http://forums.spybot.info/showthread.php?t=23129

In response to his reply:

Scan Statistics:
Total number of scanned objects: 73328
Number of viruses found: 35
Number of infected objects: 257
Number of suspicious objects: 4
Duration of the scan process: 00:44:42

is that all you want from the KR..becuase, again, it is 60K characters.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/06/2008 at 02:35 PM

Application Version : 3.9.1008

Core Rules Database Version : 3396
Trace Rules Database Version: 1388

Scan type : Complete Scan
Total Scan Time : 00:42:12

Memory items scanned : 329
Memory threats detected : 9
Registry items scanned : 6447
Registry threats detected : 144
File items scanned : 37876
File threats detected : 410

Trojan.Mezzia/Resident
C:\WINDOWS\SYSTEM32\WINMXW32.DLL
C:\WINDOWS\SYSTEM32\WINMXW32.DLL

Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\JKKJIGF.DLL
C:\WINDOWS\SYSTEM32\JKKJIGF.DLL
HKLM\Software\Classes\CLSID\{A88BCC1E-E3E8-4DB0-9F11-A4B399977828}
HKCR\CLSID\{A88BCC1E-E3E8-4DB0-9F11-A4B399977828}
HKCR\CLSID\{A88BCC1E-E3E8-4DB0-9F11-A4B399977828}\InprocServer32
HKCR\CLSID\{A88BCC1E-E3E8-4DB0-9F11-A4B399977828}\InprocServer32#ThreadingModel
HKCR\CLSID\{A88BCC1E-E3E8-4DB0-9F11-A4B399977828}\TreatAs
C:\WINDOWS\SYSTEM32\PMNNN.DLL
HKLM\Software\Classes\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}\InprocServer32
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}\InprocServer32#ThreadingModel
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}\TreatAs
HKLM\Software\Classes\CLSID\{FC1B64D9-3499-4791-82D5-AABAC3FAEA45}
HKCR\CLSID\{FC1B64D9-3499-4791-82D5-AABAC3FAEA45}
HKCR\CLSID\{FC1B64D9-3499-4791-82D5-AABAC3FAEA45}\InprocServer32
HKCR\CLSID\{FC1B64D9-3499-4791-82D5-AABAC3FAEA45}\InprocServer32#ThreadingModel
HKCR\CLSID\{FC1B64D9-3499-4791-82D5-AABAC3FAEA45}\TreatAs
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A88BCC1E-E3E8-4DB0-9F11-A4B399977828}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC1B64D9-3499-4791-82D5-AABAC3FAEA45}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{FC1B64D9-3499-4791-82D5-AABAC3FAEA45}
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\jkkjigf
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKCR\CLSID\{FC1B64D9-3499-4791-82D5-AABAC3FAEA45}
C:\WINDOWS\SYSTEM32\CBXVUST.DLL
C:\WINDOWS\SYSTEM32\DDCCAXV.DLL
C:\WINDOWS\SYSTEM32\EFCYXUT.DLL
C:\WINDOWS\SYSTEM32\FCCCDBA.DLL
C:\WINDOWS\SYSTEM32\FCCYXVW.DLL
C:\WINDOWS\SYSTEM32\TUVTTSS.DLL

Adware.Vundo-Variant/PolyMorph-A
C:\WINDOWS\SYSTEM32\SSQRSRO.DLL
C:\WINDOWS\SYSTEM32\SSQRSRO.DLL

Trojan.WinFixer
C:\WINDOWS\SYSTEM32\VTUTU.DLL
C:\WINDOWS\SYSTEM32\VTUTU.DLL
HKLM\Software\Classes\CLSID\{9DC97768-C9DD-4AE9-89A5-5019C1511611}
HKCR\CLSID\{9DC97768-C9DD-4AE9-89A5-5019C1511611}
HKCR\CLSID\{9DC97768-C9DD-4AE9-89A5-5019C1511611}\InprocServer32
HKCR\CLSID\{9DC97768-C9DD-4AE9-89A5-5019C1511611}\InprocServer32#ThreadingModel
HKCR\CLSID\{9DC97768-C9DD-4AE9-89A5-5019C1511611}\TreatAs
HKLM\Software\Classes\CLSID\{E261C9EF-D274-4C40-ACF6-DA92E4D7FE78}
HKCR\CLSID\{E261C9EF-D274-4C40-ACF6-DA92E4D7FE78}
HKCR\CLSID\{E261C9EF-D274-4C40-ACF6-DA92E4D7FE78}\InprocServer32
HKCR\CLSID\{E261C9EF-D274-4C40-ACF6-DA92E4D7FE78}\InprocServer32#ThreadingModel
HKCR\CLSID\{E261C9EF-D274-4C40-ACF6-DA92E4D7FE78}\TreatAs
C:\WINDOWS\SYSTEM32\DDCCB.DLL
HKLM\Software\Classes\CLSID\{F167032B-C01C-4105-B33C-34306B228CB4}
HKCR\CLSID\{F167032B-C01C-4105-B33C-34306B228CB4}
HKCR\CLSID\{F167032B-C01C-4105-B33C-34306B228CB4}\InprocServer32
HKCR\CLSID\{F167032B-C01C-4105-B33C-34306B228CB4}\InprocServer32#ThreadingModel
HKCR\CLSID\{F167032B-C01C-4105-B33C-34306B228CB4}\TreatAs
C:\WINDOWS\SYSTEM32\DDAYV.DLL
HKLM\Software\Classes\CLSID\{F602D1A1-1242-4A39-A972-F71B5F5A8686}
HKCR\CLSID\{F602D1A1-1242-4A39-A972-F71B5F5A8686}
HKCR\CLSID\{F602D1A1-1242-4A39-A972-F71B5F5A8686}\InprocServer32
HKCR\CLSID\{F602D1A1-1242-4A39-A972-F71B5F5A8686}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9DC97768-C9DD-4AE9-89A5-5019C1511611}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E261C9EF-D274-4C40-ACF6-DA92E4D7FE78}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F167032B-C01C-4105-B33C-34306B228CB4}

