Author Topic: Kept getting blocked/redirected on internet explorer (Read 29005 times)

shag · « **on:** February 12, 2011, 01:40:02 AM »

Help! A couple of days ago I began noticing my internet misbehaving (google links getting redirected, malware fighting sites being blocked), so I figured I'm in virus town.

Proceeding to the "before you post" checklist, I got a MBAM scan done with a log at the end of this post. (I had to use a proxy server to be able to download updates.) I ran CCleaner without issue. I could not get Super Anti-spyware to update, so with year-old defs, I ran a scan and had no detections. I'm having difficulties getting to that log and/or updating java--read on.

My real trouble began when I downloaded Online Armor and installed it. After the restart my computer froze during OA's "learning mode" and it hasn't been stable since. It displays a "Generic Host Process has failed" message once windows starts up with frequent "svchost not responding" messages as well. I've been able to start the computer in safe mode, but no internet.

Looking back on the "before you post" list, I'm realizing I did things out of order. If that has made your job more difficult, my apologies. I'm not at peak mental form due to working night shift.

I've got a HJT log after running the scan in safe mode (the MBAM log predates my time of troubles).

MBAM:

shag · « **Reply #1 on:** February 12, 2011, 01:41:41 AM »

(oops fat-fingered tab and enter)

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5363

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/10/2011 8:00:20 PM
mbam-log-2011-02-10 (20-00-20).txt

Scan type: Quick scan
Objects scanned: 149661
Time elapsed: 6 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Bad: (93.188.163.104,93.188.160.34) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{00F5091E-F1E0-49FF-9B81-443BBD47DC7E}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.163.104,93.188.160.34) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{21ED3D5D-AA5B-4204-B1DE-22879B5C3AB3}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.163.104,93.188.160.34) Good: () -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:07:52 PM, on 2/11/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Chris\Desktop\New Folder\Scorpion.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O3 - Toolbar: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ECenter] "c:\dell\E-Center\gtb.exe"
O4 - HKLM\..\Run: [BellSouthWCC_McciTrayApp] C:\Program Files\BellSouthWCC\McciTrayApp.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [gi378124597] "C:\DOCUME~1\Chris\LOCALS~1\Temp\gi558SLP.exe" /resume:"C:\DOCUME~1\Chris\LOCALS~1\Temp\3C558MHT" /exename:"C:\Downloaded Stuff\here's where the packed files go\SolveigMM_Video_Splitter_v2.1.804.20\SolveigMM Video Splitter v2.1.804.20\SolveigMM Video Splitter 2.1.804.20.exe"
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: PHOTOfunSTUDIO.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.facebook.com
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11671 bytes

SuperDave · « **Reply #2 on:** February 13, 2011, 01:19:53 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
******************************************************
Let's try this:
Reboot in Safe Mode and run the MBAM scan. Then, reboot in Normal Mode and run the scan again and post the log. Then, we'll go from there.

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*****************************************************
Your HJT is running from the wrong place. Please delete it, download and install HJT in the default location and post a new log.NOTE. Please try to run this in Normal Mode.

Please download: HiJackThis to your Desktop.

Double Click the HijackThis icon, located on your Desktop.
By Default, it will install to: C:\Program Files\Trend Micro\HijackThis
Accept the license agreement.
Click the Open the Misc Tools section button.
Click Do a System Scan and Save a Logfile. Or, if you see a white screen, click Scan.
Please post the log in your next reply.

shag · « **Reply #3 on:** February 15, 2011, 12:28:34 AM »

MBAM log with windows running in Normal mode. One note: Used msconfig and unchecked three startup items; seems to have improved stability while in normal mode. Internet still not functional though.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5363

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/14/2011 9:08:24 PM
mbam-log-2011-02-14 (21-08-24).txt

Scan type: Full scan (C:\|F:\|)
Objects scanned: 216177
Time elapsed: 54 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I de-selected "selective startup" in msconfig and rebooted after MBAM ran. Ran HJT and here's the log.

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 9:16:33 PM, on 2/14/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\BellSouthWCC\McciTrayApp.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O3 - Toolbar: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ECenter] "c:\dell\E-Center\gtb.exe"
O4 - HKLM\..\Run: [BellSouthWCC_McciTrayApp] C:\Program Files\BellSouthWCC\McciTrayApp.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [gi378124597] "C:\DOCUME~1\Chris\LOCALS~1\Temp\gi558SLP.exe" /resume:"C:\DOCUME~1\Chris\LOCALS~1\Temp\3C558MHT" /exename:"C:\Downloaded Stuff\here's where the packed files go\SolveigMM_Video_Splitter_v2.1.804.20\SolveigMM Video Splitter v2.1.804.20\SolveigMM Video Splitter 2.1.804.20.exe"
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: PHOTOfunSTUDIO.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.facebook.com
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 14300 bytes

SuperDave · « **Reply #4 on:** February 15, 2011, 01:03:29 PM »

Please read here for more information about WildTangent. Your choice if you want to remove it or not.

If you choose to follow my advice, please follow these instructions.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

•WildTangent Web Driveror anything related to WildTangent.
********************************************************
Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.
*****************************************************
Add or Remove Programs

1. Click on the Windows Start button and click on the Control Panel
2. In the Control Panel window, double-click Add or Remove Programs icon.
3. When the Add or Remove Programs window has fully populated, check for vShare and uninstall it. It is malicious.
*********************************************************
Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

O2 - BHO: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll
O3 - Toolbar: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
Internet Explorer's security is based upon a set of zones. Each zone has different security in terms of what scripts and applications can be run from a site that is in that zone. There is a security zone called the Trusted Zone. This zone has the lowest security and allows scripts and applications from sites in this zone to run without your knowledge. It is therefore a popular setting for malware sites to use so that future infections can be easily done on your computer without your knowledge as these sites will be in the Trusted Zone. Therefore, I recommend that nothing be allowed in the trusted zone. If you agree, please do the following.Please place a check mark next to this/these line/lines.
O15 - Trusted Zone: http://www.facebook.com
O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.
*****************************************

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
****************************************
Please download ComboFix

from BleepingComputer.com

Alternate link: GeeksToGo.com

and save it to your Desktop.
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Double click ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

shag · « **Reply #5 on:** February 16, 2011, 12:12:36 AM »

Alright, now we've gotten somewhere. The internet on my laptop is now working (making all this WAY more convenient). I'll restart without msconfig's selective startup and see if things are stable, but it seems it would be wise to go ahead and post my logs now.

--Removed WildTangent, Windows Messenger, vShare.
--Followed your "trusted zone" on IE advice.

--Ran SASW successfully but w/o any detections--log posted.
--Ran Combofix successfully--log posted.

