft Ltd) -- E:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2007/10/14 21:38:52 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2009/08/15 11:03:52 | 00,075,264 | RHS- | M] () -- C:\WINDOWS\mscth32.exe
PRC - [2008/07/23 15:11:34 | 00,076,744 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2007/10/19 21:46:08 | 00,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
PRC - [2007/10/19 21:46:08 | 00,610,304 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2004/08/04 17:00:00 | 00,131,072 | -H-- | M] () -- C:\WINDOWS\fonts\services.exe
PRC - [2009/05/06 20:17:38 | 09,278,016 | ---- | M] (J. River, Inc.) -- E:\Program Files\J River\Media Center 13\Media Center 13.exe
PRC - [2009/08/12 20:17:58 | 00,144,384 | ---- | M] () -- C:\Documents and Settings\XPPRESP3\Local Settings\Temp\b.exe
PRC - [2008/04/05 21:22:29 | 00,949,376 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32kui.exe
PRC - [2009/08/05 18:54:02 | 00,908,280 | ---- | M] (Mozilla Corporation) -- E:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/08/17 00:41:00 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\XPPRESP3\Desktop\Maged\Virus Reports\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2005/09/23 15:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - File not found -- -- (bndmss [Auto | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2005/09/23 15:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [1999/12/13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe -- (Creative Service for CDROM Access [Auto | Running])
SRV - [2006/01/25 16:02:48 | 00,090,112 | ---- | M] (Aladdin Knowledge Systems, Ltd.) -- C:\WINDOWS\System32\eTSrv.exe -- (ETOKSRV [Auto | Running])
SRV - [2008/08/17 03:20:42 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2007/11/06 22:16:54 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])
SRV - [2007/11/06 22:16:54 | 00,139,264 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2008/12/03 16:06:55 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/08/15 17:21:54 | 00,025,088 | ---- | M] () -- C:\WINDOWS\System32\mssrv32.exe -- (msupdate [Auto | Stopped])
SRV - [2006/11/08 17:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running])
SRV - [2008/04/05 21:22:29 | 00,552,064 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32krn.exe -- (NOD32krn [Auto | Running])
SRV - [2005/07/25 00:38:56 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/11/08 17:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2007/01/19 13:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2000/06/26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])
SRV - [2006/08/24 21:33:00 | 00,911,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2009/08/09 20:17:29 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\a2fd3a99.sys -- (a2fd3a99 [System | Stopped])
DRV - [2001/08/17 15:20:04 | 00,096,256 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\ac97intc.sys -- (ac97intc [On_Demand | Running])
DRV - [2006/01/22 11:41:10 | 00,090,346 | ---- | M] (Aladdin Knowledge Systems, Ltd.) -- C:\WINDOWS\System32\DRIVERS\aksifdh.sys -- (AKSIFDH [On_Demand | Running])
DRV - [2006/01/22 11:41:10 | 00,034,406 | ---- | M] (Aladdin Knowledge Systems, Ltd.) -- C:\WINDOWS\System32\drivers\aksup.sys -- (AKSUP [On_Demand | Running])
DRV - [2008/04/05 21:22:30 | 00,512,096 | ---- | M] (Eset ) -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON [Auto | Running])
DRV - [2004/08/04 01:29:28 | 00,701,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2009/08/16 21:46:02 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\c67bbc2d.sys -- (c67bbc2d [System | Stopped])
DRV - [2002/07/19 05:46:28 | 00,127,948 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctac32k.sys -- (ctac32k [On_Demand | Running])
DRV - [2002/07/19 05:47:52 | 00,837,548 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctaud2k.sys -- (ctaud2k [On_Demand | Running])
DRV - [2001/08/17 15:19:20 | 00,003,712 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\ctljystk.sys -- (ctljystk [On_Demand | Stopped])
DRV - [2002/07/19 05:48:08 | 00,011,068 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctprxy2k.sys -- (ctprxy2k [On_Demand | Running])
DRV - [2002/07/19 05:48:22 | 00,213,860 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
DRV - [2002/07/19 05:48:32 | 00,156,604 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\emupia2k.sys -- (emupia [On_Demand | Running])
DRV - [2008/09/17 16:14:00 | 00,027,672 | R--- | M] (EnTech Taiwan) -- C:\WINDOWS\System32\DRIVERS\ENTECH.sys -- (ENTECH [On_Demand | Stopped])
DRV - [2002/10/29 09:20:30 | 00,040,960 | R--- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\System32\DRIVERS\fetnd5b.sys -- (FETNDISB [On_Demand | Running])
DRV - [2004/08/03 23:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - File not found -- Service key not found. -- (glaide32 [Unknown | Running])
DRV - [2002/07/24 08:52:26 | 00,998,004 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ha10kx2k.sys -- (ha10kx2k [On_Demand | Running])
DRV - [2007/10/30 12:25:53 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2007/10/30 12:25:54 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2007/10/30 12:25:55 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2004/08/04 17:00:00 | 00,002,304 | ---- | M] () -- C:\WINDOWS\System32\netcard.sys -- (netcard [On_Demand | Stopped])
DRV - [2004/08/04 17:00:00 | 00,002,304 | ---- | M] () -- C:\WINDOWS\System32\netskt.sys -- (netskt [On_Demand | Stopped])
DRV - [2008/04/05 21:22:29 | 00,015,424 | ---- | M] () -- C:\WINDOWS\system32\drivers\nod32drv.sys -- (nod32drv [System | Running])
DRV - [2002/07/19 05:48:04 | 00,195,432 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
DRV - [1999/12/17 01:00:00 | 00,006,752 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\PfModNT.sys -- (PfModNT [Auto | Running])
DRV - [2004/08/04 17:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2004/08/04 17:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Running])
DRV - [2009/08/09 19:06:32 | 00,179,648 | ---- | M] () -- C:\WINDOWS\System32\drivers\rpmd570.sys -- (rpmd570 [System | Stopped])
DRV - [2008/10/17 11:43:57 | 00,090,536 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s0017bus.sys -- (s0017bus [On_Demand | Stopped])
DRV - [2008/10/17 11:43:58 | 00,015,016 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s0017mdfl.sys -- (s0017mdfl [On_Demand | Stopped])
DRV - [2008/10/17 11:43:58 | 00,122,152 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s0017mdm.sys -- (s0017mdm [On_Demand | Stopped])
DRV - [2008/10/17 11:43:58 | 00,115,496 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s0017mgmt.sys -- (s0017mgmt [On_Demand | Stopped])
DRV - [2008/10/17 11:43:58 | 00,025,768 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s0017nd5.sys -- (s0017nd5 [On_Demand | Stopped])
DRV - [2008/10/17 11:43:58 | 00,111,912 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s0017obex.sys -- (s0017obex [On_Demand | Stopped])
DRV - [2008/10/17 11:43:58 | 00,117,672 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s0017unic.sys -- (s0017unic [On_Demand | Stopped])
DRV - [2009/07/28 10:53:16 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Documents and Settings\Administrator.WW\My Documents\Downloads\SUPERAntiSpywarePro\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009/07/28 10:53:16 | 00,007,408 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Documents and Settings\Administrator.WW\My Documents\Downloads\SUPERAntiSpywarePro\SASENUM.SYS -- (SASENUM [On_Demand | Running])
DRV - [2009/07/28 10:53:14 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Documents and Settings\Administrator.WW\My Documents\Downloads\SUPERAntiSpywarePro\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2008/07/07 10:40:49 | 00,056,108 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
DRV - [2007/08/08 19:22:59 | 00,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - [2008/08/16 01:03:29 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2009/07/09 12:16:16 | 00,039,424 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.default\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.default\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\.default\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\.default\.default\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\s-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\s-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\s-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\s-1-5-18\s-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\s-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\s-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\s-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\s-1-5-19\s-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\s-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\s-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\s-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\s-1-5-20\s-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\s-1-5-21-1659004503-1454471165-839522115-1001\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\s-1-5-21-1659004503-1454471165-839522115-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\s-1-5-21-1659004503-1454471165-839522115-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\s-1-5-21-1659004503-1454471165-839522115-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\s-1-5-21-1659004503-1454471165-839522115-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
IE - HKU\s-1-5-21-1659004503-1454471165-839522115-1001\Software\Microsoft\Internet Explorer\SearchURL\A, = http://www.altavista.com/sites/search/web?q=%s
IE - HKU\s-1-5-21-1659004503-1454471165-839522115-1001\Software\Microsoft\Internet Explorer\SearchURL\AV, = http://www.altavista.com/sites/search/web?q=%s
IE - HKU\s-1-5-21-1659004503-1454471165-839522115-1001\Software\Microsoft\Internet Explorer\SearchURL\FM, = http://www.filemirrors.com/search.src?file=%s
IE - HKU\s-1-5-21-1659004503-1454471165-839522115-1001\Software\Microsoft\Internet Explorer\SearchURL\G, = http://www.google.com/search?q=%s
IE - HKU\s-1-5-21-1659004503-1454471165-839522115-1001\Software\Microsoft\Internet Explorer\SearchURL\L, = http://sjc-search.sjc.lycos.com/default.as...eb&query=%s
IE - HKU\s-1-5-21-1659004503-1454471165-839522115-1001\Software\Microsoft\Internet Explorer\SearchURL\M, = http://search.msn.com/results.asp?q=%s
IE - HKU\s-1-5-21-1659004503-1454471165-839522115-1001\Software\Microsoft\Internet Explorer\SearchURL\MS, = http://support.microsoft.com/?kbid=%s
IE - HKU\s-1-5-21-1659004503-1454471165-839522115-1001\Software\Microsoft\Internet Explorer\SearchURL\MSKB, = http://support.microsoft.com/?kbid=%s
IE - HKU\s-1-5-21-1659004503-1454471165-839522115-1001\Software\Microsoft\Internet Explorer\SearchURL\MSN, = http://search.msn.com/results.asp?q=%s
IE - HKU\s-1-5-21-1659004503-1454471165-839522115-1001\Software\Microsoft\Internet Explorer\SearchURL\Y, = http://search.yahoo.com/search?p=%s
IE - HKU\s-1-5-21-1659004503-1454471165-839522115-1001\s-1-5-21-1659004503-1454471165-839522115-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\s-1-5-21-1659004503-1454471165-839522115-1001\s-1-5-21-1659004503-1454471165-839522115-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1
FF - prefs.js..extensions.enabledItems: {CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}:1.5.2.29
FF - prefs.js..extensions.enabledItems: firenes@facundo.zaldo:1.2
FF - prefs.js..extensions.enabledItems: imglikeopera@imfo.ru:0.6.18
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {F7833457-B116-419a-A288-D85D7C686048}:0.3.3
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-6665170634FE}:1.06
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.33
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2
FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.0.9
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/03 16:06:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2008/08/14 00:21:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2008/08/14 00:21:56 | 00,000,000 | ---D | M]

[2009/07/05 20:19:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\XPPRESP3\Application Data\mozilla\Extensions
[2008/08/14 00:23:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\XPPRESP3\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/05 20:19:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\XPPRESP3\Application Data\mozilla\Extensions\mozswing@mozswing.org
[2009/08/15 22:25:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\XPPRESP3\Application Data\mozilla\Firefox\Profiles\2moj8l1y.default\extensions
[2009/08/12 16:46:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\XPPRESP3\Application Data\mozilla\Firefox\Profiles\2moj8l1y.default\extensions\{9AA46F4F-4DC7-4c06-97AF-6665170634FE}
[2009/07/18 17:49:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\XPPRESP3\Application Data\mozilla\Firefox\Profiles\2moj8l1y.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2008/09/07 06:08:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\XPPRESP3\Application Data\mozilla\Firefox\Profiles\2moj8l1y.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2009/07/18 17:49:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\XPPRESP3\Application Data\mozilla\Firefox\Profiles\2moj8l1y.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/06/14 15:37:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\XPPRESP3\Application Data\mozilla\Firefox\Profiles\2moj8l1y.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
[2008/08/24 01:54:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\XPPRESP3\Application Data\mozilla\Firefox\Profiles\2moj8l1y.default\extensions\{F7833457-B116-419a-A288-D85D7C686048}
[2008/09/05 17:23:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\XPPRESP3\Application Data\mozilla\Firefox\Profiles\2moj8l1y.default\extensions\firenes@facundo.zaldo
[2009/07/10 17:33:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\XPPRESP3\Application Data\mozilla\Firefox\Profiles\2moj8l1y.default\extensions\imglikeopera@imfo.ru
[2009/03/14 01:34:45 | 00,002,042 | ---- | M] () -- C:\Documents and Settings\XPPRESP3\Application Data\Mozilla\FireFox\Profiles\2moj8l1y.default\searchplugins\facebook.xml
[2008/08/18 03:31:52 | 00,002,299 | ---- | M] () -- C:\Documents and Settings\XPPRESP3\Application Data\Mozilla\FireFox\Profiles\2moj8l1y.default\searchplugins\lastfm.xml
[2007/08/15 02:18:57 | 00,004,886 | ---- | M] () -- C:\Documents and Settings\XPPRESP3\Application Data\Mozilla\FireFox\Profiles\2moj8l1y.default\searchplugins\urbandictionarycom.xml
[2007/07/12 12:13:23 | 00,001,312 | ---- | M] () -- C:\Documents and Settings\XPPRESP3\Application Data\Mozilla\FireFox\Profiles\2moj8l1y.default\searchplugins\wikipedia-english.xml
[2007/07/12 13:47:00 | 00,001,628 | ---- | M] () -- C:\Documents and Settings\XPPRESP3\Application Data\Mozilla\FireFox\Profiles\2moj8l1y.default\searchplugins\youtube.xml
[2008/08/13 23:59:56 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2008/04/05 21:23:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IE7Pro BHO) - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll (IE7Pro.com)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {500bca15-57a7-4eaf-8143-8c619470b13d} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {f0626a63-410b-45e2-99a1-3f2475b2d695} - No CLSID value found.
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\s-1-5-21-1659004503-1454471165-839522115-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [FBSearch] C:\Program Files\Search Guard Plus\SearchGuardPlus.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Microsoft Driver Setup] C:\WINDOWS\mscth32.exe ()
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSxmlHpr] C:\WINDOWS\System32\msxm192z.DLL (USA)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SGPUpdater] C:\Program Files\Search Guard PlusU\sgpUpdaters.exe ()
O4 - HKLM..\Run: [ter8m] C:\WINDOWS\System32\msxm192z.DLL (USA)
O4 - HKU\.default..\Run: [minix32] C:\WINDOWS\System32\minix32.exe (TODO: <Company name>)
O4 - HKU\.default..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe File not found
O4 - HKU\s-1-5-18..\Run: [minix32] C:\WINDOWS\System32\minix32.exe (TODO: <Company name>)
O4 - HKU\s-1-5-18..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe File not found
O4 - HKU\s-1-5-19..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe File not found
O4 - HKU\s-1-5-20..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe File not found
O4 - HKU\s-1-5-21-1659004503-1454471165-839522115-1001..\Run: [12CFG214-K641-11SF-N33P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1077\vslmq.exe ()
O4 - HKU\s-1-5-21-1659004503-1454471165-839522115-1001..\Run: [12CFG515-K641-55SF-N66P] C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe ()
O4 - HKU\s-1-5-21-1659004503-1454471165-839522115-1001..\Run: [DAEMON Tools Lite] E:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\s-1-5-21-1659004503-1454471165-839522115-1001..\Run: [Monopod] C:\Documents and Settings\XPPRESP3\Local Settings\Temp\b.exe ()
O4 - HKU\s-1-5-21-1659004503-1454471165-839522115-1001..\Run: [MsnMsgr] C:\Program Files\MSN Messenger\MsnMsgr.Exe (Microsoft Corporation)
O4 - HKU\s-1-5-21-1659004503-1454471165-839522115-1001..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\s-1-5-21-1659004503-1454471165-839522115-1001..\Run: [SUPERAntiSpyware] C:\Documents and Settings\Administrator.WW\My Documents\Downloads\SUPERAntiSpywarePro\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\.default..\RunOnce: [nltide_3] C:\WINDOWS\System32\advpack.DLL (Microsoft Corporation)
O4 - HKU\.default..\RunOnce: [ShowDeskFix] File not found
O4 - HKU\s-1-5-18..\RunOnce: [nltide_3] C:\WINDOWS\System32\advpack.DLL (Microsoft Corporation)
O4 - HKU\s-1-5-18..\RunOnce: [ShowDeskFix] File not found
O4 - HKU\s-1-5-19..\RunOnce: [nltide_3] C:\WINDOWS\System32\advpack.DLL (Microsoft Corporation)
O4 - HKU\s-1-5-19..\RunOnce: [ShowDeskFix] File not found
O4 - HKU\s-1-5-20..\RunOnce: [nltide_3] C:\WINDOWS\System32\advpack.DLL (Microsoft Corporation)
O4 - HKU\s-1-5-20..\RunOnce: [ShowDeskFix] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
F3 - HKU\.default WinNT: Load - (C:\WINDOWS\system32\mskvd.exe) - C:\WINDOWS\System32\mskvd.exe (-)
F3 - HKU\.default WinNT: Run - (C:\WINDOWS\system32\msthnc.exe) - C:\WINDOWS\System32\msthnc.exe (-)
F3 - HKU\s-1-5-18 WinNT: Load - (C:\WINDOWS\system32\mskvd.exe) - C:\WINDOWS\System32\mskvd.exe (-)
F3 - HKU\s-1-5-18 WinNT: Run - (C:\WINDOWS\system32\msthnc.exe) - C:\WINDOWS\System32\msthnc.exe (-)
F3 - HKU\s-1-5-21-1659004503-1454471165-839522115-1001 WinNT: Load - (C:\WINDOWS\system32\mspuoxu.exe) - C:\WINDOWS\System32\mspuoxu.exe (-)
F3 - HKU\s-1-5-21-1659004503-1454471165-839522115-1001 WinNT: Run - (C:\WINDOWS\system32\msltaae.exe) - C:\WINDOWS\System32\msltaae.exe (-)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKU\.default\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.default\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\.default\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.default\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\.default\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 1
O7 - HKU\s-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\s-1-5-18\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\s-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\s-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 1
O7 - HKU\s-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\s-1-5-19\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\s-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\s-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 1
O7 - HKU\s-1-5-19_classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\s-1-5-19_classes\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\s-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\s-1-5-20\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\s-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\s-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 1
O7 - HKU\s-1-5-20_classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\s-1-5-20_classes\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\s-1-5-21-1659004503-1454471165-839522115-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\s-1-5-21-1659004503-1454471165-839522115-1001\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\s-1-5-21-1659004503-1454471165-839522115-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
O7 - HKU\s-1-5-21-1659004503-1454471165-839522115-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\s-1-5-21-1659004503-1454471165-839522115-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 1
O7 - HKU\s-1-5-21-1659004503-1454471165-839522115-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\s-1-5-21-1659004503-1454471165-839522115-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1
O7 - HKU\s-1-5-21-1659004503-1454471165-839522115-1001_classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\s-1-5-21-1659004503-1454471165-839522115-1001_classes\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_10.dll (Sun Microsystems, Inc.)
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\XPPRESP3\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\System32\imon.dll (Eset )
O15 - HKU\s-1-5-21-1659004503-1454471165-839522115-1001\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKU\s-1-5-21-1659004503-1454471165-839522115-1001\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\System32\sdra64.exe File not found
O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-9687768100-1660753643-749687913-1017\wnzip32.exe) - C:\RECYCLER\S-1-5-21-9687768100-1660753643-749687913-1017\wnzip32.exe ()
O20 - HKU\s-1-5-21-1659004503-1454471165-839522115-1001 Winlogon: Shell - (C:\RECYCLER\S-1-5-21-1577147914-1756635673-045559084-9045\sysdate.exe) - C:\RECYCLER\S-1-5-21-1577147914-1756635673-045559084-9045\sysdate.exe File not found
O20 - HKU\s-1-5-21-1659004503-1454471165-839522115-1001 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\s-1-5-21-1659004503-1454471165-839522115-1001 Winlogon: Shell - (C:\RECYCLER\S-1-5-21-9687768100-1660753643-749687913-1017\wnzip32.exe) - C:\RECYCLER\S-1-5-21-9687768100-1660753643-749687913-1017\wnzip32.exe ()
O20 - Winlogon\Notify\csbdll: DllName - csbdll.dll - C:\WINDOWS\System32\csbdll.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/05 21:10:57 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/26 23:13:01 | 00,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2ad6b5d1-34db-11dc-ad72-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{2ad6b5d1-34db-11dc-ad72-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2ad6b5d1-34db-11dc-ad72-806d6172696f}\Shell\AutoRun\command - "" = D:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\*.tmp files]
[2009/08/16 21:58:30 | 04,927,864 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\XPPRESP3\Desktop\Silverlight.exe
[2009/08/16 21:56:49 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/08/16 21:23:31 | 00,148,480 | ---- | C] () -- C:\WINDOWS\mse.exe
[2009/08/16 02:05:36 | 10,043,1872 | ---- | C] () -- C:\Documents and Settings\XPPRESP3\Desktop\Photoshop.CS4_DC.part06.rar
[2009/08/16 00:16:39 | 10,043,1872 | ---- | C] () -- C:\Documents and Settings\XPPRESP3\Desktop\Photoshop.CS4_DC.part05.rar
[2009/08/15 23:23:06 | 10,043,1872 | ---- | C] () -- C:\Documents and Settings\XPPRESP3\Desktop\Photoshop.CS4_DC.part04.rar
[2009/08/15 21:01:57 | 10,043,1872 | ---- | C] () -- C:\Documents and Settings\XPPRESP3\Desktop\Photoshop.CS4_DC.part03.rar
[2009/08/15 19:31:49 | 10,043,1872 | ---- | C] () -- C:\Documents and Settings\XPPRESP3\Desktop\Photoshop.CS4_DC.part02.rar
[2009/08/15 17:21:59 | 00,025,088 | ---- | C] () -- C:\WINDOWS\System32\mssrv32.exe
[2009/08/15 14:14:48 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2009/08/15 14:14:44 | 00,000,000 | ---D | C] -- C:\rsit
[2009/08/15 12:54:44 | 00,010,752 | ---- | C] () -- C:\gcdppgxd.exe
[2009/08/15 11:03:54 | 00,075,264 | RHS- | C] () -- C:\WINDOWS\mscth32.exe
[2009/08/14 21:56:55 | 00,101,068 | ---- | C] () -- C:\WINDOWS\System32\drivers\51510d33.sys
[2009/08/14 21:50:38 | 00,245,760 | -H-- | C] (-) -- C:\WINDOWS\System32\msozgbhe.exe
[2009/08/14 21:50:33 | 00,148,480 | ---- | C] () -- C:\WINDOWS\msd.exe
[2009/08/14 21:31:06 | 00,088,140 | ---- | C] () -- C:\WINDOWS\System32\drivers\glaide32.sys
[2009/08/13 16:55:15 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/13 16:55:11 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/13 16:55:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/08/13 03:18:47 | 00,154,632 | ---- | C] (TODO: <Company name>) -- C:\WINDOWS\System32\minix32.exe
[2009/08/13 03:18:17 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Antivirus Pro
[2009/08/12 22:49:54 | 00,000,000 | ---D | C] -- C:\Program Files\Search Guard PlusU
[2009/08/12 22:49:54 | 00,000,000 | ---D | C] -- C:\Program Files\Search Guard Plus
[2009/08/12 22:49:53 | 00,000,000 | ---D | C] -- C:\Program Files\SGPSA
[2009/08/12 22:48:13 | 00,000,000 | ---D | C] -- C:\Program Files\Fast Browser Search
[2009/08/12 22:48:05 | 00,000,000 | ---D | C] -- C:\users
[2009/08/12 20:18:26 | 00,152,064 | ---- | C] () -- C:\WINDOWS\msc.exe
[2009/08/12 20:17:50 | 00,105,420 | ---- | C] () -- C:\WINDOWS\System32\drivers\70d53020.sys
[2009/08/12 08:19:53 | 00,245,760 | -H-- | C] (-) -- C:\WINDOWS\System32\msziqlzm.exe
[2009/08/11 19:01:11 | 00,245,760 | -H-- | C] (-) -- C:\WINDOWS\System32\msnxmljh.exe
[2009/08/11 16:37:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\c67bbc2d.sys
[2009/08/11 16:36:56 | 00,081,408 | ---- | C] () -- C:\jnvcbaox.exe
[2009/08/11 16:21:09 | 00,000,000 | ---D | C] -- C:\Program Files\Sophos
[2009/08/09 20:22:26 | 00,011,040 | ---- | C] () -- C:\ccuh.exe
[2009/08/09 20:19:32 | 00,151,040 | ---- | C] () -- C:\WINDOWS\msb.exe
[2009/08/09 19:57:00 | 00,176,128 | ---- | C] () -- C:\nayojmty.exe
[2009/08/09 19:56:30 | 00,081,408 | ---- | C] () -- C:\WINDOWS\System32\vhosts.exe
[2009/08/09 19:26:45 | 00,245,760 | -H-- | C] (-) -- C:\WINDOWS\System32\mslgxtag.exe
[2009/08/09 19:08:03 | 00,062,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSWINSCK.OCX
[2009/08/09 19:07:54 | 00,208,900 | ---- | C] () -- C:\WINDOWS\System32\msxml71.dll
[2009/08/09 19:06:32 | 00,179,648 | ---- | C] () -- C:\WINDOWS\System32\drivers\rpmd570.sys
[2009/08/09 17:01:11 | 00,151,040 | ---- | C] () -- C:\WINDOWS\msa.exe
[2009/08/07 21:33:55 | 00,036,352 | ---- | C] () -- C:\WINDOWS\System32\csbdll.dll
[2009/08/07 21:28:15 | 00,000,290 | -H-- | C] () -- C:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
[2009/08/06 16:54:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\XPPRESP3\Application Data\SUPERAntiSpyware.com
[2009/08/06 16:52:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\a2fd3a99.sys
[2009/08/06 16:52:30 | 00,091,648 | ---- | C] () -- C:\yaewfl.exe
[2009/08/06 16:52:25 | 00,215,451 | ---- | C] () -- C:\lyusoqm.exe
[2009/08/06 16:52:24 | 00,000,002 | ---- | C] () -- C:\415464214
[2009/08/06 14:17:09 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/08/05 22:40:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/08/05 22:21:10 | 00,000,282 | ---- | C] () -- C:\WINDOWS\System32\imon1.dat
[2009/08/05 21:57:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/08/05 21:49:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/05 21:16:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/08/05 20:35:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/08/05 19:55:03 | 00,000,246 | -H-- | C] () -- C:\WINDOWS\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2009/08/05 19:04:03 | 00,000,268 | -H-- | C] () -- C:\sqmdata16.sqm
[2009/08/05 19:04:03 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt16.sqm
[2009/08/03 02:52:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\XPPRESP3\Application Data\AOL_Janes_Realty
[2009/08/03 02:42:31 | 00,001,750 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Jane's Realty from AOL.lnk
[2009/07/31 16:33:54 | 00,038,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\LMRTREND.dll
[2009/07/31 16:33:53 | 00,140,800 | ---- | C] (The Duck Corporation) -- C:\WINDOWS\System32\tm20dec.ax
[2009/07/31 16:33:51 | 00,182,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft3.dll
[2009/07/31 16:33:47 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unam4ie.exe
[2009/07/31 16:33:40 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mciqtz.drv
[2009/07/31 16:33:40 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009/07/31 16:33:40 | 00,005,672 | ---- | C] () -- C:\WINDOWS\System32\quartz.vxd
[2009/07/31 16:33:39 | 00,194,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcut.dll
[2009/07/31 15:35:46 | 01,093,632 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2PX.dll
[2009/07/31 15:35:45 | 00,522,752 | ---- | C] (Eastman Kodak Japan) -- C:\WINDOWS\System32\DC120fc7_32.dll
[2009/07/31 15:35:45 | 00,212,480 | ---- | C] (Eastman Kodak) -- C:\WINDOWS\System32\PCDLIB32.DLL
[2009/07/31 15:35:45 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\EnrouteStitch.dll
[2009/07/31 15:35:44 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\MGI Shared
[2009/07/31 15:34:00 | 00,000,000 | ---D | C] -- C:\Program Files\Intel
[2009/07/31 15:33:54 | 00,422,679 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\icam6usb.sys
[2009/07/31 15:33:54 | 00,143,360 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\icam6ext.dll
[2009/07/31 15:33:54 | 00,114,688 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dmjpeg.dll
[2009/07/31 15:33:54 | 00,094,208 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dm630api.dll
[2009/07/31 15:33:54 | 00,065,536 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dmsnapst.dll
[2009/07/31 15:33:54 | 00,061,440 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dmgraph.dll
[2009/07/31 15:33:54 | 00,040,960 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dmdnload.dll
[2009/07/31 15:33:54 | 00,028,983 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\icm6bulk.sys
[2009/07/31 15:33:54 | 00,028,672 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\Icam6UNI.LRC
[2009/07/31 15:33:54 | 00,027,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dmavisrc.ax
[2009/07/31 15:33:54 | 00,012,771 | ---- | C] () -- C:\WINDOWS\System32\Icam6uni.hlp
[2009/07/31 15:33:54 | 00,003,367 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\icm6plcy.sys
[2009/07/31 15:33:53 | 00,429,056 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LTKRN80N.DLL
[2009/07/31 15:33:53 | 00,235,008 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\Lfcmp80n.dll
[2009/07/31 15:33:53 | 00,126,976 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\icam6jpg.dll
[2009/07/31 15:33:53 | 00,074,752 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LTFIL80N.DLL
[2009/07/31 15:33:53 | 00,065,536 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\icam6com.dll
[2009/07/31 15:33:53 | 00,033,280 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\Lfbmp80n.dll
[2009/07/31 15:33:53 | 00,010,295 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\icam6sti.dll
[2009/07/31 15:33:14 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\w95inf32.dll
[2009/07/31 15:33:14 | 00,002,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\w95inf16.dll
[2009/07/31 15:32:41 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WAVMIX16.DLL
[2009/07/27 20:10:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\XPPRESP3\Application Data\IronCode
[2009/07/27 20:08:38 | 00,001,846 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Pahelika Secret Legends from AOL.lnk
[2009/07/22 16:42:07 | 75,932,2624 | ---- | C] () -- C:\Documents and Settings\XPPRESP3\Desktop\[PC - Game ITA] Hospital.Tycoon.iso
[2009/07/19 21:56:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\XPPRESP3\Local Settings\Application Data\Graphisoft
[2009/07/19 21:56:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\XPPRESP3\Application Data\Graphisoft
[2009/07/19 21:00:54 | 00,000,699 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ArchiCAD 12.lnk
[2009/07/19 20:59:57 | 00,007,942 | ---- | C] () -- C:\WINDOWS\vpd.properties
[2009/07/18 03:22:49 | 00,342,528 | ---- | C] (J. River, Inc.) -- C:\WINDOWS\System32\MC13.exe
[2009/07/18 03:22:49 | 00,053,248 | ---- | C] (J. River, Inc.) -- C:\WINDOWS\System32\BBInstaller.exe
[2009/01/12 22:56:50 | 00,000,139 | ---- | C] () -- C:\WINDOWS\Mistwsi.INI
[2008/11/22 14:35:40 | 00,000,088 | ---- | C] () -- C:\WINDOWS\Entrust.ini
[2008/09/01 05:27:46 | 00,000,000 | ---- | C] () -- C:\WINDOWS\WordSearch.INI
[2008/08/14 21:01:07 | 00,000,413 | ---- | C] () -- C:\WINDOWS\MORDOR.INI
[2008/08/14 21:00:53 | 00,002,552 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2008/08/14 20:37:40 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2008/08/14 20:36:37 | 00,037,727 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2008/08/14 20:36:37 | 00,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/08/14 20:36:11 | 00,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2008/08/14 20:36:00 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2008/08/14 20:35:19 | 00,000,307 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2008/08/14 02:49:09 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/08/14 02:47:24 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/08/14 02:47:23 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/08/14 02:34:46 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/08/14 02:34:45 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/08/14 01:43:41 | 00,000,076 | ---- | C] () -- C:\WINDOWS\System32\dtirc.dll
[2008/08/05 21:54:10 | 00,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2008/04/05 21:42:49 | 00,003,250 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/04/05 21:42:48 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/04/05 21:22:33 | 00,015,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\nod32drv.sys
[2008/04/05 21:18:35 | 00,000,478 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/04/05 21:11:16 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/08/08 19:21:40 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\sysdiag.dll
[2007/08/08 19:21:40 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\ipcmd.dll
[2007/08/08 19:21:40 | 00,029,026 | ---- | C] () -- C:\WINDOWS\System32\netsoi32.dll
[2007/08/08 19:21:40 | 00,022,498 | ---- | C] () -- C:\WINDOWS\System32\w3qf6.dll
[2007/08/08 19:21:40 | 00,016,686 | ---- | C] () -- C:\WINDOWS\System32\netrcf32.dll
[2007/08/04 02:38:13 | 00,000,717 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/23 13:34:56 | 00,001,008 | ---- | C] () -- C:\WINDOWS\System32\etpass.ini
[2004/08/04 17:00:00 | 00,102,220 | ---- | C] () -- C:\WINDOWS\System32\drivers\null.sys
[2004/08/04 17:00:00 | 00,102,220 | ---- | C] () -- C:\WINDOWS\System32\drivers\beep.sys
[2004/08/04 17:00:00 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\Irmonv32.dll
[2004/08/04 17:00:00 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\WmdmPv32.dll
[2004/08/04 17:00:00 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\Nwsapv32.dll
[2004/08/04 17:00:00 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\NWCWov32.dll
[2004/08/04 17:00:00 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\Ipripv32.dll
[2004/08/04 17:00:00 | 00,002,304 | ---- | C] () -- C:\WINDOWS\System32\netskt.sys
[2004/08/04 17:00:00 | 00,002,304 | ---- | C] () -- C:\WINDOWS\System32\netcard.sys
[2004/08/04 17:00:00 | 00,000,567 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 17:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[8 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/08/17 01:10:43 | 00,088,140 | ---- | M] () -- C:\WINDOWS\System32\drivers\glaide32.sys
[2009/08/17 01:10:41 | 00,105,420 | ---- | M] () -- C:\WINDOWS\System32\drivers\70d53020.sys
[2009/08/17 01:10:41 | 00,102,220 | ---- | M] () -- C:\WINDOWS\System32\drivers\null.sys
[2009/08/17 01:10:40 | 00,102,220 | ---- | M] () -- C:\WINDOWS\System32\drivers\beep.sys
[2009/08/17 01:10:38 | 00,101,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\51510d33.sys
[2009/08/17 01:00:18 | 00,000,246 | -H-- | M] () -- C:\WINDOWS\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2009/08/17 01:00:09 | 00,000,290 | -H-- | M] () -- C:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
[2009/08/17 00:36:40 | 00,176,128 | ---- | M] () -- C:\nayojmty.exe
[2009/08/17 00:36:24 | 00,081,408 | ---- | M] () -- C:\jnvcbaox.exe
[2009/08/17 00:36:19 | 00,091,648 | ---- | M] () -- C:\yaewfl.exe
[2009/08/17 00:36:05 | 00,215,451 | ---- | M] () -- C:\lyusoqm.exe
[2009/08/17 00:35:55 | 00,000,002 | ---- | M] () -- C:\415464214
[2009/08/17 00:35:37 | 00,010,752 | ---- | M] () -- C:\gcdppgxd.exe
[2009/08/16 21:56:01 | 04,927,864 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\XPPRESP3\Desktop\Silverlight.exe
[2009/08/16 21:47:53 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/16 21:47:44 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/16 21:46:02 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\c67bbc2d.sys
[2009/08/16 21:23:00 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/16 21:21:01 | 09,183,232 | -H-- | M] () -- C:\Documents and Settings\XPPRESP3\Local Settings\Application Data\IconCache.db
[2009/08/16 02:05:35 | 10,043,1872 | ---- | M] () -- C:\Documents and Settings\XPPRESP3\Desktop\Photoshop.CS4_DC.part06.rar
[2009/08/16 00:16:38 | 10,043,1872 | ---- | M] () -- C:\Documents and Settings\XPPRESP3\Desktop\Photoshop.CS4_DC.part05.rar
[2009/08/15 23:23:06 | 10,043,1872 | ---- | M] () -- C:\Documents and Settings\XPPRESP3\Desktop\Photoshop.CS4_DC.part04.rar
[2009/08/15 21:01:57 | 10,043,1872 | ---- | M] () -- C:\Documents and Settings\XPPRESP3\Desktop\Photoshop.CS4_DC.part03.rar
[2009/08/15 20:26:28 | 03,378,376 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-0000000B-00001102-00000002-80651102}.CDF
[2009/08/15 20:26:21 | 03,378,313 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-0000000B-00001102-00000002-80651102}.BAK
[2009/08/15 19:31:49 | 10,043,1872 | ---- | M] () -- C:\Documents and Settings\XPPRESP3\Desktop\Photoshop.CS4_DC.part02.rar
[2009/08/15 17:46:58 | 00,000,574 | ---- | M] () -- C:\Documents and Settings\XPPRESP3\My Documents\My Sharing Folders.lnk
[2009/08/15 17:27:58 | 00,148,480 | ---- | M] () -- C:\WINDOWS\mse.exe
[2009/08/15 17:21:54 | 00,025,088 | ---- | M] () -- C:\WINDOWS\System32\mssrv32.exe
[2009/08/15 12:37:46 | 00,025,296 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-0000000B-00001102-00000002-80651102}.rfx
[2009/08/15 12:37:46 | 00,025,296 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-0000000B-00001102-00000002-80651102}.rfx
[2009/08/15 12:37:46 | 00,016,516 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-0000000B-00001102-00000002-80651102}.rfx
[2009/08/15 12:37:46 | 00,016,516 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-0000000B-00001102-00000002-80651102}.rfx
[2009/08/15 12:37:46 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/08/15 12:37:45 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2009/08/15 12:37:44 | 00,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-0000000B-00001102-00000002-80651102}.dat
[2009/08/15 12:37:44 | 00,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-0000000B-00001102-00000002-80651102}.dat
[2009/08/15 11:03:52 | 00,075,264 | RHS- | M] () -- C:\WINDOWS\mscth32.exe
[2009/08/14 22:09:05 | 00,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/08/14 21:51:26 | 00,000,567 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/08/14 21:51:26 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/08/14 21:51:26 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/08/14 21:50:38 | 00,245,760 | -H-- | M] (-) -- C:\WINDOWS\System32\msozgbhe.exe
[2009/08/14 18:42:21 | 00,148,480 | ---- | M] () -- C:\WINDOWS\msd.exe
[2009/08/14 15:11:09 | 00,002,323 | ---- | M] () -- C:\Documents and Settings\XPPRESP3\Desktop\Windows Live Messenger.lnk
[2009/08/13 03:18:16 | 00,154,632 | ---- | M] (TODO: <Company name>) -- C:\WINDOWS\System32\minix32.exe
[2009/08/12 20:18:05 | 00,152,064 | ---- | M] () -- C:\WINDOWS\msc.exe
[2009/08/12 20:12:15 | 00,000,282 | ---- | M] () -- C:\WINDOWS\System32\imon1.dat
[2009/08/12 08:19:53 | 00,245,760 | -H-- | M] (-) -- C:\WINDOWS\System32\msziqlzm.exe
[2009/08/11 19:01:11 | 00,245,760 | -H-- | M] (-) -- C:\WINDOWS\System32\msnxmljh.exe
[2009/08/10 16:34:25 | 00,000,139 | ---- | M] () -- C:\WINDOWS\Mistwsi.INI
[2009/08/10 13:48:03 | 00,000,478 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2009/08/10 13:47:35 | 00,002,279 | ---- | M] () -- C:\Documents and Settings\XPPRESP3\Desktop\Mistws Internet.lnk
[2009/08/09 20:23:14 | 00,011,040 | ---- | M] () -- C:\ccuh.exe
[2009/08/09 20:17:29 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\a2fd3a99.sys
[2009/08/09 19:58:01 | 00,151,040 | ---- | M] () -- C:\WINDOWS\msb.exe
[2009/08/09 19:56:15 | 00,081,408 | ---- | M] () -- C:\WINDOWS\System32\vhosts.exe
[2009/08/09 19:26:45 | 00,245,760 | -H-- | M] (-) -- C:\WINDOWS\System32\mslgxtag.exe
[2009/08/09 19:08:04 | 00,062,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MSWINSCK.OCX
[2009/08/09 19:07:54 | 00,208,900 | ---- | M] () -- C:\WINDOWS\System32\msxml71.dll
[2009/08/09 19:06:32 | 00,179,648 | ---- | M] () -- C:\WINDOWS\System32\drivers\rpmd570.sys
[2009/08/09 12:27:05 | 01,475,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/09 04:18:12 | 00,044,352 | ---- | M] () -- C:\Documents and Settings\XPPRESP3\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/08 21:16:52 | 00,151,040 | ---- | M] () -- C:\WINDOWS\msa.exe
[2009/08/07 21:33:50 | 00,036,352 | ---- | M] () -- C:\WINDOWS\System32\csbdll.dll
[2009/08/05 22:40:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2009/08/05 19:04:03 | 00,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/08/05 19:04:03 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/03 02:42:31 | 00,001,750 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Jane's Realty from AOL.lnk
[2009/07/31 16:33:49 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/07/31 16:33:49 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/07/27 20:08:38 | 00,001,846 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Pahelika Secret Legends from AOL.lnk
[2009/07/23 02:36:05 | 75,932,2624 | ---- | M] () -- C:\Documents and Settings\XPPRESP3\Desktop\[PC - Game ITA] Hospital.Tycoon.iso
[2009/07/19 21:03:39 | 00,000,156 | ---- | M] () -- C:\WINDOWS\Twunk001.MTX
[2009/07/19 21:03:39 | 00,000,004 | ---- | M] () -- C:\WINDOWS\Twain001.Mtx
[2009/07/19 21:00:54 | 00,000,699 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ArchiCAD 12.lnk
[2009/07/19 20:59:57 | 00,007,942 | ---- | M] () -- C:\WINDOWS\vpd.properties
[2009/07/19 20:51:12 | 00,006,144 | ---- | M] () -- C:\Documents and Settings\XPPRESP3\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