Trojan.Smitfraud Variant-Gen/PushrDrv
C:\WINDOWS\SYSTEM32\DRVXAK.DLL
C:\WINDOWS\SYSTEM32\DRVXAK.DLL

Adware.Vundo-Variant/Small-A
C:\WINDOWS\SYSTEM32\EJEMSWDK.DLL
C:\WINDOWS\SYSTEM32\EJEMSWDK.DLL
HKLM\Software\Classes\CLSID\{700f95e0-8dbc-487d-b75e-25e3e94b2181}
HKCR\CLSID\{700F95E0-8DBC-487D-B75E-25E3E94B2181}
HKCR\CLSID\{700F95E0-8DBC-487D-B75E-25E3E94B2181}\InprocServer32
HKCR\CLSID\{700F95E0-8DBC-487D-B75E-25E3E94B2181}\InprocServer32#ThreadingModel
HKCR\CLSID\{700F95E0-8DBC-487D-B75E-25E3E94B2181}\TreatAs
C:\WINDOWS\SYSTEM32\VGDKHGEP.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{700f95e0-8dbc-487d-b75e-25e3e94b2181}
C:\WINDOWS\SYSTEM32\FHJYITTE.DLL
C:\WINDOWS\SYSTEM32\TIGGBHMM.DLL

Trojan.Net-AVP/AVT
C:\WINDOWS\SHELL.EXE
C:\WINDOWS\SHELL.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\STARTUP\AUTORUN.EXE
C:\WINDOWS\Prefetch\AUTORUN.EXE-3088AD1E.pf

Adware.ClickSpring/Outer Info Network
C:\PROGRAM FILES\OUTERINFO\OUTERINFOUPDATE.EXE
C:\PROGRAM FILES\OUTERINFO\OUTERINFOUPDATE.EXE
C:\PROGRAM FILES\OUTERINFO\OUTERINFO.EXE
C:\PROGRAM FILES\OUTERINFO\OUTERINFO.EXE
[OuterinfoUpdate] C:\PROGRAM FILES\OUTERINFO\OUTERINFOUPDATE.EXE
[Outerinfo] C:\PROGRAM FILES\OUTERINFO\OUTERINFO.EXE
HKLM\Software\Classes\CLSID\{2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F}
HKCR\CLSID\{2E9D4C81-9F27-4C14-B804-7B0F6BC88A4F}
HKCR\CLSID\{2E9D4C81-9F27-4C14-B804-7B0F6BC88A4F}\InprocServer32
HKCR\CLSID\{2E9D4C81-9F27-4C14-B804-7B0F6BC88A4F}\InprocServer32#ThreadingModel
HKCR\CLSID\{2E9D4C81-9F27-4C14-B804-7B0F6BC88A4F}\Programmable
HKCR\CLSID\{2E9D4C81-9F27-4C14-B804-7B0F6BC88A4F}\TypeLib
C:\PROGRAM FILES\OUTERINFO\OUTERINFO.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayIcon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#HelpLink
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#InstallLocation
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#NoModify
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#NoRepair
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayVersion
HKLM\Software\Outerinfo
HKLM\Software\Outerinfo#InstallDirectory
HKLM\Software\Outerinfo#REFID
HKLM\Software\Outerinfo#PID
C:\Program Files\Outerinfo\Cache
C:\Program Files\Outerinfo\FF\chrome.manifest
C:\Program Files\Outerinfo\FF\components\FF.dll
C:\Program Files\Outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\Outerinfo\FF\components
C:\Program Files\Outerinfo\FF\install.rdf
C:\Program Files\Outerinfo\FF
C:\Program Files\Outerinfo\OinUninstall.exe
C:\Program Files\Outerinfo\OiUninstaller.exe
C:\Program Files\Outerinfo\outerinfo.ico
C:\Program Files\Outerinfo\Terms.rtf
C:\Program Files\Outerinfo
C:\Documents and Settings\user\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\user\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Documents and Settings\user\Start Menu\Programs\Outerinfo
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP124\A0064434.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\A0073941.EXE

Trojan.Downloader-Gen/CinBroom
[Printer] C:\WINDOWS\SYSTEM32\PRINTER.EXE
C:\WINDOWS\SYSTEM32\PRINTER.EXE
C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\PRINTER.EXE
C:\WINDOWS\Prefetch\PRINTER.EXE-0E099EB1.pf
C:\WINDOWS\Prefetch\PRINTER.EXE-329CEBE6.pf

Worm.Rbot Variant
[Spoolsv] C:\WINDOWS\SYSTEM32\SPOOLVS.EXE
C:\WINDOWS\SYSTEM32\SPOOLVS.EXE
C:\WINDOWS\Prefetch\SPOOLVS.EXE-38E6A8DF.pf

Trojan.Vundo/Variant-Installer/A
[SpybotSD TeaTimer] C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\MSMSGS.EXE
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\MSMSGS.EXE#Path
C:\PROGRAM FILES\TOSHIBA\TOSCDSPD\TOSCDSPD.EXE
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\TOSCDSPD.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\TOSCDSPD.exe#Path
C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\WINDOWS MESSENGER.LNK
C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\RCX1D8B.TMP
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP131\A0067915.EXE
C:\WINDOWS\SYSTEM32\CTFMON.EXE.TMP

