Need help - Trojan\Malware problem!!!

[SuperDave]

Re-running ComboFix to remove infections:

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Open notepad and copy/paste the text in the quotebox below into it:
  

  KillAll::
  RenV::
  c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
  c:\program files\AVG\AVG9\avgtray .exe
  c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
  c:\program files\Common Files\Java\Java Update\jusched .exe
  c:\program files\COMPAQ\Coloreal\coloreal .exe
  c:\program files\COMPAQ\Easy Access Button Support\StartEAK .exe
  c:\program files\IObit\Advanced SystemCare 3\AWC .exe
  c:\program files\Messenger\msmsgs .exe
  c:\program files\Microsoft Works\WkDetect .exe
  c:\program files\QuickTime\qttask             .exe
  c:\program files\Skype\Phone\Skype .exe
  c:\program files\Windows Live\Messenger\msnmsgr .exe
  c:\windows\system32\rundll32 .exe
  
  
• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.

**********************************************

[Freddex]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4749

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

10/5/2010 8:21:09 PM
mbam-log-2010-10-05 (20-21-09).txt

Scan type: Quick scan
Objects scanned: 169495
Time elapsed: 24 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{257715e4-3f57-82f0-2a8f-9f44ff99ee07} (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\program files\microsoft\desktoplayer.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe,c:\program files\avg\avg9\identity protection\agent\bin\avgidsagentsrv.exe) Good: (userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\sey administrator\Desktop\SecurityCheckSrv.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\IEXPLORESrv.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\firefoxSrv.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
C:\WINDOWS\explorerSrv.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
C:\Program Files\Microsoft\desktoplayer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\sey administrator\Application Data\Ziikuh\xoahk.exe (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully.

[Freddex]

ComboFix 10-10-05.01 - sey administrator 10/05/2010  20:40:49.6.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.510.95 [GMT -4:00]
Running from: c:\documents and settings\sey administrator\Desktop\Commy.exe
Command switches used :: c:\documents and settings\sey administrator\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\sey administrator\Application Data\Lumy
c:\documents and settings\sey administrator\Application Data\Lumy\yssy.oqs
c:\documents and settings\sey administrator\Application Data\Lumy\yssy.tmp
c:\program files\Internet Explorer\complete.dat
c:\program files\Internet Explorer\dmlconf.dat
c:\program files\Microsoft\DesktopLayer.exe
c:\windows\ExplorerSrv.exe

.
(((((((((((((((((((((((((   Files Created from 2010-09-06 to 2010-10-06  )))))))))))))))))))))))))))))))
.

2010-10-06 02:06 . 2010-10-06 02:06   41984   ----a-w-   c:\windows\system32\rundll32Srv.exe
2010-10-02 15:15 . 2010-10-05 21:43   --------   d-----w-   c:\documents and settings\sey administrator\Application Data\skypePM
2010-10-02 04:07 . 2010-10-02 04:07   56   ---ha-w-   c:\windows\system32\ezsidmv.dat
2010-10-02 04:06 . 2010-10-02 04:07   --------   d-----w-   c:\documents and settings\Freddex\Application Data\skypePM
2010-10-02 04:04 . 2010-10-02 04:04   --------   d-----w-   c:\program files\Common Files\Skype
2010-10-02 04:04 . 2010-10-02 04:04   --------   d-----w-   c:\documents and settings\All Users\Application Data\Skype
2010-10-01 01:52 . 2010-10-01 02:23   --------   d-----w-   C:\Commy10898C
2010-09-29 22:11 . 2010-09-29 22:11   388096   ----a-r-   c:\documents and settings\sey administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-29 04:28 . 2010-09-29 05:01   --------   d-----w-   C:\Commy2756C
2010-09-29 04:26 . 2010-09-29 04:54   229376   ----a-w-   c:\documents and settings\sey administrator\Application Data\Fako\anuq.exe
2010-09-29 04:26 . 2010-09-29 04:26   --------   d-----w-   c:\documents and settings\sey administrator\Application Data\Fako
2010-09-29 04:26 . 2010-10-03 16:06   --------   d-----w-   c:\program files\temp
2010-09-29 02:20 . 2010-09-29 02:20   --------   d--h--w-   c:\windows\PIF
2010-09-27 02:42 . 2010-09-27 03:23   --------   d-----w-   C:\Commy9393C
2010-09-26 00:31 . 2010-09-26 00:32   --------   d-----w-   c:\program files\7-Zip
2010-09-25 23:54 . 2010-09-26 00:09   --------   d-----w-   C:\RootRepeal
2010-09-25 22:36 . 2010-09-25 23:32   --------   d-----w-   C:\Commy18057C
2010-09-25 16:09 . 2010-09-25 16:09   --------   d-----w-   c:\documents and settings\sey administrator\Application Data\Ashampoo
2010-09-25 16:07 . 2010-09-25 16:07   --------   d-----w-   c:\documents and settings\sey administrator\Local Settings\Application Data\ashampoo
2010-09-25 16:07 . 2010-09-25 16:07   --------   d-----w-   c:\documents and settings\All Users\Application Data\ashampoo
2010-09-25 16:07 . 2010-09-25 16:07   --------   d-----w-   c:\program files\Ashampoo
2010-09-21 04:26 . 2010-09-21 05:11   --------   d-----w-   C:\Commy
2010-09-18 06:16 . 2010-09-18 06:16   --------   d-----w-   c:\documents and settings\sey administrator\Application Data\AVG9
2010-09-16 17:03 . 2010-09-16 17:04   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-09-16 05:52 . 2010-09-16 05:52   --------   d-----w-   c:\program files\Trend Micro
2010-09-16 04:44 . 2010-07-17 09:00   423656   ----a-w-   c:\windows\system32\deployJava1.dll
2010-09-15 18:04 . 2010-09-15 18:04   --------   d-----w-   c:\documents and settings\sey administrator\Application Data\Malwarebytes
2010-09-15 18:03 . 2010-04-29 19:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-15 18:03 . 2010-09-15 18:03   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-15 18:02 . 2010-04-29 19:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-09-15 18:02 . 2010-09-15 18:04   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-09-15 04:49 . 2010-09-15 04:49   --------   d-----w-   c:\documents and settings\Freddex\Application Data\PCToolsFirewallPlus
2010-09-14 16:25 . 2010-09-20 20:40   95744   ----a-w-   c:\documents and settings\sey administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-14 16:25 . 2010-09-20 20:40   161280   ----a-w-   c:\documents and settings\sey administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-14 16:24 . 2010-09-14 16:24   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-09-14 16:24 . 2010-09-14 16:24   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-09-14 16:24 . 2010-09-14 16:24   --------   d-----w-   c:\documents and settings\sey administrator\Application Data\SUPERAntiSpyware.com
2010-09-14 16:20 . 2010-09-14 16:20   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2010-09-14 15:58 . 2010-09-14 15:58   --------   d-----w-   c:\program files\CCleaner
2010-09-14 15:45 . 2010-09-14 15:46   --------   d-----w-   c:\documents and settings\sey administrator\Application Data\PCToolsFirewallPlus
2010-09-14 15:41 . 2009-11-23 17:54   88040   ----a-w-   c:\windows\system32\drivers\PCTAppEvent.sys
2010-09-14 15:41 . 2009-11-09 15:20   207792   ----a-w-   c:\windows\system32\drivers\PCTCore.sys
2010-09-14 15:41 . 2010-01-07 16:40   233136   ----a-w-   c:\windows\system32\drivers\pctgntdi.sys
2010-09-14 15:40 . 2010-01-12 13:34   70664   ----a-w-   c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2010-09-14 15:40 . 2010-01-07 15:35   58816   ----a-w-   c:\windows\system32\drivers\pctNdis.sys
2010-09-14 15:40 . 2010-01-07 15:35   32680   ----a-w-   c:\windows\system32\drivers\pctNdis-DNS.sys
2010-09-14 15:40 . 2010-01-13 12:59   115216   ----a-w-   c:\windows\system32\drivers\pctplfw.sys
2010-09-14 15:40 . 2010-09-23 01:11   --------   d-----w-   c:\program files\PC Tools Firewall Plus
2010-09-11 21:36 . 2010-09-11 21:36   --------   d-sh--w-   c:\documents and settings\NetworkService\IETldCache
2010-09-11 21:22 . 2010-09-21 02:45   120   ----a-w-   c:\windows\Qwavifetahefozu.dat
2010-09-11 21:16 . 2010-09-13 17:46   --------   d-----w-   c:\documents and settings\Freddex\Application Data\C48C287A5F27A887A3E6CDBB287BDE57

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-06 02:09 . 2010-05-29 21:46   --------   d-----w-   c:\documents and settings\sey administrator\Application Data\Skype
2010-10-06 02:07 . 2010-01-05 23:15   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2010-10-06 00:53 . 2010-01-01 16:11   --------   d-----w-   c:\program files\Microsoft
2010-10-06 00:40 . 2010-02-21 18:58   --------   d-----w-   c:\program files\QuickTime
2010-10-06 00:40 . 2001-09-19 06:51   --------   d-----w-   c:\program files\Microsoft Works
2010-10-06 00:21 . 2010-02-20 17:18   --------   d-----w-   c:\documents and settings\sey administrator\Application Data\Ziikuh
2010-10-05 21:47 . 2010-01-01 16:20   --------   d-----w-   c:\program files\Microsoft Silverlight
2010-10-02 04:44 . 2010-04-18 15:57   --------   d-----w-   c:\documents and settings\Freddex\Application Data\Skype
2010-10-02 04:05 . 2010-04-18 15:56   --------   d-----r-   c:\program files\Skype
2010-10-01 02:27 . 2006-06-26 08:27   229376   ----a-w-   c:\documents and settings\sey administrator\Application Data\Ysulne\emxy.exe
2010-10-01 02:14 . 2006-01-05 19:52   --------   d-----w-   c:\documents and settings\sey administrator\Application Data\Zyinl
2010-10-01 02:06 . 2008-08-28 05:11   --------   d-----w-   c:\documents and settings\sey administrator\Application Data\Zagy
2010-09-29 04:51 . 2006-02-01 21:03   --------   d-----w-   c:\documents and settings\sey administrator\Application Data\Ossiv
2010-09-27 22:48 . 2010-07-17 10:38   --------   d-----w-   c:\documents and settings\Freddex\Application Data\Ihduy
2010-09-27 03:15 . 2005-08-30 02:56   --------   d-----w-   c:\documents and settings\sey administrator\Application Data\Mewao
2010-09-27 01:48 . 2008-04-21 16:55   --------   d-----w-   c:\documents and settings\sey administrator\Application Data\Hykapo
2010-09-25 22:29 . 2008-12-03 12:31   --------   d-----w-   c:\documents and settings\sey administrator\Application Data\Efpea
2010-09-24 00:22 . 2010-08-18 15:27   --------   d-----w-   c:\documents and settings\Freddex\Application Data\Uwdie
2010-09-23 23:47 . 2009-11-10 22:50   --------   d-----w-   c:\documents and settings\sey administrator\Application Data\Gymu
2010-09-20 20:40 . 2010-03-31 20:32   393216   ----a-w-   c:\documents and settings\sey administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-501e625d-n\msvcr71.dll
2010-09-20 20:40 . 2010-05-28 16:56   393216   ----a-w-   c:\documents and settings\sey administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-367bd4db-n\msvcr71.dll
2010-09-20 20:39 . 2010-08-09 00:56   393216   ----a-w-   c:\documents and settings\sey administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-61f91632-n\msvcr71.dll
2010-09-20 20:30 . 2010-03-23 23:46   393216   ----a-w-   c:\documents and settings\Freddex\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-34777ea4-n\msvcr71.dll
2010-09-20 20:30 . 2010-05-25 23:18   393216   ----a-w-   c:\documents and settings\Freddex\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-47f9ff1d-n\msvcr71.dll
2010-09-20 20:29 . 2010-08-03 02:18   393216   ----a-w-   c:\documents and settings\Freddex\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7c91b2a5-n\msvcr71.dll
2010-09-16 16:29 . 2010-03-23 22:54   --------   d-----w-   c:\program files\DivX
2010-09-16 16:29 . 2010-02-21 21:01   --------   d-----w-   c:\program files\LimeWire Music
2010-09-16 05:54 . 2010-09-04 18:13   --------   d-----w-   c:\program files\Filezilla 3.3.2.1
2010-09-16 04:44 . 2010-03-23 23:42   --------   d-----w-   c:\program files\Java
2010-09-14 15:41 . 2010-01-05 23:15   --------   d-----w-   c:\program files\Common Files\PC Tools
2010-09-14 15:04 . 2010-02-21 21:02   --------   d-----w-   c:\program files\ToggleEN
2010-09-14 14:02 . 2010-09-13 15:55   112   ----a-w-   c:\documents and settings\All Users\Application Data\r5NCJ5GrW.dat
2010-09-11 20:32 . 2010-04-14 21:49   --------   d-----w-   c:\documents and settings\Freddex\Application Data\uTorrent
2010-09-11 16:49 . 2010-07-01 19:46   --------   d-----w-   c:\documents and settings\Freddex\Application Data\LimeWire Music
2010-09-04 22:37 . 2010-09-04 18:14   --------   d-----w-   c:\documents and settings\Freddex\Application Data\FileZilla
2010-08-31 02:30 . 2010-02-21 21:01   --------   d-----w-   c:\program files\Download_Energy
2010-08-31 00:39 . 2010-08-31 00:39   --------   d-----w-   c:\documents and settings\sey administrator\Application Data\IObit
2010-08-14 16:09 . 2010-03-23 22:52   --------   d-----w-   c:\documents and settings\All Users\Application Data\DivX
2010-08-11 13:18 . 2010-01-05 23:50   --------   d-----w-   c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-08-09 00:56 . 2010-08-09 00:56   503808   ----a-w-   c:\documents and settings\sey administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-61f91632-n\msvcp71.dll
2010-08-09 00:56 . 2010-08-09 00:56   499712   ----a-w-   c:\documents and settings\sey administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-61f91632-n\jmc.dll
2010-08-09 00:56 . 2010-08-09 00:56   61440   ----a-w-   c:\documents and settings\sey administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1ab01405-n\decora-sse.dll
2010-08-09 00:56 . 2010-08-09 00:56   12800   ----a-w-   c:\documents and settings\sey administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1ab01405-n\decora-d3d.dll
2010-08-03 02:18 . 2010-08-03 02:18   503808   ----a-w-   c:\documents and settings\Freddex\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7c91b2a5-n\msvcp71.dll
2010-08-03 02:18 . 2010-08-03 02:18   499712   ----a-w-   c:\documents and settings\Freddex\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7c91b2a5-n\jmc.dll
2010-08-03 02:18 . 2010-08-03 02:18   61440   ----a-w-   c:\documents and settings\Freddex\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-51d40a07-n\decora-sse.dll
2010-08-03 02:18 . 2010-08-03 02:18   12800   ----a-w-   c:\documents and settings\Freddex\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-51d40a07-n\decora-d3d.dll
2010-07-16 13:30 . 2010-01-05 23:49   243024   ----a-w-   c:\windows\system32\drivers\avgtdix.sys
2010-07-16 13:30 . 2010-07-16 13:30   12536   ----a-w-   c:\windows\system32\avgrsstx.dll
2010-07-16 13:29 . 2010-01-05 23:49   25168   ----a-w-   c:\windows\system32\drivers\AVGIDSxx.sys
2010-07-16 13:28 . 2010-01-05 23:49   216400   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
.

