1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Browser search results hijacked

Discussion in 'Virus & Other Malware Removal' started by Gorgon88, Apr 26, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. Gorgon88

    Gorgon88 Thread Starter

    Joined:
    Feb 24, 2010
    Messages:
    32
    Hi,

    I am running a Windows XP service pack 3 computer where search results are occasionally hijacked. I have tried scanning with McAfee virus scan, Malwarebytes, and Spybot to no avail. I have posted a Hijack This log in hope that someone can give me a procedure to get rid of this. Thanks for your help.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:25:43 PM, on 4/26/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\WINDOWS\system32\cusrvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\mfevtps.exe
    C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe
    C:\WINDOWS\system32\WFXSVC.EXE
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\McAfee\VirusScan Enterprise\ShStat.exe
    C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\UPS\WSTD\WSTDMessaging.exe
    C:\Program Files\McAfee\VirusScan Enterprise\ShStat .exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp .exe
    C:\Program Files\Microsoft IntelliPoint\ipoint .exe
    C:\Program Files\Common Files\Real\Update_OB\realsched .exe
    C:\Program Files\Microsoft IntelliType Pro\itype .exe
    C:\PROGRA~1\WinFax\WFXSWTCH .exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
    C:\WINDOWS\system32\NWTRAY .exe
    C:\Program Files\McAfee\Common Framework\udaterui .exe
    C:\Program Files\Common Files\Java\Java Update\jusched .exe
    C:\Program Files\Acronis\TrueImage\TrueImageMonitor .exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\PVSW\bin\W3DBSMGR.EXE
    C:\PROGRA~1\MICROS~4\OFFICE11\OUTLOOK.EXE
    C:\Documents and Settings\Dave\Hijack\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP CD-DVD\Umbrella\DVDBitSet.exe" /NOUI
    O4 - HKLM\..\Run: [ChangeICON] C:\WINDOWS\SPMSMON.EXE
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\WinFax\WFXSWTCH.exe
    O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [NA1Messenger] C:\UPS\WSTD\UPSNA1Msgr.exe
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Controller.LNK = C:\Program Files\WinFax\WFXCTL32.EXE
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O4 - Global Startup: UPS WorldShip Messaging Utility.lnk = C:\UPS\WSTD\WSTDMessaging.exe
    O4 - Global Startup: UPS WorldShip PLD Reminder Utility.lnk = C:\UPS\WSTD\wstdPldReminder.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
    O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,8/McUpdatePortal.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{77F17C75-92C5-40FF-80CF-C4A5EA750574}: NameServer = 206.13.28.12,206.13.31.12
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
    O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE

    --
    End of file - 11433 bytes
     
  2. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi,

    please do the following:


    Please download DDS from either of these links

    LINK 1
    LINK 2

    and save it to your desktop.
    • Disable any script blocking protection
    • Double click dds.pif to run the tool.
    • When done, two DDS.txt's will open.
    • Save both reports to your desktop.
    ---------------------------------------------------
    Please include the contents of the following in your next reply:

    DDS.txt
    Attach.txt.


    NEXT


    [​IMG]
    Download GMER Rootkit Scanner from here or here.
    • Extract the contents of the zipped file to desktop.
    • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

      [​IMG]
      Click the image to enlarge it
    • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
      • IAT/EAT
      • Drives/Partition other than Systemdrive (typically C:\)
      • Show All (don't miss this one)
    • Then click the Scan button & wait for it to finish.
    • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
    • Save it where you can easily find it, such as your desktop, and post it in your next reply.

    **Caution**
    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
     
  3. Gorgon88

    Gorgon88 Thread Starter

    Joined:
    Feb 24, 2010
    Messages:
    32
    Here are combined DDS and Attach logs. GMER will not run. It reboots the computer before the scan is complete. Should I disable McAfee Virus Scan prior to this?

    Thanks
     

    Attached Files:

    • DDS.zip
      File size:
      10.9 KB
      Views:
      1
  4. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Yes, please disable McAfee

    try only checking the boxes beside the "services" and C:\ drive, that should help, if it still crashes try running it in safe mode.
     
  5. Gorgon88

    Gorgon88 Thread Starter

    Joined:
    Feb 24, 2010
    Messages:
    32
    Hi,

    GMER gives a no items selected message if I check only services and the C drive. Standard mode, McAfee disabled.

    It doesn't run at all in safe mode.

    FYI, when rebooting, I received the following McAfee Antivirus message:

    4/27/2010 3:21:15 PM Deleted NT AUTHORITY\SYSTEM C:\WINDOWS\TEMP\cOAd.exe C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe FakeAlert-WinWebSecurity.c (Trojan)
    4/27/2010 3:21:45 PM Deleted NT AUTHORITY\SYSTEM C:\WINDOWS\TEMP\cOAd.exe C:\Documents and Settings\NetworkService\Local Settings\Application Data\av.exe FakeAlert-XPSpy (Trojan)


    FYI, I have the same problem when trying to run Combofix. It reboots the computer but does not continue.

    Thanks
     
  6. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi,

    please delete the copy of ComboFix that you have on your desktop and download a fresh copy from the link below. Make certain that you RENAME Combofix to Combo.com before you save the file to your desktop.

    Link 1

    Please run this program before you give ComboFix another try:


    Please download exeHelper to your desktop.
    • Double-click on exeHelper.com to run the fix.
    • A black window should pop up, press any key to close once the fix is completed.
    • Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
    Note If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
     
  7. Gorgon88

    Gorgon88 Thread Starter

    Joined:
    Feb 24, 2010
    Messages:
    32
    Sorry, what ever has gotten into this machine is now popping up a fake antispy antivirus program called Command Center. It has wiped out my desktop. I see various threads recommending Malwarebytes for this which I am trying now. As I can't get to the desktop, I am running Malwarebytes off a USB drive. It shut down during a scan once, so I downloaded a file called rkill from bleepingcomputer.

    If you have any suggestions, it would be appreciated.
     
  8. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    To reach your desktop do the following

    Go to Start > Run > type in %UserProfile%\desktop into the open run box > press OK

    These are the instructions I have for rkill....

    If you have an active internet connection, copy/paste the links below into your browser, don't click them or the rogue might redirect. If you don't have an active internet connection, download the tools from another machine, and transfer them to the affected machine via USB flash drive.


    Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click and choose Run as Admin
    You only need to get one of them to run, not all of them.


    http://download.bleepingcomputer.com/grinler/rkill.exe
    http://download.bleepingcomputer.com/grinler/rkill.com
    http://download.bleepingcomputer.com/grinler/rkill.scr

    Note:

    You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message. Run rkill repeatedly until it's able to do it's job. This may take a few tries. You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.


    NEXT


    Please do the following:

    Re run the comboFix program that you have on your desktop
     
  9. Gorgon88

    Gorgon88 Thread Starter

    Joined:
    Feb 24, 2010
    Messages:
    32
    Hello,

    Here is the combofix log. It rebooted the machine and completed a scan, but when it rebooted, McAfee was enabled. I notice that in the log.