Trojan.Vundo/Variant-Installer
[load] C:\WINDOWS\SYSTEM32\VTUTU.EXE
C:\WINDOWS\SYSTEM32\VTUTU.EXE
[load] C:\WINDOWS\SYSTEM32\VTUTU.EXE
[load] C:\WINDOWS\SYSTEM32\VTUTU.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP131\A0067910.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP131\A0067911.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP131\A0067912.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP131\A0067913.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP131\A0067914.EXE
C:\WINDOWS\SYSTEM32\DDCCB.EXE

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}\InprocServer32
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\BUQKODCE.DLL
HKLM\Software\Classes\CLSID\{2F02D978-0FF6-80F7-60BB-0426224AB7B3}
HKCR\CLSID\{2F02D978-0FF6-80F7-60BB-0426224AB7B3}
HKCR\CLSID\{2F02D978-0FF6-80F7-60BB-0426224AB7B3}\InprocServer32
HKCR\CLSID\{2F02D978-0FF6-80F7-60BB-0426224AB7B3}\InprocServer32#ThreadingModel
HKCR\CLSID\{2F02D978-0FF6-80F7-60BB-0426224AB7B3}\InprocServer32#t
C:\PROGRAM FILES\WEOFXKWT\SKWEWFXO.DLL
HKLM\Software\Classes\CLSID\{B87D203B-B43D-4af9-9E1B-9C20478CBB74}
HKCR\CLSID\{B87D203B-B43D-4AF9-9E1B-9C20478CBB74}
HKCR\CLSID\{B87D203B-B43D-4AF9-9E1B-9C20478CBB74}
HKCR\CLSID\{B87D203B-B43D-4AF9-9E1B-9C20478CBB74}\InprocServer32
HKCR\CLSID\{B87D203B-B43D-4AF9-9E1B-9C20478CBB74}\InprocServer32#ThreadingModel
HKCR\CLSID\{B87D203B-B43D-4AF9-9E1B-9C20478CBB74}\ProgID
HKCR\CLSID\{B87D203B-B43D-4AF9-9E1B-9C20478CBB74}\TypeLib
TARDEME2.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F02D978-0FF6-80F7-60BB-0426224AB7B3}
HKCR\CLSID\{2F02D978-0FF6-80F7-60BB-0426224AB7B3}

Adware.E404 Helper/Variant
HKLM\Software\Classes\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684CC}
HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684CC}
HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684CC}
HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684CC}\InprocServer32
HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684CC}\InprocServer32#ThreadingModel
HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684CC}\ProgID
HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684CC}\Programmable
HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684CC}\TypeLib
HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684CC}\VersionIndependentProgID
C:\PROGRAM FILES\HELPER\SUPERFINDOUT.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F10587E9-0E47-4CBE-84AE-7DD20B8684CC}
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP123\A0062365.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP124\A0063425.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP126\A0066582.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP127\A0066693.DLL

Trojan.Downloader-FatB
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\winmxw32

Adware.Tracking Cookie
C:\Documents and Settings\user\Cookies\user@www.googleadservices[8].txt
C:\Documents and Settings\user\Cookies\user@server.iad.liveperson[2].txt
C:\Documents and Settings\user\Cookies\user@gomyhit[2].txt
C:\Documents and Settings\user\Cookies\user@imrworldwide[1].txt
C:\Documents and Settings\user\Cookies\user@serving-sys[2].txt
C:\Documents and Settings\user\Cookies\user@stat.dealtime[2].txt
C:\Documents and Settings\user\Cookies\user@www.googleadservices[3].txt
C:\Documents and Settings\user\Cookies\user@www.googleadservices[1].txt
C:\Documents and Settings\user\Cookies\user@advancedcleaner[1].txt
C:\Documents and Settings\user\Cookies\user@itxt.vibrantmedia[1].txt
C:\Documents and Settings\user\Cookies\user@adtech[1].txt
C:\Documents and Settings\user\Cookies\user@209.9.174[1].txt
C:\Documents and Settings\user\Cookies\user@ads.techguy[1].txt
C:\Documents and Settings\user\Cookies\user@server.iad.liveperson[3].txt
C:\Documents and Settings\user\Cookies\user@roiservice[1].txt
C:\Documents and Settings\user\Cookies\user@adtrackz[1].txt
C:\Documents and Settings\user\Cookies\user@revenue[2].txt
C:\Documents and Settings\user\Cookies\user@perf.overture[1].txt
C:\Documents and Settings\user\Cookies\user@www.googleadservices[6].txt
C:\Documents and Settings\user\Cookies\user@tribalfusion[2].txt
C:\Documents and Settings\user\Cookies\user@www.pcantiviruspro[1].txt
C:\Documents and Settings\user\Cookies\user@sale.spyguardpro[1].txt
C:\Documents and Settings\user\Cookies\user@findlaw[1].txt
C:\Documents and Settings\user\Cookies\user@208.122.40[3].txt
C:\Documents and Settings\user\Cookies\user@atdmt[1].txt
C:\Documents and Settings\user\Cookies\user@clicks.smartbizsearch[1].txt
C:\Documents and Settings\user\Cookies\user@overture[1].txt
C:\Documents and Settings\user\Cookies\user@findwhat[1].txt
C:\Documents and Settings\user\Cookies\user@dealtime[1].txt
C:\Documents and Settings\user\Cookies\user@spyguardpro[1].txt
C:\Documents and Settings\user\Cookies\user@malwarecrush[1].txt
C:\Documents and Settings\user\Cookies\user@scan.malwarecrush[2].txt
C:\Documents and Settings\user\Cookies\user@www.googleadservices[5].txt
C:\Documents and Settings\user\Cookies\user@findology[1].txt
C:\Documents and Settings\user\Cookies\user@scan.malwarecrush[1].txt
C:\Documents and Settings\user\Cookies\user@gomyhit[3].txt
C:\Documents and Settings\user\Cookies\user@tradedoubler[1].txt
C:\Documents and Settings\user\Cookies\user@bs.serving-sys[2].txt
C:\Documents and Settings\user\Cookies\user@thezirius[1].txt
C:\Documents and Settings\user\Cookies\user@ad.outerinfoads[2].txt
C:\Documents and Settings\user\Cookies\user@www.googleadservices[4].txt
C:\Documents and Settings\user\Cookies\user@doubleclick[1].txt
C:\Documents and Settings\user\Cookies\user@www.stopzilla[2].txt
C:\Documents and Settings\user\Cookies\user@shopping.112.2o7[1].txt
C:\Documents and Settings\user\Cookies\user@protect.spyguardpro[3].txt
C:\Documents and Settings\user\Cookies\user@adopt.euroclick[2].txt
C:\Documents and Settings\user\Cookies\user@bizadverts[2].txt
C:\Documents and Settings\user\Cookies\user@www.googleadservices[2].txt
C:\Documents and Settings\user\Cookies\user@protect.spyguardpro[1].txt
C:\Documents and Settings\user\Cookies\user@msnportal.112.2o7[1].txt
C:\Documents and Settings\user\Cookies\user@specificclick[1].txt
C:\Documents and Settings\user\Cookies\user@208.122.40[2].txt
C:\Documents and Settings\user\Cookies\user@www.googleadservices[7].txt