SASW:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/17/2010 at 07:26 PM

Application Version : 4.22.1014

Core Rules Database Version : 4597
Trace Rules Database Version: 2409

Scan type : Complete Scan
Total Scan Time : 02:11:38

Memory items scanned : 595
Memory threats detected : 0
Registry items scanned : 6484
Registry threats detected : 0
File items scanned : 87882
File threats detected : 281

Adware.Tracking Cookie
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@myroitracking[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@ero-advertising[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@yieldmanager[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@admarketplace[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@adlegend[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][4].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@eyewonder[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@tacoda[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@burstnet[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@rambler[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@adecn[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@yadro[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@insightexpressai[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@clicksor[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][4].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][3].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@webpower[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@clickcash[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][3].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@burstbeacon[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@invitemedia[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][3].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@sexyshare[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@statcounter[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@trafficregenerator[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@revsci[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@crackle[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@theclickcheck[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@collective-media[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@traffic-tracker[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@roiservice[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@adbureau[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@realmedia[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@clickbank[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@traffic1[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@chitika[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@thefind[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@fuckingmotherfucker[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@hookedmediagroup[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@adultswim[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@adtechus[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@partypoker[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@lucidmedia[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][5].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@adult[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@openstat[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@dmtracker[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@cracked[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@zanox[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@zanox-affiliate[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][3].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@kontera[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@media6degrees[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@businessfind[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@gostats[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@intermundomedia[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@list[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@interclick[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@hitstats[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@shinystat[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@game-advertising-online[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@lockedonmedia[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][3].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][4].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@adprotraffic[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@trackleady[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@naiadsystems[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@mywebsearch[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@shopica[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@webmasterplan[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@cracksearchengine[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@99counters[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@enhance[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@validclick[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@xiti[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][3].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@warezforum[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@toplist[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@euros4click[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@adultdvdtalk[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@azjmp[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@adinterax[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@kanoodle[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@fortunecity[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@findfreegraphics[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@clickarrows[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@slaysbanner691[1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\chris@bizrate[2].txt
   C:\Documents and Settings\Chris\Application Data\Earthlink\6.0\[email protected]\Cookies\[email protected][1].txt

Combofix:

ComboFix 11-02-15.02 - Chris 02/16/2011 0:27.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.623 [GMT -6:00]
Running from: c:\documents and settings\Chris\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

F:\Autorun.inf

c:\windows\regedit.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2011-01-16 to 2011-02-16 )))))))))))))))))))))))))))))))
.

2011-02-15 03:24 . 2011-02-15 03:24   --------   d-----w-   c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-02-15 03:20 . 2011-02-15 03:20   --------   d-----w-   c:\documents and settings\Chris\Local Settings\Application Data\Mozilla
2011-02-15 03:15 . 2011-02-15 03:15   388096   ----a-r-   c:\documents and settings\Chris\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2011-02-15 02:11 . 2011-02-15 02:11   --------   d-----w-   c:\program files\TrendMicro
2011-02-11 01:49 . 2010-12-21 00:09   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-11 01:49 . 2010-12-21 00:08   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-02-11 01:42 . 2011-02-11 01:42   --------   d-----w-   c:\program files\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 23:38 . 2010-11-29 23:38   94208   ----a-w-   c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38 . 2010-11-29 23:38   69632   ----a-w-   c:\windows\system32\QuickTime.qts
2010-11-18 18:12 . 2004-08-11 22:12   81920   ----a-w-   c:\windows\system32\isign32.dll
.

------- Sigcheck -------

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys

[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys

[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll

[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2004-08-04 10:00 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-04-28 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll
[-] 2004-08-04 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\rpcss.dll

[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe

[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2006-08-25 . C4E80875C1CF1222FC5EFD0314AE5C01 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[-] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll
[-] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2004-08-04 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll

[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2004-08-04 10:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll

[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\$NtUninstallKB935839$\kernel32.dll
[-] 2004-08-04 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917422$\kernel32.dll

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll

[-] 2010-11-06 . 864E69F32656A7121444BA0193D7B64B . 5960704 . . [8.00.6001.23091] . . c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\mshtml.dll
[-] 2010-11-06 . D7CCA87057901C87ED8CC40DDCC7FA1B . 5959168 . . [8.00.6001.18999] . . c:\windows\system32\mshtml.dll
[-] 2010-11-06 . D7CCA87057901C87ED8CC40DDCC7FA1B . 5959168 . . [8.00.6001.18999] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2010-09-10 . DE41132DA8E5A3CD57201C6F2175EC05 . 5957120 . . [8.00.6001.18975] . . c:\windows\ie8updates\KB2416400-IE8\mshtml.dll
[-] 2010-09-10 . 8A03CC037E6B7D1796192815231B0C3F . 5958656 . . [8.00.6001.23067] . . c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\mshtml.dll
[-] 2010-06-24 . 94DC7E938C57F3C3D1BC4A0F68FC5830 . 5954560 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\mshtml.dll
[-] 2010-06-24 . 4D7EF94795384CD2BBAAB078B7929FEA . 5951488 . . [8.00.6001.18939] . . c:\windows\ie8updates\KB2360131-IE8\mshtml.dll
[-] 2010-05-06 . C7B7A88CC7D7ABA5C395145BF92F46F7 . 5950976 . . [8.00.6001.18928] . . c:\windows\ie8updates\KB2183461-IE8\mshtml.dll
[-] 2010-05-06 . 9BE28F749A7FE7F8F177C6AA2E9DA609 . 5953024 . . [8.00.6001.23019] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll
[-] 2010-02-25 . 7054F6ADC9B670887659F1561603B0D0 . 5944832 . . [8.00.6001.18904] . . c:\windows\ie8updates\KB982381-IE8\mshtml.dll
[-] 2010-02-25 . 974772C74DA7C7A8E7C813A9908A845F . 5946880 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\mshtml.dll
[-] 2009-12-21 . BE6EEBEF636773A8E7A82214E81C563A . 5942784 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\mshtml.dll
[-] 2009-12-21 . E6B64C6C729BBC38AB7CC92CE33F97A5 . 5945856 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\mshtml.dll
[-] 2009-10-29 . 89A9658515A18E673034369E043FAB01 . 3598336 . . [7.00.6000.16945] . . c:\windows\ie8\mshtml.dll
[-] 2009-10-29 . 8B48737260C273C9B0DACA84EA1CCDBD . 3602432 . . [7.00.6000.21148] . . c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\mshtml.dll
[-] 2009-10-29 . C0F9AC6FAB2C788FFEE3E69585A0E93F . 5944320 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll
[-] 2009-10-29 . CBB1EF54B86EDB78649909DD1699E5CA . 5940736 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\mshtml.dll
[-] 2009-10-21 . 36145D2D908FB8A24772F04842366918 . 3598336 . . [7.00.6000.16939] . . c:\windows\ie7updates\KB976325-IE7\mshtml.dll
[-] 2009-10-21 . E6453EE08B283419171889786D057A75 . 3602432 . . [7.00.6000.21142] . . c:\windows\$hf_mig$\KB976749-IE7\SP3QFE\mshtml.dll
[-] 2009-08-29 . E52A845DCE011D56B12B8F3F4606F956 . 3598336 . . [7.00.6000.16915] . . c:\windows\ie7updates\KB976749-IE7\mshtml.dll
[-] 2009-08-29 . EDAD55105DDD067AE3906011F297267C . 3600384 . . [7.00.6000.21115] . . c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\mshtml.dll
[-] 2009-07-19 . 758C8BEDAB7CE5F9070C85E2E57CBD80 . 3597824 . . [7.00.6000.16890] . . c:\windows\ie7updates\KB974455-IE7\mshtml.dll
[-] 2009-07-19 . F6098CC1B1C3858D53F20F3CB5774F3B . 3600384 . . [7.00.6000.21089] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\mshtml.dll
[-] 2009-04-29 . 2B4315EC9E3124408A2A5074C4B97700 . 3596288 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB972260-IE7\mshtml.dll
[-] 2009-04-29 . C6FD770D518FB024245A0EE217D72BC1 . 3598336 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtml.dll
[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB976325-IE8\mshtml.dll
[-] 2009-02-21 . 1BB754AB47B327DE8DBF2FA18C36357C . 3596800 . . [7.00.6000.21015] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll
[-] 2009-02-20 . C7C3E41CC2F6EB4A629FE2184136C098 . 3595264 . . [7.00.6000.16825] . . c:\windows\ie7updates\KB969897-IE7\mshtml.dll
[-] 2009-01-17 . 3B413267DA8AE71C20E5EF3E54F74728 . 3594752 . . [7.00.6000.16809] . . c:\windows\ie7updates\KB963027-IE7\mshtml.dll
[-] 2009-01-16 . CC9D001B7370B292C35B366CA05B12B4 . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
[-] 2008-12-13 . 121EC39A64D64205A88C2C45B034B455 . 3593216 . . [7.00.6000.16788] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll
[-] 2008-12-13 . C79FAD61CD4A26ED5AA8C16D991C6FBD . 3594752 . . [7.00.6000.20973] . . c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
[-] 2008-10-17 . EACAEDEF6FA2A969DE5B36190D45396F . 3593216 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB960714-IE7\mshtml.dll
[-] 2008-10-16 . B74F31A4BD83797D7A083F922169287D . 3595264 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
[-] 2008-08-27 . 1AD035E04A7068EC2820B055A3131ED8 . 3593216 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\mshtml.dll
[-] 2008-08-26 . 25CC085720EE3617FD1F8AB9E2F7CAB2 . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
[-] 2008-06-24 . EC936148284F557F19C333178768109B . 3592192 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[-] 2008-06-23 . 28B8231CA8D55FC85E027A57C90F5C88 . 3594240 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
[-] 2008-04-24 . 8976CAB317105F7431B08EA32AB73C65 . 3591680 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\mshtml.dll
[-] 2008-04-23 . 4D612FF5D3B7EEF200595AE6F95D5E68 . 3593728 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2008-03-01 . AB2C88167D78D71D93558ACECB24CC7A . 3591680 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\mshtml.dll
[-] 2008-03-01 . 4EE273E2B09317C1217EF0DB91F93534 . 3593216 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
[-] 2007-12-08 . A097C36412455F0C7E42377FAF8809B7 . 3592192 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\mshtml.dll
[-] 2007-12-07 . 976C46ED4A75FC66D9C596778898CE1E . 3593216 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
[-] 2007-10-30 . 54D8B404F17AA74C666F7F3AEF2AE459 . 3593216 . . [7.00.6000.20710] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
[-] 2007-10-30 . 8AB7ECF59D6EBBE986277B65ED4A40A1 . 3590656 . . [7.00.6000.16587] . . c:\windows\ie7updates\KB944533-IE7\mshtml.dll
[-] 2007-08-20 . E267EE248CDA7667C19001C069DE867B . 3584512 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\mshtml.dll
[-] 2007-08-20 . AA8A4BD78D24FCDB96DDAEE3756AA372 . 3592192 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
[-] 2007-07-19 . BD609A26B683332A0E0E1445C5724851 . 3583488 . . [7.00.6000.16525] . . c:\windows\ie7updates\KB939653-IE7\mshtml.dll
[-] 2007-07-18 . 7CE243CFD47AD0DC431586CB8C542A11 . 3584000 . . [7.00.6000.20641] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\mshtml.dll
[-] 2007-06-15 . 53F3FD772C010622346C39284C4A863B . 3064320 . . [6.00.2900.3157] . . c:\windows\ie7\mshtml.dll
[-] 2007-05-04 . 00ADCB32832A10ED9419493BCEA97526 . 3064320 . . [6.00.2900.3132] . . c:\windows\$NtUninstallKB937143$\mshtml.dll
[-] 2007-02-20 . 2991727809C7AC3A33E4178CC73244D8 . 3063296 . . [6.00.2900.3086] . . c:\windows\$NtUninstallKB933566$\mshtml.dll
[-] 2007-01-04 . 1C45525574EF206346FBAFCAAC7CC4A5 . 3062272 . . [6.00.2900.3059] . . c:\windows\$NtUninstallKB931768$\mshtml.dll
[-] 2006-11-08 . CBF04597F9CF7739E572276A2698FDD3 . 3577856 . . [7.00.5730.11] . . c:\windows\ie7updates\KB937143-IE7\mshtml.dll
[-] 2006-10-23 . 88E1C15BB1A9ED3CBA4D6F2F408D5010 . 3061248 . . [6.00.2900.3020] . . c:\windows\$NtUninstallKB928090$\mshtml.dll
[-] 2006-09-14 . CEFEA1C301139A817931BE132F0359FE . 3058688 . . [6.00.2900.2995] . . c:\windows\$NtUninstallKB925454$\mshtml.dll
[-] 2006-07-28 . D251679BD9EF0250201FB899EC40FD32 . 3058176 . . [6.00.2900.2963] . . c:\windows\$NtUninstallKB922760$\mshtml.dll
[-] 2005-11-24 . 5E7A39950EA133BB54719A6E08C544A7 . 3015680 . . [6.00.2900.2802] . . c:\windows\$NtUninstallKB918899$\mshtml.dll
[-] 2005-11-23 . D3F037F5DA702AE9DDD7663EC9D78BA7 . 3018240 . . [6.00.2900.2802] . . c:\windows\$hf_mig$\KB905915\SP2QFE\mshtml.dll