Edited by maged918, 17 August 2009 - 02:56 PM.


#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:27 PM

Posted 17 August 2009 - 11:18 AM

You posted the same log twice. Please post the log from Gmer.

You are badly infected.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 maged918

maged918
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:27 PM

Posted 17 August 2009 - 03:00 PM

GMER 1.0.15.15020 [gmer.exe] - http://www.gmer.net
Rootkit scan 2009-08-17 22:12:43
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT \??\C:\Documents and Settings\Administrator.WW\My Documents\Downloads\SUPERAntiSpywarePro\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB0BA8DF0]

INT 0x62 ? 82B71BF8
INT 0x63 ? 829E0BF8
INT 0x82 ? 82B71BF8
INT 0xA4 ? 829E0BF8
INT 0xB4 ? 829E0BF8

---- Kernel code sections - GMER 1.0.15 ----

? spvb.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F7E5480C 5 Bytes JMP 829E01D8
? C:\WINDOWS\system32\drivers\glaide32.sys The system cannot find the file specified.
? C:\WINDOWS\System32\drivers\70d53020.sys The system cannot find the file specified.
? C:\WINDOWS\System32\drivers\51510d33.sys The system cannot find the file specified.
.text a67e8f5d.SYS B0A5E386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text a67e8f5d.SYS B0A5E3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a67e8f5d.SYS B0A5E3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text a67e8f5d.SYS B0A5E3C9 1 Byte [2E]
.text a67e8f5d.SYS B0A5E3C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[1704] kernel32.dll!LoadResource 7C809FD5 7 Bytes JMP 28001E20 E:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[1704] kernel32.dll!FindResourceExW 7C80ACA8 7 Bytes JMP 28001C60 E:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[1704] kernel32.dll!FindResourceW 7C80BBEE 7 Bytes JMP 28001BE0 E:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[1704] kernel32.dll!SizeofResource 7C80BC89 7 Bytes JMP 28001EE0 E:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[1704] kernel32.dll!FindResourceA 7C80BEA9 7 Bytes JMP 28001CF0 E:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[1704] kernel32.dll!LockResource 7C80CCB7 5 Bytes JMP 28001F50 E:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[1704] kernel32.dll!CreateEventA 7C83080D 5 Bytes JMP 28001840 E:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[1704] kernel32.dll!FindResourceExA 7C835F00 7 Bytes JMP 28001D80 E:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[1704] kernel32.dll!SetUnhandledExceptionFilter 7C84480D 5 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\MsnMsgr.Exe (Messenger/Microsoft Corporation)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[1704] kernel32.dll!OutputDebugStringW 7C85A62D 5 Bytes JMP 28001FB0 E:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[1704] ADVAPI32.dll!CryptDeriveKey 77DEA685 7 Bytes JMP 28001000 E:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[1704] ADVAPI32.dll!CryptDecrypt 77DEA7B1 2 Bytes JMP 28001060 E:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[1704] ADVAPI32.dll!CryptDecrypt + 3 77DEA7B4 4 Bytes [21, B0, CC, CC]
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[1704] USER32.dll!PeekMessageW 7E41928B 5 Bytes JMP 280046C0 E:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[1704] USER32.dll!CreateWindowExW 7E41FF30 5 Bytes JMP 28003CF0 E:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[1704] USER32.dll!SetWindowRgn 7E4202BD 7 Bytes JMP 28005FE0 E:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[1704] USER32.dll!LoadIconW 7E4212CA 5 Bytes JMP 28006960 E:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[1704] USER32.dll!LoadImageW 7E42372F 5 Bytes JMP 28006770 E:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[1704] USER32.dll!CreateDialogParamW 7E4282A4 5 Bytes JMP 28006120 E:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[1704] USER32.dll!SetWindowPlacement 7E42DF56 5 Bytes JMP 28005EA0 E:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[1704] USER32.dll!MessageBoxIndirectW 7E466425 5 Bytes JMP 28006310 E:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[1704] USER32.dll!TrackPopupMenuEx 7E46CEA0 5 Bytes JMP 28004FA0 E:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[1704] WS2_32.dll!send 71AB428A 5 Bytes JMP 2800B770 E:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[1704] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 2800B550 E:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[1704] WS2_32.dll!recv 71AB615A 5 Bytes JMP 2800B3B0 E:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[1704] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 2800B950 E:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[1704] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 2800BB90 E:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[1704] SHELL32.dll!Shell_NotifyIconW 7CA26195 5 Bytes JMP 28003440 E:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[1704] ole32.dll!CoInitializeEx 774FEF7B 5 Bytes JMP 28002260 E:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[1704] ole32.dll!CoRegisterClassObject 77517EC8 5 Bytes JMP 28002360 E:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[1704] WININET.dll!InternetCloseHandle 42C1DA89 5 Bytes JMP 2800A560 E:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[1704] WININET.dll!HttpOpenRequestA 42C24331 5 Bytes JMP 2800A220 E:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[1704] WININET.dll!InternetReadFile 42C2ABBC 5 Bytes JMP 2800A3B0 E:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[1704] WININET.dll!HttpSendRequestA 42C2CD48 5 Bytes JMP 2800A490 E:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
? C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2108] C:\WINDOWS\system32\SHLWAPI.dll IMAGE_DOS_SIGNATURE not found;

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 82BDF2D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F8487C4C] spvb.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F8487CA0] spvb.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F8457040] spvb.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F845713C] spvb.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F84570BE] spvb.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F84577FC] spvb.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F84576D2] spvb.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 829E02D8
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F8467048] spvb.sys
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!RtlInitUnicodeString] 2296E852
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!swprintf] 478B0000
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!KeSetEvent] 50016A40
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 1CAC8E8D
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!IoGetConfigurationInformation] E8510000
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00002284
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!MmFreeMappingAddress] 6A18538B
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 868D5200
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 00001C98
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!MmUnmapIoSpace] 2272E850
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 4B8B0000
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!IofCompleteRequest] 51016A18
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 1CB4968D
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!IofCallDriver] E8520000
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 00002260
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 8A05478A
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!IoConnectInterrupt] 001CBB8E
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!IoDetachDevice] 30C48300
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!KeWaitForSingleObject] 1CBD8688
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!KeInitializeEvent] 80E90000
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] C6000000
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!RtlInitAnsiString] 001CBB86
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 438B0100
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!IoQueueWorkItem] 8E8D5018
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!MmMapIoSpace] 00001C90
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 2232E851
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!IoReportDetectedDevice] 538B0000
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!IoReportResourceForDetection] 52016A18
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 1CAC868D
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!NlsMbCodePageTag] E8500000
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!PoRequestPowerIrp] 00002220
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 8A05478A
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 001CBB8E
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!sprintf] 18C48300
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 1CBD8688
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!ObfDereferenceObject] 43EB0000
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 320C538A
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 88F93BC0
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!ZwClose] 001CBB96
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] F6317300
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 74070647
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 75C0841A
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 05578A0B
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!PoCallDriver] 968801B0
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!IoCreateDevice] 00001CBD
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 57B60F66
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 533B6604
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!ZwOpenKey] 03087408
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 72F93B3F
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!IoStartTimer] 8A09EBDA
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!KeInitializeTimer] 86880547
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!IoInitializeTimer] 00001CBD
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!KeInitializeDpc] 88084B8A
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!KeInitializeSpinLock] 001CBE8E
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!IoInitializeIrp] 40578B00
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!ZwCreateKey] 8D52006A
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 001CC086
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] B1E85000
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!ZwSetValueKey] 8B000021
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!KeInsertQueueDpc] 001CB88E
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] BC968B00
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!IoStartPacket] 8900001C
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 001CC48E
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] C8968900
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!IoFreeMdl] 8B00001C
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!MmUnlockPages] 016A4047
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] CCC68150
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 5600001C
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 002187E8
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 18C48300
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!KeSynchronizeExecution] 5D5B5E5F
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!IoStartNextPacket] CCCCCCC3
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!KeBugCheckEx] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!KeSetTimer] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!KeCancelTimer] 8BEC8B55
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!_allmul] 00C73445
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!MmProbeAndLockPages] 00000000
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!_except_handler3] 830C458B
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!PoSetPowerState] C0840CEC
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 053C0D74
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B80974
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!_aulldiv] 8B000000
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!strstr] 56C35DE5
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!_strupr] 8D08758B
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!KeQuerySystemTime] 8D51FC4D
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 8D52FD55
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!KeTickCount] 8D51FE4D
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 8D52FF55
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!IoDeleteDevice] 8D51F84D
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 5052F455
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!IoAllocateWorkItem] EACAE856
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!IoAllocateIrp] C483FFFF
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!IoAllocateMdl] 0FC08520
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 0001B185
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!MmLockPagableDataSection] 46B70F00
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] F44D8B48
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] C1815753
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!ExFreePoolWithTag] 00002590
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!IoFreeIrp] 467C8D51
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!IoFreeWorkItem] 76F6E84A
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!InitSafeBootMode] D88BFFFF
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!RtlCompareMemory] 8504C483
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 5F0A75DB
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!memmove] 5B08438D
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[ntoskrnl.exe!MmHighestUserAddress] 5DE58B5E
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[HAL.dll!KfAcquireSpinLock] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[HAL.dll!READ_PORT_UCHAR] 8D3F0304
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[HAL.dll!KeGetCurrentIrql] CB033043
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[HAL.dll!KfRaiseIrql] 0673C13B
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[HAL.dll!KfLowerIrql] C13B0003
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[HAL.dll!HalGetInterruptVector] 8366FA72
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[HAL.dll!HalTranslateBusAddress] 75000E7B
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[HAL.dll!KeStallExecutionProcessor] 0B7D80E3
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[HAL.dll!KfReleaseSpinLock] 307B8D00
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00AA840F
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 6A000E7A
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[HAL.dll!WRITE_PORT_UCHAR] C6647400
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[WMILIB.SYS!WmiSystemControl] 4F8B0200
IAT \SystemRoot\System32\Drivers\a67e8f5d.SYS[WMILIB.SYS!WmiCompleteRequest] 968D5140

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\mse.exe[1532] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateWindowExA] [00418DF3] C:\WINDOWS\mse.exe
IAT C:\WINDOWS\mse.exe[1532] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateWindowExW] [00418E6B] C:\WINDOWS\mse.exe
IAT C:\WINDOWS\mse.exe[1532] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] [00418FFD] C:\WINDOWS\mse.exe
IAT C:\WINDOWS\mse.exe[1532] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!MessageBoxW] [00419009] C:\WINDOWS\mse.exe
IAT C:\WINDOWS\mse.exe[1532] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!ShowWindow] [00418EE3] C:\WINDOWS\mse.exe
IAT C:\WINDOWS\mse.exe[1532] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!CreateWindowExW] [00418E6B] C:\WINDOWS\mse.exe
IAT C:\WINDOWS\mse.exe[1532] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!MessageBoxW] [00419009] C:\WINDOWS\mse.exe
IAT C:\WINDOWS\mse.exe[1532] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!SetWindowPos] [00418F91] C:\WINDOWS\mse.exe
IAT C:\WINDOWS\mse.exe[1532] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DialogBoxParamW] [00418FFD] C:\WINDOWS\mse.exe
IAT C:\WINDOWS\mse.exe[1532] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DialogBoxParamA] [00418FFD] C:\WINDOWS\mse.exe
IAT C:\WINDOWS\mse.exe[1532] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DialogBoxParamW] [00418FFD] C:\WINDOWS\mse.exe
IAT C:\WINDOWS\mse.exe[1532] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CreateWindowExA] [00418DF3] C:\WINDOWS\mse.exe
IAT C:\WINDOWS\mse.exe[1532] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CreateWindowExW] [00418E6B] C:\WINDOWS\mse.exe
IAT C:\WINDOWS\mse.exe[1532] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!MessageBoxA] [00419009] C:\WINDOWS\mse.exe
IAT C:\WINDOWS\mse.exe[1532] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!MessageBoxW] [00419009] C:\WINDOWS\mse.exe
IAT C:\WINDOWS\mse.exe[1532] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!MessageBoxIndirectA] [00418FF7] C:\WINDOWS\mse.exe
IAT C:\WINDOWS\mse.exe[1532] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!MessageBoxIndirectW] [00418FF7] C:\WINDOWS\mse.exe
IAT C:\WINDOWS\mse.exe[1532] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowPos] [00418F91] C:\WINDOWS\mse.exe
IAT C:\WINDOWS\mse.exe[1532] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!ShowWindow] [00418EE3] C:\WINDOWS\mse.exe
IAT C:\WINDOWS\mse.exe[1532] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!CreateWindowExW] [00418E6B] C:\WINDOWS\mse.exe
IAT C:\WINDOWS\mse.exe[1532] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!DialogBoxParamW] [00418FFD] C:\WINDOWS\mse.exe
IAT C:\WINDOWS\mse.exe[1532] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!ShowWindow] [00418EE3] C:\WINDOWS\mse.exe
IAT C:\WINDOWS\mse.exe[1532] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!SetWindowPos] [00418F91] C:\WINDOWS\mse.exe
IAT C:\WINDOWS\mse.exe[1532] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!MessageBoxW] [00419009] C:\WINDOWS\mse.exe
IAT C:\WINDOWS\mse.exe[1532] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!MessageBoxA] [00419009] C:\WINDOWS\mse.exe
IAT C:\WINDOWS\mse.exe[1532] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!MessageBoxIndirectW] [00418FF7] C:\WINDOWS\mse.exe
IAT C:\DOCUME~1\XPPRESP3\LOCALS~1\Temp\b.exe[3332] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateWindowExA] [00416A32] C:\DOCUME~1\XPPRESP3\LOCALS~1\Temp\b.exe
IAT C:\DOCUME~1\XPPRESP3\LOCALS~1\Temp\b.exe[3332] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateWindowExW] [00416AAC] C:\DOCUME~1\XPPRESP3\LOCALS~1\Temp\b.exe
IAT C:\DOCUME~1\XPPRESP3\LOCALS~1\Temp\b.exe[3332] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!ShowWindow] [00416B26] C:\DOCUME~1\XPPRESP3\LOCALS~1\Temp\b.exe
IAT C:\DOCUME~1\XPPRESP3\LOCALS~1\Temp\b.exe[3332] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!CreateWindowExW] [00416AAC] C:\DOCUME~1\XPPRESP3\LOCALS~1\Temp\b.exe
IAT C:\DOCUME~1\XPPRESP3\LOCALS~1\Temp\b.exe[3332] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!SetWindowPos] [00416BD8] C:\DOCUME~1\XPPRESP3\LOCALS~1\Temp\b.exe
IAT C:\DOCUME~1\XPPRESP3\LOCALS~1\Temp\b.exe[3332] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CreateWindowExA] [00416A32] C:\DOCUME~1\XPPRESP3\LOCALS~1\Temp\b.exe
IAT C:\DOCUME~1\XPPRESP3\LOCALS~1\Temp\b.exe[3332] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CreateWindowExW] [00416AAC] C:\DOCUME~1\XPPRESP3\LOCALS~1\Temp\b.exe
IAT C:\DOCUME~1\XPPRESP3\LOCALS~1\Temp\b.exe[3332] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowPos] [00416BD8] C:\DOCUME~1\XPPRESP3\LOCALS~1\Temp\b.exe
IAT C:\DOCUME~1\XPPRESP3\LOCALS~1\Temp\b.exe[3332] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!ShowWindow] [00416B26] C:\DOCUME~1\XPPRESP3\LOCALS~1\Temp\b.exe
IAT C:\DOCUME~1\XPPRESP3\LOCALS~1\Temp\b.exe[3332] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!CreateWindowExW] [00416AAC] C:\DOCUME~1\XPPRESP3\LOCALS~1\Temp\b.exe
IAT C:\DOCUME~1\XPPRESP3\LOCALS~1\Temp\b.exe[3332] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!ShowWindow] [00416B26] C:\DOCUME~1\XPPRESP3\LOCALS~1\Temp\b.exe
IAT C:\DOCUME~1\XPPRESP3\LOCALS~1\Temp\b.exe[3332] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!SetWindowPos] [00416BD8] C:\DOCUME~1\XPPRESP3\LOCALS~1\Temp\b.exe
IAT C:\DOCUME~1\XPPRESP3\LOCALS~1\Temp\b.exe[3332] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!SetWindowPos] [00416BD8] C:\DOCUME~1\XPPRESP3\LOCALS~1\Temp\b.exe
IAT C:\DOCUME~1\XPPRESP3\LOCALS~1\Temp\b.exe[3332] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!ShowWindow] [00416B26] C:\DOCUME~1\XPPRESP3\LOCALS~1\Temp\b.exe

