...one more step forward :-)
Unable to 'uninstall' by shortcut or Windows 'Add or Remove Programs' so just deleted HiJackThis shortcuts, folders and files.
Downloaded and installed and have just run HiJackThis. It ran ! :-)
Here's the HiJackThis log file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:30:48, on 12/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\SYSTEM32\astsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Apps\Logitech\Video\LogiTray.exe
C:\Apps\Ad-Aware 2007\AAWTray.exe
C:\Apps\PowerDVD\PDVDServ.exe
C:\Apps\Logitech\Video\FxSvr2.exe
C:\Apps\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Apps\iTunes\iTunesHelper.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Apps\Directory Opus\dopusrt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Apps\Nikon\NikonView\NkvMon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Apps\Palm\HOTSYNC.EXE
C:\Apps\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\WINDOWS\System32\svchost.exe
C:\Apps\Directory Opus\dopus.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://uk.mcafee.com/root/campaign.asp?cid=16321
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Apps\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Apps\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Apps\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Apps\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AAWTray] C:\Apps\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Apps\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Apps\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Apps\Adobe\Reader 8\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Apps\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MimBoot] C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Apps\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Apps\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [DOpus] C:\Apps\Directory Opus\dopus.exe
O4 - HKCU\..\Run: [Directory Opus Desktop Dblclk] "C:\Apps\Directory Opus\dopusrt.exe" /dblclk
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: HotSync Manager.LNK = C:\Apps\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Apps\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Apps\Nikon\NikonView\NkvMon.exe
O4 - Global Startup: Register PhotoFrame 4.0 Professional Edition.lnk = C:\Apps\onOne Software\PhotoFrame 4.0 Professional Edition\Register PhotoFrame 4.0 Professional Edition.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Apps\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Apps\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Apps\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Apps\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Apps\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Apps\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Apps\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Apps\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Apps\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: En&queue current page with Bulk Image Downloader - file://C:\Apps\Bulk Image Downloader\iemenu\iebidqueue.htm
O8 - Extra context menu item: Enqueue link target with Bulk Ima&ge Downloader - file://C:\Apps\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
O8 - Extra context menu item: Open &link target with Bulk Image Downloader - file://C:\Apps\Bulk Image Downloader\iemenu\iebidlink.htm
O8 - Extra context menu item: Open current page with Bulk I&mage Downloader - file://C:\Apps\Bulk Image Downloader\iemenu\iebid.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Games\PartyPoker\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Games\PartyPoker\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pu...sh/swflash.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Apps\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\SYSTEM32\astsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Apps\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 14605 bytes
ComboFix and Kaspersky done plus HJThis
OK, that was a long haul with three remote drives attached !
Here are the log files: first the ComboFix, then Kaspersky, than finally a HJThis log file. I may have to put these into three posts, we'll see.
ComboFix 09-01-10.03 - WtP 2009-01-12 21:14:55.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.572 [GMT 1:00]
Running from: c:\documents and settings\WtP\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\WtP\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\WtP\Application Data\Azureus
c:\documents and settings\WtP\Application Data\Azureus\.certs
c:\documents and settings\WtP\Application Data\Azureus\.keystore
c:\documents and settings\WtP\Application Data\Azureus\.lock
c:\documents and settings\WtP\Application Data\Azureus\active\0182CA8F41E89084FBDF400503525738F3399ED5.dat
c:\documents and settings\WtP\Application Data\Azureus\active\0182CA8F41E89084FBDF400503525738F3399ED5.dat.bak
c:\documents and settings\WtP\Application Data\Azureus\active\0CE72FF1BAF90CC5745C3C9035D07031E2E55831.dat
c:\documents and settings\WtP\Application Data\Azureus\active\0CE72FF1BAF90CC5745C3C9035D07031E2E55831.dat.bak
c:\documents and settings\WtP\Application Data\Azureus\active\1EE798F66D0FAD6F49DBDF11C2A0556CF9A2B754.dat
c:\documents and settings\WtP\Application Data\Azureus\active\1EE798F66D0FAD6F49DBDF11C2A0556CF9A2B754.dat.bak
c:\documents and settings\WtP\Application Data\Azureus\active\2D593400631CD2B2AB80B5A74AB7456D52D521DD.dat
c:\documents and settings\WtP\Application Data\Azureus\active\2D593400631CD2B2AB80B5A74AB7456D52D521DD.dat.bak
c:\documents and settings\WtP\Application Data\Azureus\active\36E23AE927DB28B89AFC31FFC570096A6C61E1A1.dat
c:\documents and settings\WtP\Application Data\Azureus\active\36E23AE927DB28B89AFC31FFC570096A6C61E1A1.dat.bak
c:\documents and settings\WtP\Application Data\Azureus\active\57F78B9264D4C95A66A0982FE35BD2EC2664ADCF.dat