Code: [Select]

<pre>
c:\program files\Skype\Phone\Skype .exe
</pre>
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
"{ad708c09-d51b-45b3-9d28-4eba2681febf}"= "c:\program files\Download_Energy\tbDow1.dll" [2010-09-21 2735200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_CLASSES_ROOT\clsid\{ad708c09-d51b-45b3-9d28-4eba2681febf}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 14:25   2117704   ----a-w-   c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ad708c09-d51b-45b3-9d28-4eba2681febf}]
2010-09-21 03:45   2735200   ----a-w-   c:\program files\Download_Energy\tbDow1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
"{ad708c09-d51b-45b3-9d28-4eba2681febf}"= "c:\program files\Download_Energy\tbDow1.dll" [2010-09-21 2735200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{ad708c09-d51b-45b3-9d28-4eba2681febf}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
"{AD708C09-D51B-45B3-9D28-4EBA2681FEBF}"= "c:\program files\Download_Energy\tbDow1.dll" [2010-09-21 2735200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{ad708c09-d51b-45b3-9d28-4eba2681febf}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr .exe" [N/A]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-08-10 2349776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask             .exe -atboottime" [X]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2001-08-08 143360]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2001-08-08 90112]
"WCOLOREAL"="c:\program files\COMPAQ\Coloreal\coloreal.exe" [2010-09-20 176128]
"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2000-07-13 311350]
"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-07-13 28739]
"EPSON Stylus C44 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S09IC1.EXE" [2002-12-25 75776]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-12 3168216]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\Freddex\Start Menu\Programs\Startup\
idlato.exe [2010-10-5 230400]
pypa.exe [2010-9-30 229376]

c:\documents and settings\Guest\Start Menu\Programs\Startup\
faopew.exe [2010-9-30 229376]
peyw.exe [2010-10-5 230400]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
fyfuk.exe [2010-10-5 230400]
maqa.exe [2010-9-30 229376]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2010-09-21 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-16 13:30   12536   ----a-w-   c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\LimeWire Music\\LimeWire Music.exe"=
"c:\\Program Files\\WinMX\\WinMX.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [1/5/2010 7:49 PM 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [1/5/2010 7:49 PM 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/5/2010 7:49 PM 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/5/2010 7:49 PM 243024]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [9/14/2010 11:41 AM 233136]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [9/14/2010 11:41 AM 88040]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [1/5/2010 7:48 PM 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [1/5/2010 7:49 PM 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [1/5/2010 7:48 PM 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [1/5/2010 7:48 PM 26192]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [9/14/2010 11:40 AM 70664]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [9/14/2010 11:40 AM 58816]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [9/14/2010 11:40 AM 115216]
R3 SUNPLUS;SightCAM PC-100p;c:\windows\system32\drivers\spixnew.sys [1/21/2010 6:10 PM 95528]
S1 EACMOS;EACMOS;c:\windows\system32\drivers\EACMOS.SYS --> c:\windows\system32\drivers\EACMOS.SYS [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [1/5/2010 7:48 PM 30104]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]
.
Contents of the 'Scheduled Tasks' folder

2010-10-06 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-04-14 18:11]

2010-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-23 22:54]

2010-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-23 22:54]

2004-09-01 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\System32\OOBE\oobebaln.exe [2004-09-20 07:56]

2004-09-01 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\System32\OOBE\oobebaln.exe [2004-09-20 07:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\sey administrator\Application Data\Mozilla\Firefox\Profiles\3mmgr645.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000001
"PresentationHost.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000001
"PresentationHost.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000001
"PresentationHost.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000001
"PresentationHost.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
@DACL=(02 0000)
"sllauncher.exe"=dword:00001f40

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_Cross_Domain_Redirect_Mitigation]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION]
@DACL=(02 0000)
"PresentationHost.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP]
@DACL=(02 0000)
"ieuser.exe"=dword:00000001
"iexplore.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_TELNET_PROTOCOL]
@DACL=(02 0000)
"PresentationHost.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK]
@DACL=(02 0000)
"YahooMusicEngine.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT]
@DACL=(02 0000)
"devenv.exe"=dword:00000001
"dexplore.exe"=dword:00000001
"helppane.exe"=dword:00000001
"sllauncher.exe"=dword:00000000
"PresentationHost.exe"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS]
@DACL=(02 0000)
"msfeedssync.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FORCE_ADDR_AND_STATUS]
@DACL=(02 0000)
"PresentationHost.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_XML_PROLOG]
@DACL=(02 0000)
"msiexec.exe"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART]
@DACL=(02 0000)
@=""
"waol.exe"=dword:00000001
"cs.exe"=dword:00000001
"wm.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS]
@DACL=(02 0000)
"iexplore.exe"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS]
@DACL=(02 0000)
"helppane.exe"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DLCONTROL_BEHAVIORS]
@DACL=(02 0000)
"wlmail.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000006
"explorer.exe"=dword:00000004

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000006
"explorer.exe"=dword:00000002

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME]
@DACL=(02 0000)
"mshta.exe"=dword:00000001
"outlook.exe"=dword:00000001
"sidebar.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RELEASE_CALLBACK_ON_STOP_BINDING]
@DACL=(02 0000)
"communicator.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000001
"PresentationHost.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD]
@DACL=(02 0000)
"wlmail.exe"=dword:00000001
"msimn.exe"=dword:00000001
"winmail.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_OBJECT_DATA_ATTRIBUTE]
@DACL=(02 0000)
"WindowsLiveWriter.exe"=dword:00000001
"sllauncher.exe"=dword:00000001
"PresentationHost.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000001
"PresentationHost.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_APP_PROTOCOL_WARN_DIALOG]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000001
"PresentationHost.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SSLUX]
@DACL=(02 0000)
"PresentationHost.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN]
@DACL=(02 0000)
"wlmail.exe"=dword:00000001
"msimn.exe"=dword:00000001
"outlook.exe"=dword:00000001
"winmail.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL]
@DACL=(02 0000)
"excel.exe"=dword:00000001
"infopath.exe"=dword:00000001
"powerpnt.exe"=dword:00000001
"winword.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VIEWLINKEDWEBOC_IS_UNSAFE]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD]
@DACL=(02 0000)
"msn.exe"=dword:00000001
"msn6.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER]
@DACL=(02 0000)
"iexplore.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
@=""
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
@=""
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
@=""
"Installed"="1"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Adapters\NdisWanIp]
@DACL=(02 0000)
"LLInterface"="WANARP"
"IpConfig"=multi:"Tcpip\\Parameters\\Interfaces\\{E2E03A56-F650-49AD-9458-84AC5A26824B}\00Tcpip\\Parameters\\Interfaces\\{9D1E836B-DDA1-48F1-825D-3BE14B2C290C}\00Tcpip\\Parameters\\Interfaces\\{9215A54E-3EAA-4DC2-8EFE-4731C26E1349}\00Tcpip\\Parameters\\Interfaces\\{6F8E307F-9A7C-408A-AFAF-3615FCFA4CEF}\00\00"
"NumInterfaces"=dword:00000004
"IpInterfaces"=hex:56,3a,e0,e2,50,f6,ad,49,94,58,84,ac,5a,26,82,4b,6b,83,1e,9d,
   a1,dd,f1,48,82,5d,3b,e1,4b,2c,29,0c,4e,a5,15,92,aa,3e,c2,4d,8e,fe,47,31,c2,\

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Adapters\{6DE38E76-6721-44BE-B4B6-A8A60FA66767}]
@DACL=(02 0000)
"LLInterface"=""
"IpConfig"=multi:"Tcpip\\Parameters\\Interfaces\\{6DE38E76-6721-44BE-B4B6-A8A60FA66767}\00\00"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Adapters\{B006CFFA-964A-4BFA-84AB-6CB924F4DB19}]
@DACL=(02 0000)
"LLInterface"=""
"IpConfig"=multi:"Tcpip\\Parameters\\Interfaces\\{B006CFFA-964A-4BFA-84AB-6CB924F4DB19}\00\00"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0AA05CFB-0DDF-48E4-ABE8-1E78BE894167}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1ADA907D-9145-41B7-BD1B-0B8078EF8185}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{22DC89FD-1B4F-4DDE-97E1-D2BF70D78AF0}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2F865EAA-DF52-4F83-B627-C01FA56AB1B5}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3C6A114E-ACC8-482C-A644-165006071E4F}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4029ED28-634C-4F6D-91DD-90355FC3614B}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4D0EE19D-53FB-42ED-929E-2CAD8D4DA3A2}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{56A4F766-5440-49EE-96D3-D509BA7BE4E9}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5B98C0D8-F928-4D49-9882-4DFE65D95C61}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6F8E307F-9A7C-408A-AFAF-3615FCFA4CEF}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
"NTEContextList"=multi:"\00"
"DhcpClassIdBin"=hex:
"DhcpIPAddress"="0.0.0.0"
"DhcpSubnetMask"="0.0.0.0"
"Domain"=""
"NameServer"=""
"RegistrationEnabled"=dword:00000000
"RegisterAdapterName"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{865C35FD-C16A-4B32-B547-8928CE953669}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8E76D28B-D819-435F-9D94-8F0EC4038520}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9215A54E-3EAA-4DC2-8EFE-4731C26E1349}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{93DFA675-845C-4FB9-B057-A889D11F364B}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9D1E836B-DDA1-48F1-825D-3BE14B2C290C}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
"NTEContextList"=multi:"\00"
"DhcpIPAddress"="0.0.0.0"
"DhcpSubnetMask"="0.0.0.0"
"Domain"=""
"NameServer"=""
"RegistrationEnabled"=dword:00000000
"DhcpClassIdBin"=hex:
"RegisterAdapterName"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B006CFFA-964A-4BFA-84AB-6CB924F4DB19}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"DefaultGatewayMetric"=multi:"\00"
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=multi:"0\00\00"
"UDPAllowedPorts"=multi:"0\00\00"
"RawIPAllowedProtocols"=multi:"0\00\00"
"NTEContextList"=multi:"0x00000003\00\00"
"DhcpClassIdBin"=hex:

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{CEF18169-172E-4CC6-A23C-81EEA649ABCA}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D42BF3B8-5D36-47B6-AA88-2A5C0A88AFF6}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{E2E03A56-F650-49AD-9458-84AC5A26824B}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{E80F28B8-41F7-45E5-B224-BA02FA2B150E}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{EB685907-EFEF-49BC-836B-43B28D8A9E73}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F2661AF6-B3C2-4CB3-BEF6-D0571C34617B}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{FF2BE8C5-F6C8-4DEE-9C06-8F61850569D8}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1048)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3892)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\AVG\AVG9\avgwdsvc.exe
c:\program files\AVG\AVG9\avgfws9.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\PC Tools Firewall Plus\FWService.exe
c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe
c:\windows\system32\pctspk.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\AVG\AVG9\avgemc.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2010-10-05  22:15:46 - machine was rebooted
ComboFix-quarantined-files.txt  2010-10-06 02:15
ComboFix2.txt  2010-10-01 02:23
ComboFix3.txt  2010-09-29 05:01
ComboFix4.txt  2010-09-27 03:23
ComboFix5.txt  2010-10-06 00:37

Pre-Run: 11,402,022,912 bytes free
Post-Run: 11,632,758,784 bytes free

- - End Of File - - 619F50C83D2A9F7C2B5AE1C7818831C3

[SuperDave]

Ok. That fixed some things. Only one left to go.

Re-running ComboFix to remove infections:

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Open notepad and copy/paste the text in the quotebox below into it:
  

  KillAll::
  RenV::
  c:\program files\Skype\Phone\Skype .exe
  
  
• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.

[Freddex]

ComboFix 10-10-05.01 - sey administrator 10/06/2010  20:13:10.7.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.510.274 [GMT -4:00]
Running from: c:\documents and settings\sey administrator\Desktop\Commy.exe
Command switches used :: c:\documents and settings\sey administrator\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Internet Explorer\dmlconf.dat
c:\program files\Microsoft\DesktopLayer.exe
c:\windows\ExplorerSrv.exe
c:\windows\system32\rundll32Srv.exe

.
(((((((((((((((((((((((((   Files Created from 2010-09-07 to 2010-10-07  )))))))))))))))))))))))))))))))
.