    ComboFix 10-04-28.08 - Dave 04/29/2010 13:03:10.2.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.614 [GMT -7:00]
    Running from: c:\documents and settings\Dave\Desktop\ComboFix.com
    AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
    * Resident AV is active

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\SPMSMON .exe
    c:\windows\system32\drivers\npf.sys
    c:\windows\system32\NWTRAY .exe
    c:\windows\system32\Packet.dll
    c:\windows\system32\Rundll32 .exe
    c:\windows\system32\wfxsnt40 .exe
    c:\windows\system32\wpcap.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_NPF
    -------\Service_NPF


    ((((((((((((((((((((((((( Files Created from 2010-03-28 to 2010-04-29 )))))))))))))))))))))))))))))))
    .

    2010-04-29 20:40 . 2010-04-29 20:40 -------- d-----w- c:\windows\LastGood
    2010-04-29 17:07 . 2010-03-30 07:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-29 17:07 . 2010-03-30 07:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-29 17:07 . 2010-04-29 18:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-04-28 16:58 . 2010-04-28 16:58 70254592 --sha-w- C:\NRTPage.sys
    2010-04-28 12:01 . 2010-04-28 18:55 -------- d-----w- c:\documents and settings\Dave\Application Data\ACommander
    2010-04-27 23:23 . 2010-04-27 23:23 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
    2010-04-27 23:20 . 2010-04-28 11:35 -------- d-----w- c:\documents and settings\Dave\Application Data\CCommander
    2010-04-27 23:17 . 2010-04-28 09:20 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\ehjeiwkxq
    2010-04-27 23:14 . 2010-04-29 20:52 823808 ----a-w- c:\windows\system32\drivers\owxbiew.sys
    2010-04-26 19:46 . 2010-04-26 19:46 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
    2010-04-26 18:00 . 2010-04-26 18:00 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
    2010-04-26 17:02 . 2010-04-26 17:02 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
    2010-04-26 14:50 . 2010-04-26 14:50 4736 ----a-w- c:\windows\system32\o.sys
    2010-04-22 18:05 . 2010-04-22 18:05 0 ----a-w- c:\windows\nsreg.dat
    2010-04-22 18:05 . 2010-04-22 18:05 -------- d-----w- c:\documents and settings\Dave\Local Settings\Application Data\Mozilla
    2010-04-21 20:01 . 2010-04-26 16:26 -------- dc----w- c:\windows\system32\DRVSTORE
    2010-04-21 20:01 . 2010-04-21 20:00 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-04-12 23:23 . 2010-04-12 23:23 -------- d-----w- c:\documents and settings\Dave\Local Settings\Application Data\Opera
    2010-04-12 23:22 . 2010-04-19 23:22 -------- d-----w- c:\program files\Opera
    2010-04-12 14:51 . 2010-04-12 14:51 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
    2010-04-12 14:51 . 2010-04-12 14:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2010-04-07 19:42 . 2010-04-07 19:42 -------- d-----w- c:\program files\MSXML 6.0
    2010-04-07 19:37 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2010-04-07 19:37 . 2010-02-25 06:24 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
    2010-04-07 19:37 . 2010-02-25 06:24 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
    2010-04-07 19:37 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2010-04-07 19:37 . 2010-02-25 06:24 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
    2010-04-07 19:37 . 2010-02-25 18:54 11070976 -c----w- c:\windows\system32\dllcache\ieframe.dll
    2010-04-07 19:36 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2010-04-07 16:40 . 2008-04-13 17:27 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
    2010-04-07 16:40 . 2009-07-31 17:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
    2010-04-07 16:38 . 2008-04-14 00:11 81920 ------w- c:\windows\system32\ieencode.dll
    2010-04-07 15:54 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
    2010-04-07 15:54 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
    2010-04-07 15:53 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
    2010-04-07 15:51 . 2010-02-16 13:25 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
    2010-04-07 15:48 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
    2010-04-07 15:47 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
    2010-04-07 15:47 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
    2010-04-07 15:45 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
    2010-04-07 15:44 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
    2010-04-06 21:33 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
    2010-04-06 19:56 . 2005-06-22 07:43 163840 ----a-w- c:\windows\system32\igfxres.dll
    2010-04-06 19:37 . 2004-08-04 12:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
    2010-04-06 19:37 . 2004-08-04 12:00 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
    2010-04-06 19:37 . 2004-08-04 12:00 9216 -c--a-w- c:\windows\system32\dllcache\wamps51.dll
    2010-04-06 19:37 . 2004-08-04 12:00 73728 -c--a-w- c:\windows\system32\dllcache\w3ext.dll
    2010-04-06 19:37 . 2004-08-04 12:00 5632 -c--a-w- c:\windows\system32\dllcache\w3svapi.dll
    2010-04-06 19:37 . 2004-08-04 12:00 4608 -c--a-w- c:\windows\system32\dllcache\w3ctrs51.dll
    2010-04-06 19:37 . 2004-08-04 12:00 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll
    2010-04-06 19:37 . 2008-04-14 00:11 86073 -c--a-w- c:\windows\system32\dllcache\voicesub.dll
    2010-04-06 19:37 . 2008-04-14 00:11 426041 -c--a-w- c:\windows\system32\dllcache\voicepad.dll
    2010-04-06 19:37 . 2008-04-14 00:11 76288 -c--a-w- c:\windows\system32\dllcache\uniime.dll
    2010-04-06 19:37 . 2004-08-04 12:00 14336 -c--a-w- c:\windows\system32\dllcache\tsprof.exe
    2010-04-06 19:35 . 2001-08-18 05:36 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
    2010-04-06 19:35 . 2004-08-04 12:00 53248 -c--a-w- c:\windows\system32\dllcache\nextlink.dll
    2010-04-06 19:35 . 2004-08-04 12:00 229439 -c--a-w- c:\windows\system32\dllcache\multibox.dll
    2010-04-06 19:35 . 2004-08-04 12:00 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
    2010-04-06 19:35 . 2004-08-04 12:00 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys
    2010-04-06 19:35 . 2004-08-04 12:00 92032 -c--a-w- c:\windows\system32\dllcache\mga.dll
    2010-04-06 19:35 . 2004-08-04 12:00 26624 -c--a-w- c:\windows\system32\dllcache\mdsync.dll
    2010-04-06 19:35 . 2001-08-18 05:36 65536 -c--a-w- c:\windows\system32\dllcache\EXCH_mailmsg.dll
    2010-04-06 19:35 . 2004-08-04 12:00 22016 -c--a-w- c:\windows\system32\dllcache\logscrpt.dll
    2010-04-06 19:33 . 2004-08-04 12:00 14848 -c--a-w- c:\windows\system32\dllcache\flattemp.exe
    2010-04-06 19:32 . 2004-08-04 12:00 29184 -c--a-w- c:\windows\system32\dllcache\asptxn.dll
    2010-04-06 19:32 . 2004-08-04 12:00 10240 -c--a-w- c:\windows\system32\dllcache\aspperf.dll
    2010-04-06 19:32 . 2001-08-18 05:36 45056 -c--a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll
    2010-04-06 19:32 . 2004-08-04 12:00 49664 -c--a-w- c:\windows\system32\dllcache\adrot.dll
    2010-04-06 19:32 . 2001-08-18 05:36 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
    2010-04-06 19:32 . 2004-08-04 12:00 6144 -c--a-w- c:\windows\system32\dllcache\admxprox.dll
    2010-04-06 19:32 . 2004-08-04 12:00 7168 -c--a-w- c:\windows\system32\dllcache\wamregps.dll
    2010-04-06 19:32 . 2004-08-04 12:00 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
    2010-04-06 19:32 . 2004-08-04 12:00 19968 -c--a-w- c:\windows\system32\dllcache\inetsloc.dll
    2010-04-06 19:32 . 2004-08-04 12:00 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll
    2010-04-06 19:32 . 2004-08-04 12:00 169984 -c--a-w- c:\windows\system32\dllcache\iisui.dll
    2010-04-06 19:32 . 2004-08-04 12:00 14336 -c--a-w- c:\windows\system32\dllcache\iisreset.exe
    2010-04-06 19:32 . 2004-08-04 12:00 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll
    2010-04-06 19:26 . 2004-08-04 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
    2010-04-06 19:17 . 2003-12-08 23:17 487424 ----a-w- c:\windows\system32\ldapssl.dll
    2010-04-06 19:17 . 2003-12-08 23:17 208896 ----a-w- c:\windows\system32\ldapsdk.dll
    2010-04-06 19:17 . 1999-04-17 05:50 8464 ----a-w- c:\windows\system32\sporder.dll
    2010-04-06 19:01 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
    2010-04-06 19:01 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
    2010-04-06 19:01 . 2004-08-04 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
    2010-04-06 19:01 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
    2010-04-06 18:36 . 2010-04-06 18:36 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-04-06 11:47 . 2010-04-06 11:47 -------- d-----w- c:\windows\dell