c:\documents and settings\WtP\Application Data\Azureus\active\57F78B9264D4C95A66A0982FE35BD2EC2664ADCF.dat.bak
c:\documents and settings\WtP\Application Data\Azureus\active\57F78B9264D4C95A66A0982FE35BD2EC2664ADCF\fmfile1.dat
c:\documents and settings\WtP\Application Data\Azureus\active\57F78B9264D4C95A66A0982FE35BD2EC2664ADCF\fmfile12.dat
c:\documents and settings\WtP\Application Data\Azureus\active\57F78B9264D4C95A66A0982FE35BD2EC2664ADCF\fmfile15.dat
c:\documents and settings\WtP\Application Data\Azureus\active\57F78B9264D4C95A66A0982FE35BD2EC2664ADCF\fmfile9.dat
c:\documents and settings\WtP\Application Data\Azureus\active\5A996DECA6C313C1D162232158F08F2D5608B11D.dat
c:\documents and settings\WtP\Application Data\Azureus\active\5A996DECA6C313C1D162232158F08F2D5608B11D.dat.bak
c:\documents and settings\WtP\Application Data\Azureus\active\78267E919D532C43E6BA912D264958287D12033E.dat
c:\documents and settings\WtP\Application Data\Azureus\active\78267E919D532C43E6BA912D264958287D12033E.dat.bak
c:\documents and settings\WtP\Application Data\Azureus\active\AB01C37D64B00899CDDFCDB0A6037A1191000AD9.dat
c:\documents and settings\WtP\Application Data\Azureus\active\AB01C37D64B00899CDDFCDB0A6037A1191000AD9.dat.bak
c:\documents and settings\WtP\Application Data\Azureus\active\B90755EB9544E479EA1F4A5F050B610C23803C98.dat
c:\documents and settings\WtP\Application Data\Azureus\active\B90755EB9544E479EA1F4A5F050B610C23803C98.dat.bak
c:\documents and settings\WtP\Application Data\Azureus\active\BC75C15497B64830E0384660AF6E1E309177D2D2.dat
c:\documents and settings\WtP\Application Data\Azureus\active\BC75C15497B64830E0384660AF6E1E309177D2D2.dat.bak
c:\documents and settings\WtP\Application Data\Azureus\active\BDC297E3DAA48DC9F70975EB42F11334AD2A2BFF.dat
c:\documents and settings\WtP\Application Data\Azureus\active\BDC297E3DAA48DC9F70975EB42F11334AD2A2BFF.dat.bak
c:\documents and settings\WtP\Application Data\Azureus\active\C621DD43C7DA20BB680B6713439C8D573825DB88.dat
c:\documents and settings\WtP\Application Data\Azureus\active\C621DD43C7DA20BB680B6713439C8D573825DB88.dat.bak
c:\documents and settings\WtP\Application Data\Azureus\active\cache.dat
c:\documents and settings\WtP\Application Data\Azureus\active\CB31F062F73A098FE0AB6B7FC2FA942BE0F4744B.dat
c:\documents and settings\WtP\Application Data\Azureus\active\CB31F062F73A098FE0AB6B7FC2FA942BE0F4744B.dat.bak
c:\documents and settings\WtP\Application Data\Azureus\active\CB31F062F73A098FE0AB6B7FC2FA942BE0F4744B\fmfile1.dat
c:\documents and settings\WtP\Application Data\Azureus\active\CB31F062F73A098FE0AB6B7FC2FA942BE0F4744B\fmfile3.dat
c:\documents and settings\WtP\Application Data\Azureus\active\F064A4986FB7C81D8349D2B6FE2509084EF028CF.dat
c:\documents and settings\WtP\Application Data\Azureus\active\F064A4986FB7C81D8349D2B6FE2509084EF028CF.dat.bak
c:\documents and settings\WtP\Application Data\Azureus\active\F2670AF80E35C40F6B2C4FC1C4E64FFE844E0CB6.dat
c:\documents and settings\WtP\Application Data\Azureus\active\F2670AF80E35C40F6B2C4FC1C4E64FFE844E0CB6.dat.bak
c:\documents and settings\WtP\Application Data\Azureus\active\F2FC15B98270437D378CE2D61EE610A8F86C2739.dat
c:\documents and settings\WtP\Application Data\Azureus\active\F2FC15B98270437D378CE2D61EE610A8F86C2739.dat.bak
c:\documents and settings\WtP\Application Data\Azureus\active\F7483CAE09E7E99EE0CE2A9A1A1283EABC6B16DA.dat
c:\documents and settings\WtP\Application Data\Azureus\active\F7483CAE09E7E99EE0CE2A9A1A1283EABC6B16DA.dat.bak
c:\documents and settings\WtP\Application Data\Azureus\active\FBD6B30C1933C8233FB69F3DE37A06106008FC5B.dat
c:\documents and settings\WtP\Application Data\Azureus\active\FBD6B30C1933C8233FB69F3DE37A06106008FC5B.dat.bak
c:\documents and settings\WtP\Application Data\Azureus\azureus.config
c:\documents and settings\WtP\Application Data\Azureus\azureus.config.bak
c:\documents and settings\WtP\Application Data\Azureus\azureus.statistics
c:\documents and settings\WtP\Application Data\Azureus\azureus.statistics.bak
c:\documents and settings\WtP\Application Data\Azureus\banips.config
c:\documents and settings\WtP\Application Data\Azureus\banips.config.bak
c:\documents and settings\WtP\Application Data\Azureus\dht\addresses.dat
c:\documents and settings\WtP\Application Data\Azureus\dht\contacts.dat
c:\documents and settings\WtP\Application Data\Azureus\dht\diverse.dat
c:\documents and settings\WtP\Application Data\Azureus\dht\general.dat
c:\documents and settings\WtP\Application Data\Azureus\dht\version.dat
c:\documents and settings\WtP\Application Data\Azureus\downloads.config
c:\documents and settings\WtP\Application Data\Azureus\downloads.config.bak
c:\documents and settings\WtP\Application Data\Azureus\friends.config
c:\documents and settings\WtP\Application Data\Azureus\friends.config.bak
c:\documents and settings\WtP\Application Data\Azureus\ipfilter.cache
c:\documents and settings\WtP\Application Data\Azureus\logs\alerts_1.log
c:\documents and settings\WtP\Application Data\Azureus\logs\AutoSpeed_1.log
c:\documents and settings\WtP\Application Data\Azureus\logs\AutoSpeed_2.log
c:\documents and settings\WtP\Application Data\Azureus\logs\AutoSpeedSearchHistory_1.log
c:\documents and settings\WtP\Application Data\Azureus\logs\AutoSpeedSearchHistory_2.log
c:\documents and settings\WtP\Application Data\Azureus\logs\clientid_1.log
c:\documents and settings\WtP\Application Data\Azureus\logs\debug_1.log
c:\documents and settings\WtP\Application Data\Azureus\logs\debug_2.log
c:\documents and settings\WtP\Application Data\Azureus\logs\Friends_1.log
c:\documents and settings\WtP\Application Data\Azureus\logs\NetStatus_1.log
c:\documents and settings\WtP\Application Data\Azureus\logs\seltrace_1.log
c:\documents and settings\WtP\Application Data\Azureus\logs\seltrace_2.log
c:\documents and settings\WtP\Application Data\Azureus\logs\SpeedMan_1.log