Trojan.Unknown Origin
HKLM\SOFTWARE\Microsoft\MSSMGR
HKLM\SOFTWARE\Microsoft\MSSMGR#Brnd
HKLM\SOFTWARE\Microsoft\MSSMGR#BSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#SSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#SCLIST
HKLM\SOFTWARE\Microsoft\MSSMGR#SSLIST
HKLM\SOFTWARE\Microsoft\MSSMGR#PSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#Data
HKLM\SOFTWARE\Microsoft\MSSMGR#LSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#MSLIST
HKLM\SOFTWARE\Microsoft\MSSMGR#BPTV
HKLM\SOFTWARE\Microsoft\MSSMGR#PID
HKLM\SOFTWARE\Microsoft\MSSMGR#Rid

Trojan.DNSChanger-Codec
HKCR\CLSID\E404.e404mgr
HKCR\CLSID\E404.e404mgr#UserId

Adware.E404 Helper/Hij
HKCR\E404.e404mgr
HKCR\E404.e404mgr\CLSID
HKCR\E404.e404mgr\CurVer
HKCR\E404.e404mgr.1
HKCR\E404.e404mgr.1\CLSID
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0\win32
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\FLAGS
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\HELPDIR
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid32
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib#Version

Malware.LocusSoftware Inc/PCPrivacyTool
C:\Documents and Settings\user\Application Data\ultra\uninstall.bat
C:\Documents and Settings\user\Application Data\ultra

Trojan.Downloader-Gen/MobRules
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVMBIJKB.DLL

Malware.Ultimate Defender
C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\TRANT.EXE
C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\7SWPALEW\UDEFENDER_INSTALLER[1].EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP131\A0067918.EXE
C:\WINDOWS\Prefetch\TRANT.EXE-0F40E0B1.pf

Adware.Search2Find
C:\DOCUMENTS AND SETTINGS\USER\DESKTOP\FIND SPYWARE REMOVER.LNK
C:\DOCUMENTS AND SETTINGS\USER\DESKTOP\FREE ONLINE DATING.LNK
C:\DOCUMENTS AND SETTINGS\USER\DESKTOP\GO TO CASINO.LNK
C:\RECYCLER\S-1-5-21-542843968-213768598-2345444674-1005\DC2.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP122\A0062321.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP122\A0062322.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP122\A0062323.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP122\A0062339.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP122\A0062340.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP122\A0062341.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP123\A0062349.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP123\A0062351.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP123\A0062353.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP123\A0063376.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP123\A0063378.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP123\A0063380.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP124\A0063412.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP124\A0063413.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP124\A0063420.LNK

Trojan.Downloader-NoName
C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\32SV.EXE
C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\MONSYN.EXE
C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\SYSSERVER.EXE
C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\WINPOWER.EXE
C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\WXJDOWD0\SPOOLSV[1].EXE
C:\WINDOWS\TEMP\6464.EXE
C:\WINDOWS\TEMP\HOSTHOST.EXE
C:\WINDOWS\TEMP\LOOKMON.EXE
C:\WINDOWS\Prefetch\HOSTHOST.EXE-10189505.pf
C:\WINDOWS\Prefetch\LOOKMON.EXE-0EFCFD38.pf

Trojan.Downloader-Gen/AVP
C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\TMP1106.TMP
C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\TMP363.TMP
C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\TMP366.TMP
C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\TMP38.TMP
C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\TMP3B.TMP
C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\TMP408.TMP
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP123\A0062364.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP123\A0062366.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP123\A0063388.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP123\A0063389.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP124\A0063409.EXE

Trojan.Downloader-FuP/TMP
C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\TMP36C.TMP