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 70d53020.sys
Device \FileSystem\Ntfs \Ntfs 82B701F8

AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys (Amon monitor/Eset )

Device \FileSystem\Fastfat \FatCdrom FF6711F8
Device \Driver\Tcpip \Device\Ip 70d53020.sys
Device \Driver\PCI_PNP2754 \Device\00000051 spvb.sys
Device \Driver\usbuhci \Device\USBPDO-0 829DF1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 82BDD1F8
Device \Driver\dmio \Device\DmControl\DmConfig 82BDD1F8
Device \Driver\dmio \Device\DmControl\DmPnP 82BDD1F8
Device \Driver\dmio \Device\DmControl\DmInfo 82BDD1F8
Device \Driver\usbuhci \Device\USBPDO-1 829DF1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{452266EC-0696-4750-B841-A04387602757} 81B1B1F8
Device \Driver\usbuhci \Device\USBPDO-2 829DF1F8
Device \Driver\sptd \Device\3106004004 spvb.sys
Device \Driver\usbuhci \Device\USBPDO-3 829DF1F8
Device \Driver\usbehci \Device\USBPDO-4 829C81F8
Device \Driver\Tcpip \Device\Tcp 70d53020.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 82B721F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 82B721F8
Device \Driver\Cdrom \Device\CdRom0 828F61F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 82B721F8
Device \Driver\Cdrom \Device\CdRom1 828F61F8
Device \Driver\atapi \Device\Ide\IdePort0 82B711F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 82B711F8
Device \Driver\atapi \Device\Ide\IdePort1 82B711F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 82B711F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 82B711F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 82B711F8
Device \Driver\Ftdisk \Device\HarddiskVolume4 82B721F8
Device \Driver\Ftdisk \Device\HarddiskVolume5 82B721F8
Device \Driver\Ftdisk \Device\HarddiskVolume6 82B721F8
Device \Driver\Ftdisk \Device\HarddiskVolume7 82B721F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 81B1B1F8
Device \Driver\NetBT \Device\NetbiosSmb 81B1B1F8
Device \Driver\Tcpip \Device\Udp 70d53020.sys
Device \Driver\Tcpip \Device\RawIp 70d53020.sys
Device \Driver\usbuhci \Device\USBFDO-0 829DF1F8
Device \Driver\usbuhci \Device\USBFDO-1 829DF1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver FF6721F8
Device \Driver\Tcpip \Device\IPMULTICAST 70d53020.sys
Device \Driver\usbehci \Device\USBFDO-2 829C81F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector FF6721F8
Device \Driver\usbuhci \Device\USBFDO-3 829DF1F8
Device \Driver\usbuhci \Device\USBFDO-4 829DF1F8
Device \Driver\Ftdisk \Device\FtControl 82B721F8
Device \Driver\a67e8f5d \Device\Scsi\a67e8f5d1 82720500
Device \FileSystem\Fastfat \Fat FF6711F8

AttachedDevice \FileSystem\Fastfat \Fat amon.sys (Amon monitor/Eset )

Device \FileSystem\Cdfs \Cdfs 82721500

---- Threads - GMER 1.0.15 ----

Thread System [4:384] FF675470

---- Processes - GMER 1.0.15 ----

Process C:\WINDOWS\system32\svchost.exe (*** hidden *** ) 1948

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\System32\drivers\51510d33.sys (*** hidden *** ) [SYSTEM] 51510d33 <-- ROOTKIT !!!
Service C:\WINDOWS\System32\drivers\70d53020.sys (*** hidden *** ) [SYSTEM] 70d53020 <-- ROOTKIT !!!
Service C:\WINDOWS\system32\drivers\glaide32.sys (*** hidden *** ) [SYSTEM] glaide32 <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\000272b00026 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\000272b00026@00180f6a69e3 0xF4 0x79 0xFC 0xF4 ...
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\000272b00026@002298f17b9d 0x9A 0x33 0xAE 0xC4 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6D 0x5D 0xBF 0x56 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 E:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x9E 0x36 0xD1 0x4E ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1B 0xE7 0x83 0x97 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\51510d33@ImagePath \SystemRoot\System32\drivers\51510d33.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\51510d33@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\51510d33@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\51510d33@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\51510d33@F96ZK6nPB YWR2YW50YXN0YXIudXM=
Reg HKLM\SYSTEM\CurrentControlSet\Services\70d53020@ImagePath \SystemRoot\System32\drivers\70d53020.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\70d53020@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\70d53020@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\70d53020@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\70d53020@F96ZK6nPB YWR2YW50YXN0YXIudXM=
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272b00026
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272b00026@00180f6a69e3 0xF4 0x79 0xFC 0xF4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272b00026@002298f17b9d 0x9A 0x33 0xAE 0xC4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\glaide32@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\glaide32@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\glaide32@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\glaide32@ImagePath \??\C:\WINDOWS\system32\drivers\glaide32.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\glaide32@F96ZK6nPB YWR2YW50YXN0YXIudXM=
Reg HKLM\SYSTEM\CurrentControlSet\Services\glaide32\Security
Reg HKLM\SYSTEM\CurrentControlSet\Services\glaide32\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6D 0x5D 0xBF 0x56 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 E:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x9E 0x36 0xD1 0x4E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1B 0xE7 0x83 0x97 ...
Reg HKLM\SYSTEM\controlset003\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 2
Reg HKLM\SYSTEM\controlset003\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset003\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\controlset003\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset003\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 35
Reg HKLM\SYSTEM\controlset003\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset003\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset003\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset003\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset003\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset003\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset003\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset003\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\controlset003\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset003\Services\51510d33@ImagePath \SystemRoot\System32\drivers\51510d33.sys
Reg HKLM\SYSTEM\controlset003\Services\51510d33@Type 1
Reg HKLM\SYSTEM\controlset003\Services\51510d33@Start 1
Reg HKLM\SYSTEM\controlset003\Services\51510d33@ErrorControl 1
Reg HKLM\SYSTEM\controlset003\Services\51510d33@F96ZK6nPB YWR2YW50YXN0YXIudXM=
Reg HKLM\SYSTEM\controlset003\Services\70d53020@ImagePath \SystemRoot\System32\drivers\70d53020.sys
Reg HKLM\SYSTEM\controlset003\Services\70d53020@Type 1
Reg HKLM\SYSTEM\controlset003\Services\70d53020@Start 1
Reg HKLM\SYSTEM\controlset003\Services\70d53020@ErrorControl 1
Reg HKLM\SYSTEM\controlset003\Services\70d53020@F96ZK6nPB YWR2YW50YXN0YXIudXM=
Reg HKLM\SYSTEM\controlset003\Services\BTHPORT\Parameters\Keys\000272b00026
Reg HKLM\SYSTEM\controlset003\Services\BTHPORT\Parameters\Keys\000272b00026@00180f6a69e3 0xF4 0x79 0xFC 0xF4 ...
Reg HKLM\SYSTEM\controlset003\Services\BTHPORT\Parameters\Keys\000272b00026@002298f17b9d 0x9A 0x33 0xAE 0xC4 ...
Reg HKLM\SYSTEM\controlset003\Services\glaide32@Type 1
Reg HKLM\SYSTEM\controlset003\Services\glaide32@Start 1
Reg HKLM\SYSTEM\controlset003\Services\glaide32@ErrorControl 0
Reg HKLM\SYSTEM\controlset003\Services\glaide32@ImagePath \??\C:\WINDOWS\system32\drivers\glaide32.sys
Reg HKLM\SYSTEM\controlset003\Services\glaide32@F96ZK6nPB YWR2YW50YXN0YXIudXM=
Reg HKLM\SYSTEM\controlset003\Services\glaide32\Security
Reg HKLM\SYSTEM\controlset003\Services\glaide32\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\controlset003\Services\MRxDAV\EncryptedDirectories@
Reg HKLM\SYSTEM\controlset003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\controlset003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\controlset003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6D 0x5D 0xBF 0x56 ...
Reg HKLM\SYSTEM\controlset003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 E:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\controlset003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\controlset003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\controlset003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x9E 0x36 0xD1 0x4E ...
Reg HKLM\SYSTEM\controlset003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\controlset003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1B 0xE7 0x83 0x97 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d}\inprocserver32@ C:\WINDOWS\system32\msxml71.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d}\inprocserver32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d}\progid@ XML.XML.1
Reg HKLM\SOFTWARE\Classes\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d}\typelib@ {E24211B3-A78A-C6A9-D317-70979ACE5058}
Reg HKLM\SOFTWARE\Classes\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d}\versionindependentprogid@ XML.XML
Reg HKLM\SOFTWARE\Classes\TypeLib\{e24211b3-a78a-c6a9-d317-70979ace5058}\.0@ C:\WINDOWS\system32\msxml71.dll
Reg HKLM\SOFTWARE\Classes\xml.xml\clsid@ {500BCA15-57A7-4eaf-8143-8C619470B13D}
Reg HKLM\SOFTWARE\Classes\xml.xml\curver@ XML.XML.1
Reg HKLM\SOFTWARE\Classes\xml.xml.1\clsid@ {500BCA15-57A7-4eaf-8143-8C619470B13D}

---- EOF - GMER 1.0.15 ----

Sorry for that.. Please dont tell me I'll have to reformat? My computer is going crazy.. I'm not sure this is because of malware, but websites sometimes take dozens of tries to get past the "page error" and open anything.. And windows task manager wasnt running when pressing Alt+Ctrl+Delete.. It gave me some error, can't really remember.. I restarted and it seems to be working fine now. And there are over 10 instances of the svchost.exe process showing up in task manager..

Edited by maged918, 17 August 2009 - 03:02 PM.


#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:27 PM

Posted 18 August 2009 - 12:03 PM

No, you shouldn't have to format. But you should really try to minimize your use of the computer while I get this cleaned up for you. The more you use it the more likely you are to contribute to the issues that you are experiencing.

We need to run Combofix.