c:\documents and settings\WtP\Application Data\Azureus\logs\SpeedMan_2.log
c:\documents and settings\WtP\Application Data\Azureus\logs\thread_1.log
c:\documents and settings\WtP\Application Data\Azureus\logs\thread_2.log
c:\documents and settings\WtP\Application Data\Azureus\net\pm_15659.dat
c:\documents and settings\WtP\Application Data\Azureus\net\pm_2119.dat
c:\documents and settings\WtP\Application Data\Azureus\net\pm_2856.dat
c:\documents and settings\WtP\Application Data\Azureus\net\pm_41164.dat
c:\documents and settings\WtP\Application Data\Azureus\net\pm_9105.dat
c:\documents and settings\WtP\Application Data\Azureus\plugins\azupnpav\azupnpav_0.1.3.jar
c:\documents and settings\WtP\Application Data\Azureus\plugins\azupnpav\azupnpav_0.1.3.zip
c:\documents and settings\WtP\Application Data\Azureus\plugins\azupnpav\azupnpav_0.1.7.jar
c:\documents and settings\WtP\Application Data\Azureus\plugins\azupnpav\azupnpav_0.1.7.zip
c:\documents and settings\WtP\Application Data\Azureus\plugins\azupnpav\azupnpav_0.2.0.jar
c:\documents and settings\WtP\Application Data\Azureus\plugins\azupnpav\azupnpav_0.2.0.zip
c:\documents and settings\WtP\Application Data\Azureus\plugins\azupnpav\azupnpav_0.2.1.jar
c:\documents and settings\WtP\Application Data\Azureus\plugins\azupnpav\azupnpav_0.2.1.zip
c:\documents and settings\WtP\Application Data\Azureus\plugins\azupnpav\azupnpav_0.2.2.jar
c:\documents and settings\WtP\Application Data\Azureus\plugins\azupnpav\azupnpav_0.2.2.zip
c:\documents and settings\WtP\Application Data\Azureus\plugins\azupnpav\plugin.properties
c:\documents and settings\WtP\Application Data\Azureus\plugins\azupnpav\plugin.properties_0.1.3
c:\documents and settings\WtP\Application Data\Azureus\plugins\azupnpav\plugin.properties_0.1.7
c:\documents and settings\WtP\Application Data\Azureus\plugins\azupnpav\plugin.properties_0.2.0
c:\documents and settings\WtP\Application Data\Azureus\plugins\azupnpav\plugin.properties_0.2.1
c:\documents and settings\WtP\Application Data\Azureus\plugins\azupnpav\plugin.properties_0.2.2
c:\documents and settings\WtP\Application Data\Azureus\tables.config
c:\documents and settings\WtP\Application Data\Azureus\tables.config.bak
c:\documents and settings\WtP\Application Data\Azureus\tmp\AZU22988.tmp
c:\documents and settings\WtP\Application Data\Azureus\tmp\AZU22989.tmp
c:\documents and settings\WtP\Application Data\Azureus\tmp\AZU22990.tmp
c:\documents and settings\WtP\Application Data\Azureus\tmp\AZU22991.tmp
c:\documents and settings\WtP\Application Data\Azureus\tmp\AZU22992.tmp
c:\documents and settings\WtP\Application Data\Azureus\tmp\AZU22993.tmp
c:\documents and settings\WtP\Application Data\Azureus\tmp\AZU22994.tmp
c:\documents and settings\WtP\Application Data\Azureus\tmp\AZU22995.tmp
c:\documents and settings\WtP\Application Data\Azureus\tmp\AZU22996.tmp
c:\documents and settings\WtP\Application Data\Azureus\torrents\AZU9222.tmp
c:\documents and settings\WtP\Application Data\Azureus\tracker.config
c:\documents and settings\WtP\Application Data\Azureus\tracker.config.bak
c:\documents and settings\WtP\Application Data\Azureus\update.log
c:\documents and settings\WtP\Application Data\Azureus\update.properties
.
((((((((((((((((((((((((( Files Created from 2008-12-12 to 2009-01-12 )))))))))))))))))))))))))))))))
.
2009-01-12 18:30 . 2009-01-12 18:30 <DIR> d-------- c:\program files\Trend Micro
2009-01-11 17:59 . 2009-01-11 18:01 <DIR> d-------- C:\rsit
2009-01-05 17:12 . 2009-01-05 17:12 268 --ah----- C:\sqmdata06.sqm
2009-01-05 17:12 . 2009-01-05 17:12 244 --ah----- C:\sqmnoopt06.sqm
2008-12-23 00:49 . 2008-12-23 00:49 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-23 00:49 . 2008-12-23 00:49 <DIR> d-------- c:\documents and settings\WtP\Application Data\Malwarebytes
2008-12-23 00:49 . 2008-12-23 00:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-23 00:49 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-23 00:49 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-21 21:31 . 2008-12-21 21:31 <DIR> d-------- C:\- TRANSFER to memory stick
2008-12-17 19:19 . 2009-01-12 14:53 <DIR> d--h----- c:\documents and settings\WtP\Application Data\drivers
2008-12-17 08:54 . 2008-12-17 18:24 <DIR> d-------- C:\--- Music
2008-12-16 18:25 . 2008-12-16 21:41 <DIR> d-------- c:\documents and settings\WtP\Application Data\BID
2008-12-15 16:44 . 2008-12-15 16:57 <DIR> d-------- c:\documents and settings\WtP\Application Data\onOne Software
2008-12-15 16:44 . 2008-11-11 18:23 57,344 --a------ c:\windows\system32\ASTSRV.EXE
2008-12-15 16:35 . 2008-12-15 16:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\onOne Software
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-12 18:15 --------- d-----w c:\program files\Java
2009-01-12 13:54 --------- d-----w c:\program files\NetWaiting
2009-01-11 11:08 --------- d-----w c:\documents and settings\WtP\Application Data\Skype
2009-01-11 07:02 --------- d-----w c:\documents and settings\WtP\Application Data\skypePM
2008-12-20 14:52 0 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLbz.DAT
2008-12-17 18:24 --------- d-----w c:\program files\McAfee
2008-12-15 15:35 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-13 06:40 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-11-22 17:39 --------- d-----w c:\program files\Skype
2008-11-22 17:38 --------- d-----w c:\program files\Common Files\Skype
2008-11-15 18:13 --------- d-----w c:\program files\Total Training
2008-10-27 09:00 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLeh.DAT
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2007-09-12 19:32 104 --sha-r c:\windows\system32\32EB230D36.sys
2008-04-23 17:19 56 --sh--r c:\windows\system32\3711E78860.sys
2007-09-12 19:32 6,580 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-09-12 15:59 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091220080913\index.dat
.