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-04-29 20:55 . 2004-08-04 12:00 36352 ----a-w- c:\windows\system32\drivers\disk.sys
    2010-04-29 20:55 . 2010-04-29 20:55 36352 ----a-w- c:\windows\system32\drivers\OLD18D.tmp
    2010-04-29 20:55 . 2010-04-29 20:55 36352 ----a-w- c:\windows\system32\drivers\OLD18A.tmp
    2010-04-29 20:54 . 2010-04-29 20:55 36352 ----a-w- c:\windows\system32\drivers\OLD187.tmp
    2010-04-29 20:54 . 2010-04-29 20:54 36352 ----a-w- c:\windows\system32\drivers\OLD184.tmp
    2010-04-29 20:54 . 2010-04-29 20:54 36352 ----a-w- c:\windows\system32\drivers\OLD181.tmp
    2010-04-29 20:54 . 2010-04-29 20:54 36352 ----a-w- c:\windows\system32\drivers\OLD17E.tmp
    2010-04-29 20:54 . 2010-04-29 20:54 36352 ----a-w- c:\windows\system32\drivers\OLD17B.tmp
    2010-04-29 20:54 . 2010-04-29 20:54 36352 ----a-w- c:\windows\system32\drivers\OLD178.tmp
    2010-04-29 20:54 . 2010-04-29 20:54 36352 ----a-w- c:\windows\system32\drivers\OLD175.tmp
    2010-04-29 20:54 . 2010-04-29 20:54 36352 ----a-w- c:\windows\system32\drivers\OLD172.tmp
    2010-04-29 20:54 . 2010-04-29 20:54 36352 ----a-w- c:\windows\system32\drivers\OLD16F.tmp
    2010-04-29 20:53 . 2010-04-29 20:53 36352 ----a-w- c:\windows\system32\drivers\OLD16C.tmp
    2010-04-29 20:53 . 2010-04-29 20:53 36352 ----a-w- c:\windows\system32\drivers\OLD169.tmp
    2010-04-29 20:53 . 2010-04-29 20:53 36352 ----a-w- c:\windows\system32\drivers\OLD166.tmp
    2010-04-29 20:53 . 2010-04-29 20:53 36352 ----a-w- c:\windows\system32\drivers\OLD163.tmp
    2010-04-29 20:53 . 2010-04-29 20:53 36352 ----a-w- c:\windows\system32\drivers\OLD160.tmp
    2010-04-29 20:53 . 2010-04-29 20:53 36352 ----a-w- c:\windows\system32\drivers\OLD15D.tmp
    2010-04-29 20:53 . 2010-04-29 20:53 36352 ----a-w- c:\windows\system32\drivers\OLD15A.tmp
    2010-04-29 20:53 . 2010-04-29 20:53 36352 ----a-w- c:\windows\system32\drivers\OLD157.tmp
    2010-04-29 20:52 . 2010-04-29 20:52 36352 ----a-w- c:\windows\system32\drivers\OLD154.tmp
    2010-04-29 20:52 . 2010-04-29 20:52 36352 ----a-w- c:\windows\system32\drivers\OLD151.tmp
    2010-04-29 20:52 . 2010-04-29 20:52 36352 ----a-w- c:\windows\system32\drivers\OLD14E.tmp
    2010-04-29 20:52 . 2010-04-29 20:52 36352 ----a-w- c:\windows\system32\drivers\OLD14B.tmp
    2010-04-29 20:52 . 2010-04-29 20:52 36352 ----a-w- c:\windows\system32\drivers\OLD148.tmp
    2010-04-29 20:52 . 2010-04-29 20:52 36352 ----a-w- c:\windows\system32\drivers\OLD145.tmp
    2010-04-29 20:51 . 2010-04-29 20:52 36352 ----a-w- c:\windows\system32\drivers\OLD142.tmp
    2010-04-29 20:51 . 2010-04-29 20:51 36352 ----a-w- c:\windows\system32\drivers\OLD13F.tmp
    2010-04-29 20:51 . 2010-04-29 20:51 36352 ----a-w- c:\windows\system32\drivers\OLD13C.tmp
    2010-04-29 20:51 . 2010-04-29 20:51 36352 ----a-w- c:\windows\system32\drivers\OLD139.tmp
    2010-04-29 20:51 . 2010-04-29 20:51 36352 ----a-w- c:\windows\system32\drivers\OLD136.tmp
    2010-04-29 20:51 . 2010-04-29 20:51 36352 ----a-w- c:\windows\system32\drivers\OLD133.tmp
    2010-04-29 20:51 . 2010-04-29 20:51 36352 ----a-w- c:\windows\system32\drivers\OLD130.tmp
    2010-04-29 20:50 . 2010-04-29 20:50 36352 ----a-w- c:\windows\system32\drivers\OLD12D.tmp
    2010-04-29 20:50 . 2010-04-29 20:50 36352 ----a-w- c:\windows\system32\drivers\OLD12A.tmp
    2010-04-29 20:50 . 2010-04-29 20:50 36352 ----a-w- c:\windows\system32\drivers\OLD127.tmp
    2010-04-29 20:50 . 2010-04-29 20:50 36352 ----a-w- c:\windows\system32\drivers\OLD124.tmp
    2010-04-29 20:50 . 2010-04-29 20:50 36352 ----a-w- c:\windows\system32\drivers\OLD121.tmp
    2010-04-29 20:50 . 2010-04-29 20:50 36352 ----a-w- c:\windows\system32\drivers\OLD11E.tmp
    2010-04-29 20:50 . 2010-04-29 20:50 36352 ----a-w- c:\windows\system32\drivers\OLD11B.tmp
    2010-04-29 20:50 . 2004-08-10 19:48 -------- d-----w- c:\program files\QuickTime
    2010-04-29 20:50 . 2010-04-29 20:50 36352 ----a-w- c:\windows\system32\drivers\OLD118.tmp
    2010-04-29 20:50 . 2010-04-29 20:50 36352 ----a-w- c:\windows\system32\drivers\OLD115.tmp
    2010-04-29 20:49 . 2010-04-29 20:50 36352 ----a-w- c:\windows\system32\drivers\OLD112.tmp
    2010-04-29 20:49 . 2010-04-29 20:49 36352 ----a-w- c:\windows\system32\drivers\OLD10F.tmp
    2010-04-29 20:49 . 2010-04-29 20:49 36352 ----a-w- c:\windows\system32\drivers\OLD10C.tmp
    2010-04-29 20:49 . 2010-04-29 20:49 36352 ----a-w- c:\windows\system32\drivers\OLD109.tmp
    2010-04-29 20:49 . 2010-04-29 20:49 36352 ----a-w- c:\windows\system32\drivers\OLD106.tmp
    2010-04-29 20:49 . 2010-04-29 20:49 36352 ----a-w- c:\windows\system32\drivers\OLD102.tmp