Adware.OuterInfo-Installer
C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\WIN17A.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP124\A0063434.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP127\A0066705.EXE
C:\WINDOWS\TEMP\WIN1F7D.EXE
C:\WINDOWS\TEMP\WIN24.EXE
C:\WINDOWS\TEMP\WIN25A.EXE
C:\WINDOWS\TEMP\WIN26C.EXE
C:\WINDOWS\Prefetch\WIN25A.EXE-076B81CF.pf

Trojan.Unclassified/MCRUpdate
C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\7SWPALEW\XLOADER[1].EXE
C:\WINDOWS\SYSTEM32\MCRUPDATE.EXE

Trojan.Downloader-FindFast/Fake
C:\DOCUMENTS AND SETTINGS\USER\START MENU\PROGRAMS\STARTUP\FINDFAST.EXE
C:\WINDOWS\Prefetch\FINDFAST.EXE-28AE5159.pf

Trojan.Downloader-Gen/Numerology
C:\PROGRAM FILES\2370531.EXE

Adware.Vundo-Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP124\A0063418.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP128\A0067812.DLL

Trojan.Downloader-ClickSpring/NDrv
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP124\A0063435.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP127\A0066706.DLL

Trojan.Unclassifed/WowFX
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP131\A0067916.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP131\A0067919.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP131\A0067920.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP131\A0067921.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP131\A0067922.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP131\A0067923.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP131\A0067924.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP131\A0067925.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP131\A0067926.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP131\A0067927.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP132\A0067929.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP132\A0067930.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP132\A0067931.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP132\A0067932.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP132\A0067933.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP132\SNAPSHOT\MFEX-1.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP132\SNAPSHOT\MFEX-10.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP132\SNAPSHOT\MFEX-11.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP132\SNAPSHOT\MFEX-12.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP132\SNAPSHOT\MFEX-13.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP132\SNAPSHOT\MFEX-14.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP132\SNAPSHOT\MFEX-15.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP132\SNAPSHOT\MFEX-16.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP132\SNAPSHOT\MFEX-17.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP132\SNAPSHOT\MFEX-18.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP132\SNAPSHOT\MFEX-19.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP132\SNAPSHOT\MFEX-2.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP132\SNAPSHOT\MFEX-20.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP132\SNAPSHOT\MFEX-21.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP132\SNAPSHOT\MFEX-22.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP132\SNAPSHOT\MFEX-23.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP132\SNAPSHOT\MFEX-24.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP132\SNAPSHOT\MFEX-25.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP132\SNAPSHOT\MFEX-26.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP132\SNAPSHOT\MFEX-27.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP132\SNAPSHOT\MFEX-28.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP132\SNAPSHOT\MFEX-29.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP132\SNAPSHOT\MFEX-3.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP132\SNAPSHOT\MFEX-30.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP132\SNAPSHOT\MFEX-31.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP132\SNAPSHOT\MFEX-32.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP132\SNAPSHOT\MFEX-33.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP132\SNAPSHOT\MFEX-34.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP132\SNAPSHOT\MFEX-35.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP132\SNAPSHOT\MFEX-36.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP132\SNAPSHOT\MFEX-37.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP132\SNAPSHOT\MFEX-4.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP132\SNAPSHOT\MFEX-5.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP132\SNAPSHOT\MFEX-6.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP132\SNAPSHOT\MFEX-7.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP132\SNAPSHOT\MFEX-8.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP132\SNAPSHOT\MFEX-9.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\A0073939.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\A0073940.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\A0073946.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\A0073947.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\A0073948.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\A0073949.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\A0073950.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\A0073951.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\A0073952.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\A0073953.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\A0073955.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\SNAPSHOT\MFEX-1.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\SNAPSHOT\MFEX-10.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\SNAPSHOT\MFEX-11.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\SNAPSHOT\MFEX-12.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\SNAPSHOT\MFEX-13.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\SNAPSHOT\MFEX-14.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\SNAPSHOT\MFEX-15.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\SNAPSHOT\MFEX-16.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\SNAPSHOT\MFEX-17.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\SNAPSHOT\MFEX-18.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\SNAPSHOT\MFEX-19.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\SNAPSHOT\MFEX-2.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\SNAPSHOT\MFEX-20.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\SNAPSHOT\MFEX-21.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\SNAPSHOT\MFEX-22.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\SNAPSHOT\MFEX-23.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\SNAPSHOT\MFEX-24.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\SNAPSHOT\MFEX-25.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\SNAPSHOT\MFEX-26.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\SNAPSHOT\MFEX-27.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\SNAPSHOT\MFEX-28.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\SNAPSHOT\MFEX-29.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\SNAPSHOT\MFEX-3.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\SNAPSHOT\MFEX-30.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\SNAPSHOT\MFEX-31.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\SNAPSHOT\MFEX-32.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\SNAPSHOT\MFEX-33.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\SNAPSHOT\MFEX-34.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\SNAPSHOT\MFEX-35.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\SNAPSHOT\MFEX-36.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\SNAPSHOT\MFEX-37.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\SNAPSHOT\MFEX-38.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\SNAPSHOT\MFEX-39.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\SNAPSHOT\MFEX-4.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\SNAPSHOT\MFEX-40.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\SNAPSHOT\MFEX-41.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\SNAPSHOT\MFEX-42.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\SNAPSHOT\MFEX-43.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\SNAPSHOT\MFEX-44.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\SNAPSHOT\MFEX-45.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\SNAPSHOT\MFEX-46.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\SNAPSHOT\MFEX-47.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\SNAPSHOT\MFEX-48.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\SNAPSHOT\MFEX-49.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\SNAPSHOT\MFEX-5.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\SNAPSHOT\MFEX-50.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\SNAPSHOT\MFEX-51.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\SNAPSHOT\MFEX-52.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\SNAPSHOT\MFEX-6.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\SNAPSHOT\MFEX-7.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\SNAPSHOT\MFEX-8.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP133\SNAPSHOT\MFEX-9.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\A0073957.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\A0073958.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\A0073964.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\A0073965.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\A0073966.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\A0073967.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\A0073968.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\A0073969.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\A0073970.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\A0073971.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\A0073973.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-1.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-10.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-11.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-12.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-13.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-14.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-15.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-16.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-17.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-18.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-19.DAT