[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2004-08-04 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2004-08-04 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
[-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\mswsock.dll

[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe

[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll

[-] 2008-11-26 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe

[-] 2010-11-06 . 9357C4249F4810FB0E49C13387A8A77C . 919552 . . [8.00.6001.23084] . . c:\windows\$hf_mig$\KB2416400-IE8\SP3QFE\wininet.dll
[-] 2010-11-06 . 306A2B05EA9846278113964DC6E2C940 . 916480 . . [8.00.6001.18992] . . c:\windows\system32\wininet.dll
[-] 2010-11-06 . 306A2B05EA9846278113964DC6E2C940 . 916480 . . [8.00.6001.18992] . . c:\windows\system32\dllcache\wininet.dll
[-] 2010-09-10 . 36FE8ABC59AAFBE20CBE54BC372F9429 . 916480 . . [8.00.6001.18968] . . c:\windows\ie8updates\KB2416400-IE8\wininet.dll
[-] 2010-09-10 . 0555E190DCD06B8998E6DDCA42DAEB82 . 919552 . . [8.00.6001.23060] . . c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\wininet.dll
[-] 2010-06-24 . 60237E50D575FBA9BEC9BC043F157149 . 919040 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\wininet.dll
[-] 2010-06-24 . D3DEB6B2B424AC93DE3801EAEB21A9A5 . 916480 . . [8.00.6001.18939] . . c:\windows\ie8updates\KB2360131-IE8\wininet.dll
[-] 2010-05-06 . 2D9C7B010409372C34F725DA5CCED083 . 916480 . . [8.00.6001.18923] . . c:\windows\ie8updates\KB2183461-IE8\wininet.dll
[-] 2010-05-06 . C1490F68B44AF8B781F52F12F564625D . 919040 . . [8.00.6001.23014] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
[-] 2010-02-25 . 7A42CFED96CDA7F2FB1A26D1F9F65775 . 916480 . . [8.00.6001.18904] . . c:\windows\ie8updates\KB982381-IE8\wininet.dll
[-] 2010-02-25 . 4458D59F2B0369F4D3B137541D284041 . 919040 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll
[-] 2009-12-21 . FF4241C74E0C0A5AFFFE05F584213ECB . 916480 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\wininet.dll
[-] 2009-12-21 . 5E1F666B8955FD77E65D65C4C4D882A3 . 916480 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll
[-] 2009-10-29 . 7C599DEC022BEF6E3C9F4DB4FC164E8B . 832512 . . [7.00.6000.16945] . . c:\windows\ie8\wininet.dll
[-] 2009-10-29 . 6AF52998B90F72FF2325D84D90EDA1CC . 916480 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
[-] 2009-10-29 . CA5CB4F174592090FBECFEAD9B51BB90 . 841216 . . [7.00.6000.21148] . . c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\wininet.dll
[-] 2009-10-29 . 75240F6EDBCE7B85DF66874407D38A4F . 916480 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\wininet.dll
[-] 2009-08-29 . DB111200015F08DDDB8857E11C6A80E3 . 832512 . . [7.00.6000.16915] . . c:\windows\ie7updates\KB976325-IE7\wininet.dll
[-] 2009-08-29 . A5885AF9BFBD942B828E6020AD326517 . 840704 . .