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 maged918

maged918
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:27 PM

Posted 18 August 2009 - 03:49 PM

ComboFix 09-08-10.06 - XPPRESP3 18/08/2009 22:04.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.511.118 [GMT 3:00]
Running from: c:\documents and settings\XPPRESP3\Desktop\Combo-Fix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\gcdppgxd.exe
c:\program files\Fast Browser Search
c:\program files\Fast Browser Search\IE\1.bat
c:\program files\Fast Browser Search\IE\about.html
c:\program files\Fast Browser Search\IE\affid.dat
c:\program files\Fast Browser Search\IE\basis.xml
c:\program files\Fast Browser Search\IE\BHO.dll
c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe
c:\program files\Fast Browser Search\IE\error.html
c:\program files\Fast Browser Search\IE\FBSPlugin.dll
c:\program files\Fast Browser Search\IE\fbsProtection.xml
c:\program files\Fast Browser Search\IE\FbsSearchProvider.xml
c:\program files\Fast Browser Search\IE\FbsSearchProviderIE8.exe
c:\program files\Fast Browser Search\IE\FBStoolbar.dll
c:\program files\Fast Browser Search\IE\fbstoolbar.jar
c:\program files\Fast Browser Search\IE\fbstoolbar.manifest
c:\program files\Fast Browser Search\IE\icons.bmp
c:\program files\Fast Browser Search\IE\info.txt
c:\program files\Fast Browser Search\IE\local.xml
c:\program files\Fast Browser Search\IE\logobg.bmp
c:\program files\Fast Browser Search\IE\MTWBtoolbar.html
c:\program files\Fast Browser Search\IE\search.bmp
c:\program files\Fast Browser Search\IE\SearchGuardPlus.exe
c:\program files\Fast Browser Search\IE\SearchGuardPlus.ico
c:\program files\Fast Browser Search\IE\SGPU.ico
c:\program files\Fast Browser Search\IE\sgpUpdater.exe
c:\program files\Fast Browser Search\IE\sgpUpdater.xml
c:\program files\Fast Browser Search\IE\SGPUpdaterS.exe
c:\program files\Fast Browser Search\IE\tbhelper.dll
c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js
c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js
c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js
c:\program files\Fast Browser Search\IE\Toolbar Help.htm
c:\program files\Fast Browser Search\IE\uninstall.exe
c:\program files\Fast Browser Search\IE\uninstalSGP.exe
c:\program files\Fast Browser Search\IE\uninstalSGPU.exe
c:\program files\Fast Browser Search\IE\update.exe
c:\program files\Fast Browser Search\IE\version.txt
c:\program files\SGPSA
c:\program files\SGPSA\BHO.dll
c:\recycler\S-1-5-21-0199306008-6698177839-379134937-4509
c:\recycler\S-1-5-21-0241784417-3949039230-102942532-6370
c:\recycler\S-1-5-21-0243336035-3055115375-381863305-1553
c:\recycler\S-1-5-21-0243636035-3055115376-381863306-1556
c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1077
c:\recycler\S-1-5-21-0379675836-0656487421-884936711-3947
c:\recycler\S-1-5-21-0594163655-8062182520-913580000-6771
c:\recycler\S-1-5-21-0624278386-8410343685-839828123-4726
c:\recycler\S-1-5-21-0844765754-6065510057-902177961-5841
c:\recycler\S-1-5-21-0969349897-4889411777-964535127-1439
c:\recycler\S-1-5-21-1149094043-9507928487-380480022-8764
c:\recycler\S-1-5-21-1286858787-5607396137-685644995-5908
c:\recycler\S-1-5-21-1548271953-0169096213-279199932-9154
c:\recycler\S-1-5-21-1577147914-1756635673-045559084-9045
c:\recycler\S-1-5-21-2411956458-5271420329-035134986-2016
c:\recycler\S-1-5-21-2435136161-2226450819-812912209-0283
c:\recycler\S-1-5-21-2639869146-6710496604-817572490-5223
c:\recycler\S-1-5-21-2643968681-9734783134-402922142-0100
c:\recycler\S-1-5-21-2792989354-6197334279-467484009-1556
c:\recycler\S-1-5-21-2812753973-6017098361-526124978-5044
c:\recycler\S-1-5-21-2841331699-5113684866-063008730-0337
c:\recycler\S-1-5-21-2875311602-0574237179-793513420-9356
c:\recycler\S-1-5-21-2914555928-9053023808-280882324-1933
c:\recycler\S-1-5-21-3077493989-7083129515-920680641-5848
c:\recycler\S-1-5-21-3660365900-2799563989-403499290-0962
c:\recycler\S-1-5-21-3725712643-5623655674-863257182-8991
c:\recycler\S-1-5-21-3907897047-0598970172-682632264-8482
c:\recycler\S-1-5-21-4019416065-2975964285-464068636-6663
c:\recycler\S-1-5-21-4084861926-9332839297-246169821-4364
c:\recycler\S-1-5-21-4221901703-7773180417-023766912-7675
c:\recycler\S-1-5-21-4407471245-2945077051-590488218-5638
c:\recycler\S-1-5-21-4438420533-9455350636-190394475-2572
c:\recycler\S-1-5-21-4565199667-7593775863-152952660-1730
c:\recycler\S-1-5-21-4649713769-4098197289-134207421-3578
c:\recycler\S-1-5-21-4740733769-4658037650-292723453-3777
c:\recycler\S-1-5-21-4973529009-2598237026-452134200-8610
c:\recycler\S-1-5-21-5006331915-8439509324-505331340-7002
c:\recycler\S-1-5-21-5024340742-9120271381-914164527-7093
c:\recycler\S-1-5-21-5113293338-3338512117-018291422-9136
c:\recycler\S-1-5-21-5199293147-3514644339-187263832-5313
c:\recycler\S-1-5-21-5266009422-6611451633-924638538-5639
c:\recycler\S-1-5-21-5490271048-5725963346-652481122-2482
c:\recycler\S-1-5-21-5629730440-6483355460-417231276-5736
c:\recycler\S-1-5-21-5722385749-0281489884-519546461-0648
c:\recycler\S-1-5-21-5803862004-8754356471-785589977-7792
c:\recycler\S-1-5-21-5889216048-7391612638-189835628-9202
c:\recycler\S-1-5-21-5980620797-7209381033-782243237-0330
c:\recycler\S-1-5-21-5982254011-6657062215-222184518-5064
c:\recycler\S-1-5-21-6203304538-8680290184-773376802-7954
c:\recycler\S-1-5-21-6430726827-1684536392-351496404-8508
c:\recycler\S-1-5-21-6734807957-5821092414-109325326-7982
c:\recycler\S-1-5-21-6844984434-4362604475-752579998-8935
c:\recycler\S-1-5-21-7341616695-7944360219-977361142-7935
c:\recycler\S-1-5-21-7411162590-6980256035-425123075-9307
c:\recycler\S-1-5-21-7528526233-8717760868-320035219-2445
c:\recycler\S-1-5-21-7539691810-5091327111-698245207-5101
c:\recycler\S-1-5-21-7694287965-8004805967-408393848-4888
c:\recycler\S-1-5-21-7743508348-9562954537-086168904-9123
c:\recycler\S-1-5-21-7783793923-7945970170-531553675-5724
c:\recycler\S-1-5-21-7875078037-9476292878-065295630-3200
c:\recycler\S-1-5-21-7886912305-7469213343-913863416-8451
c:\recycler\S-1-5-21-7929730795-7480320440-974932317-8000
c:\recycler\S-1-5-21-7940670973-8609142148-061039274-1055
c:\recycler\S-1-5-21-8041082171-6528418196-695501722-2398
c:\recycler\S-1-5-21-8058994099-9176485160-739363102-1485
c:\recycler\S-1-5-21-8083607954-3922273962-376710251-3507
c:\recycler\S-1-5-21-8220165678-0248122600-442843529-2005
c:\recycler\S-1-5-21-8257218794-8838519991-620497159-2417
c:\recycler\S-1-5-21-8394721954-5061769191-545550133-0511
c:\recycler\S-1-5-21-8531043201-0869188857-731465910-5418
c:\recycler\S-1-5-21-8532615725-3500637087-855146990-4202
c:\recycler\S-1-5-21-8611097979-3321174727-550001635-4300
c:\recycler\S-1-5-21-8774084957-9100029299-240919317-0731
c:\recycler\S-1-5-21-8804381295-7347253813-090455446-6241
c:\recycler\S-1-5-21-9259412042-2525596033-872339690-4280
c:\recycler\S-1-5-21-9376813108-4305298653-701839247-5178
c:\recycler\S-1-5-21-9522896025-9496982341-532264334-6629
c:\recycler\S-1-5-21-9537377142-8549710144-069701608-8906
c:\recycler\S-1-5-21-9644285328-4352722436-335392997-5630
c:\recycler\S-1-5-21-9681661301-0021684446-203927706-6962
c:\recycler\S-1-5-21-9687768100-1660753643-749687913-1017
c:\recycler\S-1-5-21-9687768100-1660753643-749687913-1017\Desktop.ini
c:\recycler\S-1-5-21-9687768100-1660753643-749687913-1017\wnzip32.exe
c:\recycler\S-1-5-21-9696331705-1189172871-359558922-4761
c:\recycler\S-1-5-21-9907208684-1425969331-234707448-5192
c:\windows\FONTS\cooecp.tlb
c:\windows\FONTS\logcde.dll
c:\windows\Fonts\mlog
c:\windows\Fonts\services.exe
c:\windows\FONTS\windef.dll
c:\windows\FONTS\windef.Log
c:\windows\FONTS\winpaged.ocx
c:\windows\msa.exe
c:\windows\system32\drivers\51510d33.sys
c:\windows\system32\drivers\70d53020.sys
c:\windows\system32\drivers\glaide32.sys
c:\windows\system32\ipcmd.dll
c:\windows\system32\Ipripv32.dll
c:\windows\system32\Irmonv32.dll
c:\windows\system32\msbeuymw.exe
c:\windows\system32\mscdhnnh.exe
c:\windows\system32\mscdps.exe
c:\windows\system32\mscdqm.exe
c:\windows\system32\mscdz.exe
c:\windows\system32\mscdzcx.exe
c:\windows\system32\msced.exe
c:\windows\system32\mscenly.exe
c:\windows\system32\mscewnfo.exe
c:\windows\system32\mscfefp.exe
c:\windows\system32\mscgczq.exe
c:\windows\system32\mscghkf.exe
c:\windows\system32\mscgyt.exe
c:\windows\system32\mschr.exe
c:\windows\system32\msciqxfc.exe
c:\windows\system32\mscivi.exe
c:\windows\system32\mscjae.exe
c:\windows\system32\mscjknwg.exe
c:\windows\system32\mscjwcia.exe
c:\windows\system32\msckggp.exe
c:\windows\system32\mscklb.exe
c:\windows\system32\msclisw.exe
c:\windows\system32\msclkm.exe
c:\windows\system32\msclokk.exe
c:\windows\system32\mscmtg.exe
c:\windows\system32\mscmugmi.exe
c:\windows\system32\mscnnmnz.exe
c:\windows\system32\mscoh.exe
c:\windows\system32\mscoju.exe
c:\windows\system32\msconfig.exe
c:\windows\system32\mscou.exe
c:\windows\system32\mscpqyiz.exe
c:\windows\system32\mscqb.exe
c:\windows\system32\mscqlybs.exe
c:\windows\system32\mscqvoi.exe
c:\windows\system32\mscqw.exe
c:\windows\system32\mscqzt.exe
c:\windows\system32\mscrpmrw.exe
c:\windows\system32\mscsol.exe
c:\windows\system32\mscsor.exe
c:\windows\system32\mscsvie.exe
c:\windows\system32\msctb.exe
c:\windows\system32\msctekf.exe
c:\windows\system32\mscuaszw.exe
c:\windows\system32\mscujuk.exe
c:\windows\system32\mscunn.exe
c:\windows\system32\mscuo.exe
c:\windows\system32\mscvbd.exe
c:\windows\system32\mscvrj.exe
c:\windows\system32\mscwcgug.exe
c:\windows\system32\mscwj.exe
c:\windows\system32\mscwkje.exe
c:\windows\system32\mscwmkj.exe
c:\windows\system32\mscwqy.exe
c:\windows\system32\mscxkth.exe
c:\windows\system32\mscxm.exe
c:\windows\system32\mscybo.exe
c:\windows\system32\mscylevg.exe
c:\windows\system32\mscyzu.exe
c:\windows\system32\msczs.exe
c:\windows\system32\msczuj.exe
c:\windows\system32\msczvonn.exe
c:\windows\system32\msdaeg.exe
c:\windows\system32\msdaj.exe
c:\windows\system32\msdakbp.exe
c:\windows\system32\msdan.exe
c:\windows\system32\msdaqpb.exe
c:\windows\system32\msdatmx.exe
c:\windows\system32\msdatnwu.exe
c:\windows\system32\msdbij.exe
c:\windows\system32\msdcom.exe
c:\windows\system32\msdcsy.exe
c:\windows\system32\msdcvmu.exe
c:\windows\system32\msddwkw.exe
c:\windows\system32\msdedr.exe
c:\windows\system32\msdefxbo.exe
c:\windows\system32\msdegiov.exe
c:\windows\system32\msdeki.exe
c:\windows\system32\msdekzfq.exe
c:\windows\system32\msdeq.exe
c:\windows\system32\msdeqhiv.exe
c:\windows\system32\msdficwe.exe
c:\windows\system32\msdfjk.exe
c:\windows\system32\msdfseqx.exe
c:\windows\system32\msdfzua.exe
c:\windows\system32\msdgc.exe
c:\windows\system32\msdgclw.exe
c:\windows\system32\msdgz.exe
c:\windows\system32\msdhl.exe
c:\windows\system32\msdhmepr.exe
c:\windows\system32\msdhmtfg.exe
c:\windows\system32\msdij.exe
c:\windows\system32\msdik.exe
c:\windows\system32\msdilun.exe
c:\windows\system32\msdjbwy.exe
c:\windows\system32\msdjdbh.exe
c:\windows\system32\msdjgptx.exe
c:\windows\system32\msdjlne.exe
c:\windows\system32\msdkipfw.exe
c:\windows\system32\msdkycb.exe
c:\windows\system32\msdlljp.exe
c:\windows\system32\msdlne.exe
c:\windows\system32\msdmz.exe
c:\windows\system32\msdndvc.exe
c:\windows\system32\msdnuom.exe
c:\windows\system32\msdock.exe
c:\windows\system32\msdoxkck.exe
c:\windows\system32\msdqcdc.exe
c:\windows\system32\msdritvi.exe
c:\windows\system32\msdry.exe
c:\windows\system32\msdsckj.exe
c:\windows\system32\msdsuidp.exe
c:\windows\system32\msdtbkpo.exe
c:\windows\system32\msdtntc.exe
c:\windows\system32\msdtt.exe
c:\windows\system32\msdttmrq.exe
c:\windows\system32\msdtvnhj.exe
c:\windows\system32\msdtvtlz.exe
c:\windows\system32\msdun.exe
c:\windows\system32\msduqly.exe
c:\windows\system32\msdvju.exe
c:\windows\system32\msdvkzrx.exe
c:\windows\system32\msdvq.exe
c:\windows\system32\msdwfc.exe
c:\windows\system32\msdww.exe
c:\windows\system32\msdxb.exe
c:\windows\system32\msdxjv.exe
c:\windows\system32\msdxuic.exe
c:\windows\system32\msdylxqj.exe
c:\windows\system32\msdymfgc.exe
c:\windows\system32\msdyvi.exe
c:\windows\system32\msdyxkoy.exe
c:\windows\system32\msdznnv.exe
c:\windows\system32\mseasbwh.exe
c:\windows\system32\msebl.exe
c:\windows\system32\msebldq.exe
c:\windows\system32\msebnaje.exe
c:\windows\system32\msebq.exe
c:\windows\system32\msechnnu.exe
c:\windows\system32\mseckpd.exe
c:\windows\system32\msecmi.exe
c:\windows\system32\msedj.exe
c:\windows\system32\mseduld.exe
c:\windows\system32\msedzksv.exe
c:\windows\system32\mseeij.exe
c:\windows\system32\mseeocrs.exe
c:\windows\system32\mseevyk.exe
c:\windows\system32\msefps.exe
c:\windows\system32\msefz.exe
c:\windows\system32\msefzias.exe
c:\windows\system32\msefzoxw.exe
c:\windows\system32\msegmrb.exe
c:\windows\system32\msegu.exe
c:\windows\system32\msegxjdf.exe
c:\windows\system32\mseheyo.exe
c:\windows\system32\msehhzwp.exe
c:\windows\system32\msehj.exe
c:\windows\system32\mseidp.exe
c:\windows\system32\msejabue.exe
c:\windows\system32\msejbua.exe
c:\windows\system32\msejfu.exe
c:\windows\system32\msejmh.exe
c:\windows\system32\msejrs.exe
c:\windows\system32\msejtof.exe
c:\windows\system32\msejvc.exe
c:\windows\system32\msekf.exe
c:\windows\system32\msekpc.exe
c:\windows\system32\msekple.exe
c:\windows\system32\mseksbek.exe
c:\windows\system32\msekul.exe
c:\windows\system32\mselsola.exe
c:\windows\system32\msemofao.exe
c:\windows\system32\msemq.exe
c:\windows\system32\mseolf.exe
c:\windows\system32\mseopsr.exe
c:\windows\system32\msepim.exe
c:\windows\system32\msepjp.exe
c:\windows\system32\msepmdk.exe
c:\windows\system32\msepp.exe
c:\windows\system32\mseprbw.exe
c:\windows\system32\mseqxctl.exe
c:\windows\system32\mseqyklr.exe
c:\windows\system32\msercqo.exe
c:\windows\system32\mserk.exe
c:\windows\system32\mserni.exe
c:\windows\system32\mserxvn.exe
c:\windows\system32\mseshk.exe
c:\windows\system32\msetdm.exe
c:\windows\system32\msetho.exe
c:\windows\system32\msetixoy.exe
c:\windows\system32\msetz.exe
c:\windows\system32\mseud.exe
c:\windows\system32\mseugil.exe
c:\windows\system32\mseuksbe.exe
c:\windows\system32\mseultyb.exe
c:\windows\system32\mseuxuqz.exe
c:\windows\system32\msevj.exe
c:\windows\system32\msevzed.exe
c:\windows\system32\msewaley.exe
c:\windows\system32\msewl.exe
c:\windows\system32\msewmr.exe
c:\windows\system32\msewo.exe
c:\windows\system32\msexq.exe
c:\windows\system32\msexqg.exe
c:\windows\system32\msexsd.exe
c:\windows\system32\msexxv.exe
c:\windows\system32\mseyhiaz.exe
c:\windows\system32\mseyw.exe
c:\windows\system32\msezga.exe
c:\windows\system32\msezumh.exe
c:\windows\system32\msfahq.exe
c:\windows\system32\msfata.exe
c:\windows\system32\msfbklw.exe
c:\windows\system32\msfbkmss.exe
c:\windows\system32\msfclpu.exe
c:\windows\system32\msfcyxu.exe
c:\windows\system32\msfdebk.exe
c:\windows\system32\msfdpk.exe
c:\windows\system32\msfdr.exe
c:\windows\system32\msfdrd.exe
c:\windows\system32\msfdzdoy.exe
c:\windows\system32\msfeaq.exe
c:\windows\system32\msfed.exe
c:\windows\system32\msfey.exe
c:\windows\system32\msffh.exe
c:\windows\system32\msfgi.exe
c:\windows\system32\msfgpr.exe
c:\windows\system32\msfimix.exe
c:\windows\system32\msfixc.exe
c:\windows\system32\msfkk.exe
c:\windows\system32\msfldovl.exe
c:\windows\system32\msflzue.exe
c:\windows\system32\msfmk.exe
c:\windows\system32\msfmx.exe
c:\windows\system32\msfnjkp.exe
c:\windows\system32\msfnmtje.exe
c:\windows\system32\msfnwoji.exe
c:\windows\system32\msfocpv.exe
c:\windows\system32\msfopf.exe
c:\windows\system32\msfopq.exe
c:\windows\system32\msfos.exe
c:\windows\system32\msfosuzs.exe
c:\windows\system32\msfqq.exe
c:\windows\system32\msfqrjtn.exe
c:\windows\system32\msfqwgtm.exe
c:\windows\system32\msfsmqp.exe
c:\windows\system32\msfsunl.exe
c:\windows\system32\msfsxdlx.exe
c:\windows\system32\msfteiqp.exe
c:\windows\system32\msftls.exe
c:\windows\system32\msfuefaz.exe
c:\windows\system32\msfuvlqh.exe
c:\windows\system32\msfvt.exe
c:\windows\system32\msfvwwju.exe
c:\windows\system32\msfwd.exe
c:\windows\system32\msfwfc.exe
c:\windows\system32\msfwp.exe
c:\windows\system32\msfwtu.exe
c:\windows\system32\msfxd.exe
c:\windows\system32\msfxktz.exe
c:\windows\system32\msfxnk.exe
c:\windows\system32\msfxoud.exe
c:\windows\system32\msfyf.exe
c:\windows\system32\msfyor.exe
c:\windows\system32\msfyzwcy.exe
c:\windows\system32\msfzpl.exe
c:\windows\system32\msfzsg.exe
c:\windows\system32\msfztet.exe
c:\windows\system32\msfzzs.exe
c:\windows\system32\msgaiekk.exe
c:\windows\system32\msgbxlu.exe
c:\windows\system32\msgcbsm.exe
c:\windows\system32\msgccen.exe
c:\windows\system32\msgckhuo.exe
c:\windows\system32\msgdnjb.exe
c:\windows\system32\msgdrnz.exe
c:\windows\system32\msgdxxon.exe
c:\windows\system32\msgefptj.exe
c:\windows\system32\msgegizk.exe
c:\windows\system32\msgfwow.exe
c:\windows\system32\msgfxgp.exe
c:\windows\system32\msgfyquu.exe
c:\windows\system32\msgfzf.exe
c:\windows\system32\msggjhn.exe
c:\windows\system32\msggrm.exe
c:\windows\system32\msggylh.exe
c:\windows\system32\msghjko.exe
c:\windows\system32\msghk.exe
c:\windows\system32\msghros.exe
c:\windows\system32\msghtzye.exe
c:\windows\system32\msgibcot.exe
c:\windows\system32\msgis.exe
c:\windows\system32\msgjhg.exe
c:\windows\system32\msgkrfng.exe
c:\windows\system32\msgkyhlu.exe
c:\windows\system32\msglm.exe
c:\windows\system32\msglq.exe
c:\windows\system32\msgmecx.exe
c:\windows\system32\msgncxb.exe
c:\windows\system32\msgnfh.exe
c:\windows\system32\msgnlt.exe
c:\windows\system32\msgnnds.exe
c:\windows\system32\msgntz.exe
c:\windows\system32\msgob.exe
c:\windows\system32\msgoy.exe
c:\windows\system32\msgozf.exe
c:\windows\system32\msgozmjt.exe
c:\windows\system32\msgpr.exe
c:\windows\system32\msgqq.exe
c:\windows\system32\msgraw.exe
c:\windows\system32\msgred.exe
c:\windows\system32\msgrhzw.exe
c:\windows\system32\msgsay.exe
c:\windows\system32\msgsdgy.exe
c:\windows\system32\msgsfa.exe
c:\windows\system32\msgtok.exe
c:\windows\system32\msgtqrm.exe
c:\windows\system32\msgtvot.exe
c:\windows\system32\msgubvbm.exe
c:\windows\system32\msguikm.exe
c:\windows\system32\msgurs.exe
c:\windows\system32\msgvoore.exe
c:\windows\system32\msgvp.exe
c:\windows\system32\msgvvtk.exe
c:\windows\system32\msgwho.exe
c:\windows\system32\msgwj.exe
c:\windows\system32\msgwo.exe
c:\windows\system32\msgwsedt.exe
c:\windows\system32\msgxcxkp.exe
c:\windows\system32\msgxm.exe
c:\windows\system32\msgxskh.exe
c:\windows\system32\msgygk.exe
c:\windows\system32\msgyq.exe
c:\windows\system32\msgyqb.exe
c:\windows\system32\msgyrg.exe
c:\windows\system32\msgyrr.exe
c:\windows\system32\msgyrtm.exe
c:\windows\system32\msgytmzy.exe
c:\windows\system32\msgzh.exe
c:\windows\system32\msgzinbg.exe
c:\windows\system32\msgzlj.exe
c:\windows\system32\msgzp.exe
c:\windows\system32\mshagjf.exe
c:\windows\system32\mshagrw.exe
c:\windows\system32\mshbrs.exe
c:\windows\system32\mshbu.exe
c:\windows\system32\mshbvsd.exe
c:\windows\system32\mshecx.exe
c:\windows\system32\mshevsp.exe
c:\windows\system32\mshezw.exe
c:\windows\system32\mshfanu.exe
c:\windows\system32\mshflcp.exe
c:\windows\system32\mshfohv.exe
c:\windows\system32\mshgixuk.exe
c:\windows\system32\mshgnuvi.exe
c:\windows\system32\mshgo.exe
c:\windows\system32\mshhequz.exe
c:\windows\system32\mshhfoai.exe
c:\windows\system32\mshhgi.exe
c:\windows\system32\mshhiq.exe
c:\windows\system32\mshhvhw.exe
c:\windows\system32\mshik.exe
c:\windows\system32\mshiypb.exe
c:\windows\system32\mshjhq.exe
c:\windows\system32\mshjjra.exe
c:\windows\system32\mshjwvj.exe
c:\windows\system32\mshkcdg.exe
c:\windows\system32\mshke.exe
c:\windows\system32\mshkpc.exe
c:\windows\system32\mshlcaa.exe
c:\windows\system32\mshli.exe
c:\windows\system32\mshmapz.exe
c:\windows\system32\mshmayk.exe
c:\windows\system32\mshmccnd.exe
c:\windows\system32\mshmghxy.exe
c:\windows\system32\mshnewr.exe
c:\windows\system32\mshnfpzn.exe
c:\windows\system32\mshnhlv.exe
c:\windows\system32\mshnqxq.exe
c:\windows\system32\mshny.exe
c:\windows\system32\mshnyvn.exe
c:\windows\system32\mshnzjl.exe
c:\windows\system32\mshohmfy.exe
c:\windows\system32\mshos.exe
c:\windows\system32\mshoxe.exe
c:\windows\system32\mshpbr.exe
c:\windows\system32\mshpgkp.exe
c:\windows\system32\mshphdv.exe
c:\windows\system32\mshplfxc.exe
c:\windows\system32\mshpxjh.exe
c:\windows\system32\mshrm.exe
c:\windows\system32\mshrxtte.exe
c:\windows\system32\mshrylzg.exe
c:\windows\system32\mshtn.exe
c:\windows\system32\mshtr.exe
c:\windows\system32\mshugrg.exe
c:\windows\system32\mshutet.exe
c:\windows\system32\mshuzyi.exe
c:\windows\system32\mshwlupz.exe
c:\windows\system32\mshxklr.exe
c:\windows\system32\mshxq.exe
c:\windows\system32\mshxz.exe
c:\windows\system32\mshymhr.exe
c:\windows\system32\mshynq.exe
c:\windows\system32\mshyou.exe
c:\windows\system32\mshyye.exe
c:\windows\system32\mshzoo.exe
c:\windows\system32\mshzsn.exe
c:\windows\system32\mshzwll.exe
c:\windows\system32\msibbiup.exe
c:\windows\system32\msibeh.exe
c:\windows\system32\msibixtr.exe
c:\windows\system32\msibuz.exe
c:\windows\system32\msicoa.exe
c:\windows\system32\msictl.exe
c:\windows\system32\msida.exe
c:\windows\system32\msidowhg.exe
c:\windows\system32\msiegppg.exe
c:\windows\system32\msiekgc.exe
c:\windows\system32\msienmv.exe
c:\windows\system32\msieqzp.exe
c:\windows\system32\msieu.exe
c:\windows\system32\msiez.exe
c:\windows\system32\msifhnfe.exe
c:\windows\system32\msifjc.exe
c:\windows\system32\msiflqe.exe
c:\windows\system32\msigbt.exe
c:\windows\system32\msigoo.exe
c:\windows\system32\msihrpr.exe
c:\windows\system32\msiiy.exe
c:\windows\system32\msijcykf.exe
c:\windows\system32\msijhh.exe
c:\windows\system32\msijhiu.exe
c:\windows\system32\msijn.exe
c:\windows\system32\msijnsey.exe
c:\windows\system32\msikfn.exe
c:\windows\system32\msilah.exe
c:\windows\system32\msilnpf.exe
c:\windows\system32\msilx.exe
c:\windows\system32\msilypyx.exe
c:\windows\system32\msimsrsh.exe
c:\windows\system32\msiniyig.exe
c:\windows\system32\msinwdm.exe
c:\windows\system32\msioxdb.exe
c:\windows\system32\msipc.exe
c:\windows\system32\msiph.exe
c:\windows\system32\msipyh.exe
c:\windows\system32\msiqoud.exe
c:\windows\system32\msiqu.exe
c:\windows\system32\msirl.exe
c:\windows\system32\msirmfp.exe
c:\windows\system32\msirnxmi.exe
c:\windows\system32\msisca.exe
c:\windows\system32\msiskl.exe
c:\windows\system32\msiskqc.exe
c:\windows\system32\msissiut.exe
c:\windows\system32\msitd.exe
c:\windows\system32\msitdtrw.exe
c:\windows\system32\msitesv.exe
c:\windows\system32\msitf.exe
c:\windows\system32\msitluv.exe
c:\windows\system32\msitpmt.exe
c:\windows\system32\msittrat.exe
c:\windows\system32\msiusvy.exe
c:\windows\system32\msiuwbzv.exe
c:\windows\system32\msiwnjh.exe
c:\windows\system32\msiwp.exe
c:\windows\system32\msixc.exe
c:\windows\system32\msixogad.exe
c:\windows\system32\msiydab.exe
c:\windows\system32\msiysj.exe
c:\windows\system32\msiyvx.exe
c:\windows\system32\msizgi.exe
c:\windows\system32\msizn.exe
c:\windows\system32\msizyu.exe
c:\windows\system32\msjaat.exe
c:\windows\system32\msjad.exe
c:\windows\system32\msjahl.exe
c:\windows\system32\msjan.exe
c:\windows\system32\msjbazw.exe
c:\windows\system32\msjbe.exe
c:\windows\system32\msjbjyng.exe
c:\windows\system32\msjcs.exe
c:\windows\system32\msjcses.exe
c:\windows\system32\msjdr.exe
c:\windows\system32\msjeaek.exe
c:\windows\system32\msjefmg.exe
c:\windows\system32\msjewht.exe
c:\windows\system32\msjfeboi.exe
c:\windows\system32\msjfyfr.exe
c:\windows\system32\msjgbmjw.exe
c:\windows\system32\msjgdl.exe
c:\windows\system32\msjgut.exe
c:\windows\system32\msjgv.exe
c:\windows\system32\msjho.exe
c:\windows\system32\msjholxl.exe
c:\windows\system32\msjhrq.exe
c:\windows\system32\msjhszqv.exe
c:\windows\system32\msjihjg.exe
c:\windows\system32\msjiqgd.exe
c:\windows\system32\msjjfri.exe
c:\windows\system32\msjjjuw.exe
c:\windows\system32\msjjn.exe
c:\windows\system32\msjkgjx.exe
c:\windows\system32\msjkhnq.exe
c:\windows\system32\msjkix.exe
c:\windows\system32\msjkjw.exe
c:\windows\system32\msjlx.exe
c:\windows\system32\msjmd.exe
c:\windows\system32\msjmiv.exe
c:\windows\system32\msjmn.exe
c:\windows\system32\msjmrqnz.exe
c:\windows\system32\msjnggo.exe
c:\windows\system32\msjnjqfj.exe
c:\windows\system32\msjnpca.exe
c:\windows\system32\msjny.exe
c:\windows\system32\msjodo.exe
c:\windows\system32\msjonbu.exe
c:\windows\system32\msjotnad.exe
c:\windows\system32\msjoull.exe
c:\windows\system32\msjove.exe
c:\windows\system32\msjozgs.exe
c:\windows\system32\msjpnrm.exe
c:\windows\system32\msjprw.exe
c:\windows\system32\msjpsih.exe
c:\windows\system32\msjpua.exe
c:\windows\system32\msjqh.exe
c:\windows\system32\msjqjgig.exe
c:\windows\system32\msjrdg.exe
c:\windows\system32\msjsdu.exe
c:\windows\system32\msjspd.exe
c:\windows\system32\msjsx.exe
c:\windows\system32\msjsy.exe
c:\windows\system32\msjukoe.exe
c:\windows\system32\msjuvc.exe
c:\windows\system32\msjve.exe
c:\windows\system32\msjvg.exe
c:\windows\system32\msjvjl.exe
c:\windows\system32\msjvl.exe
c:\windows\system32\msjvtmkh.exe
c:\windows\system32\msjwdqbf.exe
c:\windows\system32\msjwfe.exe
c:\windows\system32\msjxcwme.exe
c:\windows\system32\msjxmvkt.exe
c:\windows\system32\msjxsfsf.exe
c:\windows\system32\msjxvu.exe
c:\windows\system32\msjyli.exe
c:\windows\system32\msjymm.exe
c:\windows\system32\msjzakhd.exe
c:\windows\system32\msjzhr.exe
c:\windows\system32\msjzjpt.exe
c:\windows\system32\mskas.exe
c:\windows\system32\mskaymv.exe
c:\windows\system32\mskbljpg.exe
c:\windows\system32\mskda.exe
c:\windows\system32\mskddlx.exe
c:\windows\system32\mskdkt.exe
c:\windows\system32\mskdxj.exe
c:\windows\system32\mskdyh.exe
c:\windows\system32\mskeaf.exe
c:\windows\system32\mskejjzu.exe
c:\windows\system32\mskewjvk.exe
c:\windows\system32\mskfmqnc.exe
c:\windows\system32\mskgam.exe
c:\windows\system32\mskgfctm.exe
c:\windows\system32\mskgiykl.exe
c:\windows\system32\mskgkn.exe
c:\windows\system32\mskhb.exe
c:\windows\system32\mskhcb.exe
c:\windows\system32\mskhf.exe
c:\windows\system32\mskhfcao.exe
c:\windows\system32\mskia.exe
c:\windows\system32\mskiddi.exe
c:\windows\system32\mskjdbj.exe
c:\windows\system32\mskjwz.exe
c:\windows\system32\mskkd.exe
c:\windows\system32\mskkdx.exe
c:\windows\system32\mskkinam.exe
c:\windows\system32\mskljlzf.exe
c:\windows\system32\mskluyj.exe
c:\windows\system32\msklva.exe
c:\windows\system32\mskmce.exe
c:\windows\system32\mskme.exe
c:\windows\system32\mskmf.exe
c:\windows\system32\mskmnx.exe
c:\windows\system32\mskndrf.exe
c:\windows\system32\msknkpgr.exe
c:\windows\system32\msknnefm.exe
c:\windows\system32\mskns.exe
c:\windows\system32\msknxyd.exe
c:\windows\system32\mskoqwjc.exe
c:\windows\system32\mskphgea.exe
c:\windows\system32\mskphjpz.exe
c:\windows\system32\mskqamf.exe
c:\windows\system32\mskqidr.exe
c:\windows\system32\mskqjp.exe
c:\windows\system32\mskqljx.exe
c:\windows\system32\mskqmfjk.exe
c:\windows\system32\mskqxcq.exe
c:\windows\system32\mskrgngb.exe
c:\windows\system32\mskrky.exe
c:\windows\system32\mskrmd.exe
c:\windows\system32\mskrvd.exe
c:\windows\system32\mskrzipa.exe
c:\windows\system32\msksmx.exe
c:\windows\system32\msksncgh.exe
c:\windows\system32\mskszfyk.exe
c:\windows\system32\msktgvv.exe
c:\windows\system32\msktm.exe
c:\windows\system32\mskto.exe
c:\windows\system32\msktvhg.exe
c:\windows\system32\mskukp.exe
c:\windows\system32\mskvd.exe
c:\windows\system32\mskvs.exe
c:\windows\system32\mskwevxi.exe
c:\windows\system32\mskxj.exe
c:\windows\system32\mskyao.exe
c:\windows\system32\mskyhdt.exe
c:\windows\system32\mskyq.exe
c:\windows\system32\mskyw.exe
c:\windows\system32\mskzf.exe
c:\windows\system32\mskzgurh.exe
c:\windows\system32\mslbiplt.exe
c:\windows\system32\mslbp.exe
c:\windows\system32\mslcfmt.exe
c:\windows\system32\mslcijvt.exe
c:\windows\system32\mslcj.exe
c:\windows\system32\mslclxpd.exe
c:\windows\system32\mslcwerk.exe
c:\windows\system32\msldegi.exe
c:\windows\system32\mslemiv.exe
c:\windows\system32\mslenaj.exe
c:\windows\system32\msleos.exe
c:\windows\system32\mslepqfa.exe
c:\windows\system32\mslgk.exe
c:\windows\system32\mslgxtag.exe
c:\windows\system32\mslhflmx.exe
c:\windows\system32\mslhgibx.exe
c:\windows\system32\mslhxqz.exe
c:\windows\system32\mslie.exe
c:\windows\system32\mslio.exe
c:\windows\system32\mslipajv.exe
c:\windows\system32\msljkap.exe
c:\windows\system32\msljzc.exe
c:\windows\system32\msllaor.exe
c:\windows\system32\msllc.exe
c:\windows\system32\mslldin.exe
c:\windows\system32\mslll.exe
c:\windows\system32\msllptlf.exe
c:\windows\system32\msllvmc.exe
c:\windows\system32\msllz.exe
c:\windows\system32\mslmhmtf.exe
c:\windows\system32\mslmj.exe
c:\windows\system32\mslmon.exe
c:\windows\system32\mslmxlwj.exe
c:\windows\system32\mslnvx.exe
c:\windows\system32\mslohfn.exe
c:\windows\system32\mslovjvn.exe
c:\windows\system32\mslpfvqk.exe
c:\windows\system32\mslpvvp.exe
c:\windows\system32\mslpxk.exe
c:\windows\system32\mslrbsoy.exe
c:\windows\system32\mslrro.exe
c:\windows\system32\mslsbgbv.exe
c:\windows\system32\mslsit.exe
c:\windows\system32\mslsitpw.exe
c:\windows\system32\mslskp.exe
c:\windows\system32\mslsn.exe
c:\windows\system32\msltaae.exe
c:\windows\system32\msltcxxv.exe
c:\windows\system32\msltf.exe
c:\windows\system32\msltpj.exe
c:\windows\system32\msluar.exe
c:\windows\system32\mslutgj.exe
c:\windows\system32\msluw.exe
c:\windows\system32\mslvqdrb.exe
c:\windows\system32\mslvspd.exe
c:\windows\system32\mslxl.exe