2010-10-02 15:15 . 2010-10-07 01:03   --------   d-----w-   c:\documents and settings\sey administrator\Application Data\skypePM
2010-10-02 04:07 . 2010-10-02 04:07   56   ---ha-w-   c:\windows\system32\ezsidmv.dat
2010-10-02 04:06 . 2010-10-02 04:07   --------   d-----w-   c:\documents and settings\Freddex\Application Data\skypePM
2010-10-02 04:04 . 2010-10-02 04:04   --------   d-----w-   c:\program files\Common Files\Skype
2010-10-02 04:04 . 2010-10-02 04:04   --------   d-----w-   c:\documents and settings\All Users\Application Data\Skype
2010-10-01 01:52 . 2010-10-01 02:23   --------   d-----w-   C:\Commy10898C
2010-09-29 22:11 . 2010-09-29 22:11   388096   ----a-r-   c:\documents and settings\sey administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-29 04:28 . 2010-09-29 05:01   --------   d-----w-   C:\Commy2756C
2010-09-29 04:26 . 2010-09-29 04:54   229376   ----a-w-   c:\documents and settings\sey administrator\Application Data\Fako\anuq.exe
2010-09-29 04:26 . 2010-09-29 04:26   --------   d-----w-   c:\documents and settings\sey administrator\Application Data\Fako
2010-09-29 04:26 . 2010-10-03 16:06   --------   d-----w-   c:\program files\temp
2010-09-29 02:20 . 2010-09-29 02:20   --------   d--h--w-   c:\windows\PIF
2010-09-27 02:42 . 2010-09-27 03:23   --------   d-----w-   C:\Commy9393C
2010-09-26 00:31 . 2010-09-26 00:32   --------   d-----w-   c:\program files\7-Zip
2010-09-25 23:54 . 2010-09-26 00:09   --------   d-----w-   C:\RootRepeal
2010-09-25 22:36 . 2010-09-25 23:32   --------   d-----w-   C:\Commy18057C
2010-09-25 16:09 . 2010-09-25 16:09   --------   d-----w-   c:\documents and settings\sey administrator\Application Data\Ashampoo
2010-09-25 16:07 . 2010-09-25 16:07   --------   d-----w-   c:\documents and settings\sey administrator\Local Settings\Application Data\ashampoo
2010-09-25 16:07 . 2010-09-25 16:07   --------   d-----w-   c:\documents and settings\All Users\Application Data\ashampoo
2010-09-25 16:07 . 2010-09-25 16:07   --------   d-----w-   c:\program files\Ashampoo
2010-09-21 04:26 . 2010-09-21 05:11   --------   d-----w-   C:\Commy
2010-09-18 06:16 . 2010-09-18 06:16   --------   d-----w-   c:\documents and settings\sey administrator\Application Data\AVG9
2010-09-16 17:03 . 2010-09-16 17:04   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-09-16 05:52 . 2010-09-16 05:52   --------   d-----w-   c:\program files\Trend Micro
2010-09-16 04:44 . 2010-07-17 09:00   423656   ----a-w-   c:\windows\system32\deployJava1.dll
2010-09-15 18:04 . 2010-09-15 18:04   --------   d-----w-   c:\documents and settings\sey administrator\Application Data\Malwarebytes
2010-09-15 18:03 . 2010-04-29 19:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-15 18:03 . 2010-09-15 18:03   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-15 18:02 . 2010-04-29 19:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-09-15 18:02 . 2010-09-15 18:04   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-09-15 04:49 . 2010-09-15 04:49   --------   d-----w-   c:\documents and settings\Freddex\Application Data\PCToolsFirewallPlus
2010-09-14 16:25 . 2010-09-20 20:40   95744   ----a-w-   c:\documents and settings\sey administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-14 16:25 . 2010-09-20 20:40   161280   ----a-w-   c:\documents and settings\sey administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-14 16:24 . 2010-09-14 16:24   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-09-14 16:24 . 2010-09-14 16:24   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-09-14 16:24 . 2010-09-14 16:24   --------   d-----w-   c:\documents and settings\sey administrator\Application Data\SUPERAntiSpyware.com
2010-09-14 16:20 . 2010-09-14 16:20   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2010-09-14 15:58 . 2010-09-14 15:58   --------   d-----w-   c:\program files\CCleaner
2010-09-14 15:45 . 2010-09-14 15:46   --------   d-----w-   c:\documents and settings\sey administrator\Application Data\PCToolsFirewallPlus
2010-09-14 15:41 . 2009-11-23 17:54   88040   ----a-w-   c:\windows\system32\drivers\PCTAppEvent.sys
2010-09-14 15:41 . 2009-11-09 15:20   207792   ----a-w-   c:\windows\system32\drivers\PCTCore.sys
2010-09-14 15:41 . 2010-01-07 16:40   233136   ----a-w-   c:\windows\system32\drivers\pctgntdi.sys
2010-09-14 15:40 . 2010-01-12 13:34   70664   ----a-w-   c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2010-09-14 15:40 . 2010-01-07 15:35   58816   ----a-w-   c:\windows\system32\drivers\pctNdis.sys
2010-09-14 15:40 . 2010-01-07 15:35   32680   ----a-w-   c:\windows\system32\drivers\pctNdis-DNS.sys
2010-09-14 15:40 . 2010-01-13 12:59   115216   ----a-w-   c:\windows\system32\drivers\pctplfw.sys
2010-09-14 15:40 . 2010-09-23 01:11   --------   d-----w-   c:\program files\PC Tools Firewall Plus
2010-09-11 21:36 . 2010-09-11 21:36   --------   d-sh--w-   c:\documents and settings\NetworkService\IETldCache
2010-09-11 21:22 . 2010-09-21 02:45   120   ----a-w-   c:\windows\Qwavifetahefozu.dat
2010-09-11 21:16 . 2010-09-13 17:46   --------   d-----w-   c:\documents and settings\Freddex\Application Data\C48C287A5F27A887A3E6CDBB287BDE57

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-07 01:03 . 2010-05-29 21:46   --------   d-----w-   c:\documents and settings\sey administrator\Application Data\Skype
2010-10-07 01:01 . 2010-01-05 23:15   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2010-10-07 00:23 . 2010-01-01 16:11   --------   d-----w-   c:\program files\Microsoft
2010-10-06 03:23 . 2010-01-01 16:20   --------   d-----w-   c:\program files\Microsoft Silverlight
2010-10-06 00:40 . 2010-02-21 18:58   --------   d-----w-   c:\program files\QuickTime
2010-10-06 00:40 . 2001-09-19 06:51   --------   d-----w-   c:\program files\Microsoft Works
2010-10-06 00:21 . 2010-02-20 17:18   --------   d-----w-   c:\documents and settings\sey administrator\Application Data\Ziikuh
2010-10-02 04:44 . 2010-04-18 15:57   --------   d-----w-   c:\documents and settings\Freddex\Application Data\Skype
2010-10-02 04:05 . 2010-04-18 15:56   --------   d-----r-   c:\program files\Skype
2010-10-01 02:27 . 2006-06-26 08:27   229376   ----a-w-   c:\documents and settings\sey administrator\Application Data\Ysulne\emxy.exe
2010-10-01 02:14 . 2006-01-05 19:52   --------   d-----w-   c:\documents and settings\sey administrator\Application Data\Zyinl
2010-10-01 02:06 . 2008-08-28 05:11   --------   d-----w-   c:\documents and settings\sey administrator\Application Data\Zagy
2010-09-29 04:51 . 2006-02-01 21:03   --------   d-----w-   c:\documents and settings\sey administrator\Application Data\Ossiv
2010-09-27 22:48 . 2010-07-17 10:38   --------   d-----w-   c:\documents and settings\Freddex\Application Data\Ihduy
2010-09-27 03:15 . 2005-08-30 02:56   --------   d-----w-   c:\documents and settings\sey administrator\Application Data\Mewao
2010-09-27 01:48 . 2008-04-21 16:55   --------   d-----w-   c:\documents and settings\sey administrator\Application Data\Hykapo
2010-09-25 22:29 . 2008-12-03 12:31   --------   d-----w-   c:\documents and settings\sey administrator\Application Data\Efpea
2010-09-24 00:22 . 2010-08-18 15:27   --------   d-----w-   c:\documents and settings\Freddex\Application Data\Uwdie
2010-09-23 23:47 . 2009-11-10 22:50   --------   d-----w-   c:\documents and settings\sey administrator\Application Data\Gymu
2010-09-20 20:40 . 2010-03-31 20:32   393216   ----a-w-   c:\documents and settings\sey administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-501e625d-n\msvcr71.dll
2010-09-20 20:40 . 2010-05-28 16:56   393216   ----a-w-   c:\documents and settings\sey administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-367bd4db-n\msvcr71.dll
2010-09-20 20:39 . 2010-08-09 00:56   393216   ----a-w-   c:\documents and settings\sey administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-61f91632-n\msvcr71.dll
2010-09-20 20:30 . 2010-03-23 23:46   393216   ----a-w-   c:\documents and settings\Freddex\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-34777ea4-n\msvcr71.dll
2010-09-20 20:30 . 2010-05-25 23:18   393216   ----a-w-   c:\documents and settings\Freddex\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-47f9ff1d-n\msvcr71.dll
2010-09-20 20:29 . 2010-08-03 02:18   393216   ----a-w-   c:\documents and settings\Freddex\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7c91b2a5-n\msvcr71.dll
2010-09-16 16:29 . 2010-03-23 22:54   --------   d-----w-   c:\program files\DivX
2010-09-16 16:29 . 2010-02-21 21:01   --------   d-----w-   c:\program files\LimeWire Music
2010-09-16 05:54 . 2010-09-04 18:13   --------   d-----w-   c:\program files\Filezilla 3.3.2.1
2010-09-16 04:44 . 2010-03-23 23:42   --------   d-----w-   c:\program files\Java
2010-09-14 15:41 . 2010-01-05 23:15   --------   d-----w-   c:\program files\Common Files\PC Tools
2010-09-14 15:04 . 2010-02-21 21:02   --------   d-----w-   c:\program files\ToggleEN
2010-09-14 14:02 . 2010-09-13 15:55   112   ----a-w-   c:\documents and settings\All Users\Application Data\r5NCJ5GrW.dat
2010-09-11 20:32 . 2010-04-14 21:49   --------   d-----w-   c:\documents and settings\Freddex\Application Data\uTorrent
2010-09-11 16:49 . 2010-07-01 19:46   --------   d-----w-   c:\documents and settings\Freddex\Application Data\LimeWire Music
2010-09-04 22:37 . 2010-09-04 18:14   --------   d-----w-   c:\documents and settings\Freddex\Application Data\FileZilla
2010-08-31 02:30 . 2010-02-21 21:01   --------   d-----w-   c:\program files\Download_Energy
2010-08-31 00:39 . 2010-08-31 00:39   --------   d-----w-   c:\documents and settings\sey administrator\Application Data\IObit
2010-08-14 16:09 . 2010-03-23 22:52   --------   d-----w-   c:\documents and settings\All Users\Application Data\DivX
2010-08-11 13:18 . 2010-01-05 23:50   --------   d-----w-   c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-08-09 00:56 . 2010-08-09 00:56   503808   ----a-w-   c:\documents and settings\sey administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-61f91632-n\msvcp71.dll
2010-08-09 00:56 . 2010-08-09 00:56   499712   ----a-w-   c:\documents and settings\sey administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-61f91632-n\jmc.dll
2010-08-09 00:56 . 2010-08-09 00:56   61440   ----a-w-   c:\documents and settings\sey administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1ab01405-n\decora-sse.dll
2010-08-09 00:56 . 2010-08-09 00:56   12800   ----a-w-   c:\documents and settings\sey administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1ab01405-n\decora-d3d.dll
2010-08-03 02:18 . 2010-08-03 02:18   503808   ----a-w-   c:\documents and settings\Freddex\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7c91b2a5-n\msvcp71.dll
2010-08-03 02:18 . 2010-08-03 02:18   499712   ----a-w-   c:\documents and settings\Freddex\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7c91b2a5-n\jmc.dll
2010-08-03 02:18 . 2010-08-03 02:18   61440   ----a-w-   c:\documents and settings\Freddex\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-51d40a07-n\decora-sse.dll
2010-08-03 02:18 . 2010-08-03 02:18   12800   ----a-w-   c:\documents and settings\Freddex\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-51d40a07-n\decora-d3d.dll
2010-07-16 13:30 . 2010-01-05 23:49   243024   ----a-w-   c:\windows\system32\drivers\avgtdix.sys
2010-07-16 13:30 . 2010-07-16 13:30   12536   ----a-w-   c:\windows\system32\avgrsstx.dll
2010-07-16 13:29 . 2010-01-05 23:49   25168   ----a-w-   c:\windows\system32\drivers\AVGIDSxx.sys
2010-07-16 13:28 . 2010-01-05 23:49   216400   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
.

Code: [Select]

<pre>
c:\program files\Skype\Phone\Skype .exe
</pre>
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
"{ad708c09-d51b-45b3-9d28-4eba2681febf}"= "c:\program files\Download_Energy\tbDow1.dll" [2010-09-21 2735200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_CLASSES_ROOT\clsid\{ad708c09-d51b-45b3-9d28-4eba2681febf}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 14:25   2117704   ----a-w-   c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ad708c09-d51b-45b3-9d28-4eba2681febf}]
2010-09-21 03:45   2735200   ----a-w-   c:\program files\Download_Energy\tbDow1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
"{ad708c09-d51b-45b3-9d28-4eba2681febf}"= "c:\program files\Download_Energy\tbDow1.dll" [2010-09-21 2735200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{ad708c09-d51b-45b3-9d28-4eba2681febf}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
"{AD708C09-D51B-45B3-9D28-4EBA2681FEBF}"= "c:\program files\Download_Energy\tbDow1.dll" [2010-09-21 2735200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{ad708c09-d51b-45b3-9d28-4eba2681febf}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr .exe" [N/A]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-08-10 2349776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask             .exe -atboottime" [X]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2001-08-08 143360]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2001-08-08 90112]
"WCOLOREAL"="c:\program files\COMPAQ\Coloreal\coloreal.exe" [2010-09-20 176128]
"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2000-07-13 311350]
"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-07-13 28739]
"EPSON Stylus C44 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S09IC1.EXE" [2002-12-25 75776]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-12 3168216]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\Freddex\Start Menu\Programs\Startup\
idlato.exe [2010-10-5 230400]
pypa.exe [2010-9-30 229376]

c:\documents and settings\Guest\Start Menu\Programs\Startup\
faopew.exe [2010-9-30 229376]
peyw.exe [2010-10-5 230400]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
fyfuk.exe [2010-10-5 230400]
maqa.exe [2010-9-30 229376]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2010-09-21 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-16 13:30   12536   ----a-w-   c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\LimeWire Music\\LimeWire Music.exe"=
"c:\\Program Files\\WinMX\\WinMX.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [1/5/2010 7:49 PM 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [1/5/2010 7:49 PM 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/5/2010 7:49 PM 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/5/2010 7:49 PM 243024]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [9/14/2010 11:41 AM 233136]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/16/2010 9:28 AM 921952]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/16/2010 9:29 AM 308136]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [7/16/2010 9:28 AM 2331032]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [9/14/2010 11:41 AM 88040]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [1/5/2010 7:15 PM 583640]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [1/5/2010 7:48 PM 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [1/5/2010 7:49 PM 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [1/5/2010 7:48 PM 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [1/5/2010 7:48 PM 26192]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [9/14/2010 11:40 AM 70664]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [9/14/2010 11:40 AM 58816]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [9/14/2010 11:40 AM 115216]
R3 SUNPLUS;SightCAM PC-100p;c:\windows\system32\drivers\spixnew.sys [1/21/2010 6:10 PM 95528]
S1 EACMOS;EACMOS;c:\windows\system32\drivers\EACMOS.SYS --> c:\windows\system32\drivers\EACMOS.SYS [?]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7/16/2010 9:29 AM 5897808]
S2 gupdate1cacadbef3afef0;Google Update Service (gupdate1cacadbef3afef0);c:\program files\Google\Update\GoogleUpdate.exe [3/23/2010 6:55 PM 133104]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [1/5/2010 7:48 PM 30104]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]
.
Contents of the 'Scheduled Tasks' folder