SuperDave · « **Reply #6 on:** February 16, 2011, 12:49:09 PM »

The ComboFix log looks incomplete. Please make sure that you alway copy the complete log when responding.

Please download SystemLook from one of the links below and save it to your desktop.

Link # 1
Link # 2

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double-click SystemLook.exe to run it.

Copy the contents of the following codebox into the main textfield.

Code: [Select]

:filefind
regedit.exe

Click the Look button to start the scan.

Note: The scan may take some time so please just let it do its work and be patient (or do something else unrelated to the computer).

When finished, a notepad window will open with the results of the scan. Please post the log. The log can also be found on your desktop entitled SystemLook.txt

shag · « **Reply #7 on:** February 17, 2011, 07:57:46 AM »

I've come down from my earlier optimism--windows hasn't been very stable for me since rebooting after combofix. no internet.

speaking of combofix, if you need to see the part of that log that got cut off, let me know.

system look log:

SystemLook 04.09.10 by jpshortstuff
Log created at 08:52 on 17/02/2011 by Chris
Administrator - Elevation successful

========== filefind ==========

Searching for "regedit.exe"
C:\i386\REGEDIT.EXE   --a---- 146432 bytes   [21:49 11/08/2004]   [10:00 04/08/2004] 783AFC80383C176B22DBF8333343992D
C:\WINDOWS\regedit.exe   ------- 146432 bytes   [22:00 11/08/2004]   [00:12 14/04/2008] 058710B720282CA82B909912D3EF28DB
C:\WINDOWS\$NtServicePackUninstall$\regedit.exe   -----c- 146432 bytes   [21:57 10/08/2008]   [10:00 04/08/2004] 783AFC80383C176B22DBF8333343992D
C:\WINDOWS\ServicePackFiles\i386\regedit.exe   ------- 146432 bytes   [21:38 10/08/2008]   [00:12 14/04/2008] 058710B720282CA82B909912D3EF28DB

-= EOF =-

SuperDave · « **Reply #8 on:** February 17, 2011, 12:57:25 PM »

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Quote
KillAll::

FCopy::
C:\WINDOWS\$NtServicePackUninstall$\regedit.exe | c:\windows\regedit.exe

MBR::
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

*****************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

shag · « **Reply #9 on:** February 17, 2011, 08:15:49 PM »

combofix log:

ComboFix 11-02-15.02 - Chris 02/17/2011 19:33:10.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.666 [GMT -6:00]
Running from: c:\documents and settings\Chris\Desktop\Latest Problems\ComboFix.exe
Command switches used :: c:\documents and settings\Chris\Desktop\Latest Problems\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\Drivers\sptd.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
--------------- FCopy ---------------

c:\windows\$NtServicePackUninstall$\regedit.exe --> c:\windows\regedit.exe
.
((((((((((((((((((((((((( Files Created from 2011-01-18 to 2011-02-18 )))))))))))))))))))))))))))))))
.

2011-02-15 03:24 . 2011-02-15 03:24   --------   d-----w-   c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-02-15 03:20 . 2011-02-15 03:20   --------   d-----w-   c:\documents and settings\Chris\Local Settings\Application Data\Mozilla
2011-02-15 03:15 . 2011-02-15 03:15   388096   ----a-r-   c:\documents and settings\Chris\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2011-02-15 02:11 . 2011-02-15 02:11   --------   d-----w-   c:\program files\TrendMicro
2011-02-11 01:49 . 2010-12-21 00:09   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-11 01:49 . 2010-12-21 00:08   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-02-11 01:42 . 2011-02-11 01:42   --------   d-----w-   c:\program files\CCleaner
2011-01-21 14:44 . 2011-01-21 14:44   439296   ------w-   c:\windows\system32\dllcache\shimgvw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2004-08-11 22:00   439296   ----a-w-   c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-11 22:00   290048   ----a-w-   c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-11 22:00   1854976   ----a-w-   c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-11 22:00   301568   ----a-w-   c:\windows\system32\kerberos.dll
2010-12-20 17:26 . 2004-08-11 22:00   730112   ----a-w-   c:\windows\system32\lsasrv.dll
2010-12-09 15:15 . 2004-08-11 22:00   718336   ----a-w-   c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2004-08-11 22:00   33280   ----a-w-   c:\windows\system32\csrsrv.dll
2010-12-09 13:42 . 2004-08-11 22:00   2148864   ----a-w-   c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2004-08-04 03:59   2027008   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2010-11-29 23:38 . 2010-11-29 23:38   94208   ----a-w-   c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38 . 2010-11-29 23:38   69632   ----a-w-   c:\windows\system32\QuickTime.qts
.

((((((((((((((((((((((((((((( SnapShot@2011-02-16_06.44.24 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-11 22:00 . 2011-02-16 06:29   73052 c:\windows\system32\perfc009.dat
+ 2004-08-11 22:00 . 2011-02-18 01:44   73052 c:\windows\system32\perfc009.dat
- 2009-12-14 07:08 . 2009-12-14 07:08   33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2009-12-14 07:08 . 2010-12-09 14:30   33280 c:\windows\system32\dllcache\csrsrv.dll
- 2004-08-11 22:00 . 2011-02-16 06:29   443914 c:\windows\system32\perfh009.dat
+ 2004-08-11 22:00 . 2011-02-18 01:44   443914 c:\windows\system32\perfh009.dat
+ 2004-08-11 22:06 . 2011-02-16 11:34   138056 c:\windows\system32\FNTCACHE.DAT
- 2004-08-11 22:06 . 2010-12-16 19:12   138056 c:\windows\system32\FNTCACHE.DAT
+ 2008-01-18 04:43 . 2008-01-18 16:43   716272 c:\windows\system32\drivers\sptd.sys
- 2008-01-18 04:43 . 2008-01-18 10:43   716272 c:\windows\system32\drivers\sptd.sys
+ 2004-08-11 22:00 . 2004-08-04 10:00   146432 c:\windows\system32\dllcache\regedit.exe
+ 2009-04-18 04:29 . 2010-12-09 15:15   718336 c:\windows\system32\dllcache\ntdll.dll
- 2009-04-18 04:29 . 2009-06-25 08:25   730112 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-04-18 04:29 . 2010-12-20 17:26   730112 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-06-25 08:25 . 2010-12-22 12:34   301568 c:\windows\system32\dllcache\kerberos.dll
- 2009-06-25 08:25 . 2009-06-25 08:25   301568 c:\windows\system32\dllcache\kerberos.dll
- 2010-04-20 05:30 . 2010-10-28 13:13   290048 c:\windows\system32\dllcache\atmfd.dll
+ 2010-04-20 05:30 . 2011-01-07 14:09   290048 c:\windows\system32\dllcache\atmfd.dll
- 2004-08-11 22:00 . 2010-07-27 06:30   8462336 c:\windows\system32\shell32.dll
+ 2004-08-11 22:00 . 2011-01-21 14:44   8462336 c:\windows\system32\shell32.dll
+ 2008-10-16 20:33 . 2010-12-31 13:10   1854976 c:\windows\system32\dllcache\win32k.sys
+ 2008-06-17 19:02 . 2011-01-21 14:44   8462336 c:\windows\system32\dllcache\shell32.dll
- 2008-06-17 19:02 . 2010-07-27 06:30   8462336 c:\windows\system32\dllcache\shell32.dll
+ 2008-10-16 20:33 . 2010-12-09 13:38   2192768 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-10-16 20:33 . 2010-12-09 13:07   2027008 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-16 20:33 . 2010-12-09 13:07   2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-16 20:33 . 2010-12-09 13:42   2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-10-16 20:33 . 2010-12-09 13:38   2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-16 20:33 . 2010-12-09 13:07   2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-16 20:33 . 2010-12-09 13:07   2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-16 20:33 . 2010-12-09 13:42   2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2006-10-05 17:54 . 2011-02-16 09:01   37443528 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-03 15028104]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-01-17 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-17 397312]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-19 98304]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-19 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-19 77824]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2005-12-15 839680]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"BellSouthWCC_McciTrayApp"="c:\program files\BellSouthWCC\McciTrayApp.exe" [2005-11-17 543232]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-07-04 109056]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2006-4-5 156784]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-4-5 24576]
dlbcserv.lnk - c:\program files\Dell Photo Printer 720\dlbcserv.exe [2007-3-8 315392]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-3-3 118784]
PHOTOfunSTUDIO.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe [2010-1-18 44176]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"GameConsoleService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Games HQ\\Unreal Tournament\\System\\UnrealTournament.exe"=
"c:\\Program Files\\Games HQ\\Age of Empires II\\age2_x1\\age2_x1.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=