((((((((((((((((((((((((((((( snapshot@2009-01-12_15.05.22.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-17 01:08:40 3,593,216 -c----w c:\windows\ie7updates\KB960714-IE7\mshtml.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\updspapi.dll
- 2008-10-17 01:08:40 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2009-01-12 20:04:05 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_694.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="c:\apps\Logitech\Video\ManifestEngine.exe" [2004-10-08 196608]
"DOpus"="c:\apps\Directory Opus\dopus.exe" [2007-05-18 6887160]
"Directory Opus Desktop Dblclk"="c:\apps\Directory Opus\dopusrt.exe" [2007-05-18 276248]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShowLOMControl"="1 (0x1)" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-12-06 839680]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"LogitechVideoRepair"="c:\apps\Logitech\Video\ISStart.exe" [2004-10-08 458752]
"LogitechVideoTray"="c:\apps\Logitech\Video\LogiTray.exe" [2004-10-08 217088]
"AAWTray"="c:\apps\Ad-Aware 2007\AAWTray.exe" [2007-08-08 88024]
"RemoteControl"="c:\apps\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut"="c:\apps\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Acrobat Assistant 8.0"="c:\apps\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"MimBoot"="c:\program files\Musicmatch\Musicmatch Jukebox\mimboot.exe" [2004-12-10 11776]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-12 582992]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\apps\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 c:\windows\stsystra.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\WtP\Start Menu\Programs\Startup\
HotSync Manager.LNK - c:\apps\Palm\HOTSYNC.EXE [2003-10-14 299008]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2007-11-16 295606]
Adobe Acrobat Synchronizer.lnk - c:\apps\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-06-16 49152]
DataViz Inc Messenger.lnk - c:\program files\Common Files\DataViz\DvzIncMsgr.exe [2008-03-09 28672]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-03-30 24576]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-09-15 450560]
NkvMon.exe.lnk - c:\apps\Nikon\NikonView\NkvMon.exe [2007-09-15 241664]
Register PhotoFrame 4.0 Professional Edition.lnk - c:\apps\onOne Software\PhotoFrame 4.0 Professional Edition\Register PhotoFrame 4.0 Professional Edition.exe [2008-12-15 290816]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 81920]
WinZip Quick Pick.lnk - c:\apps\WinZip\WZQKPICK.EXE [2007-09-13 389120]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE}"= "c:\apps\Directory Opus\dopuslib.dll" [2007-05-18 694024]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Apps\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Apps\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R4 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\apps\PowerDVD\000.fcl [2006-11-02 15:51:58 13560]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-10-02 203280]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1dd8d7d6-dd58-11dd-a161-001302268895}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL SanDisk-Games.exe
.
Contents of the 'Scheduled Tasks' folder
2008-12-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
2009-01-12 c:\windows\Tasks\iTunes.job
- c:\apps\iTunes\iTunes.exe [2008-09-10 16:39]
2008-12-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]
2008-11-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]
2009-01-12 c:\windows\Tasks\XoftSpySE 2.job
- c:\program files\XoftSpySE\XoftSpy.exe [2007-07-13 08:43]
2008-12-23 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE\XoftSpy.exe [2007-07-13 08:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bbc.co.uk
mStart Page = hxxp://www.bbc.co.uk
uInternet Connection Wizard,ShellNext = hxxp://uk.mcafee.com/root/campaign.asp?cid=16321
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\apps\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\apps\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\apps\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\apps\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\apps\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\apps\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\apps\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\apps\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: En&queue current page with Bulk Image Downloader - file://c:\apps\Bulk Image Downloader\iemenu\iebidqueue.htm
IE: Enqueue link target with Bulk Ima&ge Downloader - file://c:\apps\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
IE: Open &link target with Bulk Image Downloader - file://c:\apps\Bulk Image Downloader\iemenu\iebidlink.htm
IE: Open current page with Bulk I&mage Downloader - file://c:\apps\Bulk Image Downloader\iemenu\iebid.htm
FF - ProfilePath - c:\documents and settings\WtP\Application Data\Mozilla\Firefox\Profiles\i42v0ij2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\apps\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: c:\apps\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\apps\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\apps\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npeRoom7.dll
FF - plugin: c:\program files\Photosynth\Tech Preview\nppsynth.dll
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-12 21:18:01
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\apps\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-01-12 21:22:53
ComboFix-quarantined-files.txt 2009-01-12 20:21:35
ComboFix2.txt 2009-01-12 14:12:42
Pre-Run: 10,881,335,296 bytes free
Post-Run: 10,864,017,408 bytes free
343 --- E O F --- 2009-01-12 18:30:28
...continued... Kaspersky log file
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, January 13, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, January 12, 2009 22:15:57
Records in database: 1610601
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
Scan statistics:
Files scanned: 330651
Threat name: 20
Infected objects: 492
Suspicious objects: 0
Duration of the scan: 14:30:16
File name / Threat name / Threats count
C:\--- SAS Applications DONT DELETE 8\-- ASSESS\PC\File and Disk Utilities\Win RAR Password Cracker Setup.exe Infected: Backdoor.Win32.Rbot.kmx 1
C:\--- SAS Applications DONT DELETE 8\-- ASSESS\PC\File and Disk Utilities\Winrar Password Recovery v4.12.zip Infected: Backdoor.Win32.Rbot.kmx 1
C:\Avenger\m\shared\001Micron Digital Pictures Recovery 4.8.3.1.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\123 DVD Converter 4.6.6.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\3D Model Builder Geometry Pack 4.08.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\ABC Amber Text2Image Converter 4.05.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Acceleration Time Calculus 1.1.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Active Sound Studio Professional 2.1.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Agile PSP Video Converter 1.8.5.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Aiekon Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Alaman Wallpaper 1.07.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\AlbumWeb Pro 3.1.4.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\American Skies 2.0.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Anim-FX Flash intros and Flash banners builder 3.5.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\AntiVir PersonalEdition Premium Lizenzkey [0000074727].zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Apex Video To RM RMVB Converter 4.26.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\AVG.Email.Server.Edition-keygen.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\AviManager 0.57.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\BarcodeNET 6.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\BatMan Widget 3.1.4.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Be.HexEditor 1.3.0.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Bird Dog EIS 1.4.0.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\BitDefender.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\BitTorrent SpeedUp Pro 4.4.5.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Browser Hijack Retaliator 4.5.0.471.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Bullet Proof Mailer 1.0 Build 12252003.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Campaign 2008 Screensaver (Obama) 1.2.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\cantebriggia font 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\CPU 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\CreditCheckMate 5.0.1.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\CTRLA 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\DataObjects.NET Express 3.8.8.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\DBxq 3.1.1.1.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Dice Widget 1.0.1.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\DiskExt 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Displaying 82001 - 84000 of 107598.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\DreamFlag Screen Saver.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Drive Statics 1.00.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\dromos 1.1.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Duplicate Manager 2.0.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\eAnt 1.30.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\EditCNC 3.0.2.9a.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\EnGraph Datebox .NET Control 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\fff.to 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\FirePaint 2005 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Form Cracker Lite 2.1.7.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\GlassNet 1.0.13.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Glossy Coat 1.7.0.2.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Great American Ink Widget 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\HashPass 1.8.0.0.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Historical Stock Quotes Downloader 7.1.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\honestech VHS to DVD 3.0.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\IndexMaker 1.01.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Inquiry Basic Edition 1.8.470 Service Release 1.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Islamic Quotations 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\J Virtual Keyboard 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Java Movie Database 1.5.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\KasperSky.6.Emergency.CD-iso.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Keygen.Bitdefender.Version.8.0.2.