c:\windows\system32\mslxo.exe
c:\windows\system32\mslyjl.exe
c:\windows\system32\mslytabk.exe
c:\windows\system32\mslyzvm.exe
c:\windows\system32\mslzaix.exe
c:\windows\system32\mslzaz.exe
c:\windows\system32\mslzhvs.exe
c:\windows\system32\mslzt.exe
c:\windows\system32\mslzuvg.exe
c:\windows\system32\msmabc.exe
c:\windows\system32\msmactd.exe
c:\windows\system32\msmaebh.exe
c:\windows\system32\msmakn.exe
c:\windows\system32\msmavo.exe
c:\windows\system32\msmbdvp.exe
c:\windows\system32\msmbeych.exe
c:\windows\system32\msmbrsa.exe
c:\windows\system32\msmbu.exe
c:\windows\system32\msmcndqc.exe
c:\windows\system32\msmcp.exe
c:\windows\system32\msmcy.exe
c:\windows\system32\msmdclcp.exe
c:\windows\system32\msmdfv.exe
c:\windows\system32\msmdi.exe
c:\windows\system32\msmdouq.exe
c:\windows\system32\msmed.exe
c:\windows\system32\msmeysr.exe
c:\windows\system32\msmfd.exe
c:\windows\system32\msmfidg.exe
c:\windows\system32\msmfmu.exe
c:\windows\system32\msmfs.exe
c:\windows\system32\msmfwby.exe
c:\windows\system32\msmgmw.exe
c:\windows\system32\msmgos.exe
c:\windows\system32\msmgvaoa.exe
c:\windows\system32\msmhp.exe
c:\windows\system32\msmifh.exe
c:\windows\system32\msmihi.exe
c:\windows\system32\msmimy.exe
c:\windows\system32\msmio.exe
c:\windows\system32\msmiqtah.exe
c:\windows\system32\msmis.exe
c:\windows\system32\msmkmlzj.exe
c:\windows\system32\msmkp.exe
c:\windows\system32\msmkrmgp.exe
c:\windows\system32\msmlj.exe
c:\windows\system32\msmlpi.exe
c:\windows\system32\msmmhjmd.exe
c:\windows\system32\msmmjdc.exe
c:\windows\system32\msmncmj.exe
c:\windows\system32\msmnep.exe
c:\windows\system32\msmobim.exe
c:\windows\system32\msmovca.exe
c:\windows\system32\msmoyyuy.exe
c:\windows\system32\msmqg.exe
c:\windows\system32\msmqjgln.exe
c:\windows\system32\msmqogr.exe
c:\windows\system32\msmqz.exe
c:\windows\system32\msmrgxq.exe
c:\windows\system32\msmrv.exe
c:\windows\system32\msmtc.exe
c:\windows\system32\msmtta.exe
c:\windows\system32\msmuhxfk.exe
c:\windows\system32\msmuwb.exe
c:\windows\system32\msmux.exe
c:\windows\system32\msmuxnxk.exe
c:\windows\system32\msmvh.exe
c:\windows\system32\msmvj.exe
c:\windows\system32\msmwby.exe
c:\windows\system32\msmwfhso.exe
c:\windows\system32\msmynfo.exe
c:\windows\system32\msmyoevd.exe
c:\windows\system32\msmzara.exe
c:\windows\system32\msmzfb.exe
c:\windows\system32\msmzg.exe
c:\windows\system32\msmzn.exe
c:\windows\system32\msmzvob.exe
c:\windows\system32\msnarlq.exe
c:\windows\system32\msnawuou.exe
c:\windows\system32\msnbftqz.exe
c:\windows\system32\msnbsur.exe
c:\windows\system32\msncecwg.exe
c:\windows\system32\msncfvv.exe
c:\windows\system32\msnday.exe
c:\windows\system32\msndfsw.exe
c:\windows\system32\msnewr.exe
c:\windows\system32\msnfo.exe
c:\windows\system32\msnfqnmv.exe
c:\windows\system32\msnfrz.exe
c:\windows\system32\msnfs.exe
c:\windows\system32\msngko.exe
c:\windows\system32\msngnpm.exe
c:\windows\system32\msngnxx.exe
c:\windows\system32\msnhaq.exe
c:\windows\system32\msnhlnb.exe
c:\windows\system32\msnidy.exe
c:\windows\system32\msniimfg.exe
c:\windows\system32\msnip.exe
c:\windows\system32\msnjj.exe
c:\windows\system32\msnjrto.exe
c:\windows\system32\msnjxrdq.exe
c:\windows\system32\msnkb.exe
c:\windows\system32\msnkj.exe
c:\windows\system32\msnkmjy.exe
c:\windows\system32\msnlaux.exe
c:\windows\system32\msnlj.exe
c:\windows\system32\msnlys.exe
c:\windows\system32\msnmc.exe
c:\windows\system32\msnmi.exe
c:\windows\system32\msnnr.exe
c:\windows\system32\msnoa.exe
c:\windows\system32\msnocea.exe
c:\windows\system32\msnowqo.exe
c:\windows\system32\msnpg.exe
c:\windows\system32\msnpk.exe
c:\windows\system32\msnqcluf.exe
c:\windows\system32\msnqyq.exe
c:\windows\system32\msnraif.exe
c:\windows\system32\msnrbg.exe
c:\windows\system32\msnrr.exe
c:\windows\system32\msnryp.exe
c:\windows\system32\msnse.exe
c:\windows\system32\msntekmk.exe
c:\windows\system32\msntm.exe
c:\windows\system32\msntmp.exe
c:\windows\system32\msnuaz.exe
c:\windows\system32\msnuezh.exe
c:\windows\system32\msnvuqew.exe
c:\windows\system32\msnwig.exe
c:\windows\system32\msnwj.exe
c:\windows\system32\msnww.exe
c:\windows\system32\msnxfat.exe
c:\windows\system32\msnxfo.exe
c:\windows\system32\msnxmljh.exe
c:\windows\system32\msnxo.exe
c:\windows\system32\msnyjvjj.exe
c:\windows\system32\msnyzjf.exe
c:\windows\system32\msnzm.exe
c:\windows\system32\msnzob.exe
c:\windows\system32\msnzwhxv.exe
c:\windows\system32\msoakfoc.exe
c:\windows\system32\msoba.exe
c:\windows\system32\msobiw.exe
c:\windows\system32\msobjtlu.exe
c:\windows\system32\msobmukq.exe
c:\windows\system32\msobzyd.exe
c:\windows\system32\msoccb.exe
c:\windows\system32\msocn.exe
c:\windows\system32\msocv.exe
c:\windows\system32\msocxxm.exe
c:\windows\system32\msoda.exe
c:\windows\system32\msoelxu.exe
c:\windows\system32\msoenrn.exe
c:\windows\system32\msoerihk.exe
c:\windows\system32\msofml.exe
c:\windows\system32\msofpwj.exe
c:\windows\system32\msogyi.exe
c:\windows\system32\msohfjw.exe
c:\windows\system32\msohmof.exe
c:\windows\system32\msohomb.exe
c:\windows\system32\msohu.exe
c:\windows\system32\msohx.exe
c:\windows\system32\msohzjeo.exe
c:\windows\system32\msoisuk.exe
c:\windows\system32\msojit.exe
c:\windows\system32\msojiv.exe
c:\windows\system32\msojizo.exe
c:\windows\system32\msokal.exe
c:\windows\system32\msokfg.exe
c:\windows\system32\msokn.exe
c:\windows\system32\msokuxbl.exe
c:\windows\system32\msolvbyp.exe
c:\windows\system32\msomd.exe
c:\windows\system32\msomvs.exe
c:\windows\system32\msonjprk.exe
c:\windows\system32\msonnq.exe
c:\windows\system32\msoofy.exe
c:\windows\system32\msoox.exe
c:\windows\system32\msopd.exe
c:\windows\system32\msopgjjj.exe
c:\windows\system32\msoqogy.exe
c:\windows\system32\msormi.exe
c:\windows\system32\msorsx.exe
c:\windows\system32\msory.exe
c:\windows\system32\msouxzo.exe
c:\windows\system32\msove.exe
c:\windows\system32\msovjpf.exe
c:\windows\system32\msowgmv.exe
c:\windows\system32\msoxfxxb.exe
c:\windows\system32\msoxmim.exe
c:\windows\system32\msoyynf.exe
c:\windows\system32\msozgbhe.exe
c:\windows\system32\msozh.exe
c:\windows\system32\msozjfbb.exe
c:\windows\system32\mspaopa.exe
c:\windows\system32\mspazdqx.exe
c:\windows\system32\mspbq.exe
c:\windows\system32\mspcklvr.exe
c:\windows\system32\mspcmmab.exe
c:\windows\system32\mspctys.exe
c:\windows\system32\mspdlih.exe
c:\windows\system32\mspdoqf.exe
c:\windows\system32\mspdq.exe
c:\windows\system32\mspdstvw.exe
c:\windows\system32\mspecbvn.exe
c:\windows\system32\mspek.exe
c:\windows\system32\mspepf.exe
c:\windows\system32\mspfikf.exe
c:\windows\system32\mspfk.exe
c:\windows\system32\mspgqty.exe
c:\windows\system32\mspgvyx.exe
c:\windows\system32\msphfmwn.exe
c:\windows\system32\mspifu.exe
c:\windows\system32\mspiip.exe
c:\windows\system32\mspinh.exe
c:\windows\system32\mspixs.exe
c:\windows\system32\mspjnv.exe
c:\windows\system32\mspjucq.exe
c:\windows\system32\mspjy.exe
c:\windows\system32\mspjzcut.exe
c:\windows\system32\mspkolaz.exe
c:\windows\system32\mspliol.exe
c:\windows\system32\mspllb.exe
c:\windows\system32\mspmhny.exe
c:\windows\system32\mspmwjyd.exe
c:\windows\system32\mspna.exe
c:\windows\system32\mspnbh.exe
c:\windows\system32\mspntchu.exe
c:\windows\system32\mspnzmgd.exe
c:\windows\system32\mspod.exe
c:\windows\system32\msponfo.exe
c:\windows\system32\msppevc.exe
c:\windows\system32\msppueza.exe
c:\windows\system32\msppwhoq.exe
c:\windows\system32\mspqbey.exe
c:\windows\system32\mspqjhao.exe
c:\windows\system32\mspqx.exe
c:\windows\system32\msprb.exe
c:\windows\system32\msprei.exe
c:\windows\system32\msprmard.exe
c:\windows\system32\mspsixmu.exe
c:\windows\system32\mspsptl.exe
c:\windows\system32\mspswrie.exe
c:\windows\system32\mspth.exe
c:\windows\system32\mspttzkc.exe
c:\windows\system32\mspui.exe
c:\windows\system32\mspunzr.exe
c:\windows\system32\mspuoxu.exe
c:\windows\system32\mspves.exe
c:\windows\system32\mspvwro.exe
c:\windows\system32\mspvy.exe
c:\windows\system32\mspwd.exe
c:\windows\system32\mspxclcb.exe
c:\windows\system32\mspxxwa.exe
c:\windows\system32\mspxz.exe
c:\windows\system32\mspyrsr.exe
c:\windows\system32\mspyth.exe
c:\windows\system32\mspyvqgw.exe
c:\windows\system32\mspyxbs.exe
c:\windows\system32\mspzdc.exe
c:\windows\system32\msqan.exe
c:\windows\system32\msqaolc.exe
c:\windows\system32\msqaq.exe
c:\windows\system32\msqbl.exe
c:\windows\system32\msqbr.exe
c:\windows\system32\msqbuf.exe
c:\windows\system32\msqcdnx.exe
c:\windows\system32\msqcke.exe
c:\windows\system32\msqdia.exe
c:\windows\system32\msqdmpri.exe
c:\windows\system32\msqds.exe
c:\windows\system32\msqepxf.exe
c:\windows\system32\msqevw.exe
c:\windows\system32\msqew.exe
c:\windows\system32\msqezv.exe
c:\windows\system32\msqfa.exe
c:\windows\system32\msqfc.exe
c:\windows\system32\msqflsz.exe
c:\windows\system32\msqgldd.exe
c:\windows\system32\msqgvu.exe
c:\windows\system32\msqgz.exe
c:\windows\system32\msqhad.exe
c:\windows\system32\msqizzu.exe
c:\windows\system32\msqjdp.exe
c:\windows\system32\msqkh.exe
c:\windows\system32\msqkjv.exe
c:\windows\system32\msqkjxjn.exe
c:\windows\system32\msqkp.exe
c:\windows\system32\msqkrm.exe
c:\windows\system32\msqlf.exe
c:\windows\system32\msqlfjyu.exe
c:\windows\system32\msqnc.exe
c:\windows\system32\msqoww.exe
c:\windows\system32\msqpdayp.exe
c:\windows\system32\msqpjici.exe
c:\windows\system32\msqqcf.exe
c:\windows\system32\msqqdss.exe
c:\windows\system32\msqqmjrj.exe
c:\windows\system32\msqqrf.exe
c:\windows\system32\msqqy.exe
c:\windows\system32\msqrdcj.exe
c:\windows\system32\msqrdplp.exe
c:\windows\system32\msqrgne.exe
c:\windows\system32\msqrwdt.exe
c:\windows\system32\msqsqywr.exe
c:\windows\system32\msqsssop.exe
c:\windows\system32\msqtles.exe
c:\windows\system32\msqudk.exe
c:\windows\system32\msquedu.exe
c:\windows\system32\msqueeqy.exe
c:\windows\system32\msqugu.exe
c:\windows\system32\msquh.exe
c:\windows\system32\msquolh.exe
c:\windows\system32\msqvj.exe
c:\windows\system32\msqvrplj.exe
c:\windows\system32\msqvt.exe
c:\windows\system32\msqvuv.exe
c:\windows\system32\msqwj.exe
c:\windows\system32\msqwmn.exe
c:\windows\system32\msqwqa.exe
c:\windows\system32\msqwshf.exe
c:\windows\system32\msqwuxtr.exe
c:\windows\system32\msqxlnk.exe
c:\windows\system32\msqxlvro.exe
c:\windows\system32\msqxpo.exe
c:\windows\system32\msqygslt.exe
c:\windows\system32\msqyhm.exe
c:\windows\system32\msqymby.exe
c:\windows\system32\msqyyoi.exe
c:\windows\system32\msqyzx.exe
c:\windows\system32\msqzn.exe
c:\windows\system32\msqzx.exe
c:\windows\system32\msracq.exe
c:\windows\system32\msrbgi.exe
c:\windows\system32\msrbl.exe
c:\windows\system32\msrbwj.exe
c:\windows\system32\msrcjwr.exe
c:\windows\system32\msrcn.exe
c:\windows\system32\msresry.exe
c:\windows\system32\msrfeggp.exe
c:\windows\system32\msrfky.exe
c:\windows\system32\msrfwvf.exe
c:\windows\system32\msrgv.exe
c:\windows\system32\msrgw.exe
c:\windows\system32\msrgxk.exe
c:\windows\system32\msrib.exe
c:\windows\system32\msrie.exe
c:\windows\system32\msriw.exe
c:\windows\system32\msrjk.exe
c:\windows\system32\msrjl.exe
c:\windows\system32\msrjq.exe
c:\windows\system32\msrkf.exe
c:\windows\system32\msrkiuqp.exe
c:\windows\system32\msrlfx.exe
c:\windows\system32\msrlyogy.exe
c:\windows\system32\msrlzi.exe
c:\windows\system32\msrmnrg.exe
c:\windows\system32\msrmylk.exe
c:\windows\system32\msrnm.exe
c:\windows\system32\msroh.exe
c:\windows\system32\msronr.exe
c:\windows\system32\msrpyc.exe
c:\windows\system32\msrqrth.exe
c:\windows\system32\msrqwxb.exe
c:\windows\system32\msrri.exe
c:\windows\system32\msrrlne.exe
c:\windows\system32\msrrtccy.exe
c:\windows\system32\msrsc.exe
c:\windows\system32\msrtaga.exe
c:\windows\system32\msrtas.exe
c:\windows\system32\msrtn.exe
c:\windows\system32\msrtrukj.exe
c:\windows\system32\msrtwf.exe
c:\windows\system32\msruwba.exe
c:\windows\system32\msrvdfur.exe
c:\windows\system32\msrvhlr.exe
c:\windows\system32\msrvjv.exe
c:\windows\system32\msrvpuz.exe
c:\windows\system32\msrwlhg.exe
c:\windows\system32\msrxenh.exe
c:\windows\system32\msrxrs.exe
c:\windows\system32\msrxxpj.exe
c:\windows\system32\msrxz.exe
c:\windows\system32\msryn.exe
c:\windows\system32\msrzku.exe
c:\windows\system32\msrzpwyp.exe
c:\windows\system32\msrzzqk.exe
c:\windows\system32\mssac.exe
c:\windows\system32\mssae.exe
c:\windows\system32\mssajkkp.exe
c:\windows\system32\mssbdiuv.exe
c:\windows\system32\mssbex.exe
c:\windows\system32\mssbey.exe
c:\windows\system32\mssbljp.exe
c:\windows\system32\mssch.exe
c:\windows\system32\msscqyr.exe
c:\windows\system32\mssctwb.exe
c:\windows\system32\mssdew.exe
c:\windows\system32\mssev.exe
c:\windows\system32\mssffkwn.exe
c:\windows\system32\mssfts.exe
c:\windows\system32\mssftxc.exe
c:\windows\system32\mssfzk.exe
c:\windows\system32\msshe.exe
c:\windows\system32\msshhvok.exe
c:\windows\system32\msshiovn.exe
c:\windows\system32\msshlbt.exe
c:\windows\system32\msshpe.exe
c:\windows\system32\mssia.exe
c:\windows\system32\mssif.exe
c:\windows\system32\mssiqghf.exe
c:\windows\system32\mssjlds.exe
c:\windows\system32\mssjnmi.exe
c:\windows\system32\mssjwzuk.exe
c:\windows\system32\msslbfhd.exe
c:\windows\system32\mssls.exe
c:\windows\system32\mssmtba.exe
c:\windows\system32\mssmvpz.exe
c:\windows\system32\mssnsxa.exe
c:\windows\system32\mssnt.exe
c:\windows\system32\mssnz.exe
c:\windows\system32\mssogqk.exe
c:\windows\system32\mssoly.exe
c:\windows\system32\msspnsi.exe
c:\windows\system32\mssppzp.exe
c:\windows\system32\mssqan.exe
c:\windows\system32\mssqkb.exe
c:\windows\system32\mssql.exe
c:\windows\system32\mssru.exe
c:\windows\system32\mssrv32.exe
c:\windows\system32\mssst.exe
c:\windows\system32\msstkwk.exe
c:\windows\system32\msstodmj.exe
c:\windows\system32\mssui.exe
c:\windows\system32\mssuoblc.exe
c:\windows\system32\mssuxk.exe
c:\windows\system32\mssuyxmn.exe
c:\windows\system32\mssvjsr.exe
c:\windows\system32\msswax.exe
c:\windows\system32\msswd.exe
c:\windows\system32\msswikm.exe
c:\windows\system32\msswjo.exe
c:\windows\system32\msswlo.exe
c:\windows\system32\msswow.exe
c:\windows\system32\msswxfuq.exe
c:\windows\system32\msswxl.exe
c:\windows\system32\mssxggnj.exe
c:\windows\system32\mssxs.exe
c:\windows\system32\mssxv.exe
c:\windows\system32\mssyi.exe
c:\windows\system32\msszxmi.exe
c:\windows\system32\mstax.exe
c:\windows\system32\mstaz.exe
c:\windows\system32\mstbhew.exe
c:\windows\system32\mstblxht.exe
c:\windows\system32\mstbq.exe
c:\windows\system32\mstbxoqf.exe
c:\windows\system32\mstcd.exe
c:\windows\system32\mstcgwuq.exe
c:\windows\system32\mstdf.exe
c:\windows\system32\mstedbl.exe
c:\windows\system32\mstek.exe
c:\windows\system32\mstesum.exe
c:\windows\system32\mstesxl.exe
c:\windows\system32\mstfngw.exe
c:\windows\system32\mstfs.exe
c:\windows\system32\mstfwwe.exe
c:\windows\system32\mstgf.exe
c:\windows\system32\mstggjtr.exe
c:\windows\system32\msthnc.exe
c:\windows\system32\mstib.exe
c:\windows\system32\mstiohj.exe
c:\windows\system32\mstiwz.exe
c:\windows\system32\mstjkxw.exe
c:\windows\system32\mstjuyw.exe
c:\windows\system32\mstjys.exe
c:\windows\system32\mstkl.exe
c:\windows\system32\mstkpdx.exe
c:\windows\system32\mstktom.exe
c:\windows\system32\mstkym.exe
c:\windows\system32\mstlqh.exe
c:\windows\system32\mstltsn.exe
c:\windows\system32\mstmzbe.exe
c:\windows\system32\mstnmsc.exe
c:\windows\system32\mstnpg.exe
c:\windows\system32\mstou.exe
c:\windows\system32\mstoz.exe
c:\windows\system32\mstpfv.exe
c:\windows\system32\mstprdmm.exe
c:\windows\system32\mstqfs.exe
c:\windows\system32\mstqp.exe
c:\windows\system32\mstqykev.exe
c:\windows\system32\mstrmzri.exe
c:\windows\system32\mstrn.exe
c:\windows\system32\mstsayf.exe
c:\windows\system32\mstsehls.exe
c:\windows\system32\mstslzfj.exe
c:\windows\system32\mstsyht.exe
c:\windows\system32\msttrkiy.exe
c:\windows\system32\mstuaed.exe
c:\windows\system32\mstuiyyc.exe
c:\windows\system32\mstuojr.exe
c:\windows\system32\mstuuv.exe
c:\windows\system32\mstuyl.exe
c:\windows\system32\mstvgm.exe
c:\windows\system32\mstvnhiz.exe
c:\windows\system32\mstvsly.exe
c:\windows\system32\mstvss.exe
c:\windows\system32\mstvsxo.exe
c:\windows\system32\mstvyc.exe
c:\windows\system32\mstwo.exe
c:\windows\system32\mstxdvrs.exe
c:\windows\system32\mstxe.exe
c:\windows\system32\mstxefam.exe
c:\windows\system32\mstydco.exe
c:\windows\system32\mstyk.exe
c:\windows\system32\mstyoa.exe
c:\windows\system32\mstyvw.exe
c:\windows\system32\mstzaf.exe
c:\windows\system32\mstzaxn.exe
c:\windows\system32\mstzcstz.exe
c:\windows\system32\mstzdy.exe
c:\windows\system32\mstzgcru.exe
c:\windows\system32\mstznp.exe
c:\windows\system32\mstzzjf.exe
c:\windows\system32\msuape.exe
c:\windows\system32\msubatxr.exe
c:\windows\system32\msubzzyq.exe
c:\windows\system32\msucdtnn.exe
c:\windows\system32\msucr.exe
c:\windows\system32\msucx.exe
c:\windows\system32\msudg.exe
c:\windows\system32\msudo.exe
c:\windows\system32\msueff.exe
c:\windows\system32\msuemfl.exe
c:\windows\system32\msuenes.exe
c:\windows\system32\msueqyv.exe
c:\windows\system32\msuexegq.exe
c:\windows\system32\msufilqo.exe
c:\windows\system32\msufss.exe
c:\windows\system32\msugayqs.exe
c:\windows\system32\msugcj.exe
c:\windows\system32\msugdh.exe
c:\windows\system32\msugsyuj.exe
c:\windows\system32\msuhklt.exe
c:\windows\system32\msuhqjis.exe
c:\windows\system32\msuhqpnd.exe
c:\windows\system32\msuhrm.exe
c:\windows\system32\msuhrmed.exe
c:\windows\system32\msuifhqx.exe
c:\windows\system32\msuik.exe
c:\windows\system32\msuivpb.exe
c:\windows\system32\msuixp.exe
c:\windows\system32\msujeexz.exe
c:\windows\system32\msukam.exe
c:\windows\system32\msukdwvj.exe
c:\windows\system32\msukfrr.exe
c:\windows\system32\msukpro.exe
c:\windows\system32\msulm.exe
c:\windows\system32\msulssxs.exe
c:\windows\system32\msulujqa.exe
c:\windows\system32\msummj.exe
c:\windows\system32\msumntwl.exe
c:\windows\system32\msumtjf.exe
c:\windows\system32\msunfiqh.exe
c:\windows\system32\msunhj.exe
c:\windows\system32\msunhpzk.exe
c:\windows\system32\msunind.exe
c:\windows\system32\msunmsj.exe
c:\windows\system32\msuoft.exe
c:\windows\system32\msupryw.exe
c:\windows\system32\msuqm.exe
c:\windows\system32\msurf.exe
c:\windows\system32\msurme.exe
c:\windows\system32\msusc.exe
c:\windows\system32\msush.exe
c:\windows\system32\msutdti.exe
c:\windows\system32\msuuecif.exe
c:\windows\system32\msuuqrh.exe
c:\windows\system32\msuuropd.exe
c:\windows\system32\msuusb.exe
c:\windows\system32\msuutura.exe
c:\windows\system32\msuuxul.exe
c:\windows\system32\msuvd.exe
c:\windows\system32\msuvjs.exe
c:\windows\system32\msuvn.exe
c:\windows\system32\msuvpcz.exe
c:\windows\system32\msuwr.exe
c:\windows\system32\msuycrvr.exe
c:\windows\system32\msuyij.exe
c:\windows\system32\msuzg.exe
c:\windows\system32\msuzjgvw.exe
c:\windows\system32\msuzl.exe
c:\windows\system32\msuzndp.exe
c:\windows\system32\msuztbdb.exe
c:\windows\system32\msvade.exe
c:\windows\system32\msvaqq.exe
c:\windows\system32\msvautt.exe
c:\windows\system32\msvbcjz.exe
c:\windows\system32\msvbfj.exe
c:\windows\system32\msvbz.exe
c:\windows\system32\msvcsdy.exe
c:\windows\system32\msvdfpr.exe
c:\windows\system32\msvebgii.exe
c:\windows\system32\msveiofx.exe
c:\windows\system32\msvewyxh.exe
c:\windows\system32\msvezdd.exe
c:\windows\system32\msvfsxb.exe
c:\windows\system32\msvgyltp.exe
c:\windows\system32\msvhhhhs.exe
c:\windows\system32\msvhjlhv.exe
c:\windows\system32\msviae.exe
c:\windows\system32\msvib.exe
c:\windows\system32\msviecx.exe
c:\windows\system32\msvijfwn.exe
c:\windows\system32\msvimey.exe
c:\windows\system32\msviz.exe
c:\windows\system32\msvjxnto.exe
c:\windows\system32\msvkl.exe
c:\windows\system32\msvktwp.exe
c:\windows\system32\msvkwrod.exe
c:\windows\system32\msvkxp.exe
c:\windows\system32\msvlgvnr.exe
c:\windows\system32\msvlhejk.exe
c:\windows\system32\msvlptm.exe
c:\windows\system32\msvlqwy.exe
c:\windows\system32\msvmbbj.exe
c:\windows\system32\msvmdm.exe
c:\windows\system32\msvmf.exe
c:\windows\system32\msvmk.exe
c:\windows\system32\msvmz.exe
c:\windows\system32\msvncdut.exe
c:\windows\system32\msvnfmp.exe
c:\windows\system32\msvnxe.exe
c:\windows\system32\msvnz.exe
c:\windows\system32\msvoyqw.exe
c:\windows\system32\msvoznf.exe
c:\windows\system32\msvpbvu.exe
c:\windows\system32\msvpi.exe
c:\windows\system32\msvpzt.exe
c:\windows\system32\msvqbo.exe
c:\windows\system32\msvqg.exe
c:\windows\system32\msvqilm.exe
c:\windows\system32\msvro.exe
c:\windows\system32\msvsbp.exe
c:\windows\system32\msvsli.exe
c:\windows\system32\msvsnms.exe
c:\windows\system32\msvsrt.exe
c:\windows\system32\msvsvvu.exe
c:\windows\system32\msvtmp.exe
c:\windows\system32\msvtp.exe
c:\windows\system32\msvuwwoe.exe
c:\windows\system32\msvuysf.exe
c:\windows\system32\msvvgw.exe
c:\windows\system32\msvvmg.exe
c:\windows\system32\msvvo.exe
c:\windows\system32\msvwnni.exe
c:\windows\system32\msvwxazi.exe
c:\windows\system32\msvwzq.exe
c:\windows\system32\msvxdrd.exe
c:\windows\system32\msvxutd.exe
c:\windows\system32\msvxwa.exe
c:\windows\system32\msvynmb.exe
c:\windows\system32\msvzf.exe
c:\windows\system32\msvzgkmf.exe
c:\windows\system32\msvzsir.exe
c:\windows\system32\mswagwsd.exe
c:\windows\system32\mswakg.exe
c:\windows\system32\mswapgu.exe
c:\windows\system32\mswav.exe
c:\windows\system32\mswbbfh.exe
c:\windows\system32\mswbkry.exe
c:\windows\system32\mswbtr.exe
c:\windows\system32\mswcehw.exe
c:\windows\system32\mswcipw.exe
c:\windows\system32\mswcn.exe
c:\windows\system32\mswdcl.exe
c:\windows\system32\mswdgr.exe
c:\windows\system32\mswdz.exe
c:\windows\system32\msweqyfl.exe
c:\windows\system32\mswgyrq.exe
c:\windows\system32\mswha.exe
c:\windows\system32\mswhca.exe
c:\windows\system32\mswhdj.exe
c:\windows\system32\mswheqo.exe
c:\windows\system32\mswhn.exe
c:\windows\system32\mswiasv.exe
c:\windows\system32\mswinsrl.exe
c:\windows\system32\mswiu.exe
c:\windows\system32\mswjeq.exe
c:\windows\system32\mswjnbu.exe
c:\windows\system32\mswkfd.exe
c:\windows\system32\mswkql.exe
c:\windows\system32\mswku.exe
c:\windows\system32\mswlbjqy.exe
c:\windows\system32\mswlhv.exe
c:\windows\system32\mswlxs.exe
c:\windows\system32\mswnbg.exe
c:\windows\system32\mswnmunv.exe
c:\windows\system32\mswobs.exe
c:\windows\system32\mswoedb.exe
c:\windows\system32\mswokz.exe
c:\windows\system32\mswosh.exe
c:\windows\system32\mswoz.exe
c:\windows\system32\mswpetso.exe
c:\windows\system32\mswpusla.exe
c:\windows\system32\mswpzdz.exe
c:\windows\system32\mswqtyx.exe
c:\windows\system32\mswrf.exe
c:\windows\system32\mswrzub.exe
c:\windows\system32\mswtd.exe
c:\windows\system32\mswtfsd.exe
c:\windows\system32\mswtiw.exe
c:\windows\system32\mswtkgcm.exe
c:\windows\system32\mswtla.exe
c:\windows\system32\mswtlf.exe
c:\windows\system32\mswuzkf.exe
c:\windows\system32\mswvp.exe
c:\windows\system32\mswwm.exe
c:\windows\system32\mswxan.exe
c:\windows\system32\mswxfhii.exe
c:\windows\system32\mswyeugn.exe
c:\windows\system32\mswyrxim.exe
c:\windows\system32\mswyva.exe
c:\windows\system32\mswzfs.exe
c:\windows\system32\mswzif.exe
c:\windows\system32\mswzvi.exe
c:\windows\system32\mswzxvvh.exe
c:\windows\system32\msxaytc.exe
c:\windows\system32\msxdnioq.exe
c:\windows\system32\msxdtzik.exe
c:\windows\system32\msxdxb.exe
c:\windows\system32\msxeiqk.exe
c:\windows\system32\msxelwzt.exe
c:\windows\system32\msxes.exe
c:\windows\system32\msxfbh.exe
c:\windows\system32\msxgh.exe
c:\windows\system32\msxha.exe
c:\windows\system32\msxhm.exe
c:\windows\system32\msxier.exe
c:\windows\system32\msxiq.exe
c:\windows\system32\msxjvb.exe
c:\windows\system32\msxkjaur.exe
c:\windows\system32\msxkwkwk.exe
c:\windows\system32\msxldg.exe
c:\windows\system32\msxlzlnw.exe
c:\windows\system32\msxml71.dll
c:\windows\system32\msxmr.exe
c:\windows\system32\msxmvy.exe
c:\windows\system32\msxnf.exe
c:\windows\system32\msxnh.exe
c:\windows\system32\msxnjeu.exe
c:\windows\system32\msxnpfy.exe
c:\windows\system32\msxoe.exe
c:\windows\system32\msxofel.exe
c:\windows\system32\msxoq.exe
c:\windows\system32\msxpbuow.exe
c:\windows\system32\msxpzq.exe
c:\windows\system32\msxpzqs.exe
c:\windows\system32\msxqnk.exe
c:\windows\system32\msxqogew.exe
c:\windows\system32\msxqxkz.exe
c:\windows\system32\msxrk.exe
c:\windows\system32\msxrulbe.exe
c:\windows\system32\msxshhw.exe
c:\windows\system32\msxsqav.exe
c:\windows\system32\msxsvk.exe
c:\windows\system32\msxsx.exe
c:\windows\system32\msxtim.exe
c:\windows\system32\msxtzc.exe
c:\windows\system32\msxtzmn.exe
c:\windows\system32\msxue.exe
c:\windows\system32\msxvinw.exe
c:\windows\system32\msxwhk.exe
c:\windows\system32\msxwhxpf.exe
c:\windows\system32\msxwndz.exe
c:\windows\system32\msxwtmmm.exe
c:\windows\system32\msxyj.exe
c:\windows\system32\msxyt.exe
c:\windows\system32\msxyxlng.exe
c:\windows\system32\msxzbs.exe
c:\windows\system32\msxzcjh.exe
c:\windows\system32\msxzcm.exe
c:\windows\system32\msxzm.exe
c:\windows\system32\msxzpbq.exe
c:\windows\system32\msxzws.exe
c:\windows\system32\msyanu.exe
c:\windows\system32\msybf.exe
c:\windows\system32\msybfj.exe
c:\windows\system32\msybiwlo.exe
c:\windows\system32\msydetwh.exe
c:\windows\system32\msydk.exe
c:\windows\system32\msydx.exe
c:\windows\system32\msyej.exe
c:\windows\system32\msyemce.exe
c:\windows\system32\msyfcugh.exe
c:\windows\system32\msyfmna.exe
c:\windows\system32\msyfpjl.exe
c:\windows\system32\msyfwaey.exe
c:\windows\system32\msygj.exe
c:\windows\system32\msygstgf.exe
c:\windows\system32\msygucf.exe
c:\windows\system32\msyhn.exe
c:\windows\system32\msyie.exe
c:\windows\system32\msyipor.exe
c:\windows\system32\msyje.exe
c:\windows\system32\msyjidlg.exe
c:\windows\system32\msyjv.exe
c:\windows\system32\msyknilm.exe
c:\windows\system32\msykuxp.exe
c:\windows\system32\msykye.exe
c:\windows\system32\msylfe.exe
c:\windows\system32\msyll.exe
c:\windows\system32\msylu.exe
c:\windows\system32\msymcrwa.exe
c:\windows\system32\msymkq.exe
c:\windows\system32\msynvb.exe
c:\windows\system32\msyoai.exe
c:\windows\system32\msyopbi.exe
c:\windows\system32\msyoplbf.exe
c:\windows\system32\msyosus.exe
c:\windows\system32\msyovlhs.exe
c:\windows\system32\msyqf.exe
c:\windows\system32\msyqkbxt.exe
c:\windows\system32\msyrdk.exe
c:\windows\system32\msyrl.exe
c:\windows\system32\msyruiem.exe
c:\windows\system32\msyrwo.exe
c:\windows\system32\msysvc.exe
c:\windows\system32\msyswpj.exe
c:\windows\system32\msysyo.exe
c:\windows\system32\msytf.exe
c:\windows\system32\msytgp.exe
c:\windows\system32\msyuc.exe
c:\windows\system32\msyuhke.exe
c:\windows\system32\msyuoce.exe
c:\windows\system32\msywpwn.exe
c:\windows\system32\msyxowb.exe
c:\windows\system32\msyxsgbq.exe
c:\windows\system32\msyxskn.exe
c:\windows\system32\msyxtx.exe
c:\windows\system32\msyzds.exe
c:\windows\system32\msyzfj.exe
c:\windows\system32\msyzfzzw.exe
c:\windows\system32\msyzms.exe
c:\windows\system32\mszbaub.exe
c:\windows\system32\mszbld.exe
c:\windows\system32\mszbnq.exe
c:\windows\system32\mszbqbvh.exe
c:\windows\system32\mszccx.exe
c:\windows\system32\mszcf.exe
c:\windows\system32\mszchrt.exe
c:\windows\system32\mszcw.exe
c:\windows\system32\mszcz.exe
c:\windows\system32\mszdie.exe
c:\windows\system32\mszdvupb.exe
c:\windows\system32\mszetdv.exe
c:\windows\system32\mszfar.exe
c:\windows\system32\mszffktk.exe
c:\windows\system32\mszfk.exe
c:\windows\system32\mszfr.exe
c:\windows\system32\mszfs.exe
c:\windows\system32\mszfx.exe
c:\windows\system32\mszgb.exe
c:\windows\system32\mszgbni.exe
c:\windows\system32\mszghdra.exe
c:\windows\system32\mszghe.exe
c:\windows\system32\mszgr.exe
c:\windows\system32\mszhbl.exe
c:\windows\system32\mszhil.exe
c:\windows\system32\mszhssph.exe
c:\windows\system32\mszhtt.exe
c:\windows\system32\mszij.exe
c:\windows\system32\msziqlzm.exe
c:\windows\system32\msziyfq.exe
c:\windows\system32\mszjf.exe
c:\windows\system32\mszjhp.exe
c:\windows\system32\mszjjmvq.exe
c:\windows\system32\mszjrqwx.exe
c:\windows\system32\mszkfq.exe
c:\windows\system32\mszkmuye.exe
c:\windows\system32\mszlavk.exe
c:\windows\system32\mszlcaom.exe
c:\windows\system32\mszlf.exe
c:\windows\system32\mszlwogs.exe
c:\windows\system32\mszmdho.exe
c:\windows\system32\mszmm.exe
c:\windows\system32\mszmsy.exe
c:\windows\system32\mszmuawb.exe
c:\windows\system32\mszmv.exe
c:\windows\system32\mszmwbn.exe
c:\windows\system32\msznaphv.exe
c:\windows\system32\msznuuz.exe
c:\windows\system32\msznvq.exe
c:\windows\system32\msznxj.exe
c:\windows\system32\mszny.exe
c:\windows\system32\mszoy.exe
c:\windows\system32\mszpbs.exe
c:\windows\system32\mszpcusx.exe
c:\windows\system32\mszpgjs.exe
c:\windows\system32\mszqfkp.exe
c:\windows\system32\mszqmh.exe
c:\windows\system32\mszqsc.exe
c:\windows\system32\mszqu.exe
c:\windows\system32\mszrfz.exe
c:\windows\system32\mszrqnm.exe
c:\windows\system32\mszrv.exe
c:\windows\system32\mszseqb.exe
c:\windows\system32\mszsowt.exe
c:\windows\system32\msztdoq.exe
c:\windows\system32\msztezu.exe
c:\windows\system32\msztpe.exe
c:\windows\system32\msztufgd.exe
c:\windows\system32\msztwl.exe
c:\windows\system32\msztzkw.exe
c:\windows\system32\mszvwv.exe
c:\windows\system32\mszwj.exe
c:\windows\system32\mszwoub.exe
c:\windows\system32\mszyfus.exe
c:\windows\system32\mszyuy.exe
c:\windows\system32\mszyyzv.exe
c:\windows\system32\mszzghn.exe
c:\windows\system32\mszzreyy.exe
c:\windows\system32\mszztp.exe
c:\windows\system32\mszzw.exe
c:\windows\system32\mszzwgd.exe
c:\windows\system32\mszzyv.exe
c:\windows\system32\netcard.sys
c:\windows\system32\sysdiag.dll
c:\windows\system32\vhosts.exe