C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-2.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-20.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-21.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-22.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-23.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-24.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-25.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-26.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-27.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-28.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-29.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-3.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-30.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-31.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-32.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-33.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-34.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-35.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-36.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-37.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-38.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-39.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-4.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-40.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-41.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-42.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-43.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-44.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-45.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-46.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-47.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-48.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-49.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-5.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-50.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-51.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-52.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-53.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-54.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-55.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-56.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-57.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-58.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-59.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-6.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-60.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-61.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-62.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-63.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-64.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-65.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-66.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-67.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-68.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-69.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-7.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-70.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-71.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-72.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-73.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-74.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-75.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-76.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-77.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-78.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-79.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-8.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-80.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-81.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-82.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-83.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-84.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-85.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-86.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP134\SNAPSHOT\MFEX-9.DAT
C:\WINDOWS\SYSTEM32\WOWFX.DLL

Trojan.Unclassified/XLoader
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9E67248A-F152-4710-A4B8-745CD4FFE586}\RP131\A0067917.EXE

Trojan.Unclassifed/AffiliateBundle
C:\WINDOWS\SYSTEM32\CBXXVSQ.DLL

Trojan.Unclassified/DRV-Slice
C:\WINDOWS\SYSTEM32\DRVKEX.DLL
C:\WINDOWS\SYSTEM32\DRVSOF.DLL

Malware.WinAntiSpyware-Installer
C:\WINDOWS\SYSTEM32\DRVKEXR.DLL
C:\WINDOWS\SYSTEM32\DRVSOFR.DLL
C:\WINDOWS\SYSTEM32\DRVXAKR.DLL

Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\MCRH.TMP

Trojan.Downloader-XLIB
C:\WINDOWS\SYSTEM32\XLIBGFL254.DLL

Trojan.Unclassified/Packed-Win
C:\WINDOWS\TEMP\GOS2A.TMP

ComboFix.txt

C:\WINDOWS\system32\dxdss.sys
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\inf\ultra.inf
C:\WINDOWS\system32\~.exe
C:\WINDOWS\system32\bccdd.ini
C:\WINDOWS\system32\bccdd.ini2
C:\WINDOWS\system32\buqkodce.dllbox
C:\WINDOWS\system32\conf.dat
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\dxdss.sys
C:\WINDOWS\system32\hnppnvmb.ini
C:\WINDOWS\system32\hnppnvmb.ini2
C:\WINDOWS\system32\hqspxncf.dll
C:\WINDOWS\system32\kdwsmeje.ini
C:\WINDOWS\system32\nfatidfn.ini
C:\WINDOWS\system32\nnnmp.ini
C:\WINDOWS\system32\nnnmp.ini2
C:\WINDOWS\system32\ututv.ini
C:\WINDOWS\system32\ututv.ini2
C:\WINDOWS\system32\vyadd.ini
C:\WINDOWS\system32\vyadd.ini2
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\wopsock.dll
C:\WINDOWS\system32\wowfx.dll . . . . failed to delete
C:\WINDOWS\system32\wsock3.dll
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\Program Files\Helper
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\inf\ultra.inf
C:\WINDOWS\system32\~.exe
C:\WINDOWS\system32\bccdd.ini
C:\WINDOWS\system32\bccdd.ini2
C:\WINDOWS\system32\buqkodce.dllbox
C:\WINDOWS\system32\conf.dat
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\hnppnvmb.ini
C:\WINDOWS\system32\hnppnvmb.ini2
C:\WINDOWS\system32\hqspxncf.dll
C:\WINDOWS\system32\kdwsmeje.ini
C:\WINDOWS\system32\nfatidfn.ini
C:\WINDOWS\system32\nnnmp.ini
C:\WINDOWS\system32\nnnmp.ini2
C:\WINDOWS\system32\ututv.ini
C:\WINDOWS\system32\ututv.ini2
C:\WINDOWS\system32\vyadd.ini
C:\WINDOWS\system32\vyadd.ini2
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\wopsock.dll
C:\WINDOWS\system32\wsock3.dll

Drivers/Services
.
-------\LEGACY_DOMAINSERVICE
-------\mp32


-------\LEGACY_MP32
-------\mp32


((((((((((((((((((((((((( Files Created from 2008-01-06 to 2008-02-06 )))))))))))))))))))))))))))))))
.