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Kitty Icons & Cursors 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Let's Eat.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Licencia_Key_Kaspersky_Anti-Virus_Personal_v5.0.156_garantizado_por_Luismi.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\LightCA 1.2.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\LingvoSoft Dictionary 2008 English - Czech 4.1.29.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Magic Lantern 2.0.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Math Screener 1.1.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\MenuEdit 2.3.0.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Mixstreme Computers Toolbar for Firefox 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Mortal_Kombat_3D_Mobile_MOD_240x320.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Myspace stuff toolbar for IE 4.5.131.0.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\N10-003 CompTIA Network+ 8.07.05.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\NCAA Tournament Predictor 1.4.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Network and Dial-up Password Revealer 1.3.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\norton.ghost.symantec.2003.no.serial.needed.andrea.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\NutriGenie Low Carb Diet 7.9.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\OverCAD PDF TO DWG 1.50.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\PakViewer 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Panda_Screensaver_1.0.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\PDA.-.Kaspersky.Security.v5.0.(+Crack).zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Penguins Screensaver 1.0.6.2634.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Perfect Video DVD Converter 3.29.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Phone Card Reader 2.6.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\PingFire 1.0.1.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Plato Video Converter + Video To iPod PSP 3GP PPC Converter 5.35.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Pluto's FolderSync 1.00.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Popup Annihilator Pro 3.0.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\PowerKey 2.11.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\PPDisinf 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Pro Tools M-Powered 7.4.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Probado).By.Poliketo.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\ProLingo French Japanese Dictionary 1.4.8.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\QuickLogin 2.0.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\radioTuner 2.4.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Record Edit Burn and Manage 7.1.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\RemoteExec 4.01.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\RSI Monitor 1.2.0.45.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\ScanFix 4.2.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Serial.Kaspersky.Antivirus.6.0.0.303.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Shadow Professional for Vista 2.9.1.100.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Shiny Things Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\SimpleActivityLogger 1.3.0.260.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Simplicated Cursors 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Site validator 2.3.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Smart Logon 1.0.0.0.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\SocketTools Secure Library Edition 6.00.6000.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Sport Scribe 1.0.3.15.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Symantec.Mail.Security.for.SMTP.v5.0.Retail-ARN.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Telling Time 1.1.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Terra 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\TK ChildLock! 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\todo.bitdefender.seriales.+.generadores.9.pro.plus.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\tssFileDragDrop 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Turn Your PLR Websites Into A Cash Machine 1.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Vicious Blob Monsters Rbow Screensaver 1.01.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Victor's Time 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Views Pack 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Visual Calculator for Electronics 2.0.6.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\WindowsUpdate 1.1.10.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\WinKill 2.1.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Winlog Lite 2.06.57.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Wondershare PPT2Flash Professional 5.1.5.4.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Wroclaw z KOGENERACJI S.A. 1.00.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\xLauncher 2.62.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\Yahoo! Avatar Joiner 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\YASA VCD Burner 4.4.94.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m\shared\[DVD-DOC-.ITA-ENG].National.Geographic.Panda.L'ultimo.Rifugi.1993.VTS_03_1.zip Infected: Trojan-Downloader.Win32.Bagle.aig 1
C:\Avenger\m-ren-528\shared\000-444 - IBM Content Management – OnDemand Practice Test Questions 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\A1Monitor 7.0.1.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Accel SpeedTec 2.1.203.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\ACCESS Dictionary German Swedish 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\AgendaMax Plus 4.2.0.17104.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\ALTools Valentine's Day Wallpaper 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\AM Service Manager 1.2.1.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\AntiVir.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\AppliWin English-German Dictionary 4.1.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Ashkon Stock Watch 5.2.228.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\ASPMaker 7.0.0.1.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\BabyMouse 3.5.0.0.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Before Thanksgiving 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\bitRipper 1.31.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Blue Pearl 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\BookWorm 5.6.3.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Convert SRT To SSA 1.0.04.000.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Cool Calendar 4.1.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Cool Timer XP 1.11.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Coolscreams - A Halloween Screensaver 5.0.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Copy Files to Multiple Folder Locations Software 7.0.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Count My Text! 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\CyberLink Live 2.0.0.2930.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Desktop Toilet 4.0.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Digital Readout 1.1.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\DISARM 0.12.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Distribution Counter 1.0.0.3.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Duplicate Image File Finder Software 7.0.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\DVD and CD Label Maker Wizard 2.05.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\EBA Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\EBRClock 1.3.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Estensione.Norton.Antivirus.2005.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\eXpress PageRank Revealer 1.0.3.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Fax Spider 2.3.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Flash Effect Maker Pro 5.036.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\FlexibleSoft Quick Backup 1.2.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Font Tap 2.11.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\FreeTpl Shop 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\GE Replica 1.2.0.2.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\GREYCstoration 2.9.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\HotDog PageWiz 1.04.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\HotHTML 2001 Professional 1.0.11 Final.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\HTML ToPDF 3.5.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\IronFTP Server 2.1.2.421.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\KAELA 2.0.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\LatHack Audio Tag Editor 1.1.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Launch-n-Go 2.5.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\LingvoSoft Talking Picture Dictionary 2008 Chinese Mandarin Simplified - Korean 1.2.26.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Log[in] Clock beta.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\McAfee_Desktop_Firewall_v7.5.1_(2002).ROR.Sharereactor.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Mphix Ghost CD-player 1.0.1.3.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Mt.Fuji 1.02.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Multi Cam Pro 2.1.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\MultiExtractor 2.82c.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\My Calendar 3.5.2.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\My Fishing Log 5.0.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\my-spambox 0.3.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\NetColor OCX 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\NicePreview 1.00.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Nod32.antivirus.-.Español.cracks.con.actualizacion.infinita-2000-xp.(INSTALAR.ESTE).zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Nod32_v2.50.39_Spanish_Nod_fix_1.9.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Nod32_v2.51.26.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\notGNU 2.11.7.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Nutrition Analyzer 1.3.0.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Outlook Express Password Recovery Key 8.0 build 2514.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Page Speed Tester 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Pagico Professional 3.2.1.103 Beta.