    2010-04-29 20:49 . 2010-04-29 20:49 36352 ----a-w- c:\windows\system32\drivers\OLDFF.tmp
    2010-04-29 20:49 . 2010-04-29 20:49 36352 ----a-w- c:\windows\system32\drivers\OLDFC.tmp
    2010-04-29 20:49 . 2010-04-29 20:49 36352 ----a-w- c:\windows\system32\drivers\OLDF9.tmp
    2010-04-29 20:48 . 2010-04-29 20:49 36352 ----a-w- c:\windows\system32\drivers\OLDF6.tmp
    2010-04-29 20:48 . 2010-04-29 20:48 36352 ----a-w- c:\windows\system32\drivers\OLDF3.tmp
    2010-04-29 20:48 . 2010-04-29 20:48 36352 ----a-w- c:\windows\system32\drivers\OLDF0.tmp
    2010-04-29 20:48 . 2010-04-29 20:48 36352 ----a-w- c:\windows\system32\drivers\OLDED.tmp
    2010-04-29 20:48 . 2010-04-29 20:48 36352 ----a-w- c:\windows\system32\drivers\OLDEA.tmp
    2010-04-29 20:48 . 2010-04-29 20:48 36352 ----a-w- c:\windows\system32\drivers\OLDE7.tmp
    2010-04-29 20:48 . 2010-04-29 20:48 36352 ----a-w- c:\windows\system32\drivers\OLDE4.tmp
    2010-04-29 20:48 . 2010-04-29 20:48 36352 ----a-w- c:\windows\system32\drivers\OLDE1.tmp
    2010-04-29 20:48 . 2010-04-29 20:48 36352 ----a-w- c:\windows\system32\drivers\OLDDE.tmp
    2010-04-29 20:48 . 2010-04-29 20:48 36352 ----a-w- c:\windows\system32\drivers\OLDDB.tmp
    2010-04-29 20:47 . 2010-04-29 20:47 36352 ----a-w- c:\windows\system32\drivers\OLDD8.tmp
    2010-04-29 20:47 . 2010-04-29 20:47 36352 ----a-w- c:\windows\system32\drivers\OLDCE.tmp
    2010-04-29 20:47 . 2010-04-29 20:47 36352 ----a-w- c:\windows\system32\drivers\OLDCA.tmp
    2010-04-29 20:46 . 2010-04-29 20:47 36352 ----a-w- c:\windows\system32\drivers\OLDC7.tmp
    2010-04-29 20:46 . 2010-04-29 20:46 36352 ----a-w- c:\windows\system32\drivers\OLDC4.tmp
    2010-04-29 20:46 . 2010-04-29 20:46 36352 ----a-w- c:\windows\system32\drivers\OLDC1.tmp
    2010-04-29 20:46 . 2010-04-29 20:46 36352 ----a-w- c:\windows\system32\drivers\OLDBE.tmp
    2010-04-29 20:46 . 2010-04-29 20:46 36352 ----a-w- c:\windows\system32\drivers\OLDBB.tmp
    2010-04-29 20:46 . 2010-04-29 20:46 36352 ----a-w- c:\windows\system32\drivers\OLDB8.tmp
    2010-04-29 20:46 . 2010-04-29 20:46 36352 ----a-w- c:\windows\system32\drivers\OLDB5.tmp
    2010-04-29 20:46 . 2010-04-29 20:46 36352 ----a-w- c:\windows\system32\drivers\OLDB2.tmp
    2010-04-29 20:46 . 2010-04-29 20:46 36352 ----a-w- c:\windows\system32\drivers\OLDAF.tmp
    2010-04-29 20:45 . 2010-04-29 20:46 36352 ----a-w- c:\windows\system32\drivers\OLDAC.tmp
    2010-04-29 20:45 . 2010-04-29 20:45 36352 ----a-w- c:\windows\system32\drivers\OLDA9.tmp
    2010-04-29 20:45 . 2010-04-29 20:45 36352 ----a-w- c:\windows\system32\drivers\OLDA5.tmp
    2010-04-29 20:45 . 2010-04-29 20:45 36352 ----a-w- c:\windows\system32\drivers\OLDA2.tmp
    2010-04-29 20:45 . 2010-04-29 20:45 36352 ----a-w- c:\windows\system32\drivers\OLD9F.tmp
    2010-04-29 20:45 . 2010-04-29 20:45 36352 ----a-w- c:\windows\system32\drivers\OLD9C.tmp
    2010-04-29 20:45 . 2010-04-29 20:45 36352 ----a-w- c:\windows\system32\drivers\OLD99.tmp
    2010-04-29 20:45 . 2010-04-29 20:45 36352 ----a-w- c:\windows\system32\drivers\OLD96.tmp
    2010-04-29 20:45 . 2010-04-29 20:45 36352 ----a-w- c:\windows\system32\drivers\OLD93.tmp
    2010-04-29 20:45 . 2010-04-29 20:45 36352 ----a-w- c:\windows\system32\drivers\OLD90.tmp
    2010-04-29 20:44 . 2010-04-29 20:45 36352 ----a-w- c:\windows\system32\drivers\OLD8D.tmp
    2010-04-29 20:44 . 2010-04-29 20:44 36352 ----a-w- c:\windows\system32\drivers\OLD8A.tmp
    2010-04-29 20:44 . 2010-04-29 20:44 36352 ----a-w- c:\windows\system32\drivers\OLD87.tmp
    2010-04-29 20:44 . 2010-04-29 20:44 36352 ----a-w- c:\windows\system32\drivers\OLD84.tmp
    2010-04-29 20:44 . 2010-04-29 20:44 36352 ----a-w- c:\windows\system32\drivers\OLD81.tmp
    2010-04-29 20:44 . 2010-04-29 20:44 36352 ----a-w- c:\windows\system32\drivers\OLD7E.tmp
    2010-04-29 20:44 . 2010-04-29 20:44 36352 ----a-w- c:\windows\system32\drivers\OLD7B.tmp
    2010-04-29 20:44 . 2010-04-29 20:44 36352 ----a-w- c:\windows\system32\drivers\OLD78.tmp
    2010-04-29 20:44 . 2010-04-29 20:44 36352 ----a-w- c:\windows\system32\drivers\OLD75.tmp
    2010-04-29 20:44 . 2010-04-29 20:44 36352 ----a-w- c:\windows\system32\drivers\OLD72.tmp
    2010-04-29 20:43 . 2010-04-29 20:44 36352 ----a-w- c:\windows\system32\drivers\OLD6F.tmp
    2010-04-29 20:43 . 2010-04-29 20:43 36352 ----a-w- c:\windows\system32\drivers\OLD6C.tmp
    2010-04-29 20:43 . 2010-04-29 20:43 36352 ----a-w- c:\windows\system32\drivers\OLD69.tmp
    2010-04-29 20:43 . 2010-04-29 20:43 36352 ----a-w- c:\windows\system32\drivers\OLD66.tmp