c:\windows\system32\drivers\beep.sys . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_bndmss
-------\Legacy_ias
-------\Legacy_MSUPDATE
-------\Legacy_netcard
-------\Legacy_nwcworkstation
-------\Service_51510d33
-------\Service_6to4
-------\Service_70d53020
-------\Service_bndmss
-------\Service_glaide32
-------\Service_ias
-------\Service_msupdate
-------\Service_netcard
-------\Service_nwcworkstation


((((((((((((((((((((((((( Files Created from 2009-07-18 to 2009-08-18 )))))))))))))))))))))))))))))))
.

2009-08-18 06:29 . 2009-08-18 06:29 17408 ----a-w- C:\hmicb.exe
2009-08-16 18:56 . 2009-08-16 18:56 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-16 18:23 . 2009-08-15 14:27 148480 ----a-w- c:\windows\mse.exe
2009-08-15 11:14 . 2009-08-15 11:16 -------- d-----w- c:\program files\trend micro
2009-08-15 11:14 . 2009-08-15 11:16 -------- d-----w- C:\rsit
2009-08-15 08:03 . 2009-08-15 08:03 75264 --sh--r- c:\windows\mscth32.exe
2009-08-14 18:50 . 2009-08-14 15:42 148480 ----a-w- c:\windows\msd.exe
2009-08-13 13:55 . 2009-08-03 10:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-13 13:55 . 2009-08-13 13:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-13 13:55 . 2009-08-03 10:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-13 00:18 . 2009-08-13 00:18 154632 ----a-w- c:\windows\system32\minix32.exe
2009-08-13 00:18 . 2009-08-13 00:18 -------- d-----w- c:\program files\Windows Antivirus Pro
2009-08-12 19:49 . 2009-08-12 19:49 -------- d-----w- c:\program files\Search Guard PlusU
2009-08-12 19:49 . 2009-08-12 19:49 -------- d-----w- c:\program files\Search Guard Plus
2009-08-12 19:48 . 2009-08-12 19:48 -------- d-----w- C:\users
2009-08-12 17:18 . 2009-08-12 17:18 152064 ----a-w- c:\windows\msc.exe
2009-08-11 13:37 . 2009-08-16 18:46 0 ----a-w- c:\windows\system32\drivers\c67bbc2d.sys
2009-08-11 13:36 . 2009-08-18 06:30 81408 ----a-w- C:\jnvcbaox.exe
2009-08-11 13:21 . 2009-08-11 13:21 -------- d-----w- c:\program files\Sophos
2009-08-09 17:22 . 2009-08-09 17:23 11040 ----a-w- C:\ccuh.exe
2009-08-09 17:19 . 2009-08-09 16:58 151040 ----a-w- c:\windows\msb.exe
2009-08-09 16:57 . 2009-08-16 21:36 176128 ----a-w- C:\nayojmty.exe
2009-08-09 16:06 . 2009-08-09 16:06 179648 ----a-w- c:\windows\system32\drivers\rpmd570.sys
2009-08-07 18:33 . 2009-08-07 18:33 36352 ----a-w- c:\windows\system32\csbdll.dll
2009-08-06 13:55 . 2009-08-18 20:01 117760 ----a-w- c:\documents and settings\XPPRESP3\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-06 13:54 . 2009-08-06 13:54 -------- d-----w- c:\documents and settings\XPPRESP3\Application Data\SUPERAntiSpyware.com
2009-08-06 13:52 . 2009-08-09 17:17 0 ----a-w- c:\windows\system32\drivers\a2fd3a99.sys
2009-08-06 13:52 . 2009-08-18 06:30 91648 ----a-w- C:\yaewfl.exe
2009-08-06 13:52 . 2009-08-18 06:30 215451 ----a-w- C:\lyusoqm.exe
2009-08-06 11:20 . 2009-08-09 09:40 117760 ----a-w- c:\documents and settings\Administrator.WW\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-05 19:22 . 2009-08-05 19:43 -------- d-s---w- c:\documents and settings\Administrator.WW\Local Settings\Application Data\Microsoft
2009-08-05 19:22 . 2009-08-14 18:30 -------- d-----w- c:\documents and settings\Administrator.WW
2009-08-05 18:57 . 2009-08-05 18:57 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-08-05 18:49 . 2009-08-06 11:07 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-02 23:52 . 2009-08-02 23:52 -------- d-----w- c:\documents and settings\XPPRESP3\Application Data\AOL_Janes_Realty
2009-07-31 13:33 . 1998-09-02 08:28 38160 ----a-w- c:\windows\system32\LMRTREND.dll
2009-07-31 13:33 . 1998-08-27 04:51 182032 ----a-w- c:\windows\system32\dxtmsft3.dll
2009-07-31 13:33 . 1998-09-02 08:28 63488 ----a-w- c:\windows\system32\unam4ie.exe
2009-07-31 13:33 . 1998-08-17 09:21 10240 ----a-w- c:\windows\system32\vidx16.dll
2009-07-31 13:33 . 1998-08-17 09:21 11776 ----a-w- c:\windows\system32\mciqtz.drv
2009-07-31 13:33 . 1998-09-02 08:02 194320 ----a-w- c:\windows\system32\qcut.dll
2009-07-31 12:35 . 1999-08-04 09:00 1093632 ----a-w- c:\windows\system32\MGIIpl2PX.dll
2009-07-31 12:35 . 1999-08-04 09:00 522752 ----a-w- c:\windows\system32\DC120fc7_32.dll
2009-07-31 12:35 . 1999-08-04 09:00 212480 ----a-w- c:\windows\system32\PCDLIB32.DLL
2009-07-31 12:35 . 1999-08-04 09:00 122880 ----a-w- c:\windows\system32\EnrouteStitch.dll
2009-07-31 12:35 . 2009-07-31 12:35 -------- d-----w- c:\program files\Common Files\MGI Shared
2009-07-31 12:34 . 2009-07-31 12:34 -------- d-----w- c:\program files\Intel
2009-07-31 12:32 . 1994-10-06 16:20 27136 ----a-w- c:\windows\system32\WAVMIX16.DLL
2009-07-27 17:10 . 2009-07-27 17:10 -------- d-----w- c:\documents and settings\XPPRESP3\Application Data\IronCode

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-18 20:04 . 2004-08-04 14:00 102220 ----a-w- c:\windows\system32\drivers\null.sys
2009-08-18 20:04 . 2004-08-04 14:00 102220 ----a-w- c:\windows\system32\drivers\Beep.SYS
2009-08-18 20:03 . 2008-04-05 19:07 -------- d-----w- c:\documents and settings\XPPRESP3\Application Data\Skype
2009-08-18 20:02 . 2008-04-05 19:11 -------- d-----w- c:\documents and settings\XPPRESP3\Application Data\skypePM
2009-08-18 19:52 . 2008-08-17 00:37 24 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-0000000B-00001102-00000002-80651102}.dat
2009-08-18 19:52 . 2008-08-17 00:37 24 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-0000000B-00001102-00000002-80651102}.dat
2009-08-18 18:58 . 2008-08-13 21:24 -------- d-----w- c:\documents and settings\XPPRESP3\Application Data\uTorrent
2009-08-18 08:53 . 2008-11-26 20:39 -------- d-----w- c:\documents and settings\XPPRESP3\Application Data\HPAppData
2009-08-12 12:21 . 2009-01-16 20:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-08-09 01:18 . 2008-04-05 18:27 44352 ----a-w- c:\documents and settings\XPPRESP3\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-06 11:18 . 2009-08-06 11:18 -------- d-----w- c:\documents and settings\Administrator.WW\Application Data\SUPERAntiSpyware.com
2009-08-06 11:17 . 2009-08-06 11:17 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-05 19:40 . 2009-08-05 19:40 0 ----a-w- c:\windows\nsreg.dat
2009-08-02 23:41 . 2009-05-25 14:34 -------- d-----w- c:\program files\AOL Games
2009-07-31 12:33 . 2008-08-14 17:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-23 22:13 . 2008-08-13 22:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-07-19 18:56 . 2009-07-19 18:56 -------- d-----w- c:\documents and settings\XPPRESP3\Application Data\Graphisoft
2009-07-19 18:16 . 2008-09-07 03:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-18 00:20 . 2008-08-13 21:01 -------- d-----w- c:\documents and settings\XPPRESP3\Application Data\J River
2009-07-16 20:49 . 2009-07-16 20:47 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-16 20:48 . 2009-07-16 20:48 -------- d-----w- c:\program files\iPod
2009-07-16 20:48 . 2009-01-16 20:09 -------- d-----w- c:\program files\Common Files\Apple
2009-07-16 20:44 . 2008-08-17 00:31 -------- d-----w- c:\program files\Bonjour
2009-07-16 20:43 . 2009-07-16 20:42 -------- d-----w- c:\program files\QuickTime
2009-07-13 06:52 . 2008-09-07 03:08 -------- d-----w- c:\program files\NOS
2009-07-09 09:16 . 2009-07-16 20:40 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-07-09 09:16 . 2009-01-16 20:10 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-07-07 19:29 . 2009-07-07 19:29 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-07-07 19:29 . 2009-07-07 19:29 -------- d-----w- c:\documents and settings\XPPRESP3\Application Data\TuneUp Software
2009-07-07 19:28 . 2009-07-07 19:28 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-07-07 19:28 . 2009-07-07 19:28 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-07-05 17:49 . 2009-07-05 17:18 -------- d-----w- c:\documents and settings\XPPRESP3\Application Data\LimeWire
2009-07-05 17:19 . 2009-07-05 17:19 499712 ----a-w- c:\documents and settings\XPPRESP3\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
2009-07-05 17:19 . 2009-07-05 17:19 348160 ----a-w- c:\documents and settings\XPPRESP3\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
2009-07-05 17:19 . 2009-07-05 17:19 102400 ----a-w- c:\documents and settings\XPPRESP3\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
2009-07-05 17:19 . 2009-07-05 17:19 73728 ----a-w- c:\documents and settings\XPPRESP3\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
2009-07-05 17:19 . 2009-07-05 17:18 8462336 ----a-w- c:\documents and settings\XPPRESP3\Application Data\LimeWire\browser\xulrunner\xul.dll
2009-06-04 07:40 . 2009-06-04 07:40 4096 ----a-w- c:\windows\d3dx.dat
.

------- Sigcheck -------

[-] 2007-08-08 16:28 360704 A11391BE25035570AE4B8970920F2C74 c:\windows\system32\drivers\tcpip.sys

[-] 2007-08-29 14:33 2321792 37B69E310D2EF2CDEF0A3207F7619CD7 c:\windows\system32\ntoskrnl.exe

[-] 2007-08-08 16:40 950784 396ACC64ECEC61D7B2F8B53151B37028 c:\windows\explorer.exe


[-] 2007-08-08 16:39 801792 F182079054D242025C2AEEF56396D37A c:\windows\system32\comres.dll

[-] 2009-08-18 20:06 102220 384E8FF8B6EF2ACF5A7179EA4A82FD01 c:\windows\system32\drivers\Beep.SYS

[-] 2009-08-18 20:06 102220 384E8FF8B6EF2ACF5A7179EA4A82FD01 c:\windows\system32\drivers\null.sys


[-] 2007-08-08 16:35 1580544 51C79052676267956DA3BEABADE3B328 c:\windows\system32\sfcfiles.dll

c:\windows\system32\wuauclt.exe ... is missing !!
c:\windows\system32\wscntfy.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-07-23 21738792]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"SUPERAntiSpyware"="c:\documents and settings\Administrator.WW\My Documents\Downloads\SUPERAntiSpywarePro\SUPERAntiSpyware.exe" [2009-07-28 1830128]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"ter8m"="c:\windows\system32\msxm192z.dll" [2004-08-17 49152]
"MSxmlHpr"="c:\windows\system32\msxm192z.dll" [2004-08-17 49152]
"SGPUpdater"="c:\program files\Search Guard PlusU\sgpUpdaters.exe" [2009-05-15 67456]
"FBSearch"="c:\program files\Search Guard Plus\SearchGuardPlus.exe" [2009-05-04 194432]
"Microsoft Driver Setup"="c:\windows\mscth32.exe" [2009-08-15 75264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"minix32"="c:\windows\system32\minix32.exe" [2009-08-13 154632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2007-08-08 124928]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\csbdll]
2009-08-07 18:33 36352 ----a-w- c:\windows\system32\csbdll.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UpdReg"=c:\windows\UpdReg.EXE
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe"
"PWRISOVM.EXE"=e:\program files\PowerISO\PWRISOVM.EXE
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"eTCertManger"=c:\windows\system32\eTCrtMng.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"e:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Program Files\\J River\\Media Center 13\\Media Center 13.exe"=
"c:\\Documents and Settings\\XPPRESP3\\Desktop\\maha\\new\\ArchiCAD.exe"=
"c:\\Documents and Settings\\XPPRESP3\\Desktop\\Maged\\Programs\\utorrent-1.6.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21952:TCP"= 21952:TCP:utorrent

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [05/04/2008 21:22 15424]
R1 SASDIFSV;SASDIFSV;c:\documents and settings\Administrator.WW\My Documents\Downloads\SUPERAntiSpywarePro\sasdifsv.sys [28/07/2009 10:53 9968]
R1 SASKUTIL;SASKUTIL;c:\documents and settings\Administrator.WW\My Documents\Downloads\SUPERAntiSpywarePro\SASKUTIL.SYS [28/07/2009 10:53 72944]
R3 AKSUP;AKSUP;c:\windows\system32\drivers\aksup.sys [22/11/2008 14:35 34406]
R3 SASENUM;SASENUM;c:\documents and settings\Administrator.WW\My Documents\Downloads\SUPERAntiSpywarePro\SASENUM.SYS [28/07/2009 10:53 7408]
S1 a2fd3a99;a2fd3a99;c:\windows\system32\drivers\a2fd3a99.sys [06/08/2009 16:52 0]
S1 c67bbc2d;c67bbc2d;c:\windows\system32\drivers\c67bbc2d.sys [11/08/2009 16:37 0]
S1 d306ef5e;d306ef5e;c:\windows\system32\drivers\d306ef5e.sys --> c:\windows\system32\drivers\d306ef5e.sys [?]
S1 rpmd570;rpmd570;c:\windows\system32\drivers\rpmd570.sys [09/08/2009 19:06 179648]
S3 cpuz130;cpuz130;\??\c:\docume~1\XPPRESP3\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\XPPRESP3\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\9EFA.tmp --> c:\windows\system32\9EFA.tmp [?]
S3 netskt;netskt;c:\windows\system32\netskt.sys [04/08/2004 17:00 2304]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [09/03/2009 23:43 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [09/03/2009 23:43 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [09/03/2009 23:43 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [09/03/2009 23:43 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [09/03/2009 23:43 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [09/03/2009 23:43 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [09/03/2009 23:43 117672]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - helpsvc

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WudfServiceGroup REG_SZ hex(7):57,00,55,00,44,00,46,00,53,00,76,00,63,00,00,00,00,00
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-08-18 c:\windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
- c:\windows\mse.exe [2009-08-16 14:27]
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-RocketDock - c:\program files\RocketDock\RocketDock.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.orbitdownloader.com
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\XPPRESP3\Start Menu\Programs\IMVU\Run IMVU.lnk
LSP: c:\windows\system32\imon.dll
Trusted Zone: aol.com\free
TCP: {452266EC-0696-4750-B841-A04387602757} = 163.121.128.134,163.121.128.135
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF - ProfilePath - c:\documents and settings\XPPRESP3\Application Data\Mozilla\Firefox\Profiles\2moj8l1y.default\
FF - prefs.js: network.proxy.type - 4
FF - plugin: e:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: e:\program files\Mozilla Firefox\plugins\npmusicn.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
e:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
e:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
e:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-18 23:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SGPUpdater = c:\program files\Search Guard PlusU\sgpUpdaters.exe??o?????????????????????????????????????????????
FBSearch = c:\program files\Search Guard Plus\SearchGuardPlus.exe?????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WudfPf]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WudfRd]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\9EFA.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WudfPf]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WudfRd]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Beep]

--

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Null]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d}\inprocserver32]
@DACL=(02 0000)
@="c:\\WINDOWS\\system32\\msxml71.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d}\progid]
@DACL=(02 0000)
@="XML.XML.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d}\programmable]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d}\typelib]
@DACL=(02 0000)
@="{E24211B3-A78A-C6A9-D317-70979ACE5058}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d}\versionindependentprogid]
@DACL=(02 0000)
@="XML.XML"

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{e24211b3-a78a-c6a9-d317-70979ace5058}\.0]
@DACL=(02 0000)
@="c:\\WINDOWS\\system32\\msxml71.dll"

[HKEY_LOCAL_MACHINE\software\Classes\xml.xml\clsid]
@DACL=(02 0000)
@="{500BCA15-57A7-4eaf-8143-8C619470B13D}"

[HKEY_LOCAL_MACHINE\software\Classes\xml.xml\curver]
@DACL=(02 0000)
@="XML.XML.1"

[HKEY_LOCAL_MACHINE\software\Classes\xml.xml.1\clsid]
@DACL=(02 0000)
@="{500BCA15-57A7-4eaf-8143-8C619470B13D}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1548)
c:\windows\system32\csbdll.dll
c:\windows\system32\cscui.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\windows\system32\imon.dll

- - - - - - - > 'explorer.exe'(1620)
c:\windows\System32\cscui.dll
c:\windows\system32\msxm192z.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\scardsvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\system32\eTSrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Eset\nod32krn.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2009-08-18 23:09 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-18 20:09

Pre-Run: 210,075,648 bytes free
Post-Run: 722,538,496 bytes free

2148


Wow, I guess that's a lot for the files deleted right? Is it normal that when scanning the explorer.exe was automatically shutdown? Oh I dont know if its important now or not, but my computer used to open empty cmd screens without me ordering it to and for no apparent reason. Sorry I forgot to tell you. Thanks for the help

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:27 PM

Posted 19 August 2009 - 10:46 AM

Yes, you could say that's a lot of files to be deleted. :thumbup2:
And we still have much more to do.

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

Driver::
netskt
MEMSWEEP2
cpuz130
a2fd3a99
c67bbc2d
d306ef5e

RegLockDel::
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{e24211b3-a78a-c6a9-d317-70979ace5058}\.0]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d}]

File::
c:\windows\system32\drivers\a2fd3a99.sys
c:\windows\system32\drivers\c67bbc2d.sys
c:\windows\system32\drivers\d306ef5e.sys
c:\windows\system32\csbdll.dll
c:\windows\system32\msxm192z.dll
c:\windows\mse.exe
c:\windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
c:\windows\system32\9EFA.tmp
c:\windows\system32\netskt.sys
c:\windows\system32\minix32.exe
c:\windows\mscth32.exe
C:\hmicb.exe
c:\windows\mscth32.exe
c:\windows\msd.exe
c:\windows\msc.exe
C:\jnvcbaox.exe
C:\ccuh.exe
c:\windows\msb.exe
C:\nayojmty.exe
c:\windows\system32\drivers\rpmd570.sys
C:\yaewfl.exe
C:\lyusoqm.exe

Folder::
c:\program files\Search Guard PlusU
c:\program files\Windows Antivirus Pro
C:\users

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\csbdll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"minix32"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ter8m"=-
"MSxmlHpr"=-
"SGPUpdater"=-
"FBSearch"=-
"Microsoft Driver Setup"=-
Prior to running Combofix.exe you should disable your antivirus program.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 maged918

maged918
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:27 PM

Posted 20 August 2009 - 05:47 AM

ComboFix 09-08-18.04 - XPPRESP3 20/08/2009 1:06.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.511.254 [GMT 3:00]
Running from: c:\documents and settings\XPPRESP3\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\XPPRESP3\Desktop\CFscript.txt
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"C:\ccuh.exe"
"C:\hmicb.exe"
"C:\jnvcbaox.exe"
"C:\lyusoqm.exe"
"C:\nayojmty.exe"
"c:\windows\msb.exe"
"c:\windows\msc.exe"
"c:\windows\mscth32.exe"
"c:\windows\msd.exe"
"c:\windows\mse.exe"
"c:\windows\system32\9EFA.tmp"
"c:\windows\system32\csbdll.dll"
"c:\windows\system32\drivers\a2fd3a99.sys"
"c:\windows\system32\drivers\c67bbc2d.sys"
"c:\windows\system32\drivers\d306ef5e.sys"
"c:\windows\system32\drivers\rpmd570.sys"
"c:\windows\system32\minix32.exe"
"c:\windows\system32\msxm192z.dll"
"c:\windows\system32\netskt.sys"
"c:\windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job"
"C:\yaewfl.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ccuh.exe
C:\hmicb.exe
C:\jnvcbaox.exe
C:\lyusoqm.exe
C:\nayojmty.exe
c:\program files\Search Guard PlusU
c:\program files\Search Guard PlusU\SGPU.ico
c:\program files\Search Guard PlusU\sgpUpdater.exe
c:\program files\Search Guard PlusU\sgpUpdater.xml
c:\program files\Search Guard PlusU\sgpUpdaters.exe
c:\program files\Search Guard PlusU\uninstalSGPU.exe
c:\program files\Windows Antivirus Pro
c:\program files\Windows Antivirus Pro\ANTI_files.exe
C:\users
c:\users\public\MyWebTattoo.exe
c:\windows\msb.exe
c:\windows\msc.exe
c:\windows\mscth32.exe
c:\windows\msd.exe
c:\windows\mse.exe
c:\windows\system32\csbdll.dll
c:\windows\system32\drivers\a2fd3a99.sys
c:\windows\system32\drivers\c67bbc2d.sys
c:\windows\system32\drivers\rpmd570.sys
c:\windows\system32\minix32.exe
c:\windows\system32\msxm192z.dll
c:\windows\system32\netskt.sys
c:\windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
C:\yaewfl.exe

c:\windows\system32\drivers\beep.sys . . . is infected!!