R?2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/9/2009 7:37 PM 108289]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/17/2008 10:43 PM 716272]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [9/8/2009 5:13 PM 65584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
S0 haqaugev;haqaugev;c:\windows\system32\drivers\jhyedcun.sys --> c:\windows\system32\drivers\jhyedcun.sys [?]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2011-02-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\khnidukr.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-17 19:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-763208294-2166686365-2200820826-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4AE46BEE-309A-D118-EEF6-0B629E101924}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iandjebeamjplkkima"=hex:6a,61,6f,6d,70,67,70,6a,61,6e,6d,62,65,6b,62,6a,67,66,
67,6d,00,f2
"haddpfckmafepble"=hex:6b,61,69,6d,61,6a,63,62,61,63,6c,6a,67,6e,6a,6c,6c,70,
6e,62,69,61,00,00

[HKEY_USERS\S-1-5-21-763208294-2166686365-2200820826-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C4FF9455-D2D0-B2C0-5236-97D1CE5D2B9A}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaifkpmhmcpabcapeb"=hex:6a,61,6a,6f,63,67,6c,63,66,6b,6a,65,6b,64,68,61,67,68,
6e,6e,00,f1
"hacgbhgnolebgoia"=hex:6a,61,6a,6f,63,67,6c,63,66,6b,6a,65,6b,64,68,61,67,68,
6e,6e,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\wininet.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'lsass.exe'(772)
c:\windows\system32\wininet.dll

- - - - - - - > 'explorer.exe'(3628)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Citrix\ICA Client\wfcrun32.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
.
**************************************************************************
.
Completion time: 2011-02-17 20:02:36 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-18 02:02
ComboFix2.txt 2011-02-16 06:53

Pre-Run: 53,704,626,176 bytes free
Post-Run: 53,674,139,648 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - A16E56CB17A9083941F3FC3B475C996F

systemcheck:

Results of screen317's Security Check version 0.99.8
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Avira AntiVir Personal - Free Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 22
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player
Adobe Reader 8.1.4
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.13)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````

SuperDave · « **Reply #10 on:** February 18, 2011, 11:47:26 AM »

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
4. Run CCleaner.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
*****************************************************
Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.
****************************************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.

Process << Selected
Kernel Modules << Selected
SSDT << Selected
Kernel Hooks << Selected
IRP Hooks << NOT Selected
Ports << NOT Selected
Hidden Files << Selected

At the bottom of the page

Hidden Objects Only << Selected

Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

shag · « **Reply #11 on:** February 18, 2011, 07:50:42 PM »

javara produced a log as well, but i'm assuming you don't need to see it.

sysprot log:

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwCreateKey
Address: F1767706
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateThread
Address: F17676FC
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwDeleteKey
Address: F176770B
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwDeleteValueKey
Address: F1767715
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwEnumerateKey
Address: F739DCA2
Driver Base: F737F000
Driver End: F747C000
Driver Name: spds.sys

Function Name: ZwEnumerateValueKey
Address: F739E030
Driver Base: F737F000
Driver End: F747C000
Driver Name: spds.sys

Function Name: ZwLoadKey
Address: F176771A
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenKey
Address: F73800C0
Driver Base: F737F000
Driver End: F747C000
Driver Name: spds.sys

Function Name: ZwOpenProcess
Address: F17676E8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenThread
Address: F17676ED
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwQueryKey
Address: F739E108
Driver Base: F737F000
Driver End: F747C000
Driver Name: spds.sys

Function Name: ZwQueryValueKey
Address: F739DF88
Driver Base: F737F000
Driver End: F747C000
Driver Name: spds.sys

Function Name: ZwReplaceKey
Address: F1767724
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwRestoreKey
Address: F176771F
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetValueKey
Address: F1767710
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwTerminateProcess
Address: F17676F7
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied

SuperDave · « **Reply #12 on:** February 19, 2011, 12:08:58 PM »

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

shag · « **Reply #13 on:** February 19, 2011, 05:24:49 PM »

I have to use another machine for all my internet doings--the laptop's internet does not work. Therefore the online scanner isn't going to work, at least to my knowledge. I looked into ESET's offerings and found "ESET NOD32 Antivirus 4" which can be fully downloaded and installed on a computer. I had to uninstall Avira on my laptop before installing ESET--I'll re-install Avira later.

ESET's website gave a one-sentence answer as to how to configure the NOD32 thinger to make it equivalent to ESET's online scan, but I couldn't really follow it. The best I could do is run NOD32's standard scan and hope you can get what you need out of it. Here's that scan's log.