2010-10-07 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-04-14 18:11]

2010-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-23 22:54]

2010-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-23 22:54]

2004-09-01 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\System32\OOBE\oobebaln.exe [2004-09-20 07:56]

2004-09-01 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\System32\OOBE\oobebaln.exe [2004-09-20 07:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\sey administrator\Application Data\Mozilla\Firefox\Profiles\3mmgr645.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000001
"PresentationHost.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000001
"PresentationHost.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000001
"PresentationHost.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000001
"PresentationHost.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
@DACL=(02 0000)
"sllauncher.exe"=dword:00001f40

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_Cross_Domain_Redirect_Mitigation]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION]
@DACL=(02 0000)
"PresentationHost.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP]
@DACL=(02 0000)
"ieuser.exe"=dword:00000001
"iexplore.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_TELNET_PROTOCOL]
@DACL=(02 0000)
"PresentationHost.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK]
@DACL=(02 0000)
"YahooMusicEngine.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT]
@DACL=(02 0000)
"devenv.exe"=dword:00000001
"dexplore.exe"=dword:00000001
"helppane.exe"=dword:00000001
"sllauncher.exe"=dword:00000000
"PresentationHost.exe"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS]
@DACL=(02 0000)
"msfeedssync.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FORCE_ADDR_AND_STATUS]
@DACL=(02 0000)
"PresentationHost.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_XML_PROLOG]
@DACL=(02 0000)
"msiexec.exe"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART]
@DACL=(02 0000)
@=""
"waol.exe"=dword:00000001
"cs.exe"=dword:00000001
"wm.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS]
@DACL=(02 0000)
"iexplore.exe"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS]
@DACL=(02 0000)
"helppane.exe"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DLCONTROL_BEHAVIORS]
@DACL=(02 0000)
"wlmail.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000006
"explorer.exe"=dword:00000004

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000006
"explorer.exe"=dword:00000002

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME]
@DACL=(02 0000)
"mshta.exe"=dword:00000001
"outlook.exe"=dword:00000001
"sidebar.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RELEASE_CALLBACK_ON_STOP_BINDING]
@DACL=(02 0000)
"communicator.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000001
"PresentationHost.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD]
@DACL=(02 0000)
"wlmail.exe"=dword:00000001
"msimn.exe"=dword:00000001
"winmail.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_OBJECT_DATA_ATTRIBUTE]
@DACL=(02 0000)
"WindowsLiveWriter.exe"=dword:00000001
"sllauncher.exe"=dword:00000001
"PresentationHost.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000001
"PresentationHost.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_APP_PROTOCOL_WARN_DIALOG]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000001
"PresentationHost.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SSLUX]
@DACL=(02 0000)
"PresentationHost.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN]
@DACL=(02 0000)
"wlmail.exe"=dword:00000001
"msimn.exe"=dword:00000001
"outlook.exe"=dword:00000001
"winmail.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL]
@DACL=(02 0000)
"excel.exe"=dword:00000001
"infopath.exe"=dword:00000001
"powerpnt.exe"=dword:00000001
"winword.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VIEWLINKEDWEBOC_IS_UNSAFE]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD]
@DACL=(02 0000)
"msn.exe"=dword:00000001
"msn6.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER]
@DACL=(02 0000)
"iexplore.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
@=""
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
@=""
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
@=""
"Installed"="1"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Adapters\NdisWanIp]
@DACL=(02 0000)
"LLInterface"="WANARP"
"IpConfig"=multi:"Tcpip\\Parameters\\Interfaces\\{E2E03A56-F650-49AD-9458-84AC5A26824B}\00Tcpip\\Parameters\\Interfaces\\{9D1E836B-DDA1-48F1-825D-3BE14B2C290C}\00Tcpip\\Parameters\\Interfaces\\{9215A54E-3EAA-4DC2-8EFE-4731C26E1349}\00Tcpip\\Parameters\\Interfaces\\{6F8E307F-9A7C-408A-AFAF-3615FCFA4CEF}\00\00"
"NumInterfaces"=dword:00000004
"IpInterfaces"=hex:56,3a,e0,e2,50,f6,ad,49,94,58,84,ac,5a,26,82,4b,6b,83,1e,9d,
   a1,dd,f1,48,82,5d,3b,e1,4b,2c,29,0c,4e,a5,15,92,aa,3e,c2,4d,8e,fe,47,31,c2,\

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Adapters\{6DE38E76-6721-44BE-B4B6-A8A60FA66767}]
@DACL=(02 0000)
"LLInterface"=""
"IpConfig"=multi:"Tcpip\\Parameters\\Interfaces\\{6DE38E76-6721-44BE-B4B6-A8A60FA66767}\00\00"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Adapters\{B006CFFA-964A-4BFA-84AB-6CB924F4DB19}]
@DACL=(02 0000)
"LLInterface"=""
"IpConfig"=multi:"Tcpip\\Parameters\\Interfaces\\{B006CFFA-964A-4BFA-84AB-6CB924F4DB19}\00\00"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0AA05CFB-0DDF-48E4-ABE8-1E78BE894167}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1ADA907D-9145-41B7-BD1B-0B8078EF8185}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{22DC89FD-1B4F-4DDE-97E1-D2BF70D78AF0}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2F865EAA-DF52-4F83-B627-C01FA56AB1B5}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3C6A114E-ACC8-482C-A644-165006071E4F}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4029ED28-634C-4F6D-91DD-90355FC3614B}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{477BD4AB-4CD4-447E-9188-0C270A205343}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4D0EE19D-53FB-42ED-929E-2CAD8D4DA3A2}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{56A4F766-5440-49EE-96D3-D509BA7BE4E9}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5B98C0D8-F928-4D49-9882-4DFE65D95C61}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6F8E307F-9A7C-408A-AFAF-3615FCFA4CEF}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
"NTEContextList"=multi:"\00"
"DhcpClassIdBin"=hex:
"DhcpIPAddress"="0.0.0.0"
"DhcpSubnetMask"="0.0.0.0"
"Domain"=""
"NameServer"=""
"RegistrationEnabled"=dword:00000000
"RegisterAdapterName"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{79953CF4-7DA0-4C21-A1B8-ED41FCF21D18}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{865C35FD-C16A-4B32-B547-8928CE953669}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8E76D28B-D819-435F-9D94-8F0EC4038520}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9215A54E-3EAA-4DC2-8EFE-4731C26E1349}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{93DFA675-845C-4FB9-B057-A889D11F364B}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{98C71F91-845C-46CA-A8FC-F7A16C9EAED0}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9D1E836B-DDA1-48F1-825D-3BE14B2C290C}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
"NTEContextList"=multi:"\00"
"DhcpIPAddress"="0.0.0.0"
"DhcpSubnetMask"="0.0.0.0"
"Domain"=""
"NameServer"=""
"RegistrationEnabled"=dword:00000000
"DhcpClassIdBin"=hex:
"RegisterAdapterName"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B006CFFA-964A-4BFA-84AB-6CB924F4DB19}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"DefaultGatewayMetric"=multi:"\00"
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=multi:"0\00\00"
"UDPAllowedPorts"=multi:"0\00\00"
"RawIPAllowedProtocols"=multi:"0\00\00"
"NTEContextList"=multi:"0x00000003\00\00"
"DhcpClassIdBin"=hex:

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{CEF18169-172E-4CC6-A23C-81EEA649ABCA}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D42BF3B8-5D36-47B6-AA88-2A5C0A88AFF6}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{E2E03A56-F650-49AD-9458-84AC5A26824B}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{E80F28B8-41F7-45E5-B224-BA02FA2B150E}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{EB685907-EFEF-49BC-836B-43B28D8A9E73}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F2661AF6-B3C2-4CB3-BEF6-D0571C34617B}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{FF2BE8C5-F6C8-4DEE-9C06-8F61850569D8}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1044)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(4060)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\PC Tools Firewall Plus\FWService.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\pctspk.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2010-10-06  21:08:03 - machine was rebooted
ComboFix-quarantined-files.txt  2010-10-07 01:08
ComboFix2.txt  2010-10-06 02:15
ComboFix3.txt  2010-10-01 02:23
ComboFix4.txt  2010-09-29 05:01
ComboFix5.txt  2010-10-07 00:11

Pre-Run: 11,590,414,336 bytes free
Post-Run: 11,574,976,512 bytes free

- - End Of File - - 823F98E99EEF07BEBAF73E893E912AA3

[SuperDave]

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

• Double click Sysprot.exe to start the program.
• Click on the Log tab.
• In the Write to log box select the following items.
• Process << Selected
  
• Kernel Modules << Selected
  
• SSDT << Selected
  
• Kernel Hooks << Selected
  
• IRP Hooks << NOT Selected
  
• Ports << NOT Selected
  
• Hidden Files << Selected
  
• At the bottom of the page
• Hidden Objects Only << Selected
  
• Click on the Create Log button on the bottom right.
• After a few seconds a new window should appear.
• Select Scan Root Drive. Click on the Start button.
• When it is complete a new window will appear to indicate that the scan is finished.
• The log will be saved automatically in the same folder Sysprot.exe was

extracted to. Open the text file and copy/paste the log here.
[/list]

[Freddex]

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
No Hidden Kernel Modules found

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAllocateVirtualMemory
Address: F30E7752
Driver Base: F30DC000
Driver End: F30F0000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwAssignProcessToJobObject
Address: F30E7440
Driver Base: F30DC000
Driver End: F30F0000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwConnectPort
Address: F30E7482
Driver Base: F30DC000
Driver End: F30F0000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwCreateFile
Address: F30E7530
Driver Base: F30DC000
Driver End: F30F0000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwCreateProcess
Address: F30E7DD8
Driver Base: F30DC000
Driver End: F30F0000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwCreateProcessEx
Address: F30E7E64
Driver Base: F30DC000
Driver End: F30F0000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwCreateThread
Address: F30E7EF4
Driver Base: F30DC000
Driver End: F30F0000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwDebugActiveProcess
Address: F30E7580
Driver Base: F30DC000
Driver End: F30F0000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwDuplicateObject
Address: F30E75C2
Driver Base: F30DC000
Driver End: F30F0000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwLoadDriver
Address: F30E7606
Driver Base: F30DC000
Driver End: F30F0000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwOpenKey
Address: F30E7648
Driver Base: F30DC000
Driver End: F30F0000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwOpenProcess
Address: F8979670
Driver Base: F8977000
Driver End: F8981000
Driver Name: \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys

Function Name: ZwOpenSection
Address: F30E768A
Driver Base: F30DC000
Driver End: F30F0000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwOpenThread
Address: F30E76CC
Driver Base: F30DC000
Driver End: F30F0000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwProtectVirtualMemory
Address: F30E779A
Driver Base: F30DC000
Driver End: F30F0000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwRequestWaitReplyPort
Address: F30E770E
Driver Base: F30DC000
Driver End: F30F0000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwRestoreKey
Address: F30E77DC
Driver Base: F30DC000
Driver End: F30F0000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwResumeThread
Address: F30E7824
Driver Base: F30DC000
Driver End: F30F0000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwSecureConnectPort
Address: F30E78B4
Driver Base: F30DC000
Driver End: F30F0000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwSetValueKey
Address: F30E7866
Driver Base: F30DC000
Driver End: F30F0000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwSuspendProcess
Address: F30E7958
Driver Base: F30DC000
Driver End: F30F0000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwSystemDebugControl
Address: F30E799A
Driver Base: F30DC000
Driver End: F30F0000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwTerminateProcess
Address: F30E79DC
Driver Base: F30DC000
Driver End: F30F0000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

Function Name: ZwTerminateThread
Address: F89797C0
Driver Base: F8977000
Driver End: F8981000
Driver Name: \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys

Function Name: ZwWriteVirtualMemory
Address: F30E7A2A
Driver Base: F30DC000
Driver End: F30F0000
Driver Name: \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No hidden files/folders found

[SuperDave]

Let's try this one more time to see if we can fix that entry.

Re-running ComboFix to remove infections:

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Open notepad and copy/paste the text in the quotebox below into it:
  

  KillAll::
  
  RenV::
  c:\program files\Skype\Phone\Skype .exe
  
  
• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.

[Freddex]

ComboFix 10-10-09.04 - sey administrator 10/10/2010   9:41.8.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.510.249 [GMT -4:00]
Running from: c:\documents and settings\sey administrator\Desktop\Commy.exe
Command switches used :: c:\documents and settings\sey administrator\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Internet Explorer\complete.dat
c:\program files\Internet Explorer\dmlconf.dat
c:\program files\Microsoft\DesktopLayer.exe
c:\windows\ExplorerSrv.exe

Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\atapi.sys

.
(((((((((((((((((((((((((   Files Created from 2010-09-10 to 2010-10-10  )))))))))))))))))))))))))))))))
.