.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CPUZ130
-------\Legacy_MEMSWEEP2
-------\Legacy_netskt
-------\Service_a2fd3a99
-------\Service_c67bbc2d
-------\Service_cpuz130
-------\Service_d306ef5e
-------\Service_MEMSWEEP2
-------\Service_netskt
-------\Legacy_rpmd570
-------\Service_rpmd570


((((((((((((((((((((((((( Files Created from 2009-07-19 to 2009-08-19 )))))))))))))))))))))))))))))))
.

2009-08-16 18:56 . 2009-08-16 18:56 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-15 11:14 . 2009-08-15 11:16 -------- d-----w- c:\program files\trend micro
2009-08-15 11:14 . 2009-08-15 11:16 -------- d-----w- C:\rsit
2009-08-13 13:55 . 2009-08-03 10:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-13 13:55 . 2009-08-13 13:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-13 13:55 . 2009-08-03 10:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-12 19:49 . 2009-08-12 19:49 -------- d-----w- c:\program files\Search Guard Plus
2009-08-11 13:21 . 2009-08-11 13:21 -------- d-----w- c:\program files\Sophos
2009-08-06 13:55 . 2009-08-19 22:31 117760 ----a-w- c:\documents and settings\XPPRESP3\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-06 13:54 . 2009-08-06 13:54 -------- d-----w- c:\documents and settings\XPPRESP3\Application Data\SUPERAntiSpyware.com
2009-08-06 11:20 . 2009-08-09 09:40 117760 ----a-w- c:\documents and settings\Administrator.WW\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-06 11:18 . 2009-08-06 11:18 -------- d-----w- c:\documents and settings\Administrator.WW\Application Data\SUPERAntiSpyware.com
2009-08-05 19:22 . 2009-08-05 19:43 -------- d-s---w- c:\documents and settings\Administrator.WW\Local Settings\Application Data\Microsoft
2009-08-05 19:22 . 2009-08-14 18:30 -------- d-----w- c:\documents and settings\Administrator.WW
2009-08-05 18:57 . 2009-08-05 18:57 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-08-05 18:49 . 2009-08-06 11:07 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-02 23:52 . 2009-08-02 23:52 -------- d-----w- c:\documents and settings\XPPRESP3\Application Data\AOL_Janes_Realty
2009-07-31 13:33 . 1998-09-02 08:28 38160 ----a-w- c:\windows\system32\LMRTREND.dll
2009-07-31 13:33 . 1998-08-27 04:51 182032 ----a-w- c:\windows\system32\dxtmsft3.dll
2009-07-31 13:33 . 1998-09-02 08:28 63488 ----a-w- c:\windows\system32\unam4ie.exe
2009-07-31 13:33 . 1998-08-17 09:21 10240 ----a-w- c:\windows\system32\vidx16.dll
2009-07-31 13:33 . 1998-08-17 09:21 11776 ----a-w- c:\windows\system32\mciqtz.drv
2009-07-31 13:33 . 1998-09-02 08:02 194320 ----a-w- c:\windows\system32\qcut.dll
2009-07-31 12:35 . 1999-08-04 09:00 1093632 ----a-w- c:\windows\system32\MGIIpl2PX.dll
2009-07-31 12:35 . 1999-08-04 09:00 522752 ----a-w- c:\windows\system32\DC120fc7_32.dll
2009-07-31 12:35 . 1999-08-04 09:00 212480 ----a-w- c:\windows\system32\PCDLIB32.DLL
2009-07-31 12:35 . 1999-08-04 09:00 122880 ----a-w- c:\windows\system32\EnrouteStitch.dll
2009-07-31 12:35 . 2009-07-31 12:35 -------- d-----w- c:\program files\Common Files\MGI Shared
2009-07-31 12:34 . 2009-07-31 12:34 -------- d-----w- c:\program files\Intel
2009-07-31 12:32 . 1994-10-06 16:20 27136 ----a-w- c:\windows\system32\WAVMIX16.DLL
2009-07-27 17:10 . 2009-07-27 17:10 -------- d-----w- c:\documents and settings\XPPRESP3\Application Data\IronCode

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-19 22:34 . 2004-08-04 14:00 102220 ----a-w- c:\windows\system32\drivers\null.sys
2009-08-19 22:34 . 2004-08-04 14:00 102220 ----a-w- c:\windows\system32\drivers\Beep.SYS
2009-08-19 22:32 . 2008-04-05 19:07 -------- d-----w- c:\documents and settings\XPPRESP3\Application Data\Skype
2009-08-19 22:31 . 2008-04-05 19:11 -------- d-----w- c:\documents and settings\XPPRESP3\Application Data\skypePM
2009-08-19 22:22 . 2008-08-17 00:37 24 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-0000000B-00001102-00000002-80651102}.dat
2009-08-19 22:22 . 2008-08-17 00:37 24 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-0000000B-00001102-00000002-80651102}.dat
2009-08-19 20:43 . 2008-11-26 20:39 -------- d-----w- c:\documents and settings\XPPRESP3\Application Data\HPAppData
2009-08-18 18:58 . 2008-08-13 21:24 -------- d-----w- c:\documents and settings\XPPRESP3\Application Data\uTorrent
2009-08-12 12:21 . 2009-01-16 20:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-08-09 01:18 . 2008-04-05 18:27 44352 ----a-w- c:\documents and settings\XPPRESP3\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-06 11:17 . 2009-08-06 11:17 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-05 19:40 . 2009-08-05 19:40 0 ----a-w- c:\windows\nsreg.dat
2009-08-02 23:41 . 2009-05-25 14:34 -------- d-----w- c:\program files\AOL Games
2009-07-31 12:33 . 2008-08-14 17:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-23 22:13 . 2008-08-13 22:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-07-19 18:56 . 2009-07-19 18:56 -------- d-----w- c:\documents and settings\XPPRESP3\Application Data\Graphisoft
2009-07-19 18:16 . 2008-09-07 03:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-18 00:20 . 2008-08-13 21:01 -------- d-----w- c:\documents and settings\XPPRESP3\Application Data\J River
2009-07-16 20:49 . 2009-07-16 20:47 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-16 20:48 . 2009-07-16 20:48 -------- d-----w- c:\program files\iPod
2009-07-16 20:48 . 2009-01-16 20:09 -------- d-----w- c:\program files\Common Files\Apple
2009-07-16 20:44 . 2008-08-17 00:31 -------- d-----w- c:\program files\Bonjour
2009-07-16 20:43 . 2009-07-16 20:42 -------- d-----w- c:\program files\QuickTime
2009-07-13 06:52 . 2008-09-07 03:08 -------- d-----w- c:\program files\NOS
2009-07-09 09:16 . 2009-07-16 20:40 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-07-09 09:16 . 2009-01-16 20:10 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-07-07 19:29 . 2009-07-07 19:29 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-07-07 19:29 . 2009-07-07 19:29 -------- d-----w- c:\documents and settings\XPPRESP3\Application Data\TuneUp Software
2009-07-07 19:28 . 2009-07-07 19:28 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-07-07 19:28 . 2009-07-07 19:28 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-07-05 17:49 . 2009-07-05 17:18 -------- d-----w- c:\documents and settings\XPPRESP3\Application Data\LimeWire
2009-07-05 17:19 . 2009-07-05 17:19 499712 ----a-w- c:\documents and settings\XPPRESP3\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
2009-07-05 17:19 . 2009-07-05 17:19 348160 ----a-w- c:\documents and settings\XPPRESP3\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
2009-07-05 17:19 . 2009-07-05 17:19 102400 ----a-w- c:\documents and settings\XPPRESP3\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
2009-07-05 17:19 . 2009-07-05 17:19 73728 ----a-w- c:\documents and settings\XPPRESP3\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
2009-07-05 17:19 . 2009-07-05 17:18 8462336 ----a-w- c:\documents and settings\XPPRESP3\Application Data\LimeWire\browser\xulrunner\xul.dll
2009-06-04 07:40 . 2009-06-04 07:40 4096 ----a-w- c:\windows\d3dx.dat
.

------- Sigcheck -------

[-] 2007-08-08 16:28 360704 A11391BE25035570AE4B8970920F2C74 c:\windows\system32\drivers\tcpip.sys

[-] 2007-08-29 14:33 2321792 37B69E310D2EF2CDEF0A3207F7619CD7 c:\windows\system32\ntoskrnl.exe

[-] 2007-08-08 16:40 950784 396ACC64ECEC61D7B2F8B53151B37028 c:\windows\explorer.exe


[-] 2007-08-08 16:39 801792 F182079054D242025C2AEEF56396D37A c:\windows\system32\comres.dll

[-] 2009-08-19 22:37 102220 384E8FF8B6EF2ACF5A7179EA4A82FD01 c:\windows\system32\drivers\Beep.SYS

[-] 2009-08-19 22:37 102220 384E8FF8B6EF2ACF5A7179EA4A82FD01 c:\windows\system32\drivers\null.sys


[-] 2007-08-08 16:35 1580544 51C79052676267956DA3BEABADE3B328 c:\windows\system32\sfcfiles.dll

c:\windows\system32\wuauclt.exe ... is missing !!
c:\windows\system32\wscntfy.exe ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot@2009-08-18_20.01.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-19 22:28 . 2009-08-19 22:28 16384 c:\windows\Temp\Perflib_Perfdata_518.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-07-23 21738792]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"SUPERAntiSpyware"="c:\documents and settings\Administrator.WW\My Documents\Downloads\SUPERAntiSpywarePro\SUPERAntiSpyware.exe" [2009-07-28 1830128]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2007-08-08 124928]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UpdReg"=c:\windows\UpdReg.EXE
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe"
"PWRISOVM.EXE"=e:\program files\PowerISO\PWRISOVM.EXE
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"eTCertManger"=c:\windows\system32\eTCrtMng.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"e:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Program Files\\J River\\Media Center 13\\Media Center 13.exe"=
"c:\\Documents and Settings\\XPPRESP3\\Desktop\\maha\\new\\ArchiCAD.exe"=
"c:\\Documents and Settings\\XPPRESP3\\Desktop\\Maged\\Programs\\utorrent-1.6.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21952:TCP"= 21952:TCP:utorrent

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [05/04/2008 21:22 15424]
R1 SASDIFSV;SASDIFSV;c:\documents and settings\Administrator.WW\My Documents\Downloads\SUPERAntiSpywarePro\sasdifsv.sys [28/07/2009 10:53 9968]
R1 SASKUTIL;SASKUTIL;c:\documents and settings\Administrator.WW\My Documents\Downloads\SUPERAntiSpywarePro\SASKUTIL.SYS [28/07/2009 10:53 72944]
R3 AKSUP;AKSUP;c:\windows\system32\drivers\aksup.sys [22/11/2008 14:35 34406]
R3 SASENUM;SASENUM;c:\documents and settings\Administrator.WW\My Documents\Downloads\SUPERAntiSpywarePro\SASENUM.SYS [28/07/2009 10:53 7408]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [09/03/2009 23:43 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [09/03/2009 23:43 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [09/03/2009 23:43 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [09/03/2009 23:43 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [09/03/2009 23:43 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [09/03/2009 23:43 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [09/03/2009 23:43 117672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WudfServiceGroup REG_SZ hex(7):57,00,55,00,44,00,46,00,53,00,76,00,63,00,00,00,00,00
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.orbitdownloader.com
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\XPPRESP3\Start Menu\Programs\IMVU\Run IMVU.lnk
LSP: c:\windows\system32\imon.dll
Trusted Zone: aol.com\free
TCP: {452266EC-0696-4750-B841-A04387602757} = 163.121.128.134,163.121.128.135
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF - ProfilePath - c:\documents and settings\XPPRESP3\Application Data\Mozilla\Firefox\Profiles\2moj8l1y.default\
FF - prefs.js: network.proxy.type - 4
FF - plugin: e:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: e:\program files\Mozilla Firefox\plugins\npmusicn.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
e:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
e:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
e:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-20 01:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WudfPf]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WudfRd]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WudfPf]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WudfRd]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Beep]

--

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Null]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\xml.xml\clsid]
@DACL=(02 0000)
@="{500BCA15-57A7-4eaf-8143-8C619470B13D}"

[HKEY_LOCAL_MACHINE\software\Classes\xml.xml\curver]
@DACL=(02 0000)
@="XML.XML.1"

[HKEY_LOCAL_MACHINE\software\Classes\xml.xml.1\clsid]
@DACL=(02 0000)
@="{500BCA15-57A7-4eaf-8143-8C619470B13D}"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BITS\Parameters]
@DACL=(02 0000)
"ServiceDll"=expand:"%systemroot%\\system32\\qmgr.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BITS\Security]
@DACL=(02 0000)
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1472)
c:\windows\system32\cscui.dll

- - - - - - - > 'explorer.exe'(4020)
c:\windows\System32\cscui.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\scardsvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\system32\eTSrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Eset\nod32krn.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
.
**************************************************************************
.
Completion time: 2009-08-19 1:39 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-19 22:39
ComboFix2.txt 2009-08-18 20:09

Pre-Run: 797,392,896 bytes free
Post-Run: 754,728,960 bytes free

390

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:27 PM

Posted 20 August 2009 - 09:15 AM

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
Note: If you have problems with DrWeb shutting down before it completes the scan you can perform a custom scan and select individual folders to scan. In that case start with C:\Windows\System32


Please post the contents of the log from DrWeb in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 maged918

maged918
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:27 PM

Posted 21 August 2009 - 03:06 PM

RSA Sign-On Manager Client.msi/stream006\mobility.dll;C:\Documents and Settings\XPPRESP3\My Documents\Downloaded Installations\{7013D71D-9379-4231-B74D-694D07E0978E}\RSA Sign-On Man;Probably BACKDOOR.Trojan;;
stream006;C:\Documents and Settings\XPPRESP3\My Documents\Downloaded Installations\{7013D71D-9379-4231-B74D-694D07E0978E};Archive contains infected objects;;
RSA Sign-On Manager Client.msi;C:\Documents and Settings\XPPRESP3\My Documents\Downloaded Installations\{7013D71D-9379-4231-B74D-694D07E0978E};Archive contains infected objects;Moved.;
20VJQHCA.NQF;C:\Program Files\Eset\infected;BackDoor.IRC.Itan;Deleted.;
AAV0TBBA.NQF;C:\Program Files\Eset\infected;Trojan.Spambot.3480;Deleted.;
G54BXCDA.NQF;C:\Program Files\Eset\infected;DDoS.5649;Deleted.;
GV0LDYDA.NQF;C:\Program Files\Eset\infected;Trojan.Fakealert.4811;Deleted.;
K0BX2MDA.NQF;C:\Program Files\Eset\infected;Trojan.Siggen.2437;Deleted.;
LUAJC1AA.NQF;C:\Program Files\Eset\infected;BackDoor.BotSiggen.37;Deleted.;
NHUSXPAA.NQF;C:\Program Files\Eset\infected;DDoS.5649;Deleted.;
QVRXXDBA.NQF;C:\Program Files\Eset\infected;Trojan.Siggen.2437;Deleted.;
YRNCERDA.NQF;C:\Program Files\Eset\infected;BackDoor.IRC.Itan;Deleted.;
asterwin.exe;C:\Program Files\Utilities\Nirsoft;Tool.ShowPass;;
awatch.exe;C:\Program Files\Utilities\Nirsoft;Tool.ShowPass.5;;
ProduKey.exe;C:\Program Files\Utilities\Nirsoft;Tool.PassView.42;;
SniffPass.exe;C:\Program Files\Utilities\Nirsoft;Tool.Sniffer.2;;
strun.exe;C:\Program Files\Utilities\Nirsoft;Tool.StartupRun.122;;
gcdppgxd.exe.vir;C:\Qoobox\Quarantine\C;Win32.HLLW.Autoruner.6035;Deleted.;
wnzip32.exe.vir;C:\Qoobox\Quarantine\C\RECYCLER\S-1-5-21-9687768100-1660753643-749687913-1017;BackDoor.IRC.Sdbot.5093;Deleted.;
cooecp.tlb.vir;C:\Qoobox\Quarantine\C\WINDOWS\Fonts;Trojan.MulDrop.32578;Deleted.;
logcde.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\Fonts;Trojan.MulDrop.32578;Deleted.;
services.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\Fonts;Trojan.Click.26809;Deleted.;
windef.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\Fonts;Trojan.MulDrop.32578;Deleted.;
windef.Log.vir;C:\Qoobox\Quarantine\C\WINDOWS\Fonts;Trojan.MulDrop.32578;Deleted.;
winpaged.ocx.vir;C:\Qoobox\Quarantine\C\WINDOWS\Fonts;Trojan.MulDrop.32578;Deleted.;
Ipripv32.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Lasex.9;Deleted.;
Irmonv32.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Lasex.1;Deleted.;
msbeuymw.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mscdhnnh.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mscdps.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mscdqm.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mscdz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mscdzcx.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msced.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mscenly.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mscewnfo.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mscfefp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mscgczq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mscghkf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mscgyt.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mschr.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msciqxfc.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mscivi.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mscjae.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mscjknwg.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mscjwcia.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msckggp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mscklb.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msclisw.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msclkm.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msclokk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mscmtg.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mscmugmi.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mscnnmnz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mscoh.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mscoju.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mscou.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mscpqyiz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mscqb.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mscqlybs.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mscqvoi.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mscqw.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mscqzt.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mscrpmrw.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mscsol.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mscsor.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mscsvie.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msctb.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msctekf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mscuaszw.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mscujuk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mscunn.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mscuo.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mscvbd.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mscvrj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mscwcgug.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mscwj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mscwkje.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mscwmkj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mscwqy.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mscxkth.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mscxm.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mscybo.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mscylevg.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mscyzu.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msczs.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msczuj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msczvonn.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdaeg.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdaj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdakbp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdan.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdaqpb.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdatmx.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdatnwu.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdbij.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdcom.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdcsy.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdcvmu.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msddwkw.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdedr.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdefxbo.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdegiov.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdeki.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdekzfq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdeq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdeqhiv.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdficwe.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdfjk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdfseqx.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdfzua.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdgc.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdgclw.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdgz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdhl.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdhmepr.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdhmtfg.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdij.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdik.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdilun.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdjbwy.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdjdbh.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdjgptx.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdjlne.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdkipfw.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdkycb.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdlljp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdlne.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdmz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdndvc.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdnuom.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdock.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdoxkck.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdqcdc.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdritvi.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdry.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdsckj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdsuidp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdtbkpo.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdtntc.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdtt.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdttmrq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdtvnhj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdtvtlz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdun.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msduqly.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdvju.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdvkzrx.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdvq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdwfc.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdww.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdxb.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdxjv.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdxuic.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdylxqj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdymfgc.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdyvi.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdyxkoy.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msdznnv.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mseasbwh.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msebl.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msebldq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msebnaje.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msebq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msechnnu.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mseckpd.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msecmi.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msedj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mseduld.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msedzksv.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mseeij.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mseeocrs.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mseevyk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msefps.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msefz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msefzias.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msefzoxw.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msegmrb.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msegu.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msegxjdf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mseheyo.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msehhzwp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msehj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mseidp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msejabue.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msejbua.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msejfu.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msejmh.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msejrs.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msejtof.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msejvc.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msekf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msekpc.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msekple.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mseksbek.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msekul.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mselsola.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msemofao.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msemq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mseolf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mseopsr.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msepim.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msepjp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msepmdk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msepp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mseprbw.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mseqxctl.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mseqyklr.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msercqo.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mserk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mserni.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mserxvn.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mseshk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msetdm.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msetho.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msetixoy.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msetz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mseud.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mseugil.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mseuksbe.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mseultyb.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mseuxuqz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msevj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msevzed.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msewaley.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msewl.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msewmr.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msewo.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msexq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msexqg.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msexsd.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msexxv.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mseyhiaz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mseyw.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msezga.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msezumh.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msfahq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msfata.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msfbklw.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msfbkmss.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msfclpu.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msfcyxu.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msfdebk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msfdpk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msfdr.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msfdrd.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msfdzdoy.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msfeaq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msfed.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msfey.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msffh.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msfgi.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msfgpr.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msfimix.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msfixc.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msfkk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msfldovl.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msflzue.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msfmk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msfmx.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msfnjkp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msfnmtje.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msfnwoji.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msfocpv.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msfopf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msfopq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msfos.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msfosuzs.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msfqq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msfqrjtn.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msfqwgtm.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msfsmqp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msfsunl.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msfsxdlx.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msfteiqp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msftls.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msfuefaz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msfuvlqh.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msfvt.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msfvwwju.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msfwd.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msfwfc.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msfwp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msfwtu.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msfxd.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msfxktz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msfxnk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msfxoud.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msfyf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msfyor.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msfyzwcy.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msfzpl.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msfzsg.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msfztet.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msfzzs.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgaiekk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgbxlu.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgcbsm.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgccen.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgckhuo.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgdnjb.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgdrnz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgdxxon.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgefptj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgegizk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgfwow.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgfxgp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgfyquu.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgfzf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msggjhn.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msggrm.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msggylh.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msghjko.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msghk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msghros.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msghtzye.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgibcot.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgis.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgjhg.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgkrfng.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgkyhlu.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msglm.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msglq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgmecx.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgncxb.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgnfh.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgnlt.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgnnds.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgntz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgob.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgoy.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgozf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgozmjt.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgpr.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgqq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgraw.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgred.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgrhzw.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgsay.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgsdgy.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgsfa.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgtok.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgtqrm.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgtvot.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgubvbm.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msguikm.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgurs.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgvoore.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgvp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgvvtk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgwho.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgwj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgwo.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgwsedt.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgxcxkp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgxm.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgxskh.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgygk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgyq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgyqb.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgyrg.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgyrr.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgyrtm.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgytmzy.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgzh.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgzinbg.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgzlj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msgzp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshagjf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshagrw.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshbrs.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshbu.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshbvsd.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshecx.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshevsp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshezw.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshfanu.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshflcp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshfohv.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshgixuk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshgnuvi.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshgo.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshhequz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshhfoai.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshhgi.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshhiq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshhvhw.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshik.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshiypb.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshjhq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshjjra.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshjwvj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshkcdg.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshke.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshkpc.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshlcaa.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshli.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshmapz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshmayk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshmccnd.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshmghxy.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshnewr.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshnfpzn.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshnhlv.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshnqxq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshny.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshnyvn.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshnzjl.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshohmfy.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshos.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshoxe.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshpbr.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshpgkp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshphdv.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshplfxc.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshpxjh.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshrm.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshrxtte.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshrylzg.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshtn.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshtr.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshugrg.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshutet.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshuzyi.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshwlupz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshxklr.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshxq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshxz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshymhr.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshynq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshyou.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshyye.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshzoo.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshzsn.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mshzwll.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msibbiup.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msibeh.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msibixtr.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msibuz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msicoa.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msictl.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msida.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msidowhg.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msiegppg.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msiekgc.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msienmv.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msieqzp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msieu.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msiez.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msifhnfe.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msifjc.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msiflqe.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msigbt.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msigoo.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msihrpr.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msiiy.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msijcykf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msijhh.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msijhiu.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msijn.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msijnsey.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msikfn.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msilah.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msilnpf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msilx.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msilypyx.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msimsrsh.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msiniyig.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msinwdm.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msioxdb.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msipc.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msiph.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msipyh.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msiqoud.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msiqu.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msirl.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msirmfp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msirnxmi.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msisca.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msiskl.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msiskqc.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msissiut.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msitd.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msitdtrw.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msitesv.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msitf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msitluv.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msitpmt.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msittrat.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msiusvy.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msiuwbzv.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msiwnjh.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msiwp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msixc.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msixogad.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msiydab.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msiysj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msiyvx.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msizgi.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msizn.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msizyu.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjaat.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjad.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjahl.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjan.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjbazw.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjbe.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjbjyng.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjcs.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjcses.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjdr.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjeaek.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjefmg.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjewht.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjfeboi.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjfyfr.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjgbmjw.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjgdl.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjgut.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjgv.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjho.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjholxl.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjhrq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjhszqv.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjihjg.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjiqgd.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjjfri.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjjjuw.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjjn.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjkgjx.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjkhnq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjkix.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjkjw.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjlx.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjmd.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjmiv.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjmn.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjmrqnz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjnggo.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjnjqfj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjnpca.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjny.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjodo.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjonbu.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjotnad.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjoull.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjove.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjozgs.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjpnrm.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjprw.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjpsih.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjpua.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjqh.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjqjgig.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjrdg.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjsdu.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjspd.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjsx.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjsy.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjukoe.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjuvc.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjve.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjvg.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjvjl.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjvl.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjvtmkh.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjwdqbf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjwfe.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjxcwme.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjxmvkt.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjxsfsf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjxvu.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjyli.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjymm.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjzakhd.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjzhr.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msjzjpt.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskas.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskaymv.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskbljpg.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskda.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskddlx.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskdkt.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskdxj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskdyh.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskeaf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskejjzu.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskewjvk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskfmqnc.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskgam.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskgfctm.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskgiykl.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskgkn.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskhb.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskhcb.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskhf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskhfcao.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskia.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskiddi.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskjdbj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskjwz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskkd.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskkdx.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskkinam.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskljlzf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskluyj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msklva.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskmce.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskme.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskmf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskmnx.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskndrf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msknkpgr.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msknnefm.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskns.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msknxyd.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskoqwjc.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskphgea.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskphjpz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskqamf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskqidr.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskqjp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskqljx.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskqmfjk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskqxcq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskrgngb.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskrky.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskrmd.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskrvd.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskrzipa.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msksmx.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msksncgh.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskszfyk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msktgvv.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msktm.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskto.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msktvhg.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskukp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskvd.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskvs.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskwevxi.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskxj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskyao.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskyhdt.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskyq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskyw.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskzf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mskzgurh.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mslbiplt.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mslbp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mslcfmt.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mslcijvt.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mslcj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mslclxpd.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mslcwerk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msldegi.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mslemiv.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mslenaj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msleos.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mslepqfa.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mslgk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mslgxtag.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mslhflmx.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mslhgibx.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mslhxqz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mslie.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mslio.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mslipajv.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msljkap.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msljzc.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msllaor.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msllc.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mslldin.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mslll.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msllptlf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msllvmc.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msllz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mslmhmtf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mslmj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mslmon.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mslmxlwj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mslnvx.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mslohfn.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mslovjvn.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mslpfvqk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mslpvvp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mslpxk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mslrbsoy.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mslrro.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mslsbgbv.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mslsit.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mslsitpw.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mslskp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mslsn.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msltaae.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msltcxxv.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msltf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msltpj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msluar.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mslutgj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msluw.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mslvqdrb.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mslvspd.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mslxl.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mslxo.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mslyjl.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mslytabk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mslyzvm.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mslzaix.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mslzaz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mslzhvs.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mslzt.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mslzuvg.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmabc.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmactd.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmaebh.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmakn.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmavo.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmbdvp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmbeych.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmbrsa.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmbu.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmcndqc.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmcp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmcy.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmdclcp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmdfv.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmdi.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmdouq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmed.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmeysr.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmfd.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmfidg.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmfmu.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmfs.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmfwby.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmgmw.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmgos.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmgvaoa.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmhp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmifh.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmihi.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmimy.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmio.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmiqtah.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmis.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmkmlzj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmkp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmkrmgp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmlj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmlpi.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmmhjmd.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmmjdc.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmncmj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmnep.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmobim.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmovca.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmoyyuy.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmqg.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmqjgln.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmqogr.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmqz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmrgxq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmrv.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmtc.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmtta.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmuhxfk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmuwb.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmux.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmuxnxk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmvh.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmvj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmwby.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmwfhso.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmynfo.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmyoevd.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmzara.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmzfb.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmzg.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmzn.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msmzvob.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msnarlq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msnawuou.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msnbftqz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msnbsur.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msncecwg.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msncfvv.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msnday.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msndfsw.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msnewr.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msnfo.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msnfqnmv.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msnfrz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msnfs.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msngko.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msngnpm.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msngnxx.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msnhaq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msnhlnb.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msnidy.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msniimfg.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msnip.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msnjj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msnjrto.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msnjxrdq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msnkb.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msnkj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msnkmjy.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msnlaux.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msnlj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msnlys.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msnmc.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msnmi.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msnnr.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msnoa.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msnocea.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msnowqo.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msnpg.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msnpk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msnqcluf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msnqyq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msnraif.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msnrbg.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msnrr.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msnryp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msnse.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msntekmk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msntm.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msntmp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msnuaz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msnuezh.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msnvuqew.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msnwig.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msnwj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msnww.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msnxfat.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msnxfo.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msnxmljh.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msnxo.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msnyjvjj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msnyzjf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msnzm.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msnzob.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msnzwhxv.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msoakfoc.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msoba.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msobiw.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msobjtlu.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msobmukq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msobzyd.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msoccb.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msocn.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msocv.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msocxxm.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msoda.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msoelxu.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msoenrn.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msoerihk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msofml.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msofpwj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msogyi.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msohfjw.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msohmof.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msohomb.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msohu.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msohx.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msohzjeo.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msoisuk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msojit.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msojiv.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msojizo.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msokal.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msokfg.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msokn.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msokuxbl.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msolvbyp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msomd.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msomvs.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msonjprk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msonnq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msoofy.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msoox.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msopd.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msopgjjj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msoqogy.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msormi.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msorsx.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msory.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msouxzo.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msove.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msovjpf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msowgmv.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msoxfxxb.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msoxmim.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msoyynf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msozgbhe.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msozh.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msozjfbb.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspaopa.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspazdqx.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspbq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspcklvr.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspcmmab.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspctys.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspdlih.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspdoqf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspdq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspdstvw.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspecbvn.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspek.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspepf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspfikf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspfk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspgqty.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspgvyx.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msphfmwn.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspifu.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspiip.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspinh.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspixs.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspjnv.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspjucq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspjy.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspjzcut.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspkolaz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspliol.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspllb.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspmhny.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspmwjyd.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspna.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspnbh.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspntchu.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspnzmgd.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspod.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msponfo.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msppevc.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msppueza.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msppwhoq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspqbey.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspqjhao.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspqx.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msprb.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msprei.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msprmard.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspsixmu.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspsptl.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspswrie.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspth.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspttzkc.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspui.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspunzr.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspuoxu.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspves.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspvwro.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspvy.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspwd.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspxclcb.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspxxwa.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspxz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspyrsr.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspyth.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspyvqgw.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspyxbs.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mspzdc.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqan.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqaolc.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqaq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqbl.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqbr.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqbuf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqcdnx.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqcke.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqdia.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqdmpri.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqds.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqepxf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqevw.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqew.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqezv.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqfa.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqfc.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqflsz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqgldd.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqgvu.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqgz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqhad.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqizzu.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqjdp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqkh.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqkjv.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqkjxjn.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqkp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqkrm.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqlf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqlfjyu.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqnc.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqoww.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqpdayp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqpjici.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqqcf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqqdss.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqqmjrj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqqrf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqqy.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqrdcj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqrdplp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqrgne.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqrwdt.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqsqywr.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqsssop.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqtles.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqudk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msquedu.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqueeqy.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqugu.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msquh.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msquolh.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqvj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqvrplj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqvt.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqvuv.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqwj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqwmn.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqwqa.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqwshf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqwuxtr.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqxlnk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqxlvro.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqxpo.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqygslt.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqyhm.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqymby.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqyyoi.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqyzx.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqzn.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msqzx.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msracq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msrbgi.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msrbl.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msrbwj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msrcjwr.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msrcn.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msresry.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msrfeggp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msrfky.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msrfwvf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msrgv.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msrgw.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msrgxk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msrib.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msrie.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msriw.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msrjk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msrjl.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msrjq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msrkf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msrkiuqp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msrlfx.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msrlyogy.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msrlzi.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msrmnrg.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msrmylk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msrnm.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msroh.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msronr.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msrpyc.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msrqrth.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msrqwxb.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msrri.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msrrlne.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msrrtccy.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msrsc.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msrtaga.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msrtas.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msrtn.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msrtrukj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msrtwf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msruwba.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msrvdfur.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msrvhlr.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msrvjv.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msrvpuz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msrwlhg.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msrxenh.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msrxrs.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msrxxpj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msrxz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msryn.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msrzku.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msrzpwyp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msrzzqk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mssac.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mssae.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mssajkkp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mssbdiuv.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mssbex.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mssbey.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mssbljp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mssch.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msscqyr.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mssctwb.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mssdew.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mssev.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mssffkwn.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mssfts.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mssftxc.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mssfzk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msshe.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msshhvok.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msshiovn.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msshlbt.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msshpe.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mssia.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mssif.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mssiqghf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mssjlds.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mssjnmi.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mssjwzuk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msslbfhd.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mssls.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mssmtba.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mssmvpz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mssnsxa.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mssnt.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mssnz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mssogqk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mssoly.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msspnsi.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mssppzp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mssqan.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mssqkb.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mssql.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mssru.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mssst.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msstkwk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msstodmj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mssui.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mssuoblc.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mssuxk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mssuyxmn.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mssvjsr.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msswax.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msswd.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msswikm.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msswjo.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msswlo.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msswow.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msswxfuq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msswxl.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mssxggnj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mssxs.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mssxv.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mssyi.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msszxmi.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstax.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstaz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstbhew.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstblxht.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstbq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstbxoqf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstcd.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstcgwuq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstdf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstedbl.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstek.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstesum.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstesxl.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstfngw.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstfs.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstfwwe.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstgf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstggjtr.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msthnc.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstib.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstiohj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstiwz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstjkxw.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstjuyw.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstjys.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstkl.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstkpdx.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstktom.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstkym.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstlqh.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstltsn.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstmzbe.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstnmsc.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstnpg.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstou.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstoz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstpfv.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstprdmm.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstqfs.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstqp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstqykev.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstrmzri.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstrn.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstsayf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstsehls.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstslzfj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstsyht.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msttrkiy.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstuaed.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstuiyyc.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstuojr.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstuuv.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstuyl.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstvgm.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstvnhiz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstvsly.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstvss.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstvsxo.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstvyc.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstwo.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstxdvrs.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstxe.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstxefam.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstydco.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstyk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstyoa.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstyvw.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstzaf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstzaxn.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstzcstz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstzdy.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstzgcru.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstznp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mstzzjf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msuape.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msubatxr.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msubzzyq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msucdtnn.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msucr.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msucx.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msudg.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msudo.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msueff.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msuemfl.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msuenes.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msueqyv.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msuexegq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msufilqo.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msufss.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msugayqs.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msugcj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msugdh.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msugsyuj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msuhklt.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msuhqjis.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msuhqpnd.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msuhrm.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msuhrmed.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msuifhqx.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msuik.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msuivpb.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msuixp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msujeexz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msukam.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msukdwvj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msukfrr.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msukpro.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msulm.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msulssxs.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msulujqa.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msummj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msumntwl.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msumtjf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msunfiqh.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msunhj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msunhpzk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msunind.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msunmsj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msuoft.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msupryw.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msuqm.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msurf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msurme.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msusc.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msush.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msutdti.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msuuecif.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msuuqrh.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msuuropd.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msuusb.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msuutura.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msuuxul.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msuvd.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msuvjs.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msuvn.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msuvpcz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msuwr.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msuycrvr.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msuyij.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msuzg.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msuzjgvw.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msuzl.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msuzndp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msuztbdb.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvade.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvaqq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvautt.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvbcjz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvbfj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvbz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvcsdy.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvdfpr.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvebgii.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msveiofx.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvewyxh.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvezdd.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvfsxb.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvgyltp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvhhhhs.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvhjlhv.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msviae.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvib.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msviecx.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvijfwn.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvimey.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msviz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvjxnto.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvkl.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvktwp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvkwrod.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvkxp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvlgvnr.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvlhejk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvlptm.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvlqwy.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvmbbj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvmdm.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvmf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvmk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvmz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvncdut.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvnfmp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvnxe.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvnz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvoyqw.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvoznf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvpbvu.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvpi.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvpzt.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvqbo.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvqg.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvqilm.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvro.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvsbp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvsli.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvsnms.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvsrt.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvsvvu.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvtmp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvtp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvuwwoe.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvuysf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvvgw.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvvmg.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvvo.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvwnni.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvwxazi.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvwzq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvxdrd.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvxutd.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvxwa.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvynmb.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvzf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvzgkmf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msvzsir.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswagwsd.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswakg.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswapgu.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswav.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswbbfh.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswbkry.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswbtr.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswcehw.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswcipw.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswcn.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswdcl.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswdgr.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswdz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msweqyfl.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswgyrq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswha.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswhca.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswhdj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswheqo.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswhn.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswiasv.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswinsrl.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswiu.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswjeq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswjnbu.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswkfd.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswkql.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswku.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswlbjqy.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswlhv.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswlxs.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswnbg.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswnmunv.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswobs.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswoedb.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswokz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswosh.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswoz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswpetso.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswpusla.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswpzdz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswqtyx.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswrf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswrzub.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswtd.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswtfsd.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswtiw.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswtkgcm.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswtla.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswtlf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswuzkf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswvp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswwm.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswxan.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswxfhii.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswyeugn.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswyrxim.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswyva.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswzfs.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswzif.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswzvi.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mswzxvvh.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxaytc.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxdnioq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxdtzik.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxdxb.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxeiqk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxelwzt.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxes.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxfbh.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxgh.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxha.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxhm.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxier.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxiq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxjvb.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxkjaur.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxkwkwk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxldg.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxlzlnw.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxmr.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxmvy.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxnf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxnh.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxnjeu.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxnpfy.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxoe.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxofel.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxoq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxpbuow.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxpzq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxpzqs.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxqnk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxqogew.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxqxkz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxrk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxrulbe.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxshhw.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxsqav.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxsvk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxsx.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxtim.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxtzc.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxtzmn.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxue.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxvinw.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxwhk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxwhxpf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxwndz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxwtmmm.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxyj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxyt.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxyxlng.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxzbs.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxzcjh.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxzcm.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxzm.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxzpbq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msxzws.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msyanu.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msybf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msybfj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msybiwlo.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msydetwh.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msydk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msydx.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msyej.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msyemce.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msyfcugh.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msyfmna.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msyfpjl.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msyfwaey.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msygj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msygstgf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msygucf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msyhn.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msyie.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msyipor.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msyje.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msyjidlg.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msyjv.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msyknilm.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msykuxp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msykye.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msylfe.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msyll.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msylu.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msymcrwa.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msymkq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msynvb.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msyoai.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msyopbi.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msyoplbf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msyosus.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msyovlhs.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msyqf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msyqkbxt.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msyrdk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msyrl.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msyruiem.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msyrwo.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msysvc.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msyswpj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msysyo.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msytf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msytgp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msyuc.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msyuhke.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msyuoce.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msywpwn.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msyxowb.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msyxsgbq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msyxskn.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msyxtx.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msyzds.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msyzfj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msyzfzzw.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msyzms.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszbaub.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszbld.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszbnq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszbqbvh.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszccx.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszcf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszchrt.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszcw.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszcz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszdie.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszdvupb.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszetdv.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszfar.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszffktk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszfk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszfr.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszfs.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszfx.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszgb.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszgbni.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszghdra.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszghe.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszgr.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszhbl.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszhil.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszhssph.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszhtt.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszij.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msziqlzm.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msziyfq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszjf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszjhp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszjjmvq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszjrqwx.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszkfq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszkmuye.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszlavk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszlcaom.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszlf.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszlwogs.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszmdho.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszmm.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszmsy.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszmuawb.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszmv.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszmwbn.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msznaphv.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msznuuz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msznvq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msznxj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszny.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszoy.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszpbs.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszpcusx.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszpgjs.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszqfkp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszqmh.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszqsc.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszqu.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszrfz.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszrqnm.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszrv.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszseqb.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszsowt.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msztdoq.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msztezu.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msztpe.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msztufgd.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msztwl.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
msztzkw.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszvwv.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszwj.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszwoub.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszyfus.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszyuy.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszyyzv.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszzghn.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszzreyy.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszztp.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszzw.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszzwgd.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
mszzyv.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.32578;Deleted.;
netcard.sys.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Siggen.3290;Deleted.;
vhosts.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.MulDrop.8347;Deleted.;
70d53020.sys.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers;Trojan.Spambot.4489;;
Beep.SYS.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers;Trojan.Spambot.4489;;
glaide32.sys.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers;Trojan.Spambot.4489;;
A0002037.exe;C:\System Volume Information\_restore{39B8F2F2-FD39-43F0-AB7D-3F3BCF3D33AE}\RP2;BackDoor.IRC.Bot.122;Deleted.;
A0002048.SYS;C:\System Volume Information\_restore{39B8F2F2-FD39-43F0-AB7D-3F3BCF3D33AE}\RP2;Trojan.Spambot.4489;;
MC13.exe;C:\WINDOWS\system32;Trojan.Swizzor.based;Deleted.;
msxm192z.dll.7626265;C:\WINDOWS\system32;Trojan.DownLoader.origin;Incurable.Moved.;
NWCWov32.dll;C:\WINDOWS\system32;Trojan.Lasex.9;Deleted.;
Nwsapv32.dll;C:\WINDOWS\system32;Trojan.Lasex.9;Deleted.;
pskill.exe;C:\WINDOWS\system32;Tool.Prockill;;
WmdmPv32.dll;C:\WINDOWS\system32;Trojan.Lasex.9;Deleted.;
Beep.SYS;C:\WINDOWS\system32\drivers;Trojan.Spambot.4489;;
null.sys;C:\WINDOWS\system32\drivers;Trojan.Spambot.4489;;
A0119565.EXE/Microsoft Office XP Pack for Tablet PC.msi/stream004\Help.vbs;D:\System Volume Information\_restore{08454E63-F8D1-4646-95D2-4ABDF032C5BF}\RP206\A0119565.EXE/Microsoft Office XP Pack for Tab;Probably SCRIPT.Virus;;
stream004;D:\System Volume Information\_restore{08454E63-F8D1-4646-95D2-4ABDF032C5BF}\RP206;Archive contains infected objects;;
Microsoft Office XP Pack for Tablet PC.msi;D:\System Volume Information\_restore{08454E63-F8D1-4646-95D2-4ABDF032C5BF}\RP206;Archive contains infected objects;;
A0119565.EXE;D:\System Volume Information\_restore{08454E63-F8D1-4646-95D2-4ABDF032C5BF}\RP206;Archive contains infected objects;Moved.;
J.R.MediaCenter130166.exe\System/Always Overwrite/Media Core Launcher.exe;I:\utorrent downloads\J. River Media Center v13.0.166 + Patch [RH]\JRMC.13.0.166_[RH]\J. River Media Center v13.0.166\J.R.Media;Trojan.Swizzor.based;;
J.R.MediaCenter130166.exe;I:\utorrent downloads\J. River Media Center v13.0.166 + Patch [RH]\JRMC.13.0.166_[RH]\J. River Media Center v13.0.166;Archive contains infected objects;Moved.;