Scan Log
Version of virus signature database: 5782 (20110112)
Date: 2/19/2011 Time: 4:29:24 PM
Scanned disks, folders and files: Operating memory;C:\Boot sector;C:\
Operating memory - Win32/Olmarik trojan - action selection postponed until scan completion
C:\hiberfil.sys - error opening [4]
C:\pagefile.sys - error opening [4]
C:\Documents and Settings\All Users\Application Data\Citrix\Citrix online plug-in - web\ICAWebWrapper.msi » MSI » ICAWebWrapper.cab » CAB » License.txt.2F4FD4D8_836F_4C36_8D77_AFB 7434D6D2A » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users\Application Data\Citrix\Citrix online plug-in - web\ICAWebWrapper.msi » MSI » ICAWebWrapper.cab » CAB » License.txt.DB843BBC_6F1C_44D6_977F_609 2DC2A4DF8 » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\agentins.ui » ZIP » agentins.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\agentins.ui » ZIP » agntcons.vbs - incorrect CRC checksum, the file may be damaged
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\agentins.ui » ZIP » agntinst.htm - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\agentins.ui » ZIP » agntinst.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\agentins.ui » ZIP » agntlang.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\agentins.ui » ZIP » default.htm - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\agentins.ui » ZIP » header.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\agentins.ui » ZIP » HtmlUtil.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\agentins.ui » ZIP » images/bg_left_1x314.gif - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\agentins.ui » ZIP » images/bg_left_MSC_165x314.gif - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\agentins.ui » ZIP » images/icon_info_16x16.gif - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\agentins.ui » ZIP » images/icon_mcafee_61x61.gif - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\agentins.ui » ZIP » images/icon_progress_checked_13x13.gif - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\agentins.ui » ZIP » images/icon_progress_hot_13x13.gif - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\agentins.ui » ZIP » images/icon_progress_unchecked_13x13.gif - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\agentins.ui » ZIP » InstUtil.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\agentins.ui » ZIP » instwiz.css - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\agentins.ui » ZIP » instxp.css - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\agentins.ui » ZIP » mcccom.lpk - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\agentins.ui » ZIP » pbar.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\agentins.ui » ZIP » setcss.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\agentins.ui » ZIP » SubInfoData.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\vsoins.ui » ZIP » common_utils.js - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\vsoins.ui » ZIP » countries.js - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\vsoins.ui » ZIP » default.htm - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\vsoins.ui » ZIP » default.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\vsoins.ui » ZIP » HtmlUtil.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\vsoins.ui » ZIP » install.htm - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\vsoins.ui » ZIP » install.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\vsoins.ui » ZIP » instwiz.css - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\vsoins.ui » ZIP » instxp.css - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\vsoins.ui » ZIP » lang_common.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\vsoins.ui » ZIP » mcccom.lpk - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\vsoins.ui » ZIP » pbar.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\vsoins.ui » ZIP » setcss.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\vsoins.ui » ZIP » strids_brandables.js - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\vsoins.ui » ZIP » strids_common.js - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\vsoins.ui » ZIP » strids_vsinstaller.js - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\vsoins.ui » ZIP » vmap_reporting.css - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\vsoins.ui » ZIP » VsoConst.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\vsoins.ui » ZIP » vsoins.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCA74.tmp\vsoins.ui » ZIP » VSOPropConst.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\agentins.ui » ZIP » agentins.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\agentins.ui » ZIP » agntcons.vbs - incorrect CRC checksum, the file may be damaged
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\agentins.ui » ZIP » agntinst.htm - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\agentins.ui » ZIP » agntinst.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\agentins.ui » ZIP » agntlang.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\agentins.ui » ZIP » default.htm - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\agentins.ui » ZIP » header.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\agentins.ui » ZIP » HtmlUtil.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\agentins.ui » ZIP » images/bg_left_1x314.gif - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\agentins.ui » ZIP » images/bg_left_MSC_165x314.gif - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\agentins.ui » ZIP » images/icon_info_16x16.gif - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\agentins.ui » ZIP » images/icon_mcafee_61x61.gif - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\agentins.ui » ZIP » images/icon_progress_checked_13x13.gif - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\agentins.ui » ZIP » images/icon_progress_hot_13x13.gif - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\agentins.ui » ZIP » images/icon_progress_unchecked_13x13.gif - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\agentins.ui » ZIP » InstUtil.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\agentins.ui » ZIP » instwiz.css - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\agentins.ui » ZIP » instxp.css - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\agentins.ui » ZIP » mcccom.lpk - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\agentins.ui » ZIP » pbar.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\agentins.ui » ZIP » setcss.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\agentins.ui » ZIP » SubInfoData.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\vsoins.ui » ZIP » common_utils.js - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\vsoins.ui » ZIP » countries.js - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\vsoins.ui » ZIP » default.htm - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\vsoins.ui » ZIP » default.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\vsoins.ui » ZIP » HtmlUtil.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\vsoins.ui » ZIP » install.htm - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\vsoins.ui » ZIP » install.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\vsoins.ui » ZIP » instwiz.css - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\vsoins.ui » ZIP » instxp.css - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\vsoins.ui » ZIP » lang_common.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\vsoins.ui » ZIP » mcccom.lpk - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\vsoins.ui » ZIP » pbar.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\vsoins.ui » ZIP » setcss.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\vsoins.ui » ZIP » strids_brandables.js - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\vsoins.ui » ZIP » strids_common.js - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\vsoins.ui » ZIP » strids_vsinstaller.js - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\vsoins.ui » ZIP » vmap_reporting.css - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\vsoins.ui » ZIP » VsoConst.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\vsoins.ui » ZIP » vsoins.ini - error - password-protected file
C:\Documents and Settings\All Users\Application Data\MCAB4.tmp\vsoins.ui » ZIP » VSOPropConst.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui » ZIP » CmnIds.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui » ZIP » images/arrow_right.gif - error - password-protected file
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui » ZIP » images/btn_signup_52x20.gif - error - password-protected file
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui » ZIP » images/more_info.gif - error - password-protected file
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui » ZIP » images/sidetable_bottom.gif - error - password-protected file
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui » ZIP » images/sidetable_bottom_red.gif - error - password-protected file
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui » ZIP » images/sidetable_top.gif - error - password-protected file
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui » ZIP » images/sidetable_top_red.gif - error - password-protected file
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui » ZIP » images/transpix.gif - error - password-protected file
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui » ZIP » images/watermark_mys_150x130.gif - error - password-protected file
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui » ZIP » oemcfg.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui » ZIP » OEMIds.vbs - error - password-protected file
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui » ZIP » valert.htm - error - password-protected file
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui » ZIP » valert_old.htm - error - password-protected file
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui » ZIP » hs~valert.htm - error - password-protected file
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_50e417e0-e461-474b-96e2-077b80325612 - error opening [4]