2010-10-10 14:02 . 2010-10-10 14:02   41984   ----a-w-   c:\windows\system32\rundll32Srv.exe
2010-10-10 13:36 . 2010-10-10 13:53   --------   d-----w-   c:\program files\windows
2010-10-08 23:06 . 2010-10-09 13:55   41984   ----a-w-   c:\program files\Internet Explorer\iexploreSrv.exe
2010-10-02 15:15 . 2010-10-10 13:23   --------   d-----w-   c:\documents and settings\sey administrator\Application Data\skypePM
2010-10-02 04:06 . 2010-10-02 04:07   --------   d-----w-   c:\documents and settings\Freddex\Application Data\skypePM
2010-10-02 04:04 . 2010-10-02 04:04   --------   d-----w-   c:\program files\Common Files\Skype
2010-10-02 04:04 . 2010-10-02 04:04   --------   d-----w-   c:\documents and settings\All Users\Application Data\Skype
2010-09-29 22:11 . 2010-09-29 22:11   388096   ----a-r-   c:\documents and settings\sey administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-29 04:26 . 2010-09-29 04:26   --------   d-----w-   c:\documents and settings\sey administrator\Application Data\Fako
2010-09-29 04:26 . 2010-10-03 16:06   --------   d-----w-   c:\program files\temp
2010-09-29 02:20 . 2010-09-29 02:20   --------   d--h--w-   c:\windows\PIF
2010-09-26 00:31 . 2010-09-26 00:32   --------   d-----w-   c:\program files\7-Zip
2010-09-25 23:54 . 2010-09-26 00:09   --------   d-----w-   C:\RootRepeal
2010-09-25 16:09 . 2010-09-25 16:09   --------   d-----w-   c:\documents and settings\sey administrator\Application Data\Ashampoo
2010-09-25 16:07 . 2010-09-25 16:07   --------   d-----w-   c:\documents and settings\sey administrator\Local Settings\Application Data\ashampoo
2010-09-25 16:07 . 2010-09-25 16:07   --------   d-----w-   c:\documents and settings\All Users\Application Data\ashampoo
2010-09-25 16:07 . 2010-09-25 16:07   --------   d-----w-   c:\program files\Ashampoo
2010-09-21 04:26 . 2010-09-21 05:11   --------   d-----w-   C:\Commy
2010-09-18 06:16 . 2010-09-18 06:16   --------   d-----w-   c:\documents and settings\sey administrator\Application Data\AVG9
2010-09-16 17:03 . 2010-09-16 17:04   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-09-16 05:52 . 2010-09-16 05:52   --------   d-----w-   c:\program files\Trend Micro
2010-09-16 04:44 . 2010-07-17 09:00   423656   ----a-w-   c:\windows\system32\deployJava1.dll
2010-09-16 04:44 . 2010-07-17 09:00   423656   ----a-w-   c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-09-15 18:04 . 2010-09-15 18:04   --------   d-----w-   c:\documents and settings\sey administrator\Application Data\Malwarebytes
2010-09-15 18:03 . 2010-04-29 19:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-15 18:03 . 2010-09-15 18:03   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-15 18:02 . 2010-04-29 19:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-09-15 18:02 . 2010-09-15 18:04   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-09-15 04:49 . 2010-09-15 04:49   --------   d-----w-   c:\documents and settings\Freddex\Application Data\PCToolsFirewallPlus
2010-09-14 16:24 . 2010-09-14 16:24   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-09-14 16:24 . 2010-09-14 16:24   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-09-14 16:24 . 2010-09-14 16:24   --------   d-----w-   c:\documents and settings\sey administrator\Application Data\SUPERAntiSpyware.com
2010-09-14 16:20 . 2010-09-14 16:20   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2010-09-14 15:58 . 2010-09-14 15:58   --------   d-----w-   c:\program files\CCleaner
2010-09-14 15:45 . 2010-09-14 15:46   --------   d-----w-   c:\documents and settings\sey administrator\Application Data\PCToolsFirewallPlus
2010-09-14 15:41 . 2009-11-23 17:54   88040   ----a-w-   c:\windows\system32\drivers\PCTAppEvent.sys
2010-09-14 15:41 . 2009-11-09 15:20   207792   ----a-w-   c:\windows\system32\drivers\PCTCore.sys
2010-09-14 15:41 . 2010-01-07 16:40   233136   ----a-w-   c:\windows\system32\drivers\pctgntdi.sys
2010-09-14 15:40 . 2010-01-12 13:34   70664   ----a-w-   c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2010-09-14 15:40 . 2010-01-07 15:35   58816   ----a-w-   c:\windows\system32\drivers\pctNdis.sys
2010-09-14 15:40 . 2010-01-07 15:35   32680   ----a-w-   c:\windows\system32\drivers\pctNdis-DNS.sys
2010-09-14 15:40 . 2010-01-13 12:59   115216   ----a-w-   c:\windows\system32\drivers\pctplfw.sys
2010-09-14 15:40 . 2010-09-23 01:11   --------   d-----w-   c:\program files\PC Tools Firewall Plus
2010-09-11 21:36 . 2010-09-11 21:36   --------   d-sh--w-   c:\documents and settings\NetworkService\IETldCache
2010-09-11 21:16 . 2010-09-13 17:46   --------   d-----w-   c:\documents and settings\Freddex\Application Data\C48C287A5F27A887A3E6CDBB287BDE57

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

Code: [Select]

<pre>
c:\program files\Skype\Phone\Skype .exe
</pre>
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
"{ad708c09-d51b-45b3-9d28-4eba2681febf}"= "c:\program files\Download_Energy\tbDow1.dll" [2010-09-21 2735200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_CLASSES_ROOT\clsid\{ad708c09-d51b-45b3-9d28-4eba2681febf}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 14:25   2117704   ----a-w-   c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ad708c09-d51b-45b3-9d28-4eba2681febf}]
2010-09-21 03:45   2735200   ----a-w-   c:\program files\Download_Energy\tbDow1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
"{ad708c09-d51b-45b3-9d28-4eba2681febf}"= "c:\program files\Download_Energy\tbDow1.dll" [2010-09-21 2735200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{ad708c09-d51b-45b3-9d28-4eba2681febf}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
"{AD708C09-D51B-45B3-9D28-4EBA2681FEBF}"= "c:\program files\Download_Energy\tbDow1.dll" [2010-09-21 2735200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{ad708c09-d51b-45b3-9d28-4eba2681febf}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2001-08-08 143360]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2001-08-08 90112]
"WCOLOREAL"="c:\program files\COMPAQ\Coloreal\coloreal.exe" [2010-09-20 176128]
"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2000-07-13 311350]
"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-07-13 28739]
"EPSON Stylus C44 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S09IC1.EXE" [2002-12-25 75776]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-12 3168216]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-20 462848]

c:\documents and settings\Freddex\Start Menu\Programs\Startup\
idlato.exe [2010-10-5 230400]
pypa.exe [2010-9-30 229376]

c:\documents and settings\Guest\Start Menu\Programs\Startup\
faopew.exe [2010-9-30 229376]
peyw.exe [2010-10-5 230400]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2010-09-21 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-16 13:30   12536   ----a-w-   c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\LimeWire Music\\LimeWire Music.exe"=
"c:\\Program Files\\WinMX\\WinMX.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [1/5/2010 7:49 PM 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [1/5/2010 7:49 PM 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/5/2010 7:49 PM 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/5/2010 7:49 PM 243024]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [9/14/2010 11:41 AM 233136]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/16/2010 9:28 AM 921952]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/16/2010 9:29 AM 308136]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [7/16/2010 9:28 AM 2331032]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [9/14/2010 11:41 AM 88040]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [1/5/2010 7:15 PM 583640]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [1/5/2010 7:48 PM 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [1/5/2010 7:49 PM 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [1/5/2010 7:48 PM 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [1/5/2010 7:48 PM 26192]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [9/14/2010 11:40 AM 70664]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [9/14/2010 11:40 AM 58816]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [9/14/2010 11:40 AM 115216]
R3 SUNPLUS;SightCAM PC-100p;c:\windows\system32\drivers\spixnew.sys [1/21/2010 6:10 PM 95528]
S1 EACMOS;EACMOS;c:\windows\system32\drivers\EACMOS.SYS --> c:\windows\system32\drivers\EACMOS.SYS [?]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7/16/2010 9:29 AM 5897808]
S2 gupdate1cacadbef3afef0;Google Update Service (gupdate1cacadbef3afef0);c:\program files\Google\Update\GoogleUpdate.exe [3/23/2010 6:55 PM 133104]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [1/5/2010 7:48 PM 30104]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]
.
Contents of the 'Scheduled Tasks' folder

2010-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-23 22:54]

2010-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-23 22:54]

2004-09-01 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\System32\OOBE\oobebaln.exe [2004-09-20 07:56]

2004-09-01 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\System32\OOBE\oobebaln.exe [2004-09-20 07:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\sey administrator\Application Data\Mozilla\Firefox\Profiles\3mmgr645.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000001
"PresentationHost.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000001
"PresentationHost.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000001
"PresentationHost.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000001
"PresentationHost.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
@DACL=(02 0000)
"sllauncher.exe"=dword:00001f40

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_Cross_Domain_Redirect_Mitigation]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION]
@DACL=(02 0000)
"PresentationHost.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP]
@DACL=(02 0000)
"ieuser.exe"=dword:00000001
"iexplore.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_TELNET_PROTOCOL]
@DACL=(02 0000)
"PresentationHost.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK]
@DACL=(02 0000)
"YahooMusicEngine.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT]
@DACL=(02 0000)
"devenv.exe"=dword:00000001
"dexplore.exe"=dword:00000001
"helppane.exe"=dword:00000001
"sllauncher.exe"=dword:00000000
"PresentationHost.exe"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS]
@DACL=(02 0000)
"msfeedssync.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FORCE_ADDR_AND_STATUS]
@DACL=(02 0000)
"PresentationHost.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_XML_PROLOG]
@DACL=(02 0000)
"msiexec.exe"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART]
@DACL=(02 0000)
@=""
"waol.exe"=dword:00000001
"cs.exe"=dword:00000001
"wm.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS]
@DACL=(02 0000)
"iexplore.exe"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS]
@DACL=(02 0000)
"helppane.exe"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DLCONTROL_BEHAVIORS]
@DACL=(02 0000)
"wlmail.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000006
"explorer.exe"=dword:00000004

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000006
"explorer.exe"=dword:00000002

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME]
@DACL=(02 0000)
"mshta.exe"=dword:00000001
"outlook.exe"=dword:00000001
"sidebar.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RELEASE_CALLBACK_ON_STOP_BINDING]
@DACL=(02 0000)
"communicator.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000001
"PresentationHost.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD]
@DACL=(02 0000)
"wlmail.exe"=dword:00000001
"msimn.exe"=dword:00000001
"winmail.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_OBJECT_DATA_ATTRIBUTE]
@DACL=(02 0000)
"WindowsLiveWriter.exe"=dword:00000001
"sllauncher.exe"=dword:00000001
"PresentationHost.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000001
"PresentationHost.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_APP_PROTOCOL_WARN_DIALOG]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000001
"PresentationHost.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SSLUX]
@DACL=(02 0000)
"PresentationHost.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN]
@DACL=(02 0000)
"wlmail.exe"=dword:00000001
"msimn.exe"=dword:00000001
"outlook.exe"=dword:00000001
"winmail.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL]
@DACL=(02 0000)
"excel.exe"=dword:00000001
"infopath.exe"=dword:00000001
"powerpnt.exe"=dword:00000001
"winword.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VIEWLINKEDWEBOC_IS_UNSAFE]
@DACL=(02 0000)
"sllauncher.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD]
@DACL=(02 0000)
"msn.exe"=dword:00000001
"msn6.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER]
@DACL=(02 0000)
"iexplore.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
@=""
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
@=""
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
@=""
"Installed"="1"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Adapters\NdisWanIp]
@DACL=(02 0000)
"LLInterface"="WANARP"
"IpConfig"=multi:"Tcpip\\Parameters\\Interfaces\\{E2E03A56-F650-49AD-9458-84AC5A26824B}\00Tcpip\\Parameters\\Interfaces\\{9D1E836B-DDA1-48F1-825D-3BE14B2C290C}\00Tcpip\\Parameters\\Interfaces\\{9215A54E-3EAA-4DC2-8EFE-4731C26E1349}\00Tcpip\\Parameters\\Interfaces\\{6F8E307F-9A7C-408A-AFAF-3615FCFA4CEF}\00\00"
"NumInterfaces"=dword:00000004
"IpInterfaces"=hex:56,3a,e0,e2,50,f6,ad,49,94,58,84,ac,5a,26,82,4b,6b,83,1e,9d,
   a1,dd,f1,48,82,5d,3b,e1,4b,2c,29,0c,4e,a5,15,92,aa,3e,c2,4d,8e,fe,47,31,c2,\

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Adapters\{6DE38E76-6721-44BE-B4B6-A8A60FA66767}]
@DACL=(02 0000)
"LLInterface"=""
"IpConfig"=multi:"Tcpip\\Parameters\\Interfaces\\{6DE38E76-6721-44BE-B4B6-A8A60FA66767}\00\00"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Adapters\{B006CFFA-964A-4BFA-84AB-6CB924F4DB19}]
@DACL=(02 0000)
"LLInterface"=""
"IpConfig"=multi:"Tcpip\\Parameters\\Interfaces\\{B006CFFA-964A-4BFA-84AB-6CB924F4DB19}\00\00"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0AA05CFB-0DDF-48E4-ABE8-1E78BE894167}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1A5AA00B-5655-45F5-B7EC-0DE7D796E0FE}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1ADA907D-9145-41B7-BD1B-0B8078EF8185}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{22DC89FD-1B4F-4DDE-97E1-D2BF70D78AF0}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2F865EAA-DF52-4F83-B627-C01FA56AB1B5}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{37F063E6-DE55-4C6A-BC3C-D9B75CC4EBDF}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3C6A114E-ACC8-482C-A644-165006071E4F}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4029ED28-634C-4F6D-91DD-90355FC3614B}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{477BD4AB-4CD4-447E-9188-0C270A205343}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4D0EE19D-53FB-42ED-929E-2CAD8D4DA3A2}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{56A4F766-5440-49EE-96D3-D509BA7BE4E9}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5B98C0D8-F928-4D49-9882-4DFE65D95C61}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6F8E307F-9A7C-408A-AFAF-3615FCFA4CEF}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
"NTEContextList"=multi:"\00"
"DhcpClassIdBin"=hex:
"DhcpIPAddress"="0.0.0.0"
"DhcpSubnetMask"="0.0.0.0"
"Domain"=""
"NameServer"=""
"RegistrationEnabled"=dword:00000000
"RegisterAdapterName"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{75056B19-4CBB-4556-BA15-31B10A5A5BE9}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{79953CF4-7DA0-4C21-A1B8-ED41FCF21D18}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{865C35FD-C16A-4B32-B547-8928CE953669}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8E76D28B-D819-435F-9D94-8F0EC4038520}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9215A54E-3EAA-4DC2-8EFE-4731C26E1349}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{93DFA675-845C-4FB9-B057-A889D11F364B}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{98C71F91-845C-46CA-A8FC-F7A16C9EAED0}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9D1E836B-DDA1-48F1-825D-3BE14B2C290C}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
"NTEContextList"=multi:"\00"
"DhcpIPAddress"="0.0.0.0"
"DhcpSubnetMask"="0.0.0.0"
"Domain"=""
"NameServer"=""
"RegistrationEnabled"=dword:00000000
"DhcpClassIdBin"=hex:
"RegisterAdapterName"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B006CFFA-964A-4BFA-84AB-6CB924F4DB19}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"DefaultGatewayMetric"=multi:"\00"
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=multi:"0\00\00"
"UDPAllowedPorts"=multi:"0\00\00"
"RawIPAllowedProtocols"=multi:"0\00\00"
"NTEContextList"=multi:"0x00000003\00\00"
"DhcpClassIdBin"=hex:

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{CEF18169-172E-4CC6-A23C-81EEA649ABCA}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D42BF3B8-5D36-47B6-AA88-2A5C0A88AFF6}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{E2E03A56-F650-49AD-9458-84AC5A26824B}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{E80F28B8-41F7-45E5-B224-BA02FA2B150E}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{EB685907-EFEF-49BC-836B-43B28D8A9E73}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F2661AF6-B3C2-4CB3-BEF6-D0571C34617B}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{FF2BE8C5-F6C8-4DEE-9C06-8F61850569D8}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1044)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(4048)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\PC Tools Firewall Plus\FWService.exe
c:\windows\system32\pctspk.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2010-10-10  10:09:39 - machine was rebooted
ComboFix-quarantined-files.txt  2010-10-10 14:09
ComboFix2.txt  2010-10-07 01:08
ComboFix3.txt  2010-10-06 02:15
ComboFix4.txt  2010-10-01 02:23
ComboFix5.txt  2010-10-10 13:38

Pre-Run: 11,354,218,496 bytes free
Post-Run: 11,374,940,160 bytes free

- - End Of File - - 2470D3D19873EF12901D51807C071C44

[SuperDave]

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[Freddex]

C:\38fd4a0c5ae793fe57\i386\filterpipelineprintproc.dll   Win32/Ramnit.A virus   error while cleaning
C:\38fd4a0c5ae793fe57\i386\mxdwdrv.dll   Win32/Ramnit.A virus   error while cleaning
C:\38fd4a0c5ae793fe57\i386\xpssvcs.dll   Win32/Ramnit.A virus   error while cleaning
C:\Commy\NircmdBSrv.exe   a variant of Win32/Kryptik.FTE trojan   cleaned by deleting - quarantined
C:\Commy10898C\NircmdBSrv.exe   a variant of Win32/Kryptik.FTE trojan   cleaned by deleting - quarantined
C:\Commy18057C\NircmdBSrv.exe   a variant of Win32/Kryptik.FTE trojan   cleaned by deleting - quarantined
C:\Commy2756C\NircmdBSrv.exe   a variant of Win32/Kryptik.FTE trojan   cleaned by deleting - quarantined
C:\Commy9393C\NircmdBSrv.exe   a variant of Win32/Kryptik.FTE trojan   cleaned by deleting - quarantined
C:\Compaq\CPQInet\CPQInet.exe   Win32/Ramnit.A virus   cleaned - quarantined
C:\Compaq\CPQInet\CPQNPCSS.exe   Win32/Ramnit.A virus   cleaned - quarantined
C:\Compaq\CPQInet\Hwswal.dll   Win32/Ramnit.A virus   cleaned - quarantined
C:\Compaq\CPQInet\INETSVCS.dll   Win32/Ramnit.A virus   cleaned - quarantined
C:\Compaq\CPQInet\LchApp.exe   Win32/Ramnit.A virus   cleaned - quarantined
C:\Compaq\CPQInet\nzLaunch.exe   Win32/Ramnit.A virus   cleaned - quarantined
C:\Compaq\CPQInet\Stat.dll   Win32/Ramnit.A virus   cleaned - quarantined
C:\Compaq\CPQInet\trcknlog.dll   Win32/Ramnit.A virus   cleaned - quarantined
C:\Compaq\EAKDRV\EAUSBKBD.EXE   Win32/Ramnit.A virus   cleaned - quarantined
C:\Compaq\Features\default.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Compaq\Features\Pages\About My PC-About My PC.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Compaq\Features\Pages\About My PC-Easy Access Design.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Compaq\Features\Pages\About My PC-Featured Software.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Compaq\Features\Pages\About My PC-Smartcard Keyboard Overview.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Compaq\Features\Pages\Compaq Help & Support-Compaq Help & Support.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Compaq\Features\Pages\Compaq Help & Support-On-Line Help & Support.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Compaq\Features\Pages\Compaq Help & Support-Preventative Care & Maintenance.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Compaq\Features\Pages\Getting Started With My PC-Games.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Compaq\Features\Pages\Getting Started With My PC-Getting Started With My PC.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Compaq\Features\Pages\Getting Started With My PC-Home Networking.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Compaq\Features\Pages\Getting Started With My PC-Music.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Compaq\Features\Pages\Getting Started With My PC-Photo.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Compaq\Features\Pages\Getting Started With My PC-Surf the Net.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Compaq\Features\Pages\Getting Started With My PC-Video.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Compaq\Features\Pages\MainPromotion.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Compaq\lutil\Introreg.dll   Win32/Ramnit.A virus   cleaned - quarantined
C:\Compaq\lutil\ISUninst.dll   Win32/Ramnit.A virus   cleaned - quarantined
C:\Compaq\lutil\SkyDesk.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Compaq\lutil\SystemOS.dll   Win32/Ramnit.A virus   cleaned - quarantined
C:\Compaq\lutil\WizHost.exe   Win32/Ramnit.A virus   cleaned - quarantined
C:\Compaq\lutil\WizMsg.dll   Win32/Ramnit.A virus   cleaned - quarantined
C:\Compaq\lutil\WizWom.dll   Win32/Ramnit.A virus   cleaned - quarantined
C:\Compaq\lutil\WRegXfer.dll   Win32/Ramnit.A virus   cleaned - quarantined
C:\Compaq\lutil\html\NaEnglish\cpqExit.html   Win32/Ramnit.A virus   cleaned - quarantined
C:\Compaq\lutil\html\NaEnglish\errNet.html   Win32/Ramnit.A virus   cleaned - quarantined
C:\Compaq\lutil\html\NaFrench\cpqExit.html   Win32/Ramnit.A virus   cleaned - quarantined
C:\Compaq\lutil\html\NaFrench\errNet.html   Win32/Ramnit.A virus   cleaned - quarantined
C:\CPQDRV\AUDIO\ADMINCHK.DLL   Win32/Ramnit.A virus   cleaned - quarantined
C:\CPQDRV\AUDIO\INSTALL.EXE   Win32/Ramnit.A virus   cleaned - quarantined
C:\CPQDRV\AUDIO\PROPS32.DLL   Win32/Ramnit.A virus   cleaned - quarantined
C:\CPQDRV\AUDIO\REMOVE.EXE   Win32/Ramnit.A virus   cleaned - quarantined
C:\CPQDRV\KEYBOARD\EAKINSTA.EXE   Win32/Ramnit.A virus   cleaned - quarantined
C:\CPQDRV\KEYBOARD\SETUPEAK.DLL   Win32/Ramnit.A virus   cleaned - quarantined
C:\CPQDRV\keyboardbuttons\EAKInstall.exe   Win32/Ramnit.A virus   cleaned - quarantined
C:\CPQDRV\keyboardbuttons\SetupEAKDLL.dll   Win32/Ramnit.A virus   cleaned - quarantined
C:\CPQDRV\QuickenInstall\QWNUE01N1D\CUSTOM\PROGRAM\LICENSE.HTM   Win32/Ramnit.A virus   cleaned - quarantined
C:\CPQDRV\QuickenInstall\QWNUE01N1D\tools\SANITIZE.EXE   Win32/Ramnit.A virus   cleaned - quarantined
C:\CPQDRV\VIDEO\HCCUTILS.DLL   Win32/Ramnit.A virus   cleaned - quarantined
C:\CPQDRV\VIDEO\HKCMD.EXE   Win32/Ramnit.A virus   cleaned - quarantined
C:\CPQDRV\VIDEO\I81XGDEV.DLL   Win32/Ramnit.A virus   cleaned - quarantined
C:\CPQDRV\VIDEO\I81XGICD.DLL   Win32/Ramnit.A virus   cleaned - quarantined
C:\CPQDRV\VIDEO\IGFXCFG.EXE   Win32/Ramnit.A virus   cleaned - quarantined
C:\CPQDRV\VIDEO\IGFXDEV.DLL   Win32/Ramnit.A virus   cleaned - quarantined
C:\CPQDRV\VIDEO\IGFXDIAG.EXE   Win32/Ramnit.A virus   cleaned - quarantined
C:\CPQDRV\VIDEO\IGFXDO.DLL   Win32/Ramnit.A virus   cleaned - quarantined
C:\CPQDRV\VIDEO\IGFXEUD.DLL   Win32/Ramnit.A virus   cleaned - quarantined
C:\CPQDRV\VIDEO\IGFXHK.DLL   Win32/Ramnit.A virus   cleaned - quarantined
C:\CPQDRV\VIDEO\IGFXPPH.DLL   Win32/Ramnit.A virus   cleaned - quarantined
C:\CPQDRV\VIDEO\IGFXSRVC.DLL   Win32/Ramnit.A virus   cleaned - quarantined
C:\CPQDRV\VIDEO\IGFXTRAY.EXE   Win32/Ramnit.A virus   cleaned - quarantined
C:\CPQS\QUICKSR\CHECKCNF.EXE   Win32/Ramnit.A virus   cleaned - quarantined
C:\CPQS\QUICKSR\FASTBOOT.EXE   Win32/Ramnit.A virus   cleaned - quarantined
C:\CPQS\QUICKSR\PATCHES.EXE   Win32/Ramnit.A virus   cleaned - quarantined
C:\CPQS\QUICKSR\QRIA.EXE   Win32/Ramnit.A virus   cleaned - quarantined
C:\CPQS\QUICKSR\RMKEYS.EXE   Win32/Ramnit.A virus   cleaned - quarantined
C:\CPQS\scom\CkcUpgrade.exe   Win32/Ramnit.A virus   cleaned - quarantined
C:\CPQS\scom\CpqStartMenu.dll   Win32/Ramnit.A virus   cleaned - quarantined
C:\CPQS\scom\CustomerRegInfo.dll   Win32/Ramnit.A virus   cleaned - quarantined
C:\CPQS\scom\EDID.dll   Win32/Ramnit.A virus   cleaned - quarantined
C:\CPQS\scom\Mailer.dll   Win32/Ramnit.A virus   cleaned - quarantined
C:\CPQS\scom\MemUsage.dll   Win32/Ramnit.A virus   cleaned - quarantined
C:\CPQS\scom\Migrate.dll   Win32/Ramnit.A virus   cleaned - quarantined
C:\CPQS\scom\ModemCheck.dll   Win32/Ramnit.A virus   cleaned - quarantined
C:\CPQS\scom\ModemQuery.dll   Win32/Ramnit.A virus   cleaned - quarantined
C:\CPQS\scom\ModemUtil.dll   Win32/Ramnit.A virus   cleaned - quarantined
C:\CPQS\scom\PCTSCOM.dll   Win32/Ramnit.A virus   cleaned - quarantined
C:\CPQS\scom\ScDmi.dll   Win32/Ramnit.A virus   cleaned - quarantined
C:\CPQS\scom\SCDrivers.dll   Win32/Ramnit.A virus   cleaned - quarantined
C:\CPQS\scom\SCInfoBom.dll   Win32/Ramnit.A virus   cleaned - quarantined
C:\CPQS\scom\SCOS.dll   Win32/Ramnit.A virus   cleaned - quarantined
C:\CPQS\scom\SCPartNumber.dll   Win32/Ramnit.A virus   cleaned - quarantined
C:\CPQS\scom\srmclean .exe   Win32/Ramnit.A virus   cleaned - quarantined
C:\CPQS\TOOLS\UNZIP.EXE   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\27816\ReaderUpdaterSrv.exe   a variant of Win32/Kryptik.FTE trojan   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\F57B48ADF2224F088EDD1A2B9BAD84E8\PickGame.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\All Users\Desktop\ABC.exe   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\All Users\Desktop\Disney Online.exe   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\All Users\Desktop\ESPN.exe   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\Default User\Local Settings\Temp\~rnsetu0\pncrt.dll   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\Default User\Local Settings\Temp\~rnsetup\pncrt.dll   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\fyfuk.exe   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\maqa.exe   a variant of Win32/Kryptik.GZJ trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\qorya.exe   a variant of Win32/Kryptik.HLM trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Freddex\Application Data\Asbece\onmuo.exe   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\Freddex\Application Data\Asbece\onmuoSrv.exe   a variant of Win32/Kryptik.FTE trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Freddex\Application Data\Mozilla\Firefox\Profiles\5tbeccz1.default\bookmarks.html   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\Freddex\Application Data\Noilab\budi.exe   a variant of Win32/Kryptik.HLM trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Freddex\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7c91b2a5-n\msvcr71.dll   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\Freddex\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-47f9ff1d-n\msvcr71.dll   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\Freddex\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-34777ea4-n\msvcr71.dll   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\Freddex\Local Settings\temp\tmp0a538d8d\kill.exe   Win32/Delf.PLO trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Freddex\Local Settings\temp\tmp0a538d8d\killSrv.exe   a variant of Win32/Kryptik.FTE trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Freddex\Local Settings\Temporary Internet Files\Content.IE5\BTZLGCQF\bnews-pro[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\Freddex\Local Settings\Temporary Internet Files\Content.IE5\BTZLGCQF\Sync[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\Freddex\Local Settings\Temporary Internet Files\Content.IE5\Q6FKH05K\Include[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\Freddex\Local Settings\Temporary Internet Files\Content.IE5\Q6FKH05K\online-scanner[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\Freddex\Local Settings\Temporary Internet Files\Content.IE5\Q6FKH05K\Toolbar[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\Freddex\Local Settings\Temporary Internet Files\Content.IE5\Q6FKH05K\topic,110296.msg747598[1].html   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\Freddex\Local Settings\Temporary Internet Files\Content.IE5\QMN5LQ90\favicon[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\Freddex\Start Menu\Programs\Startup\idlatoSrv.exe   a variant of Win32/Kryptik.FTE trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Freddex\Start Menu\Programs\Startup\pypaSrv.exe   a variant of Win32/Kryptik.FTE trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Guest\Start Menu\Programs\Startup\ammo.exe   a variant of Win32/Kryptik.HLM trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Guest\Start Menu\Programs\Startup\faopew.exe   a variant of Win32/Kryptik.GZJ trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Guest\Start Menu\Programs\Startup\peyw.exe   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Application Data\Fako\anuq.exe   a variant of Win32/Kryptik.GZJ trojan   cleaned by deleting - quarantined
C:\Documents and Settings\sey administrator\Application Data\Mozilla\Firefox\Profiles\3mmgr645.default\bookmarks.html   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-61f91632-n\msvcr71.dll   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-367bd4db-n\msvcr71.dll   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-501e625d-n\msvcr71.dll   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Application Data\Ysulne\emxy.exe   a variant of Win32/Kryptik.GZJ trojan   cleaned by deleting - quarantined
C:\Documents and Settings\sey administrator\Desktop\RkU3.8.388.590\MustBeRandomlyNamed\f2o4rDaewo.exe   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Desktop\SysProt\SysProt\SysProt.exe   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\133101-2nd-car;-forester-vs-outback-need-more-space-than-wrx-i-am-keeping[1].html   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\140158-how-possible-moto-content[1].html   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\1489-canadian-survey[1].html   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\2009[2].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\25752-has-anybody-received-2011-outback-brought-back-canada[1].html   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\2592[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\2592[2].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\2592[3].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\74912-wrx-leather-interior-2[1].html   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\92953-importing-guide-18[1].html   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\aclk[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\aclk[2].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\aclk[3].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\adsCA190CEE.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\adsCA2B7GL2.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\adsCA5FAORT.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\adsCA5QNWMW.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\adsCA5RH878.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\adsCA64CVIN.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\adsCA6BXCLG.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\adsCA6LYC8U.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\adsCA7HMI6U.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\adsCABDT41O.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\adsCABPNP5D.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\adsCACDEBN9.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\adsCACMNYTH.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\adsCAI088XH.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\adsCAKFATBL.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\adsCAOXGUHL.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\adsCAP6EV8V.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\adsCARMX88R.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\adsCAV6X39L.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\adsCAVXYYB2.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\adsCAXMM9P5.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\ads[10].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\ads[11].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\ads[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\ads[2].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\ads[3].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\ads[4].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\ads[5].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\ads[6].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\ads[7].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\ads[8].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\ads[9].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\basketball_fantasysports_yahoo_com[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\blank[1].html   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\board,7.0[1].html   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\clk[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\clk[2].