2008-02-06 15:49 . 2004-08-03 23:00 260,272 --a------ C:\cmldr
2008-02-06 13:46 . 2008-02-06 13:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-06 13:45 . 2008-02-06 15:32 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-06 13:45 . 2008-02-06 13:45 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-06 13:45 . 2008-02-06 13:45 <DIR> d-------- C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com
2008-02-06 13:35 . 2008-02-06 13:35 <DIR> d-------- C:\Program Files\weofxkwt
2008-01-22 16:23 . 2008-01-22 16:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-22 16:22 . 2008-01-22 16:22 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-22 15:29 . 2008-01-22 15:29 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-20 20:49 . 2006-10-09 06:46 <DIR> d-------- C:\Documents and Settings\Andrew\Application Data\toshiba
2008-01-20 20:49 . 2006-10-09 06:46 <DIR> d-------- C:\Documents and Settings\Andrew\Application Data\Sonic
2008-01-20 20:49 . 2007-01-25 20:38 <DIR> d-------- C:\Documents and Settings\Andrew\Application Data\Intel
2008-01-20 20:49 . 2006-06-06 13:54 <DIR> d-------- C:\Documents and Settings\Andrew\Application Data\AdobeUM
2008-01-20 14:08 . 2008-01-20 17:19 <DIR> d-------- C:\Documents and Settings\user\Application Data\AdwareAlert
2008-01-19 22:00 . 2008-01-20 14:42 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-19 21:59 . 2008-01-19 22:00 <DIR> d-------- C:\Program Files\Google
2008-01-19 21:42 . 2008-01-19 21:50 <DIR> d-------- C:\Program Files\AntiVirusPro
2008-01-19 21:42 . 2008-01-19 21:42 <DIR> d-------- C:\Documents and Settings\user\Application Data\Anti-Virus-Pro.com
2008-01-19 21:41 . 2008-01-19 21:41 269,334 --a------ C:\WINDOWS\system32\bqhkj.bmp
2008-01-19 21:39 . 2005-06-06 14:24 18,944 --a------ C:\WINDOWS\system32\wowfx.dll
2008-01-19 11:29 . 2008-01-19 11:29 53,760 --a------ C:\WINDOWS\system32\btask.dll
2008-01-19 11:29 . 2008-01-19 11:29 1 --a------ C:\WINDOWS\system32\rc.dat
2008-01-19 11:29 . 2008-01-19 11:29 1 --a------ C:\WINDOWS\system32\ps1.dat
2008-01-19 11:29 . 2008-01-19 11:29 1 --a------ C:\WINDOWS\system32\cs.dat
2008-01-14 19:38 . 2008-01-14 19:38 <DIR> d-------- C:\Documents and Settings\user\Application Data\Grisoft
2008-01-14 19:37 . 2008-01-14 19:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-14 19:37 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-14 19:24 . 2008-01-22 18:44 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-01-14 15:53 . 2008-01-14 15:53 58,880 --a------ C:\ydpgtbtq.exe
2008-01-14 15:53 . 2008-01-14 15:53 2 --a------ C:\-391774007
2008-01-14 15:28 . 2008-01-14 15:30 48 --a------ C:\Documents and Settings\user\Settings.dat
2008-01-11 22:14 . 2008-01-11 22:14 268 --ah----- C:\sqmdata07.sqm
2008-01-11 22:14 . 2008-01-11 22:14 244 --ah----- C:\sqmnoopt07.sqm
2008-01-11 20:35 . 2008-01-11 20:35 268 --ah----- C:\sqmdata06.sqm
2008-01-11 20:35 . 2008-01-11 20:35 244 --ah----- C:\sqmnoopt06.sqm
2008-01-10 22:42 . 2008-01-10 22:42 268 --ah----- C:\sqmdata05.sqm
2008-01-10 22:42 . 2008-01-10 22:42 244 --ah----- C:\sqmnoopt05.sqm
2008-01-10 21:27 . 2008-01-10 21:27 268 --ah----- C:\sqmdata04.sqm
2008-01-10 21:27 . 2008-01-10 21:27 244 --ah----- C:\sqmnoopt04.sqm
2008-01-09 22:00 . 2008-01-09 22:00 268 --ah----- C:\sqmdata03.sqm
2008-01-09 22:00 . 2008-01-09 22:00 244 --ah----- C:\sqmnoopt03.sqm
2008-01-08 21:36 . 2008-01-08 21:36 268 --ah----- C:\sqmdata02.sqm
2008-01-08 21:36 . 2008-01-08 21:36 244 --ah----- C:\sqmnoopt02.sqm
2008-01-08 09:12 . 2008-01-08 09:12 268 --ah----- C:\sqmdata01.sqm
2008-01-08 09:12 . 2008-01-08 09:12 244 --ah----- C:\sqmnoopt01.sqm

( Find3M Report ).
2008-02-06 15:37 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-22 18:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-19 19:30 --------- d-----w C:\Program Files\Steam
2008-01-19 19:30 --------- d-----w C:\Program Files\Full Tilt Poker
2008-01-15 16:58 --------- d-----w C:\Program Files\mIRC
2008-01-14 20:13 --------- d-----w C:\Program Files\QuickTime
2007-12-19 22:16 --------- d-----w C:\Documents and Settings\user\Application Data\ArcSoft
2007-12-19 19:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-19 19:37 --------- d-----w C:\Program Files\Common Files\ArcSoft
2007-12-19 19:37 --------- d-----w C:\Program Files\ArcSoft
2007-12-19 19:26 --------- d-----w C:\Program Files\USB PC Camera
2007-12-15 14:29 --------- d-----w C:\Program Files\CeWe Color
2007-08-31 17:54 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2007-08-31 17:54 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
2007-05-19 17:20 1,794 ----a-w C:\Documents and Settings\user\Application Data\SAS7_000.DAT
2007-03-04 16:03 25,755,448 ----a-w C:\Program Files\wmp11-windowsxp-x86-enu.exe
2007-03-04 12:46 15,505,200 ----a-w C:\Program Files\IE7-WindowsXP-x86-enu.exe
.