C:\Documents and Settings\Chris\Application Data\Sun\Java\jre1.6.0_24\Data1.cab » CAB » core.zip » ZIP » lib/resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris\Application Data\Sun\Java\jre1.6.0_24\Data1.cab » CAB » core.zip » ZIP » lib/resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris\Application Data\Sun\Java\jre1.6.0_24\Data1.cab » CAB » core.zip » ZIP » lib/resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-10-2011 - 21-47-43.SBU » ZIP » {55929B8A-5F51-43F5-8C7E-F9DE70AFCC5F} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-10-2011 - 21-47-43.SBU » ZIP » {B4FADD22-F5BC-4AEA-BA61-F0402D7CCEA7} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-10-2011 - 21-47-43.SBU » ZIP » backup.db - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {00C40D3C-38B4-4A58-8D6C-093FD90FB241} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {02AA20AC-17A0-47E0-8706-82284D283F3C} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {031B335F-B9F9-41B0-B10B-6928C5AB208E} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {03BE28BF-C32F-4A2D-847C-9534EEE72A7A} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {04F18500-326A-4B7C-9A33-6DE1E0EED294} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {05E9EE21-65EA-4806-9939-64A5F59615E0} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {05F4B5C8-E004-4806-817D-C69C5283CAD5} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {082AE6DA-A6E4-41A9-A69C-14710F7CFFB8} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {0887439C-9767-4D86-B974-63A3EA148988} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {08A0789B-19E7-4FA3-A451-64ED286DFFCD} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {08C79A27-E7ED-431E-8385-797DC14E535C} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {08D06C4B-0C77-4B5E-A453-485F5E25017D} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {0A41754E-7CFC-4974-BECC-D80E207292DE} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {0B3CCF37-AEA1-4691-978D-73C582EA08FA} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {0CC940A6-B402-4951-A0FA-337383887B55} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {0E3FBE73-81C5-4449-88DA-7CB019712083} - incorrect CRC checksum, the file may be damaged
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {0E938A1A-8EB9-4C77-BFDE-437FA1D2D23D} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {0F3AA6DD-8708-4746-8604-4846C89F067F} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {0F9FF551-034E-49D4-BCC7-E734B820F237} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {1129EA17-E5C2-4CA6-94BB-003AB7A69E60} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {11B7CF1F-4A13-4A7C-A5A8-7623BDD595CE} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {1333C80D-2BF6-499B-A75F-510DC8B7F1CE} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {1390F1F2-118E-48C6-A2FF-AD2E752E7A49} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {13ECA295-2C7F-4D1F-84F4-672B4B56AFD4} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {1A442C13-82CE-4EDB-8D70-5480BF2721D1} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {1C414319-F321-46CB-92F2-CFAE1894E41D} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {1C98FA55-6B2A-4679-8D79-69D858873ED8} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {1CBD67A3-7FE9-415B-9098-C7848E62AC29} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {1D246B8D-0367-415F-BB6E-06D95D642CF5} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {1D608230-D9CA-4A74-AE3D-C73C41F39473} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {1F7CEF5E-7812-441C-A5F6-3DD9EF9645E4} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {216A21AA-9D50-4C9D-9332-DAFC88419807} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {222AE173-CFFF-4BF1-B28A-F4EBE1CF44C4} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {2347D7DE-B5DE-4401-ADE0-0C5906BB0EF1} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {23C144E2-040F-487C-9FFE-AF8D97774CC8} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {23D25364-A748-43DA-9253-5CFEDBCE0C90} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {247F85FE-2A3E-4DC6-8E0A-98F0A944473A} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {24A07F5C-0039-4FFF-9BEF-417C440E5DE2} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {24AFCE56-71B2-4C6E-A25A-4245325563F0} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {24D78C26-F3C8-4145-A0A5-6169B2583ECA} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {25C592CC-78B4-48F5-AAA3-1A9690B9FDCC} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {2645DE5A-953D-4B11-A9F6-D1A5E91C77A9} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {26805C5B-AC08-47D3-AA37-E2FE28DE137D} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {27694FAA-7974-4F0E-B7E9-6E64A97B4E48} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {284DFE0D-5D94-4123-9D61-4C9A57A4D895} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {28AB3B4B-578B-428D-89DA-3B90A4BAEB27} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {292055FF-A462-4A0F-A5DD-007490DDB965} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {29C9B59F-CFFE-49C6-8A5B-104E0B3DEDFB} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {2CE583E4-FBDA-4616-9B6A-E979127B13B6} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {2CEBFE60-5C3C-40F2-ADBF-85FEFD0B43CA} - incorrect CRC checksum, the file may be damaged
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {2D1913B0-F2DA-4C6A-BE9B-787B14813ECE} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {2DC708A6-F9BE-4F79-BCC5-1A987FEF49B6} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {2DCE0F8C-140A-4CB0-BD59-5D548F7C3B9F} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {2EF5D504-42AD-4C84-934C-FFE325BB77C3} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {321D7C62-0D0B-40C8-B10B-53FE76A0A066} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {332B8299-F879-4245-AF93-6C91515AC6D8} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {33B9F56A-DAB2-4D6C-A711-BCADE5D8DAD6} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {33CB592D-17F4-4883-8955-E53FE5C5E951} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {342ACF29-0343-4736-B84C-69D0A73089E5} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {34DA9799-5A7A-4B3C-B30E-BFDB320C18D6} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {35334384-5138-4CCA-9656-967498C60F36} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {376DFB5F-9FBD-416E-B694-7731B2765AF4} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {37F3D95F-E19E-4638-9B23-E70C19FB8DA6} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {3853014E-A5C0-4640-B176-B46CFF4EDF64} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {3904A88C-6026-4253-8CC3-D7D8DFA8FAA6} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {3913F586-849D-4DDB-9315-43380C08A3D1} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {3957FC50-8A3B-4751-90D9-1EC2838FE287} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {39B5BAB5-A85F-4DE9-8B06-9E6BDF954B77} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {3AE8336C-A988-40AE-97A0-8F32A7F23F9C} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {3B242D17-5EC4-476A-827D-BB411978E63C} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {3B517073-0AB9-49FC-90CA-EFD0AEFAF468} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {3D191FC7-C06F-4BB0-A5BF-537A79C7F59F} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {3D1AFBBB-6962-41D4-97AF-B1180850BC46} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {3FFEBDA8-5534-4576-AC53-481B500163B7} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {407F8613-E044-48AE-B8F9-60EC7DA53818} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {415906A0-27B7-40A8-885E-B44AF3C22AD7} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {41F183AD-94A7-4EC6-8743-E51425E02876} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {430C9FC8-8208-4431-8885-AC09C71FFC61} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {43F1BD22-AE01-40E0-8E87-D08ACEC37750} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {448E3A17-DEC0-4B70-86BE-963EB059F197} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {4544942E-E356-4E3E-A5BA-D9294C0DA75E} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {45B19782-AD82-4F25-80EC-60FD14A5AED1} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {465CD16F-B8EE-43EC-BABF-6D55BE07A2B7} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {4A5A17BA-3957-4C73-9875-F0ABFAABDDAA} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {4AC89079-6BD7-4E13-A89F-09CC2174E8EA} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {4AEB3CAA-F707-45AE-A605-2DED64A05A1F} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {4D775C3C-8B5A-431B-91A2-B8F7AB91F434} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {4F5A42FA-8225-4561-A4AA-44D448D074C0} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {4FD6F733-A26B-489E-910B-87E6238C6795} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {517EB01A-5F30-4B04-BFC9-76CD12D2EEDD} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {51C29C24-B853-4DA8-8641-BE6B2B871581} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {5245C43D-D609-46E2-90C2-318D1DA357A7} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {5306AA4C-C1C1-4B78-9F7E-B448246C1E9A} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {545471DD-FB51-4B68-8809-281F5E56BE55} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {54BE22B7-394B-4A51-9C57-AFB9D7302A3B} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {553F9867-5892-442B-8C11-5256046FB817} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {578A9AC3-AC14-4C16-8943-C5DAF077D238} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {591B4C68-62BF-4A7D-AD32-A6A1BDC3CF5E} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {59877F48-D6F6-4685-83ED-7CFA1A6C6801} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {5A61B40F-0F7E-42B6-8BF8-EF27CFB7513A} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {5A7D4E46-BCD2-41D2-A077-122B04F10817} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {5AD79385-B645-4A1E-B24A-53B583FF8C0A} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {5E01EA0B-F538-47F1-A925-830F583C6D9B} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {5FB82319-00DF-47D8-8ECA-E0D9358CC0F2} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {5FBD36E7-B4F1-4A0D-A8FE-35C51F2AF21B} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {605F5AE0-FC86-4A5F-BB2D-A8387A9D571E} - incorrect CRC checksum, the file may be damaged