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\data_sync[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\emailleague[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\facebook_share[1].html   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\forums[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\gameinfo[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\index[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\login[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\net[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\openmail.app[2].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\openmail.app[3].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\topic,110296.msg747408[1].html   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\topic,46313.0[1].html   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\topicseen[1].html   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\toronto-subaru-club_com[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\tpp4[2].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\watch-toronto-raptors-vs-boston-celtics[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\_;ord=0[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\105395-van-bortel-customer-appreciation-us-importing-info-session[1].html   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\115140[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\134546-rollin-3-6r-2[1].html   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\138009-worst-stone-chip-ever-pride-car-slowly-fading[1].html   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\139887-need-some-help-buying-subaru[1].html   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\140205-new-car-forrester-vs-few-others[1].html   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\2010[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\22870-buying-new-outback-importing-canada-2[1].html   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\22870-buying-new-outback-importing-canada[1].html   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\2397357[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\2592[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\2592[2].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\30670[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\aclk[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\aclk[2].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\aclk[3].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\aclk[4].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\aclk[5].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\adsCA1R1UVJ.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\adsCA24EQPT.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\adsCA5IQRVB.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\adsCA77ICYR.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\adsCA77YYQL.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\adsCA7UUN87.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\adsCA8EWYSO.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\adsCA8PZZL1.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\adsCAB29OKH.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\adsCAEYSWV9.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\adsCAFGJMMT.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\adsCAGF39WM.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\adsCAHE9Z9X.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\adsCAHXR1OT.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\adsCAIZ4HT8.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\adsCAJ15FW6.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\adsCAMUW5BX.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\adsCAN8LHXQ.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\adsCANY2TMW.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\adsCAOR74EY.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\adsCAP44NVU.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\adsCAQ1EAKK.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\adsCAQ3QCMP.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\adsCAUOFASA.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\adsCAW2UN2N.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\adsCAWVN5Y7.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\adsCAWZTDNQ.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\adsCAZR1QD8.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\ads[10].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\ads[11].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\ads[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\ads[2].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\ads[3].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\ads[4].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\ads[5].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\ads[6].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\ads[7].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\ads[8].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\ads[9].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\blank[2].html   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\blank[4].html   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\blank[5].html   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\button[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\button[2].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\ca_yahoo_com[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\commishhome[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\emailleagueca54c271[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\facebook_share[1].html   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\fc[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\ga_event_frame[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\gdyn_nba[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\index[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\index[2].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\index[3].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\json[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\login[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\net[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\peninsula-imported-cars-ltd-oakville-peninsulaimportedcarsltd[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\raptors[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\rosters[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\sda2[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\search[2].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\social[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\teams[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\teams[2].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\watch-toronto-raptors-vs-boston-celtics[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\WebPage[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\WebPage[2].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\_;ord=0[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\134546-rollin-3-6r[1].html   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\140205-new-car-forrester-vs-few-others-2[1].html   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\140205-new-car-forrester-vs-few-others-4[1].html   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\20379-subaru-canada-specifies-terra-clean-48k-km-my2010[1].html   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\2592[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\2592[2].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\2592[3].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\2592[4].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\2[2].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\aclk[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\aclk[2].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\aclk[3].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\aclk[4].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCA0UIVWJ.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCA192S6X.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCA1PQ3IL.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCA1QFV03.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCA4EAORQ.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCA5FF1L5.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCA62X8RK.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCA80O2I4.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCA9RP5W3.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCABXFY3T.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCACE2F0T.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCACM745B.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCACREXT7.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCAD688SR.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCAFJU59V.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCAFL7QNN.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCAG8T3XD.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCAGCFLXY.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCAI1NEKP.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCAM1W0SB.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCANTPP5N.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCAONBG47.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCAP3ZNAH.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCAR04GFF.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCASJ5SVL.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCATDVCTR.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCAV9Q4GC.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCAWDAGZN.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCAWHFU2T.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCAY6ABO7.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\ads[10].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\ads[11].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\ads[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\ads[2].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\ads[3].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\ads[4].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\ads[5].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\ads[6].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\ads[7].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\ads[8].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\ads[9].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\dealerlisting[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\dealerlisting[2].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\editstatcategories[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\fc[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\gdyn_nba[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\general-technical-discussion[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\index[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\index[2].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\index[3].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\international-customers[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\invitefriends23fabd99[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\Launch01[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\nba_com[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\net[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\net[2].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\rosters[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\search[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\search[2].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\search[3].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\sports-arenas_blogspot_com[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\st[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\st[2].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\topic,110296.30[1].html   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\xd_proxy[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\_;ord=1286997166358[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\139598-i-feel-about-time[1].html   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\140205-new-car-forrester-vs-few-others-3[1].html   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\22049-buying-accessories-us[1].html   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\2592[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\2592[2].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\2592[3].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\2592[4].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\2592[5].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\2592[6].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\27326-surround-sound-mode[1].html   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\74912-wrx-leather-interior[2].html   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\92953-importing-guide-19[1].html   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\92953-importing-guide[1].html   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\aclk[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\aclk[2].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\aclk[3].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\aclk[4].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\aclk[5].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\adsCA3B768Q.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\adsCA6XPGK4.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\adsCA720DNG.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\adsCA9PM54Y.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\adsCAAOYC70.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\adsCACYPNB1.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\adsCAGB5CJ1.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\adsCAOAGKLC.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\adsCAOAYT8O.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\adsCAQUQN24.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\adsCAUBLBAV.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\adsCAVR3IBP.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\adsCAWAKCN3.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\adsCAXZAA2X.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\adsCAYL3UT6.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\adsCAYO9P56.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\ads[10].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\ads[11].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\ads[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\ads[2].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\ads[3].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\ads[4].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\ads[5].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\ads[6].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\ads[7].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\ads[8].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\ads[9].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\ag[2].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\atdhe_net[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\blank[1].html   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\blank[2].html   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\ca_yahoo_com[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\ca_yahoo_com[2].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\dealerlisting[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\forums[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\index[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\index[2].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\index[3].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\invitefriends925153da[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\invitefriends[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\login[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\mailoptions[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\peninsulaimports_com[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\raptors_originals[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\rosters[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\sandbox[1].html   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\sda2[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\search[1].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\search[2].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\E73KBGDO\search[3].htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet F