    2010-04-29 20:43 . 2010-04-29 20:43 36352 ----a-w- c:\windows\system32\drivers\OLD63.tmp
    2010-04-29 20:43 . 2010-04-29 20:43 36352 ----a-w- c:\windows\system32\drivers\OLD60.tmp
    2010-01-28 11:46 . 2010-01-28 11:46 48136 --sha-w- c:\windows\SYSTEM32\birenavo.exe
    2009-11-30 16:45 . 2009-11-30 16:45 23 --sha-w- c:\windows\SYSTEM32\edacded0.dat
    2010-01-28 11:33 . 2010-01-28 11:33 48136 --sha-w- c:\windows\SYSTEM32\karopidu.exe
    2010-01-27 23:19 . 2010-01-27 23:19 48136 --sha-w- c:\windows\SYSTEM32\mayonibe.exe
    2010-01-28 12:00 . 2010-01-28 12:00 0 --sha-w- c:\windows\SYSTEM32\wobakubi.exe
    2010-01-28 12:13 . 2010-01-28 12:13 0 --sha-w- c:\windows\SYSTEM32\zuyetode.exe
    .
    Code:
    <pre>
    c:\program files\Acronis\TrueImage\TrueImageMonitor .exe
    c:\program files\Common Files\Acronis\Schedule2\schedhlp .exe
    c:\program files\Common Files\InstallShield\UpdateService\issch .exe
    c:\program files\Common Files\Java\Java Update\jusched .exe
    c:\program files\Common Files\Real\Update_OB\realsched .exe
    c:\program files\Dell\Media Experience\PCMService .exe
    c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
    c:\program files\HP CD-DVD\Umbrella\DVDBitSet .exe
    c:\program files\Malwarebytes' Anti-Malware\mbam .exe
    c:\program files\McAfee\Common Framework\udaterui .exe
    c:\program files\McAfee\VirusScan Enterprise\SHSTAT .exe
    c:\program files\Microsoft IntelliPoint\ipoint .exe
    c:\program files\Microsoft IntelliType Pro\itype .exe
    c:\program files\QuickTime\qttask                                .exe
    c:\program files\QuickTime\qttask                               .exe
    c:\program files\QuickTime\qttask                             .exe
    c:\program files\QuickTime\qttask                            .exe
    c:\program files\QuickTime\qttask                          .exe
    c:\program files\QuickTime\qttask                         .exe
    c:\program files\QuickTime\qttask                        .exe
    c:\program files\QuickTime\qttask                       .exe
    c:\program files\QuickTime\qttask               .exe
    c:\program files\QuickTime\qttask              .exe
    c:\program files\Spybot - Search & Destroy\TeaTimer .exe
    c:\program files\WinFax\WFXSWTCH .exe
    </pre>
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [N/A]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2010-04-23 37384]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="c:\program files\QuickTime\qttask .exe -atboottime" [X]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
    "BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
    "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [N/A]
    "DVDBitSet"="c:\program files\HP CD-DVD\Umbrella\DVDBitSet.exe" [N/A]
    "ChangeICON"="c:\windows\SPMSMON.EXE" [N/A]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2002-11-19 106551]
    "NWTRAY"="NWTRAY.EXE" [N/A]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2010-04-23 37380]
    "WFXSwtch"="c:\progra~1\WinFax\WFXSWTCH.exe" [N/A]
    "WinFaxAppPortStarter"="wfxsnt40.exe" [N/A]
    "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImage\TrueImageMonitor.exe" [2010-04-23 37384]
    "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-04-23 37380]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-04-23 37380]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [N/A]
    "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2010-04-23 37384]
    "NA1Messenger"="c:\ups\WSTD\UPSNA1Msgr.exe" [2010-04-23 37380]
    "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [N/A]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-22 155648]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-23 37380]
    "Malwarebytes Anti-Malware (rootkit-scan)"="g:\malwarebytes' anti-malware\mbam.exe" [N/A]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Acrobat Assistant.lnk - c:\program files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-4-9 110592]
    Controller.LNK - c:\program files\WinFax\WFXCTL32.EXE [2006-6-26 549888]
    Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]
    UPS WorldShip Messaging Utility.lnk - c:\ups\WSTD\WSTDMessaging.exe [2008-12-4 65536]
    UPS WorldShip PLD Reminder Utility.lnk - c:\ups\WSTD\wstdPldReminder.exe [2008-12-2 31744]
    Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2006-3-26 257752]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "CompatibleRUPSecurity"= 1 (0x1)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "c:\program files\WinFax\WfxSeh32.Dll" [1998-07-27 38400]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0stera