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:27 PM

Posted 22 August 2009 - 10:32 AM

Now we're getting somewhere.


Please update Malwarebytes and run a full scan.
  • Open Malwarebytes and select the Update tab.
  • Click on the Check for Updates button and allow the program to download the latest updates.
  • Once you have the latest updates, select the Scanner tab.
  • Select "Perform full scan" and click the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


After the malwarebytes scan complete, please reboot your computer and then run Combofix and post the resulting log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 maged918

maged918
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:27 PM

Posted 22 August 2009 - 01:38 PM

MBAM is refusing to run.. Giving me the same 2 errors it gave me before.

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:27 PM

Posted 22 August 2009 - 05:16 PM

Ok, go ahead and just run Combofix again and post that log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 maged918

maged918
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:27 PM

Posted 23 August 2009 - 05:44 AM

ComboFix 09-08-18.04 - XPPRESP3 23/08/2009 3:31.3.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.511.205 [GMT 2:00]
Running from: c:\documents and settings\XPPRESP3\Desktop\Combo-Fix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\beep.sys

c:\windows\system32\drivers\beep.sys . . . is infected!!


.
((((((((((((((((((((((((( Files Created from 2009-07-23 to 2009-08-23 )))))))))))))))))))))))))))))))
.

2009-08-22 13:22 . 2009-08-22 13:30 -------- d-----w- c:\documents and settings\XPPRESP3\Local Settings\Application Data\Temp
2009-08-20 16:56 . 2009-08-20 20:40 -------- d-----w- c:\documents and settings\XPPRESP3\DoctorWeb
2009-08-16 18:56 . 2009-08-16 18:56 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-15 11:14 . 2009-08-15 11:16 -------- d-----w- c:\program files\trend micro
2009-08-15 11:14 . 2009-08-15 11:16 -------- d-----w- C:\rsit
2009-08-13 13:55 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-13 13:55 . 2009-08-13 13:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-13 13:55 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-12 19:49 . 2009-08-12 19:49 -------- d-----w- c:\program files\Search Guard Plus
2009-08-11 13:21 . 2009-08-11 13:21 -------- d-----w- c:\program files\Sophos
2009-08-06 13:55 . 2009-08-23 01:47 117760 ----a-w- c:\documents and settings\XPPRESP3\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-06 13:54 . 2009-08-06 13:54 -------- d-----w- c:\documents and settings\XPPRESP3\Application Data\SUPERAntiSpyware.com
2009-08-06 11:20 . 2009-08-09 09:40 117760 ----a-w- c:\documents and settings\Administrator.WW\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-06 11:18 . 2009-08-06 11:18 -------- d-----w- c:\documents and settings\Administrator.WW\Application Data\SUPERAntiSpyware.com
2009-08-05 19:22 . 2009-08-05 19:43 -------- d-s---w- c:\documents and settings\Administrator.WW\Local Settings\Application Data\Microsoft
2009-08-05 19:22 . 2009-08-14 18:30 -------- d-----w- c:\documents and settings\Administrator.WW
2009-08-05 18:57 . 2009-08-05 18:57 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-08-05 18:49 . 2009-08-06 11:07 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-02 23:52 . 2009-08-02 23:52 -------- d-----w- c:\documents and settings\XPPRESP3\Application Data\AOL_Janes_Realty
2009-07-31 13:33 . 1998-09-02 08:28 38160 ----a-w- c:\windows\system32\LMRTREND.dll
2009-07-31 13:33 . 1998-08-27 04:51 182032 ----a-w- c:\windows\system32\dxtmsft3.dll
2009-07-31 13:33 . 1998-09-02 08:28 63488 ----a-w- c:\windows\system32\unam4ie.exe
2009-07-31 13:33 . 1998-08-17 09:21 10240 ----a-w- c:\windows\system32\vidx16.dll
2009-07-31 13:33 . 1998-08-17 09:21 11776 ----a-w- c:\windows\system32\mciqtz.drv
2009-07-31 13:33 . 1998-09-02 08:02 194320 ----a-w- c:\windows\system32\qcut.dll
2009-07-31 12:35 . 1999-08-04 09:00 1093632 ----a-w- c:\windows\system32\MGIIpl2PX.dll
2009-07-31 12:35 . 1999-08-04 09:00 522752 ----a-w- c:\windows\system32\DC120fc7_32.dll
2009-07-31 12:35 . 1999-08-04 09:00 212480 ----a-w- c:\windows\system32\PCDLIB32.DLL
2009-07-31 12:35 . 1999-08-04 09:00 122880 ----a-w- c:\windows\system32\EnrouteStitch.dll
2009-07-31 12:35 . 2009-07-31 12:35 -------- d-----w- c:\program files\Common Files\MGI Shared
2009-07-31 12:34 . 2009-07-31 12:34 -------- d-----w- c:\program files\Intel
2009-07-31 12:32 . 1994-10-06 16:20 27136 ----a-w- c:\windows\system32\WAVMIX16.DLL
2009-07-27 17:10 . 2009-07-27 17:10 -------- d-----w- c:\documents and settings\XPPRESP3\Application Data\IronCode

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-23 01:50 . 2004-08-04 14:00 102220 ----a-w- c:\windows\system32\drivers\Null.SYS
2009-08-23 01:47 . 2008-04-05 19:07 -------- d-----w- c:\documents and settings\XPPRESP3\Application Data\Skype
2009-08-23 01:46 . 2008-04-05 19:11 -------- d-----w- c:\documents and settings\XPPRESP3\Application Data\skypePM
2009-08-23 01:43 . 2008-08-17 00:37 24 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-0000000B-00001102-00000002-80651102}.dat
2009-08-23 01:43 . 2008-08-17 00:37 24 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-0000000B-00001102-00000002-80651102}.dat
2009-08-22 12:25 . 2008-11-26 20:39 -------- d-----w- c:\documents and settings\XPPRESP3\Application Data\HPAppData
2009-08-22 11:36 . 2008-08-13 21:24 -------- d-----w- c:\documents and settings\XPPRESP3\Application Data\uTorrent
2009-08-12 12:21 . 2009-01-16 20:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-08-09 01:18 . 2008-04-05 18:27 44352 ----a-w- c:\documents and settings\XPPRESP3\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-06 11:17 . 2009-08-06 11:17 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-05 19:40 . 2009-08-05 19:40 0 ----a-w- c:\windows\nsreg.dat
2009-08-02 23:41 . 2009-05-25 14:34 -------- d-----w- c:\program files\AOL Games
2009-07-31 12:33 . 2008-08-14 17:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-23 22:13 . 2008-08-13 22:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-07-19 18:56 . 2009-07-19 18:56 -------- d-----w- c:\documents and settings\XPPRESP3\Application Data\Graphisoft
2009-07-19 18:16 . 2008-09-07 03:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-18 00:20 . 2008-08-13 21:01 -------- d-----w- c:\documents and settings\XPPRESP3\Application Data\J River
2009-07-16 20:49 . 2009-07-16 20:47 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-16 20:48 . 2009-07-16 20:48 -------- d-----w- c:\program files\iPod
2009-07-16 20:48 . 2009-01-16 20:09 -------- d-----w- c:\program files\Common Files\Apple
2009-07-16 20:44 . 2008-08-17 00:31 -------- d-----w- c:\program files\Bonjour
2009-07-16 20:43 . 2009-07-16 20:42 -------- d-----w- c:\program files\QuickTime
2009-07-13 06:52 . 2008-09-07 03:08 -------- d-----w- c:\program files\NOS
2009-07-09 09:16 . 2009-07-16 20:40 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-07-09 09:16 . 2009-01-16 20:10 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-07-07 19:29 . 2009-07-07 19:29 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-07-07 19:29 . 2009-07-07 19:29 -------- d-----w- c:\documents and settings\XPPRESP3\Application Data\TuneUp Software
2009-07-07 19:28 . 2009-07-07 19:28 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-07-07 19:28 . 2009-07-07 19:28 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-07-05 17:49 . 2009-07-05 17:18 -------- d-----w- c:\documents and settings\XPPRESP3\Application Data\LimeWire
2009-07-05 17:19 . 2009-07-05 17:19 499712 ----a-w- c:\documents and settings\XPPRESP3\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
2009-07-05 17:19 . 2009-07-05 17:19 348160 ----a-w- c:\documents and settings\XPPRESP3\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
2009-07-05 17:19 . 2009-07-05 17:19 102400 ----a-w- c:\documents and settings\XPPRESP3\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
2009-07-05 17:19 . 2009-07-05 17:19 73728 ----a-w- c:\documents and settings\XPPRESP3\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
2009-07-05 17:19 . 2009-07-05 17:18 8462336 ----a-w- c:\documents and settings\XPPRESP3\Application Data\LimeWire\browser\xulrunner\xul.dll
2009-06-04 07:40 . 2009-06-04 07:40 4096 ----a-w- c:\windows\d3dx.dat
.

------- Sigcheck -------

[-] 2007-08-08 16:28 360704 A11391BE25035570AE4B8970920F2C74 c:\windows\system32\drivers\tcpip.sys

[-] 2007-08-29 14:33 2321792 37B69E310D2EF2CDEF0A3207F7619CD7 c:\windows\system32\ntoskrnl.exe

[-] 2007-08-08 16:40 950784 396ACC64ECEC61D7B2F8B53151B37028 c:\windows\explorer.exe


[-] 2007-08-08 16:39 801792 F182079054D242025C2AEEF56396D37A c:\windows\system32\comres.dll


[-] 2009-08-23 01:53 102220 384E8FF8B6EF2ACF5A7179EA4A82FD01 c:\windows\system32\drivers\Null.SYS


[-] 2007-08-08 16:35 1580544 51C79052676267956DA3BEABADE3B328 c:\windows\system32\sfcfiles.dll

c:\windows\system32\wuauclt.exe ... is missing !!
c:\windows\system32\drivers\beep.sys ... is missing !!
c:\windows\system32\wscntfy.exe ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot@2009-08-18_20.01.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-23 01:45 . 2009-08-23 01:45 16384 c:\windows\Temp\Perflib_Perfdata_328.dat
+ 2009-08-21 21:29 . 2009-08-21 21:29 16384 c:\windows\Temp\Perflib_Perfdata_128.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-07-23 21738792]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"SUPERAntiSpyware"="c:\documents and settings\Administrator.WW\My Documents\Downloads\SUPERAntiSpywarePro\SUPERAntiSpyware.exe" [2009-07-28 1830128]
"Google Update"="c:\documents and settings\XPPRESP3\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-08-22 133104]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2007-08-08 124928]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UpdReg"=c:\windows\UpdReg.EXE
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe"
"PWRISOVM.EXE"=e:\program files\PowerISO\PWRISOVM.EXE
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"eTCertManger"=c:\windows\system32\eTCrtMng.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"e:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Program Files\\J River\\Media Center 13\\Media Center 13.exe"=
"c:\\Documents and Settings\\XPPRESP3\\Desktop\\maha\\new\\ArchiCAD.exe"=
"c:\\Documents and Settings\\XPPRESP3\\Desktop\\Maged\\Programs\\utorrent-1.6.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21952:TCP"= 21952:TCP:utorrent

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [05/04/2008 20:22 15424]
R1 SASDIFSV;SASDIFSV;c:\documents and settings\Administrator.WW\My Documents\Downloads\SUPERAntiSpywarePro\sasdifsv.sys [28/07/2009 09:53 9968]
R1 SASKUTIL;SASKUTIL;c:\documents and settings\Administrator.WW\My Documents\Downloads\SUPERAntiSpywarePro\SASKUTIL.SYS [28/07/2009 09:53 72944]
R3 AKSUP;AKSUP;c:\windows\system32\drivers\aksup.sys [22/11/2008 13:35 34406]
R3 SASENUM;SASENUM;c:\documents and settings\Administrator.WW\My Documents\Downloads\SUPERAntiSpywarePro\SASENUM.SYS [28/07/2009 09:53 7408]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [09/03/2009 22:43 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [09/03/2009 22:43 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [09/03/2009 22:43 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [09/03/2009 22:43 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [09/03/2009 22:43 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [09/03/2009 22:43 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [09/03/2009 22:43 117672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WudfServiceGroup REG_SZ hex(7):57,00,55,00,44,00,46,00,53,00,76,00,63,00,00,00,00,00
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1454471165-839522115-1001Core.job
- c:\documents and settings\XPPRESP3\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-22 13:22]

2009-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1454471165-839522115-1001UA.job
- c:\documents and settings\XPPRESP3\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-22 13:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.orbitdownloader.com
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\XPPRESP3\Start Menu\Programs\IMVU\Run IMVU.lnk
LSP: c:\windows\system32\imon.dll
Trusted Zone: aol.com\free
TCP: {452266EC-0696-4750-B841-A04387602757} = 163.121.128.134,163.121.128.135
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF - ProfilePath - c:\documents and settings\XPPRESP3\Application Data\Mozilla\Firefox\Profiles\2moj8l1y.default\
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\XPPRESP3\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: e:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: e:\program files\Mozilla Firefox\plugins\npmusicn.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
e:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
e:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
e:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-23 03:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WudfPf]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WudfRd]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WudfPf]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WudfRd]
"ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Null]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\xml.xml\clsid]
@DACL=(02 0000)
@="{500BCA15-57A7-4eaf-8143-8C619470B13D}"

[HKEY_LOCAL_MACHINE\software\Classes\xml.xml\curver]
@DACL=(02 0000)
@="XML.XML.1"

[HKEY_LOCAL_MACHINE\software\Classes\xml.xml.1\clsid]
@DACL=(02 0000)
@="{500BCA15-57A7-4eaf-8143-8C619470B13D}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1080)
c:\windows\system32\cscui.dll

- - - - - - - > 'explorer.exe'(1988)
c:\windows\System32\cscui.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\msi.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\scardsvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\system32\eTSrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Eset\nod32krn.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
.
**************************************************************************
.
Completion time: 2009-08-23 3:55 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-23 01:55
ComboFix2.txt 2009-08-19 22:39
ComboFix3.txt 2009-08-18 20:09

Pre-Run: 1,271,222,272 bytes free
Post-Run: 1,278,574,592 bytes free

328




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users