[Freddex]

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=4d93653df50dcc49bc84baf67238bd9b
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-16 02:32:15
# local_time=2010-10-15 10:32:15 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 1652886 1652886 0 0
# compatibility_mode=1279 16777215 0 0 0 0 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=53458
# found=912
# cleaned=907
# scan_time=5500
C:\38fd4a0c5ae793fe57\i386\filterpipelineprintproc.dll   Win32/Ramnit.A virus (error while cleaning)   00000000000000000000000000000000   I
C:\38fd4a0c5ae793fe57\i386\mxdwdrv.dll   Win32/Ramnit.A virus (error while cleaning)   00000000000000000000000000000000   I
C:\38fd4a0c5ae793fe57\i386\xpssvcs.dll   Win32/Ramnit.A virus (error while cleaning)   00000000000000000000000000000000   I
C:\Commy\NircmdBSrv.exe   a variant of Win32/Kryptik.FTE trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Commy10898C\NircmdBSrv.exe   a variant of Win32/Kryptik.FTE trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Commy18057C\NircmdBSrv.exe   a variant of Win32/Kryptik.FTE trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Commy2756C\NircmdBSrv.exe   a variant of Win32/Kryptik.FTE trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Commy9393C\NircmdBSrv.exe   a variant of Win32/Kryptik.FTE trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Compaq\CPQInet\CPQInet.exe   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Compaq\CPQInet\CPQNPCSS.exe   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Compaq\CPQInet\Hwswal.dll   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Compaq\CPQInet\INETSVCS.dll   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Compaq\CPQInet\LchApp.exe   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Compaq\CPQInet\nzLaunch.exe   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Compaq\CPQInet\Stat.dll   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Compaq\CPQInet\trcknlog.dll   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Compaq\EAKDRV\EAUSBKBD.EXE   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Compaq\Features\default.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Compaq\Features\Pages\About My PC-About My PC.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Compaq\Features\Pages\About My PC-Easy Access Design.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Compaq\Features\Pages\About My PC-Featured Software.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Compaq\Features\Pages\About My PC-Smartcard Keyboard Overview.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Compaq\Features\Pages\Compaq Help & Support-Compaq Help & Support.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Compaq\Features\Pages\Compaq Help & Support-On-Line Help & Support.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Compaq\Features\Pages\Compaq Help & Support-Preventative Care & Maintenance.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Compaq\Features\Pages\Getting Started With My PC-Games.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Compaq\Features\Pages\Getting Started With My PC-Getting Started With My PC.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Compaq\Features\Pages\Getting Started With My PC-Home Networking.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Compaq\Features\Pages\Getting Started With My PC-Music.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Compaq\Features\Pages\Getting Started With My PC-Photo.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Compaq\Features\Pages\Getting Started With My PC-Surf the Net.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Compaq\Features\Pages\Getting Started With My PC-Video.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Compaq\Features\Pages\MainPromotion.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Compaq\lutil\Introreg.dll   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Compaq\lutil\ISUninst.dll   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Compaq\lutil\SkyDesk.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Compaq\lutil\SystemOS.dll   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Compaq\lutil\WizHost.exe   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Compaq\lutil\WizMsg.dll   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Compaq\lutil\WizWom.dll   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Compaq\lutil\WRegXfer.dll   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Compaq\lutil\html\NaEnglish\cpqExit.html   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Compaq\lutil\html\NaEnglish\errNet.html   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Compaq\lutil\html\NaFrench\cpqExit.html   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Compaq\lutil\html\NaFrench\errNet.html   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\CPQDRV\AUDIO\ADMINCHK.DLL   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\CPQDRV\AUDIO\INSTALL.EXE   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\CPQDRV\AUDIO\PROPS32.DLL   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\CPQDRV\AUDIO\REMOVE.EXE   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\CPQDRV\KEYBOARD\EAKINSTA.EXE   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\CPQDRV\KEYBOARD\SETUPEAK.DLL   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\CPQDRV\keyboardbuttons\EAKInstall.exe   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\CPQDRV\keyboardbuttons\SetupEAKDLL.dll   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\CPQDRV\QuickenInstall\QWNUE01N1D\CUSTOM\PROGRAM\LICENSE.HTM   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\CPQDRV\QuickenInstall\QWNUE01N1D\tools\SANITIZE.EXE   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\CPQDRV\VIDEO\HCCUTILS.DLL   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\CPQDRV\VIDEO\HKCMD.EXE   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\CPQDRV\VIDEO\I81XGDEV.DLL   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\CPQDRV\VIDEO\I81XGICD.DLL   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\CPQDRV\VIDEO\IGFXCFG.EXE   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\CPQDRV\VIDEO\IGFXDEV.DLL   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\CPQDRV\VIDEO\IGFXDIAG.EXE   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\CPQDRV\VIDEO\IGFXDO.DLL   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\CPQDRV\VIDEO\IGFXEUD.DLL   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\CPQDRV\VIDEO\IGFXHK.DLL   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\CPQDRV\VIDEO\IGFXPPH.DLL   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\CPQDRV\VIDEO\IGFXSRVC.DLL   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\CPQDRV\VIDEO\IGFXTRAY.EXE   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\CPQS\QUICKSR\CHECKCNF.EXE   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\CPQS\QUICKSR\FASTBOOT.EXE   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\CPQS\QUICKSR\PATCHES.EXE   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\CPQS\QUICKSR\QRIA.EXE   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\CPQS\QUICKSR\RMKEYS.EXE   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\CPQS\scom\CkcUpgrade.exe   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\CPQS\scom\CpqStartMenu.dll   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\CPQS\scom\CustomerRegInfo.dll   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\CPQS\scom\EDID.dll   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\CPQS\scom\Mailer.dll   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\CPQS\scom\MemUsage.dll   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\CPQS\scom\Migrate.dll   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\CPQS\scom\ModemCheck.dll   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\CPQS\scom\ModemQuery.dll   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\CPQS\scom\ModemUtil.dll   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\CPQS\scom\PCTSCOM.dll   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\CPQS\scom\ScDmi.dll   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\CPQS\scom\SCDrivers.dll   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\CPQS\scom\SCInfoBom.dll   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\CPQS\scom\SCOS.dll   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\CPQS\scom\SCPartNumber.dll   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\CPQS\scom\srmclean .exe   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\CPQS\TOOLS\UNZIP.EXE   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\27816\ReaderUpdaterSrv.exe   a variant of Win32/Kryptik.FTE trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\F57B48ADF2224F088EDD1A2B9BAD84E8\PickGame.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\All Users\Desktop\ABC.exe   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\All Users\Desktop\Disney Online.exe   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\All Users\Desktop\ESPN.exe   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\Default User\Local Settings\Temp\~rnsetu0\pncrt.dll   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\Default User\Local Settings\Temp\~rnsetup\pncrt.dll   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\fyfuk.exe   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\maqa.exe   a variant of Win32/Kryptik.GZJ trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\qorya.exe   a variant of Win32/Kryptik.HLM trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\Freddex\Application Data\Asbece\onmuo.exe   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\Freddex\Application Data\Asbece\onmuoSrv.exe   a variant of Win32/Kryptik.FTE trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\Freddex\Application Data\Mozilla\Firefox\Profiles\5tbeccz1.default\bookmarks.html   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\Freddex\Application Data\Noilab\budi.exe   a variant of Win32/Kryptik.HLM trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\Freddex\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7c91b2a5-n\msvcr71.dll   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\Freddex\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-47f9ff1d-n\msvcr71.dll   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\Freddex\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-34777ea4-n\msvcr71.dll   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\Freddex\Local Settings\temp\tmp0a538d8d\kill.exe   Win32/Delf.PLO trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\Freddex\Local Settings\temp\tmp0a538d8d\killSrv.exe   a variant of Win32/Kryptik.FTE trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\Freddex\Local Settings\Temporary Internet Files\Content.IE5\BTZLGCQF\bnews-pro[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\Freddex\Local Settings\Temporary Internet Files\Content.IE5\BTZLGCQF\Sync[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\Freddex\Local Settings\Temporary Internet Files\Content.IE5\Q6FKH05K\Include[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\Freddex\Local Settings\Temporary Internet Files\Content.IE5\Q6FKH05K\online-scanner[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\Freddex\Local Settings\Temporary Internet Files\Content.IE5\Q6FKH05K\Toolbar[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\Freddex\Local Settings\Temporary Internet Files\Content.IE5\Q6FKH05K\topic,110296.msg747598[1].html   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\Freddex\Local Settings\Temporary Internet Files\Content.IE5\QMN5LQ90\favicon[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\Freddex\Start Menu\Programs\Startup\idlatoSrv.exe   a variant of Win32/Kryptik.FTE trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\Freddex\Start Menu\Programs\Startup\pypaSrv.exe   a variant of Win32/Kryptik.FTE trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\Guest\Start Menu\Programs\Startup\ammo.exe   a variant of Win32/Kryptik.HLM trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\Guest\Start Menu\Programs\Startup\faopew.exe   a variant of Win32/Kryptik.GZJ trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\Guest\Start Menu\Programs\Startup\peyw.exe   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Application Data\Fako\anuq.exe   a variant of Win32/Kryptik.GZJ trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Application Data\Mozilla\Firefox\Profiles\3mmgr645.default\bookmarks.html   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-61f91632-n\msvcr71.dll   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-367bd4db-n\msvcr71.dll   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-501e625d-n\msvcr71.dll   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Application Data\Ysulne\emxy.exe   a variant of Win32/Kryptik.GZJ trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Desktop\RkU3.8.388.590\MustBeRandomlyNamed\f2o4rDaewo.exe   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Desktop\SysProt\SysProt\SysProt.exe   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\133101-2nd-car;-forester-vs-outback-need-more-space-than-wrx-i-am-keeping[1].html   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\140158-how-possible-moto-content[1].html   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\1489-canadian-survey[1].html   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\2009[2].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\25752-has-anybody-received-2011-outback-brought-back-canada[1].html   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\2592[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\2592[2].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\2592[3].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\74912-wrx-leather-interior-2[1].html   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\92953-importing-guide-18[1].html   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\aclk[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\aclk[2].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\aclk[3].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\adsCA190CEE.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\adsCA2B7GL2.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\adsCA5FAORT.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\adsCA5QNWMW.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\adsCA5RH878.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\adsCA64CVIN.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\adsCA6BXCLG.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\adsCA6LYC8U.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\adsCA7HMI6U.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\adsCABDT41O.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\adsCABPNP5D.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\adsCACDEBN9.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\adsCACMNYTH.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\adsCAI088XH.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\adsCAKFATBL.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\adsCAOXGUHL.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\adsCAP6EV8V.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\adsCARMX88R.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\adsCAV6X39L.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\adsCAVXYYB2.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\adsCAXMM9P5.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\ads[10].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\ads[11].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\ads[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\ads[2].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\ads[3].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\ads[4].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\ads[5].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\ads[6].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\ads[7].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\ads[8].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\ads[9].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\basketball_fantasysports_yahoo_com[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\blank[1].html   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\board,7.0[1].html   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\clk[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\clk[2].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\data_sync[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\emailleague[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\facebook_share[1].html   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\forums[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\gameinfo[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\index[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\login[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\net[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\openmail.app[2].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\openmail.app[3].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\topic,110296.msg747408[1].html   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\topic,46313.0[1].html   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\topicseen[1].html   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\toronto-subaru-club_com[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\tpp4[2].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\watch-toronto-raptors-vs-boston-celtics[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\3AIBL4ZR\_;ord=0[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\105395-van-bortel-customer-appreciation-us-importing-info-session[1].html   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\115140[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\134546-rollin-3-6r-2[1].html   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\138009-worst-stone-chip-ever-pride-car-slowly-fading[1].html   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\139887-need-some-help-buying-subaru[1].html   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\140205-new-car-forrester-vs-few-others[1].html   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\2010[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\22870-buying-new-outback-importing-canada-2[1].html   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\22870-buying-new-outback-importing-canada[1].html   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\2397357[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\2592[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\2592[2].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\30670[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\aclk[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\aclk[2].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\aclk[3].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\aclk[4].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\aclk[5].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\adsCA1R1UVJ.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\adsCA24EQPT.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\adsCA5IQRVB.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\adsCA77ICYR.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\adsCA77YYQL.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\adsCA7UUN87.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\adsCA8EWYSO.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\adsCA8PZZL1.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\adsCAB29OKH.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\adsCAEYSWV9.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\adsCAFGJMMT.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\adsCAGF39WM.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\adsCAHE9Z9X.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\adsCAHXR1OT.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\adsCAIZ4HT8.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\adsCAJ15FW6.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\adsCAMUW5BX.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\adsCAN8LHXQ.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\adsCANY2TMW.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\adsCAOR74EY.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\adsCAP44NVU.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\adsCAQ1EAKK.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\adsCAQ3QCMP.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\adsCAUOFASA.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\adsCAW2UN2N.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\adsCAWVN5Y7.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\adsCAWZTDNQ.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\adsCAZR1QD8.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\ads[10].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\ads[11].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\ads[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\ads[2].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\ads[3].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\ads[4].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\ads[5].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\ads[6].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\ads[7].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\ads[8].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\ads[9].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\blank[2].html   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\blank[4].html   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\blank[5].html   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\button[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\button[2].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\ca_yahoo_com[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\commishhome[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\emailleagueca54c271[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\facebook_share[1].html   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\fc[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\ga_event_frame[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\gdyn_nba[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\index[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\index[2].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\index[3].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\json[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\login[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\net[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\peninsula-imported-cars-ltd-oakville-peninsulaimportedcarsltd[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\raptors[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\rosters[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\sda2[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\search[2].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\social[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\teams[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\teams[2].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\watch-toronto-raptors-vs-boston-celtics[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\WebPage[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\WebPage[2].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\910DENE8\_;ord=0[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\134546-rollin-3-6r[1].html   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\140205-new-car-forrester-vs-few-others-2[1].html   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\140205-new-car-forrester-vs-few-others-4[1].html   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\20379-subaru-canada-specifies-terra-clean-48k-km-my2010[1].html   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\2592[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\2592[2].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\2592[3].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\2592[4].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\2[2].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\aclk[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\aclk[2].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\aclk[3].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\aclk[4].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCA0UIVWJ.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCA192S6X.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCA1PQ3IL.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCA1QFV03.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCA4EAORQ.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCA5FF1L5.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCA62X8RK.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCA80O2I4.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCA9RP5W3.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCABXFY3T.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCACE2F0T.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCACM745B.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCACREXT7.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCAD688SR.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCAFJU59V.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCAFL7QNN.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCAG8T3XD.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCAGCFLXY.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCAI1NEKP.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCAM1W0SB.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCANTPP5N.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCAONBG47.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCAP3ZNAH.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCAR04GFF.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCASJ5SVL.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCATDVCTR.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCAV9Q4GC.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCAWDAGZN.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCAWHFU2T.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\adsCAY6ABO7.htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\ads[10].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\ads[11].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\ads[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\ads[2].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\ads[3].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\ads[4].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\ads[5].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\ads[6].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\ads[7].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\ads[8].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\ads[9].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\dealerlisting[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\dealerlisting[2].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\editstatcategories[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\fc[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\gdyn_nba[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\general-technical-discussion[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\index[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\index[2].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\index[3].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\international-customers[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Temporary Internet Files\Content.IE5\AO0CK4MF\invitefriends23fabd99[1].htm   Win32/Ramnit.A virus (cleaned - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\sey administrator\Local Settings\Te

[SuperDave]

Oh oh. That's bad news. I'm required to give you this warning. Please try running ESET again and see if anything came back.

If it's Ramnit.....

I'm afraid I have very bad news.

Win32/Ramnit.A is a file infector with IRCBot functionality which infects .exe, and .HTML/HTM files, and opens a back door that compromises your computer. Using this backdoor, a remote attacker can access and instruct the infected computer to download and execute more malicious files. The infected .HTML or .HTM files may be detected as Virus:VBS/Ramnit.A. Win32/Ramnit.A!dll is a related file infector often seen with this infection. It too has IRCBot functionality which infects .exe, .dll  and .HTML/HTM files and opens a back door that compromises your computer. This component is injected into the default web browser by Worm:Win32/Ramnit.A which is dropped by a Ramnit infected executable file.

-- Note: As with most malware infections, the threat name may be different depending on the anti-virus or anti-malware program which detected it. Each security vendor uses their own naming conventions to identify various types of malware.
•Understanding virus names

•Threat aliases for Win32/Ramnit.A
With this particular infection the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS.

Why? The malware injects code in legitimate files similar to the Virut virus and in many cases the infected files (which could number in the thousands) cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files often become corrupted and the system may become unstable or irreparable. The longer Ramnit.A remains on a computer, the more files it infects and corrupts so the degree of infection can vary.

Ramnit is commonly spread via a flash drive (usb, pen, thumb, jump) infection where it copies Worm:Win32/Ramnit.A with a random file name. The infection is often contracted by visiting remote, crack and keygen sites. These type of sites are infested with a smörgåsbord of malware and are a major source of system infection.

In my opinion, Ramnit.A is not effectively disinfectable, so your best option is to perform a full reformat as there is no guarantee this infection can be completely removed. In most instances it may have caused so much damage to your system files that it cannot be completely cleaned or repaired. Further, your machine has likely been compromised by the backdoor Trojan and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if your anti-virus reports that the malware appears to have been removed.

Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:
•When should I re-format? How should I reinstall?

•Where to draw the line?  When to recommend a format and reinstall?

Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:
• Reimaging the system
• Restoring the entire system using a full system backup from before the backdoor infection
• Reformatting and reinstalling the system

Backdoors and What They Mean to You
This is what Jesper M. Johansson at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?

The only way to clean a compromised system is to flatten and rebuild. That’s right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).

Important Note:: If your computer was used for online banking, has credit card information or other sensitive data on it, you should disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to to include those used for banking, email, eBay, paypal and any online activities which require a username and password. You should consider them to be compromised. You should change each password using a clean computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach. Failure to notify your financial institution and local law enforcement can result in refusal to reimburse funds lost due to fraud or similar criminal activity.

[Freddex]

Okay Dave I ran it again!

[Freddex]

C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\about.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_AB.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_confirm.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_general.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_IDV.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_IDV1.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_IDV2.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_protection.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_search.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_SPupdate.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\deletehistory_processing.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_advanced.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_config.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_simple.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_askdialog.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_checkboxdialog.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_closedialog.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_main.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\tabswelcome.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\tabswelcome_ie7footer.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\tabswelcome_ie7header.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\toolbarprotector_window.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\updater_processing.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_26\chrome\content\html\tabswelcome.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_26\chrome\content\html\tabswelcome_ie7header.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_41\chrome\content\html\tabswelcome.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_41\chrome\content\html\tabswelcome_ie7header.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_42\chrome\content\html\tabswelcome.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_42\chrome\content\html\tabswelcome_ie7header.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_49\chrome\content\html\tabswelcome.htm   Win32/Ramnit.A virus   cleaned - quarantined
C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_49\chrome\content\html\tabswelcome_ie7header.htm   Win32/Ramnit.A virus   cleaned - quarantined