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0 relog_ap

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Configuration Wizard.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Configuration Wizard.lnk
    backup=c:\windows\pss\Configuration Wizard.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeVersionCue]
    2003-10-13 23:24 1732608 ----a-w- c:\program files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2006-02-23 23:45 278528 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    c:\program files\QuickTime\qttask.exe [N/A]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
    2003-02-13 07:01 155648 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "iPodService"=3 (0x3)
    "AdobeVersionCue"=3 (0x3)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Kinko's\\FPFK\\FPKMain.exe"=
    "c:\\Program Files\\Kinko's\\FPFK\\Kinkos.Jupiter.GUI.Queue.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=

    R1 crlscsi;crlscsi;c:\windows\SYSTEM32\DRIVERS\crlscsi.sys [4/9/2004 3:19 PM 6144]
    R2 k;k;c:\windows\SYSTEM32\o.sys [4/26/2010 7:50 AM 4736]
    R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [9/29/2008 8:07 AM 19456]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\SYSTEM32\mfevtps.exe [5/14/2009 10:11 AM 67904]
    R2 MSSQL$UPSWSDBSERVER;MSSQL$UPSWSDBSERVER;c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe -sUPSWSDBSERVER --> c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe -sUPSWSDBSERVER [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 11:23 AM 135664]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\SYSTEM32\DRIVERS\mferkdet.sys [5/14/2009 10:11 AM 64432]
    S3 SQLAgent$UPSWSDBSERVER;SQLAgent$UPSWSDBSERVER;c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE -i UPSWSDBSERVER --> c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE -i UPSWSDBSERVER [?]
    S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 10:23 AM 24652]

    --- Other Services/Drivers In Memory ---

    *Deregistered* - owxbiew
    .
    Contents of the 'Scheduled Tasks' folder

    2010-04-29 c:\windows\Tasks\At1.job
    - c:\windows\Fonts\2b24u8b.com [2010-04-29 16:17]

    2010-04-29 c:\windows\Tasks\At10.job
    - c:\windows\Fonts\2b24u8b.com [2010-04-29 16:17]

    2010-04-29 c:\windows\Tasks\At11.job
    - c:\windows\Fonts\2b24u8b.com [2010-04-29 16:17]

    2010-04-29 c:\windows\Tasks\At12.job
    - c:\windows\Fonts\2b24u8b.com [2010-04-29 16:17]

    2010-04-29 c:\windows\Tasks\At13.job
    - c:\windows\Fonts\2b24u8b.com [2010-04-29 16:17]

    2010-04-28 c:\windows\Tasks\At14.job
    - c:\windows\Fonts\2b24u8b.com [2010-04-29 16:17]

    2010-04-28 c:\windows\Tasks\At15.job
    - c:\windows\Fonts\2b24u8b.com [2010-04-29 16:17]

    2010-04-28 c:\windows\Tasks\At16.job
    - c:\windows\Fonts\2b24u8b.com [2010-04-29 16:17]

    2010-04-28 c:\windows\Tasks\At17.job
    - c:\windows\Fonts\2b24u8b.com [2010-04-29 16:17]

    2010-04-29 c:\windows\Tasks\At18.job
    - c:\windows\Fonts\2b24u8b.com [2010-04-29 16:17]

    2010-04-29 c:\windows\Tasks\At19.job
    - c:\windows\Fonts\2b24u8b.com [2010-04-29 16:17]

    2010-04-29 c:\windows\Tasks\At2.job
    - c:\windows\Fonts\2b24u8b.com [2010-04-29 16:17]

    2010-04-29 c:\windows\Tasks\At20.job
    - c:\windows\Fonts\2b24u8b.com [2010-04-29 16:17]

    2010-04-29 c:\windows\Tasks\At21.job
    - c:\windows\Fonts\2b24u8b.com [2010-04-29 16:17]

    2010-04-29 c:\windows\Tasks\At22.job
    - c:\windows\Fonts\2b24u8b.com [2010-04-29 16:17]

    2010-04-29 c:\windows\Tasks\At23.job
    - c:\windows\Fonts\2b24u8b.com [2010-04-29 16:17]

    2010-04-29 c:\windows\Tasks\At24.job
    - c:\windows\Fonts\2b24u8b.com [2010-04-29 16:17]

    2010-04-29 c:\windows\Tasks\At3.job
    - c:\windows\Fonts\2b24u8b.com [2010-04-29 16:17]

    2010-04-29 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
    - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 19:20]

    2010-04-29 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-05 17:20]

    2010-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 18:23]

    2010-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 18:23]

    2010-04-29 c:\windows\Tasks\OGALogon.job
    - c:\windows\system32\OGAEXEC.exe [2009-08-03 22:07]

    2010-04-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

    2010-04-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-4148092319-2653427624-1057764221-1007.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

    2010-04-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

    2010-04-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-4148092319-2653427624-1057764221-1007.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

    2010-04-29 c:\windows\Tasks\User_Feed_Synchronization-{3FB82B26-03BF-4DBF-88D9-C4EC327F8F8C}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    TCP: {77F17C75-92C5-40FF-80CF-C4A5EA750574} = 206.13.28.12,206.13.31.12
    DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
    FF - ProfilePath - c:\documents and settings\Dave\Application Data\Mozilla\Firefox\Profiles\aba30w5j.default\
    FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com/
    FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
    FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: c:\program files\Adobe\Adobe Acrobat 6.0\Acrobat\browser\nppdf32.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{A2BA40A0-74F1-52BD-F411-00B15A2C8953} - (no file)



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-04-29 13:47
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    c:\windows\system32\drivers\OLD133.tmp 36352 bytes executable
    c:\windows\system32\drivers\OLD127.tmp 36352 bytes executable
    c:\windows\system32\drivers\OLD12A.tmp 36352 bytes executable
    c:\windows\system32\drivers\OLD12D.tmp 36352 bytes executable
    c:\windows\system32\drivers\OLD130.tmp 36352 bytes executable

    scan completed successfully
    hidden files: 5

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x872F4AC8]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\Disk -> CLASSPNP.SYS @ 0xf7877f28
    \Driver\ACPI -> ACPI.sys @ 0xf77eacb8
    \Driver\atapi -> atapi.sys @ 0xf7645852
    IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
    ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
    \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
    ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
    NDIS: Broadcom 440x 10/100 Integrated Controller -> SendCompleteHandler -> NDIS.sys @ 0xf7537bb0
    PacketIndicateHandler -> NDIS.sys @ 0xf7544a21
    SendHandler -> NDIS.sys @ 0xf752287b
    user & kernel MBR OK

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\owxbiew]

    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d3,dd,13,c0,c9,d7,4d,4c,9f,5d,59,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d3,dd,13,c0,c9,d7,4d,4c,9f,5d,59,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(740)
    c:\windows\system32\WININET.dll
    c:\windows\system32\NRDWIN32.dll
    c:\windows\system32\AXNMAS~1.OCX
    c:\windows\system32\AXNMAS~2.OCX
    c:\windows\system32\NLS\ENGLISH\MAPBASER.DLL
    c:\windows\system32\NLS\ENGLISH\NWSHLXNR.DLL
    c:\windows\system32\NLS\ENGLISH\NOVNPNTR.DLL