<pre>
----a-w 171,448 2008-01-20 18:17:42 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier .exe
----a-w 158,208 2008-01-14 17:41:38 C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
----a-w 15,360 2008-01-22 18:44:45 C:\WINDOWS\system32\ctfmon .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9DC97768-C9DD-4AE9-89A5-5019C1511611}]
C:\WINDOWS\system32\vtutu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E1290342-AAFF-4f7c-9F45-D665E4BF1A00}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]
"AdwareAlert"="C:\Program Files\AdwareAlert\AdwareAlert.exe" [ ]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSDrive"="C:\WINDOWS\system32\drvxak.dll" [ ]
"e8a60066"="C:\WINDOWS\system32\ejemswdk.dll" [ ]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\buqkodce]
buqkodce.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkjigf]
jkkjigf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\wowfx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, , , xlibgfl254.dll, , , wowfx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^autorun.exe]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe
backup=C:\WINDOWS\pss\autorun.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^findfast.exe]
path=C:\Documents and Settings\user\Start Menu\Programs\Startup\findfast.exe
backup=C:\WINDOWS\pss\findfast.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
path=C:\Documents and Settings\user\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk
backup=C:\WINDOWS\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\000StTHK]
--a------ 2001-06-23 03:28 24576 C:\WINDOWS\system32\000StTHK.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00THotkey]
--a------ 2006-05-18 09:53 253952 C:\WINDOWS\system32\00THotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2006-03-04 03:28 88204 C:\WINDOWS\agrsmmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-04 01:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2004-03-24 05:40 196608 C:\Program Files\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avp]
C:\WINDOWS\TEMP\win3E.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDrive]
C:\WINDOWS\system32\drvkex.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 12:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
--a------ 2005-10-06 04:20 122940 C:\WINDOWS\System32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE]
C:\Program Files\Trust\MI-2500X OPTICAL MOUSE\Mouse32a.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-09-13 14:49 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2006-03-23 12:13 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2006-03-23 12:17 118784 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2006-03-23 12:17 94208 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a------ 2005-11-28 11:41 602182 C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
--a------ 2005-12-05 12:37 667718 C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-02-16 16:15 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-02-16 16:15 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\system32\ddayv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lsass]
C:\WINDOWS\lsass.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-01-22 18:02 2225152 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Outerinfo]
C:\Program Files\Outerinfo\Outerinfo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OuterinfoUpdate]
C:\Program Files\Outerinfo\OuterinfoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Printer]
C:\WINDOWS\system32\printer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSwitch]
C:\Program Files\Proxy Switcher Standard\ProxySwitcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regscan]
C:\WINDOWS\system32\regscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-05-09 20:53 16207360 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2006-04-24 22:20 1448960 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smgr]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
--a------ 2005-05-12 09:31 118784 C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spoolsv]
C:\WINDOWS\system32\spoolvs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareBot]
C:\Program Files\SpywareBot\SpywareBot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
--a------ 2003-09-29 16:00 155648 C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-01-13 04:40 1266936 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFNF5]
--a------ 2006-04-11 01:14 622592 C:\WINDOWS\system32\TFNF5.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ThpSrv]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
--a------ 2008-01-22 18:02 428032 C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSDCR]
--a------ 2005-12-12 17:54 57344 C:\WINDOWS\system32\TOSDCR.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosHKCW.exe]
--a------ 2005-05-17 10:42 49152 C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TouchED]
--a------ 2005-08-31 13:46 102400 C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
--a------ 2006-05-19 09:42 299008 C:\WINDOWS\system32\TPSMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSODDCtl]
--a------ 2006-05-19 09:42 102400 C:\WINDOWS\system32\TPSODDCtl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Winupdate Engine]
C:\WINDOWS\system32\wupeng.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CFSvcs"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccProxy"=2 (0x2)
"ccISPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"SAVScan"=3 (0x3)
"NSCService"=3 (0x3)
"SPBBCSvc"=2 (0x2)
"SNDSrvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"Thpsrv"=2 (0x2)
"Symantec Core LC"=2 (0x2)
"navapsvc"=2 (0x2)
"LiveUpdate"=3 (0x3)
"usnjsvc"=3 (0x3)
"S24EventMonitor"=2 (0x2)
"RegSrvc"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"ose"=3 (0x3)
"MDM"=2 (0x2)
"IDriverT"=3 (0x3)
"EvtEng"=2 (0x2)

R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\WINDOWS\system32\DRIVERS\thpdrv.sys [2004-12-27 22:31]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\WINDOWS\system32\DRIVERS\Thpevm.SYS [2004-11-13 11:24]
S3 APL531;OVT Scanner;C:\WINDOWS\system32\Drivers\ov550i.sys [2006-07-31 19:44]
S3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-06-10 20:26]
S3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2006-05-06 01:12]
S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 13:47]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-20 17:22:45 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert
"2008-02-06 14:57:05 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

And finally HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:15:39, on 06/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {9DC97768-C9DD-4AE9-89A5-5019C1511611} - C:\WINDOWS\system32\vtutu.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Module - {E1290342-AAFF-4f7c-9F45-D665E4BF1A00} - btask.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MSDrive] rundll32.exe C:\WINDOWS\system32\drvxak.dll,startup
O4 - HKLM\..\Run: [e8a60066] rundll32.exe "C:\WINDOWS\system32\ejemswdk.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: buqkodce - buqkodce.dll (file missing)
O20 - Winlogon Notify: jkkjigf - jkkjigf.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 6077 bytes

Hi Callum

It's been a while since you posted this, so I'm not sure if you still require help ...

I myself have been away from the forums for personal reasons, but I am back now to help you resolve this, if you so wish ...

Please make a reply in this thread if you wish to continue.

cheers

steam