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\PassKey 0.1.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\pdfSplit 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Pepsky AppleTv Converter 4.3.6.916.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\PGP Desktop 9.6.0 Public Beta 1.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\PhotoPile.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\PHPMagic 1.3.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Power Email Collector 3.3.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\PowerSheet 4.0.2.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\PracticeMill 1.2.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Private Keeper 1.2.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Proxy Me! 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\RAV_AntiVirus_Desktop_8.0.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\RemoteMemoryInfo 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Resolve for Agent-L and Agent-GB 1.06.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\RGBHEX 1.5.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Robert's Coder 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\RockYou! Slideshow .02.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\RPS - Remote Power Source 2.6.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Secure Notepad 1.1.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Seer 1.30 build 848.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Sequence Analysis 1.6.0.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Serial.Panda.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Shortcut Explorer 3.0.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Soft191 Notebook 1.01c.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\SOFTFIRE 2.0.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Sqirlz Lite 1.4.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\SQLServerFind 3.3.2.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Stormy Clock Screensaver 1.01.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Symantec Norton Ghost 2005 v9.0 Keygen.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Teammsn Standand 3.0.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\temworks.Symantec.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Text-To-Hack Converter 2.1.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\TextProg 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\TIFF Page Counter COM Component 1.00.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Tourism Malaysia - Culture Screensaver.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Trace Eraser 2.00.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Trace Sweeper 1.0.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\TranslateIt! German-English-German 5.5.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Two Towers - Animated Screensaver 5.07.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Vipro TVR 0.13.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Visual Barcode Designer 1.3.0.38877.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Vivaldi Scan 3.0.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Vns Conceptz Trading Anti Theft Phonebak Mobile v1.00 s60v3.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Wake On LAN Ex 0.96.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Web Copyrighter 1.1.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\WebMultify 0.50.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\WebTrafficGuru 3.80.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Wipe It Off 2.0.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\WTM CD Protect 2.21.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Xilisoft DVD to WMV Converter 5.0.46.1113.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\XinorbisCOM 1.0 Beta.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\XK0-002 CompTIA Linux+ 8.06.05.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\XOFTspy Portable Anti-Spyware 1.1.0.1.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\ZD Soft Game Recorder 2.0.1.0.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Zip Repair Tool 3.2.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\ZS Janus 1.00.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\ZSoft Uninstaller 2.4.1.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Avenger\m-ren-528\shared\Zuma 240x320 Nokia n92 n93 n73 e61 n71 e50.zip Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\105946046.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\106167062.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\10653296.exe.vir Infected: Trojan-PSW.Win32.Agent.lfr 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\10667921.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\106752078.exe.vir Infected: Trojan-PSW.Win32.Agent.lfr 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\11245828.exe.vir Infected: Trojan-PSW.Win32.Agent.lfr 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\115593.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\1167406.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\124562.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\126187.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\129125.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\1323062.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\1392437.exe.vir Infected: Trojan-PSW.Win32.Agent.lfr 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\142750.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\15059703.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\15107984.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\15806156.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\16077609.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\16217390.exe.vir Infected: Trojan-PSW.Win32.Agent.lfr 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\16269296.exe.vir Infected: Email-Worm.Win32.Bagle.majc 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\16304843.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\17797578.exe.vir Infected: Trojan-PSW.Win32.Agent.lfr 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\181484.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\183500.exe.vir Infected: Trojan-PSW.Win32.Agent.lfr 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\203296.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\219640.exe.vir Infected: Trojan-PSW.Win32.Agent.lfr 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\277742000.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\277879609.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\278071921.exe.vir Infected: Trojan-PSW.Win32.Agent.lfr 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\28706859.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\29788296.exe.vir Infected: Trojan-PSW.Win32.Agent.lfr 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\29798656.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\298859.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\3128062.exe.vir Infected: Trojan-PSW.Win32.Agent.lfr 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\324281.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\332953.exe.vir Infected: Trojan-PSW.Win32.Agent.lfr 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\3370906.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\348859.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\350565453.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\350699906.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\354093.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\3590171.exe.vir Infected: Trojan-PSW.Win32.Agent.lfr 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\369031.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\391234.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\39296093.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\393781.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\39421062.exe.vir Infected: Trojan-PSW.Win32.Agent.lfr 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\39445609.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\39656859.exe.vir Infected: Trojan-PSW.Win32.Agent.lfr 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\39699921.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\39741140.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\39866859.exe.vir Infected: Trojan-PSW.Win32.Agent.lfr 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\412897125.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\412947328.exe.vir Infected: Trojan-PSW.Win32.Agent.lfr 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\413382937.exe.vir Infected: Trojan-PSW.Win32.Agent.lfr 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\418187.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\425500.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\434655265.exe.vir Infected: Trojan-PSW.Win32.Agent.lfr 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\434723812.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\435040515.exe.vir Infected: Trojan-PSW.Win32.Agent.lfr 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\44412671.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\44451765.exe.vir Infected: Trojan-PSW.Win32.Agent.lfr 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\44507015.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\44593953.exe.vir Infected: Trojan-PSW.Win32.Agent.lfr 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\464421.exe.vir Infected: Email-Worm.Win32.Bagle.majc 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\465890.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\491390.exe.vir Infected: Trojan-PSW.Win32.Agent.lfr 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\508546.exe.vir Infected: Trojan-PSW.Win32.Agent.lfr 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\513328.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\520656.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\549968.exe.vir Infected: Email-Worm.Win32.Bagle.majc 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\554019421.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\5660765.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\5700968.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\5856265.exe.vir Infected: Trojan-PSW.Win32.Agent.lfr 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\58836437.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\58881734.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\58986093.exe.vir Infected: Trojan-PSW.Win32.Agent.lfr 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\63331468.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\635843.