    - - - - - - - > 'lsass.exe'(800)
    c:\windows\system32\WININET.dll
    c:\windows\system32\relog_ap.dll

    - - - - - - - > 'Explorer.exe'(27780)
    c:\windows\system32\WININET.dll
    c:\program files\Windows Desktop Search\deskbar.dll
    c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
    c:\program files\Windows Desktop Search\dbres.dll
    c:\program files\Windows Desktop Search\wordwheel.dll
    c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
    c:\program files\Windows Desktop Search\msnlExtRes.dll
    c:\program files\Windows Desktop Search\wds_slps.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\mshtml.dll
    c:\windows\system32\msls31.dll
    c:\windows\IME\SPGRMR.DLL
    c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\system32\NLS\ENGLISH\NWSHLXNR.DLL
    c:\windows\system32\NLS\ENGLISH\NOVNPNTR.DLL
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
    c:\windows\system32\cusrvc.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\McAfee\Common Framework\FrameworkService.exe
    c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    c:\program files\McAfee\Common Framework\naPrdMgr.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe
    c:\windows\system32\WFXSVC.EXE
    c:\program files\WinFax\WFXMOD32.EXE
    c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
    c:\program files\McAfee\VirusScan Enterprise\mfeann.exe
    c:\windows\BCMSMMSG.exe
    c:\program files\Common Files\Acronis\Schedule2\schedhlp .exe
    c:\program files\McAfee\Common Framework\udaterui .exe
    c:\program files\Microsoft IntelliType Pro\itype .exe
    c:\program files\Acronis\TrueImage\TrueImageMonitor .exe
    c:\ups\WSTD\UPSNA1Msgr .exe
    c:\program files\Common Files\Real\Update_OB\realsched .exe
    c:\program files\McAfee\Common Framework\McTray.exe
    c:\progra~1\COMMON~1\MICROS~1\DW\DW20.EXE
    .
    **************************************************************************
    .
    Completion time: 2010-04-29 14:25:14 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-04-29 21:24

    Pre-Run: 49,796,849,664 bytes free
    Post-Run: 49,994,887,168 bytes free

    Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
    - - End Of File - - 38839410726F246935B76E470D405E00
     
  10. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi,

    Please do the following:


    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
    • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    Copy/paste the text inside the Codebox below into notepad:

    Here's how to do that:
    Click Start > Run type Notepad click OK.
    This will open an empty notepad file:

    Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

    Code:
    http://forums.techguy.org/7357324-post9.html
    
    Collect::
    c:\documents and settings\Dave\Application Data\ACommander
    c:\documents and settings\Dave\Application Data\CCommander
    c:\windows\system32\drivers\owxbiew.sys
    c:\windows\system32\o.sys
    c:\windows\SYSTEM32\birenavo.exe
    c:\windows\SYSTEM32\edacded0.dat
    c:\windows\SYSTEM32\karopidu.exe
    c:\windows\SYSTEM32\mayonibe.exe
    c:\windows\SYSTEM32\wobakubi.exe
    c:\windows\SYSTEM32\zuyetode.exe
    c:\windows\system32\drivers\OLD133.tmp 
    c:\windows\system32\drivers\OLD127.tmp 
    c:\windows\system32\drivers\OLD12A.tmp
    c:\windows\system32\drivers\OLD12D.tmp
    c:\windows\system32\drivers\OLD130.tmp 
    c:\windows\Fonts\2b24u8b.com
    
    Folder::
    c:\documents and settings\NetworkService\Local Settings\Application Data\ehjeiwkxq
    
    File::
    c:\windows\system32\drivers\disk.sys
    c:\windows\system32\drivers\OLD18D.tmp
    c:\windows\system32\drivers\OLD18A.tmp
    c:\windows\system32\drivers\OLD187.tmp
    c:\windows\system32\drivers\OLD184.tmp
    c:\windows\system32\drivers\OLD181.tmp
    c:\windows\system32\drivers\OLD17E.tmp
    c:\windows\system32\drivers\OLD17B.tmp
    c:\windows\system32\drivers\OLD178.tmp
    c:\windows\system32\drivers\OLD175.tmp
    c:\windows\system32\drivers\OLD172.tmp
    c:\windows\system32\drivers\OLD16F.tmp
    c:\windows\system32\drivers\OLD16C.tmp
    c:\windows\system32\drivers\OLD169.tmp
    c:\windows\system32\drivers\OLD166.tmp
    c:\windows\system32\drivers\OLD163.tmp
    c:\windows\system32\drivers\OLD160.tmp
    c:\windows\system32\drivers\OLD15D.tmp
    c:\windows\system32\drivers\OLD15A.tmp
    c:\windows\system32\drivers\OLD157.tmp
    c:\windows\system32\drivers\OLD154.tmp
    c:\windows\system32\drivers\OLD151.tmp
    c:\windows\system32\drivers\OLD14E.tmp
    c:\windows\system32\drivers\OLD14B.tmp
    c:\windows\system32\drivers\OLD148.tmp
    c:\windows\system32\drivers\OLD145.tmp
    c:\windows\system32\drivers\OLD142.tmp
    c:\windows\system32\drivers\OLD13F.tmp
    c:\windows\system32\drivers\OLD13C.tmp
    c:\windows\system32\drivers\OLD139.tmp
    c:\windows\system32\drivers\OLD136.tmp
    c:\windows\system32\drivers\OLD133.tmp
    c:\windows\system32\drivers\OLD130.tmp
    c:\windows\system32\drivers\OLD12D.tmp
    c:\windows\system32\drivers\OLD12A.tmp
    c:\windows\system32\drivers\OLD127.tmp
    c:\windows\system32\drivers\OLD124.tmp
    c:\windows\system32\drivers\OLD121.tmp
    c:\windows\system32\drivers\OLD11E.tmp
    c:\windows\system32\drivers\OLD11B.tmp
    c:\windows\system32\drivers\OLD118.tmp
    c:\windows\system32\drivers\OLD115.tmp
    c:\windows\system32\drivers\OLD112.tmp
    c:\windows\system32\drivers\OLD10F.tmp
    c:\windows\system32\drivers\OLD10C.tmp
    c:\windows\system32\drivers\OLD109.tmp
    c:\windows\system32\drivers\OLD106.tmp
    c:\windows\system32\drivers\OLD102.tmp
    c:\windows\system32\drivers\OLDFF.tmp
    c:\windows\system32\drivers\OLDFC.tmp
    c:\windows\system32\drivers\OLDF9.tmp
    c:\windows\system32\drivers\OLDF6.tmp
    c:\windows\system32\drivers\OLDF3.tmp
    c:\windows\system32\drivers\OLDF0.tmp
    c:\windows\system32\drivers\OLDED.tmp
    c:\windows\system32\drivers\OLDEA.tmp
    c:\windows\system32\drivers\OLDE7.tmp
    c:\windows\system32\drivers\OLDE4.tmp
    c:\windows\system32\drivers\OLDE1.tmp
    c:\windows\system32\drivers\OLDDE.tmp
    c:\windows\system32\drivers\OLDDB.tmp
    c:\windows\system32\drivers\OLDD8.tmp
    c:\windows\system32\drivers\OLDCE.tmp
    c:\windows\system32\drivers\OLDCA.tmp
    c:\windows\system32\drivers\OLDC7.tmp
    c:\windows\system32\drivers\OLDC4.tmp
    c:\windows\system32\drivers\OLDC1.tmp
    c:\windows\system32\drivers\OLDBE.tmp
    c:\windows\system32\drivers\OLDBB.tmp
    c:\windows\system32\drivers\OLDB8.tmp
    c:\windows\system32\drivers\OLDB5.tmp
    c:\windows\system32\drivers\OLDB2.tmp
    c:\windows\system32\drivers\OLDAF.tmp
    c:\windows\system32\drivers\OLDAC.tmp
    c:\windows\system32\drivers\OLDA9.tmp
    c:\windows\system32\drivers\OLDA5.tmp
    c:\windows\system32\drivers\OLDA2.tmp
    c:\windows\system32\drivers\OLD9F.tmp
    c:\windows\system32\drivers\OLD9C.tmp
    c:\windows\system32\drivers\OLD99.tmp
    c:\windows\system32\drivers\OLD96.tmp
    c:\windows\system32\drivers\OLD93.tmp
    c:\windows\system32\drivers\OLD90.tmp
    c:\windows\system32\drivers\OLD8D.tmp
    c:\windows\system32\drivers\OLD8A.tmp
    c:\windows\system32\drivers\OLD87.tmp
    c:\windows\system32\drivers\OLD84.tmp
    c:\windows\system32\drivers\OLD81.tmp
    c:\windows\system32\drivers\OLD7E.tmp
    c:\windows\system32\drivers\OLD7B.tmp
    c:\windows\system32\drivers\OLD78.tmp
    c:\windows\system32\drivers\OLD75.tmp
    c:\windows\system32\drivers\OLD72.tmp
    c:\windows\system32\drivers\OLD6F.tmp
    c:\windows\system32\drivers\OLD6C.tmp
    c:\windows\system32\drivers\OLD69.tmp
    c:\windows\system32\drivers\OLD66.tmp
    c:\windows\system32\drivers\OLD63.tmp
    c:\windows\system32\drivers\OLD60.tmp
    