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {60CB4E03-73A1-4C89-A98D-40736388AC9F} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {61194CDD-23BD-4000-A92E-AABE1298DEED} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {632A3726-B969-4978-B841-6D9ACCC94F3A} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {6348F146-5444-41A6-9B35-203AFAD1C3B1} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {63CE12AF-238D-40AF-A31B-AFD5ED42D7B6} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {64123022-CCAE-4B32-8056-30C4BC7D3DC6} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {67335A1C-C5A1-417D-8D15-69E4DC08CF6D} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {67ED0CA4-4491-43C2-BB6F-EF578F7A940A} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {6962EEF1-BA2C-4D33-AA1C-F2F4B9EC672C} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {69E058C8-756D-436F-A31A-3060A7533A6E} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {6ABE9428-2720-4FC5-92CE-81250DC8B9E0} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {6B3C0B35-1439-4527-92EE-35E7412C651D} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {6B8FF064-AAA7-4E6E-9C1C-79C5CCF02BDE} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {6BDE4D0A-1DB0-4F68-94ED-3D7E1A499CB9} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {6C396967-F56E-42EF-8FF8-6A4A2D96E05D} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {6D06BBFA-9B05-43E6-B5E5-5F99EDD420A2} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {6D59C3F5-2A2D-4BF2-8CC0-31A789F27DDC} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {6EE0CCA4-AF89-4DF5-8966-E02C804D8391} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {708A81B0-31ED-4034-B95D-DB4AA4990193} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {70B3F9E5-4E33-4530-891A-C25642B96B32} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {7133A92B-E48D-4B24-932C-26CDC48DBEF6} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {74292806-0728-46CF-BC3C-60AAA475771B} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {74BB136C-2959-4084-BB14-8304DF03821D} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {74C551D3-416C-41EC-9EED-1EAE32B6C0A3} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {74E59527-D652-4E1A-BD22-163813806A18} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {7605A931-7630-44BC-9A9F-6AEA0F5A494C} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {78C202E5-B441-4CD1-B77F-FE54F76AC968} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {79F822B0-B078-481E-A405-BE632477A328} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {7A1C7852-4C71-4B13-BC2D-EBD6DE21A3F5} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {7A5536E2-BD9C-495E-91DF-6E15B350E71F} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {7AB02CE6-AEE7-48D9-A5FA-E49C32D9BF63} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {7C637A65-C027-4D53-AF55-38B6E2C2345F} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {7D86196C-D299-4745-B2B8-D78DC6E01801} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {7DE3BBA3-E088-4CEC-ABA1-CC315395E25A} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {7E89C55A-247F-40AE-A1A2-BD50B9D83C66} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {7F4E0AD4-E76A-465F-8CFB-E4A5347AB0DE} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {7FA8B5FA-F836-4624-A7E0-48B9400AF83E} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {81DF4652-3D7C-4BD6-83DE-7C9A17FA2C88} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {82DA9FDB-10DF-469D-948E-73C9976AFE70} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {84F90937-167C-4908-9E6A-F54F9441A0CA} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {8667EA8E-6806-4673-ABB1-08C2473D8124} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {86BD60E7-07D8-4AE5-8E65-9E4280DF3975} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {885D1C20-677B-47C3-A5D6-D7F507A1C68B} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {8919CA84-30F1-4627-8F5E-46E3E7868B00} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {8AA6A559-B563-4C57-B1CE-4262C9B9DAEF} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {8CCF3CBA-6820-4C8C-813A-BD9FCD57808D} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {8D40434D-E39C-4D5A-828C-30B9C6E9324A} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {8D4BE094-79D7-4DA9-A157-9A9649BDD965} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {8DE5280A-35D8-4075-8C55-2138748CA8EF} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {8E951FA5-0DB7-439E-8EF2-D013F5FEB445} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {8F93D8C9-CF33-4FFA-84CE-C1A8C1EC641E} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {9073D8DE-3FE1-4825-A607-6B191FC57ACE} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {91CBB92C-DBD5-4EB6-A4F0-E76044E6302D} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {92F5B52E-51A5-4069-964D-DA61C1DD5511} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {93888257-62D2-449B-9ADD-FDB35A89EB67} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {93C632F0-5C59-452C-A29A-A92323B856C9} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {93DE119E-112A-4ACD-A798-7A033453C865} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {9406309F-E70B-4D05-BCF7-33F93A4BB91A} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {94848595-60F1-4536-93D5-262DB5AEA553} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {94A4136D-0989-4482-80E9-AED62A2F5355} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {9697133B-8459-4AD2-AEDD-DBF5B920EF5E} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {983C59CC-A224-4EAA-9BA4-A40224D8049D} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {99F56417-3F38-4273-9E16-50F7A6040438} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {9AF4CD62-E6D3-4DAA-9BE0-867D7238B819} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {9B48C736-848F-4529-ACE2-49F3AE11FDC9} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {9BB9C52C-1689-4910-A3B2-0B6864567900} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {9C0B971D-6DDD-4ABA-A209-5D931989A7A9} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {9CB3CAD0-4CA5-467F-8B9D-BECC109083B2} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {9E00DE87-ECFB-4962-8F33-D55915631A3E} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {9F6ADCF9-591C-4A64-A3A5-39B3B5F750AF} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {A15C0164-B7CF-4CD6-82A5-5C274C8F47F5} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {A161969E-1C74-40A5-A742-ACA37F0EA1BE} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {A1683BD4-CD50-4AD9-BA2F-7887744F90F7} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {A2BD0F8C-9566-47D1-BF86-11D4EEF95FD8} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {A2E5532D-ED82-40C6-A2C2-80DDC5CE4F7E} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {A35FD421-48D2-4D49-8008-CA44A2855F14} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {A3D77743-B5A8-462D-8B54-18CABD53494D} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {A4A7C8DA-CB06-4256-8451-B00884879C4B} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {A5CC78C0-CEF4-4BCF-A7DF-7DEF9F96490F} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {A5F297D7-1E90-42CA-A04A-2647F8F3AF7D} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {A89F2529-DE7C-4BE7-A148-6EC403F90FCA} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {A9463072-3BD1-4BE8-A53D-1614C1C19210} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {A9BFBE5E-2E44-41EC-8F80-4882B0D52CE2} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {AB47BEFF-32E9-49D1-A09F-3AF6C20A7473} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {AC29A704-E9EB-474F-A88B-1FBDC8B0AC3F} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {AF790608-5D6F-4667-8F53-31650FDFF003} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {AFCAD67C-25B3-45C5-BC0D-BB5B54939BF5} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {B042D87A-1FC2-4E33-8445-003DD3528B87} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {B222207B-480C-44F7-AE08-D32332C0D92A} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {B2A39B37-2054-44B7-B680-60F0523F25F7} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {B2D324CD-8C17-4E61-9F19-ACBCF189EDF4} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {B2D6C763-E783-4950-80D1-67D4E7672C77} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {B3105D16-BA11-4AFB-ABBA-6FBDEC0C73AA} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {B36C6966-754D-4617-9EC7-F19ECA5C25C3} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {B4C4CE51-D8B2-453C-9840-2036031BE36F} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {B5EC9DC8-F710-41F2-A636-203030754C7C} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {B606E073-EFD3-45D1-BC5E-E896815639A6} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {B6114F28-3922-41F3-BE5F-8D2BACD79538} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {B795A618-CB92-4DDE-A9BC-179FCAE46AAA} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {B7B40E52-C5D3-4D35-A9EA-53B655C4CBE3} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {B7D626B4-DCC2-4336-AB56-EB360FA80FF7} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {B7E44C0C-60B5-4E7F-B07E-39979906EB6D} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {B86A6EAA-289C-47D1-A826-A21A9F6548A3} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {B93D1F2D-126A-48E0-94AC-586B0177FC12} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {B9AC5529-4174-4D6E-AB2E-6C0212E665A4} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {B9B09CF7-072D-4D07-9831-84000901E7A3} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {BAA6B8B4-C585-4BC7-A189-EEBC30696A4F} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {BC442FF8-88CA-4D00-BBFD-D550C480A893} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {BD4D5057-79C3-4F9C-A43B-490F2BCA077C} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {BD6CDE79-34E4-4A61-A477-4A642F9835BA} - error - password-protected file
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-17-2010 - 19-28-19.SBU » ZIP » {C0FC5A89-9E4F-4D2B-AFB5-E4BFBF163962} - error - password-protected file
C:\Documents and Settings\Chris\App

SuperDave · « **Reply #14 on:** February 20, 2011, 11:21:37 AM »

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory..

Computer Hope Forum

News:

Author Topic: Kept getting blocked/redirected on internet explorer (Read 29005 times)

shag

Kept getting blocked/redirected on internet explorer

shag

Re: Kept getting blocked/redirected on internet explorer

SuperDave

Re: Kept getting blocked/redirected on internet explorer

shag

Re: Kept getting blocked/redirected on internet explorer

SuperDave

Re: Kept getting blocked/redirected on internet explorer

shag

Re: Kept getting blocked/redirected on internet explorer

SuperDave

Re: Kept getting blocked/redirected on internet explorer

shag

Re: Kept getting blocked/redirected on internet explorer

SuperDave

Re: Kept getting blocked/redirected on internet explorer

shag

Re: Kept getting blocked/redirected on internet explorer

SuperDave

Re: Kept getting blocked/redirected on internet explorer

shag

Re: Kept getting blocked/redirected on internet explorer

SuperDave

Re: Kept getting blocked/redirected on internet explorer

shag

Re: Kept getting blocked/redirected on internet explorer

SuperDave

Re: Kept getting blocked/redirected on internet explorer