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\715359.exe.vir Infected: Trojan-PSW.Win32.Agent.lfr 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\75654765.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\76297796.exe.vir Infected: Trojan-PSW.Win32.Agent.lfr 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\798031.exe.vir Infected: Trojan-PSW.Win32.Agent.lfr 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\downld\91237171.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\winupgro.exe.vir Infected: Trojan-Downloader.Win32.Bagle.ahr 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\drivers\_srosa_.sys.zip Infected: Trojan-Downloader.Win32.Bagle.afl 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\data.oct.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\flec006.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\(SOFTWARE) AVG Antivirus Pro 7.0.206 + keygen.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\101 Famous Knock Knock Jokes Screesaver 2.2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Aberystwyth Webcam Promenade 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Access Converter VB Edition 3.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Active XCavator 2.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Advanced File Security Pro 3.1.3.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Advanced Sound Recorder 6.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Animak 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\ArcaBackup 2005-05-19.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Arovax NoSpam 2.0.124.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\ASCII Art Studio 2.2.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Atomic Newsgroup Explorer 4.30.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Australian 4 in 1 newsfeeder 2.00.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\AutoRunn2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\avast!.Home.Edition.4.7.942.crack.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\avg antivirus professional 7.0.289 + serial.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\BetterCache 1.21.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Bitdefender.Internet.Security.v9.0.Build.9.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Bogart 5.40.05.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Bootpart 2.60.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\bSNES 0.036.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Butterflies of the World Screensaver 3.3.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Capability Browser 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Cheapestsoft AVI Converter 1.0.4.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Chemistry LabNotebook 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\ClockSave 1.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Color Browser 2.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Cool Color Picker 1.10.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\CPU Utilization 1.2.0.2.Ga.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Daniel Craig James Bond Screen Saver 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Daniusoft Digital Video to ARCHOS Converter 2.0.27.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\DarkDepth Player 1.5.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Desktop Adviser 5.7.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\DigitalWatch 2.0.7.6.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Disk Analyzer 1.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Doorway Page Wizard Professional 2.4 Build 16.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\DynamicPDF for .NET 4.0.2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\E-mail Talker 4.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\East Asian Translator 1.1.2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Easy Image 3.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Eclipse 3.4.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Email Automator 2.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\EnvisionAide 4.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\EV DirList 1.13.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Excelsior JET for Windows 6.4.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\EZOutlookSync Pro 2.01.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Fast Video.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Fibonacci Series 1.2.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\FlashClean 3.2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Fomine LAN Chat 1.2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\foo skip 0.261.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\ForceHttps 1.00.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Forms Reader 2007.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Free Halloween Night Screensaver 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Gate 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\GeoWhere 2.72.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Gossip Corporate Messenger 1.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Groowe Search Toolbar Firefox Add-on 1.6.5.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Gustaman's Messenger Server 1.42.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\HKSafeForm 1.5.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Homemade Lip Gloss 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\HostTest 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\HP WinSplit 1.3.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\IE Screenshot 1.0.2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Internet Cyber Cafe Self Service Client 2.6.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\IP SpaceMon 3.5.5.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\JF2 Converter Build 72 Beta.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Job Seek Manager 2.1.1992.20374.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\JotDown 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Kaspersky_All_WorKiNG_key.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\KingConvert For VCD Player 4.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Know Your Ireland 3.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\LAN On Internet 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Lexus IS300 Screensaver 2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\LigneDirecte Basic 2.3.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\LP Ripper 9.1.0.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Magnify it 2.77.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Mapwing Viewer 1.6.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Matrix Mania 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\McAfee.VirusScan.Enterprise.v8.0i.Patch.13.GERMAN-TBE.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Movie Joiner 3.5.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Movie Studio for Zune 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\MSI WMIInfo 1.1.1.2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Multi Racing Countdown a.b.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\music box radio toolbar for Firefox 1.5.0.6.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\NaturCalendar.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Oops 1.02.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\panda.antivirus.platinum.v7.0x.crack.keygen.serial.(check.&.rebulid.2.04.2005).zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Panda.Internet.Security.2007.NL.eMulenl.com.JoLi.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\PDF Page Counter COM Component 1.10.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\PollTrooper 1.0.0.2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Pop Zune Jukebox 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Pork 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\PragmaSQL 1.0.0.36.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Promo Screen Calendar 7.2.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Reflector 1.2.2.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Remote-Anything 5.60.10.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Scientific Calculator Opera Widget 1.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\ScreenCapture 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Seraline Abstract Art Screensaver 5.4.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\silkodyssey PDF Merge 0.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Smart Gambler's Calculator 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\SMRuler component.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\SocuSoft DV to DVD Converter 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\SoftaMedCab 1.0x.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Space Jam Screensaver 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\SpeedySearch 1.26.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Stealth Chat Monitor 1.5.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Symantec.Norton.Windoctor.2006.Internal-Tcp.-.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\TechnoRiver MICR Font 2.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\threeMessenger 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Trace Log 1.3.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\trueSpace 7.6.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\TVUPlayer 2.4.1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Types Popup Free 1.01.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\USAsoft DVD to Sony PSP Converter 5.48.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Video To Zune Converter 1.00.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\VTF Plugin 1.04.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Weather Cursor Set 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\WebSweep 1.0.65.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\WG-Screensaver Creator 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Widget Killer 3.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\Win Mail Backup 1.7.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\WiNc 2.2 build 1492.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\XMPies uDirect 4.03.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\XP App Wizard 1.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\XProFTP 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Documents and Settings\WtP\Application Data\m\shared\XSD Diagram 0.4.zip.vir Infected: Trojan-Downloader.Win32.Bagle.alf 1
C:\Qoobox\Quarantine\C\Program Files\NetWaiting\netwaiting.exe.vir Infected: Trojan-Downloader.Win32.Bagle.ahr 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\mdelk.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\wintems.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
G:\--- SAS Applications DONT DELETE 1 --- ON DVD ---\Drivers\Codecs\DivX\DivXPro502GAINBundle.exe Infected: not-a-virus:AdWare.Win32.Gator.3202 1
G:\--- SAS Applications DONT DELETE 2 --- ON DVD ---\Various Apps\buddyPhone v2.03\bp2setup.exe Infected: not-a-virus:AdWare.Win32.Aureate 1
G:\--- SAS Applications DONT DELETE 2 --- ON DVD ---\Various Apps\CuteFTP v3.0\CUTE3032.EXE Infected: not-a-virus:AdWare.Win32.Aureate.a 1
G:\--- SAS Applications DONT DELETE 2 --- ON DVD ---\Various Apps\ReGet 1.5 Free Beta Build 429 RC\rgb15_429.exe Infected: not-a-virus:AdWare.Win32.TimeSink 3
G:\--- SAS Applications DONT DELETE 2 --- ON DVD ---\Various Apps\ReGet 1.5 Free Beta Build 429 RC\rgb15_429.exe Infected: not-a-virus:AdWare.Win32.TimeSink.b 1
G:\--- SAS Applications DONT DELETE 2 --- ON DVD ---\Various Apps\Tweaki for Power Users v2.3\KeyGen\tweaki_keygen.exe Infected: Trojan.Win32.FormatC.c 1
G:\--- SAS Applications DONT DELETE 3 ---\PocketPC Definitive Collection 2004\Utilities\Area Code Reverse Lookup\Area Code Reverse Lookup Install File.exe Infected: not-a-virus:AdWare.Win32.OnFlow 1
G:\--- SAS Applications DONT DELETE 5 ---\Utils\TreeSize 4.0 Pro Crack and Serial.exe Infected: Trojan-Downloader.Win32.Small.dme 1
G:\--- SAS Applications DONT DELETE 5 ---\Utils\Winrar Password Recovery v4.12.zip Infected: Backdoor.Win32.Rbot.kmx 1
G:\--- SAS Applications DONT DELETE 7 ---\ASSESS\PC\Win RAR Password Cracker Setup.exe Infected: Backdoor.Win32.Rbot.kmx 1
G:\--- SAS Applications DONT DELETE 7 ---\ASSESS\PC\Winrar Password Recovery v4.12.zip Infected: Backdoor.Win32.Rbot.kmx 1
G:\--- SAS Applications DONT DELETE 8\Games\Halo + halo 2 ^^\install halo2 xp\INSTALL\CMDOW.EXE Infected: not-a-virus:RiskTool.Win32.HideWindows 1
G:\--- SAS REFERENCE -- Assess & copy to DVD\Design and Photography Books\Photography Mags\Digital Camera Magazine Complete Photography Guide 2008.zip Infected: Trojan.Win32.Zapchast.gb 1
H:\--- SAS Applications DONT DELETE 8\Transfer to Ext\Photoshop Cs2 Plug-In Autocorrect153 Jpeg2000 Imagenomic Noiseware Pro3.4 Power Retouche Pro 6.0 Shadow Illuminator 1022 Shortcut Photozoom.rar Infected: not-a-virus:AdWare.Win32.Rabio.hp 1
H:\TEMP\Design and Photography Books\Photography Mags\Digital Camera Magazine Complete Photography Guide 2008.zip Infected: Trojan.Win32.Zapchast.gb 1
H:\TEMP\TEMP BACKUP\--- SAS Applications DONT DELETE 8\-- ASSESS\PC\File and Disk Utilities\Win RAR Password Cracker Setup.exe Infected: Backdoor.Win32.Rbot.kmx 1
H:\TEMP\TEMP BACKUP\--- SAS Applications DONT DELETE 8\-- ASSESS\PC\File and Disk Utilities\Winrar Password Recovery v4.12.zip Infected: Backdoor.Win32.Rbot.kmx 1
H:\TRANSFER\Apps\Photoshop Cs2 Plug-In Autocorrect153 Jpeg2000 Imagenomic Noiseware Pro3.4 Power Retouche Pro 6.0 Shadow Illuminator 1022 Shortcut Photozoom.rar Infected: not-a-virus:AdWare.Win32.Rabio.hp 1
H:\TRANSFER\Apps\Winamp Pro 5.531 Build 1938 + Serial,Crack,Plugins DONT USE App.zip Infected: Packed.Win32.Black.a 1
The selected area was scanned.
...continued... and HiJackThis log file
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:08:42, on 13/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\SYSTEM32\astsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Apps\Logitech\Video\LogiTray.exe
C:\Apps\Ad-Aware 2007\AAWTray.exe
C:\Apps\PowerDVD\PDVDServ.exe
C:\Apps\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Apps\iTunes\iTunesHelper.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Apps\Directory Opus\dopusrt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Apps\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Apps\Nikon\NikonView\NkvMon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Apps\Palm\HOTSYNC.EXE
C:\Apps\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://uk.mcafee.com/root/campaign.asp?cid=16321
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Apps\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Apps\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Apps\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Apps\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AAWTray] C:\Apps\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Apps\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Apps\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Apps\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [MimBoot] C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Apps\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Apps\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [DOpus] C:\Apps\Directory Opus\dopus.exe
O4 - HKCU\..\Run: [Directory Opus Desktop Dblclk] "C:\Apps\Directory Opus\dopusrt.exe" /dblclk
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: HotSync Manager.LNK = C:\Apps\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Apps\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Apps\Nikon\NikonView\NkvMon.exe
O4 - Global Startup: Register PhotoFrame 4.0 Professional Edition.lnk = C:\Apps\onOne Software\PhotoFrame 4.0 Professional Edition\Register PhotoFrame 4.0 Professional Edition.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Apps\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Apps\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Apps\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Apps\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Apps\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Apps\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Apps\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Apps\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Apps\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: En&queue current page with Bulk Image Downloader - file://C:\Apps\Bulk Image Downloader\iemenu\iebidqueue.htm
O8 - Extra context menu item: Enqueue link target with Bulk Ima&ge Downloader - file://C:\Apps\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
O8 - Extra context menu item: Open &link target with Bulk Image Downloader - file://C:\Apps\Bulk Image Downloader\iemenu\iebidlink.htm
O8 - Extra context menu item: Open current page with Bulk I&mage Downloader - file://C:\Apps\Bulk Image Downloader\iemenu\iebid.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Games\PartyPoker\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Games\PartyPoker\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pu...sh/swflash.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0100181231811148) (0100181231811148mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\010018~1.EXE
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Apps\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\SYSTEM32\astsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Apps\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 15377 bytes
HiJackThis log file run after OTMoveIT
... and here's a fresh HiJackThis log file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:41:21, on 13/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\SYSTEM32\astsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Apps\Logitech\Video\LogiTray.exe
C:\Apps\Ad-Aware 2007\AAWTray.exe
C:\Apps\PowerDVD\PDVDServ.exe
C:\Apps\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Apps\iTunes\iTunesHelper.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Apps\Directory Opus\dopusrt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Apps\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Apps\Nikon\NikonView\NkvMon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Apps\Palm\HOTSYNC.EXE
C:\Apps\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://uk.mcafee.com/root/campaign.asp?cid=16321
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Apps\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Apps\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Apps\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Apps\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AAWTray] C:\Apps\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Apps\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Apps\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Apps\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [MimBoot] C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Apps\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Apps\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [DOpus] C:\Apps\Directory Opus\dopus.exe
O4 - HKCU\..\Run: [Directory Opus Desktop Dblclk] "C:\Apps\Directory Opus\dopusrt.exe" /dblclk
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: HotSync Manager.LNK = C:\Apps\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Apps\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Apps\Nikon\NikonView\NkvMon.exe
O4 - Global Startup: Register PhotoFrame 4.0 Professional Edition.lnk = C:\Apps\onOne Software\PhotoFrame 4.0 Professional Edition\Register PhotoFrame 4.0 Professional Edition.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Apps\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Apps\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Apps\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Apps\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Apps\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Apps\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Apps\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Apps\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Apps\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: En&queue current page with Bulk Image Downloader - file://C:\Apps\Bulk Image Downloader\iemenu\iebidqueue.htm
O8 - Extra context menu item: Enqueue link target with Bulk Ima&ge Downloader - file://C:\Apps\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
O8 - Extra context menu item: Open &link target with Bulk Image Downloader - file://C:\Apps\Bulk Image Downloader\iemenu\iebidlink.htm
O8 - Extra context menu item: Open current page with Bulk I&mage Downloader - file://C:\Apps\Bulk Image Downloader\iemenu\iebid.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Games\PartyPoker\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Games\PartyPoker\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pu...sh/swflash.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0100181231811148) (0100181231811148mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\010018~1.EXE
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Apps\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\SYSTEM32\astsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Apps\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 15270 bytes