    RenV::
    c:\program files\Acronis\TrueImage\TrueImageMonitor .exe
    c:\program files\Common Files\Acronis\Schedule2\schedhlp .exe
    c:\program files\Common Files\InstallShield\UpdateService\issch .exe
    c:\program files\Common Files\Java\Java Update\jusched .exe
    c:\program files\Common Files\Real\Update_OB\realsched .exe
    c:\program files\Dell\Media Experience\PCMService .exe
    c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
    c:\program files\HP CD-DVD\Umbrella\DVDBitSet .exe
    c:\program files\Malwarebytes' Anti-Malware\mbam .exe
    c:\program files\McAfee\Common Framework\udaterui .exe
    c:\program files\McAfee\VirusScan Enterprise\SHSTAT .exe
    c:\program files\Microsoft IntelliPoint\ipoint .exe
    c:\program files\Microsoft IntelliType Pro\itype .exe
    c:\program files\QuickTime\qttask                                .exe
    c:\program files\QuickTime\qttask                               .exe
    c:\program files\QuickTime\qttask                             .exe
    c:\program files\QuickTime\qttask                            .exe
    c:\program files\QuickTime\qttask                          .exe
    c:\program files\QuickTime\qttask                         .exe
    c:\program files\QuickTime\qttask                        .exe
    c:\program files\QuickTime\qttask                       .exe
    c:\program files\QuickTime\qttask               .exe
    c:\program files\QuickTime\qttask              .exe
    c:\program files\Spybot - Search & Destroy\TeaTimer .exe
    c:\program files\WinFax\WFXSWTCH .exe
    
    Registry::
    [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\owxbiew]
    
    Driver::
    k
    
    AtJob::
    
    Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

    Save this file to your desktop, Save this as "CFScript"


    Here's how to do that:

    1.Click File;
    2.Click Save As... Change the directory to your desktop;
    3.Change the Save as type to "All Files";
    4.Type in the file name: CFScript
    5.Click Save ...

    [​IMG]
    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you.
    • Copy and paste the contents of the log in your next reply.

    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



    To add when using Collect::

    **Note**

    When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
    • Ensure you are connected to the internet and click OK on the message box.
     
  11. Gorgon88

    Gorgon88 Thread Starter

    Joined:
    Feb 24, 2010
    Messages:
    32
    Hi,

    I did as recommended and Combofix rebooted during the scan (prior to finish) and did not restart upon reboot. What determines whether Combofix restarts on reboot or not?

    Cheers
     
  12. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    It usually always restarts on it's own, but sometimes it takes a while and might appear to have stalled. Or an AV program could restart and shut it down,

    Please go to c:\Combofix.txt and see if there is a log, if not,
    Click Start>Run and copy/paste the following bolded text into the Run box and click OK:

    C:\Qoobox\ComboFix-quarantined-files.txt

    A report should pop open for you. Please post the contents in your next reply.

    If there is no Qoobox report re-run combofix with the script again, making sure nothing interferes with it.
     
  13. Gorgon88

    Gorgon88 Thread Starter

    Joined:
    Feb 24, 2010
    Messages:
    32
    Here is the combofix logfile. I finally got it to run in safe mode.

    ComboFix 10-04-29.05 - Dave 04/30/2010 8:34.3.1 - x86 MINIMAL
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.798 [GMT -7:00]
    Running from: c:\documents and settings\Dave\Desktop\ComboFix.com
    Command switches used :: c:\docume~1\Dave\Desktop\CFScript.txt
    AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

    FILE ::
    "c:\windows\system32\drivers\disk.sys"
    "c:\windows\system32\drivers\OLD102.tmp"
    "c:\windows\system32\drivers\OLD106.tmp"
    "c:\windows\system32\drivers\OLD109.tmp"
    "c:\windows\system32\drivers\OLD10C.tmp"
    "c:\windows\system32\drivers\OLD10F.tmp"
    "c:\windows\system32\drivers\OLD112.tmp"
    "c:\windows\system32\drivers\OLD115.tmp"
    "c:\windows\system32\drivers\OLD118.tmp"
    "c:\windows\system32\drivers\OLD11B.tmp"
    "c:\windows\system32\drivers\OLD11E.tmp"
    "c:\windows\system32\drivers\OLD121.tmp"
    "c:\windows\system32\drivers\OLD124.tmp"
    "c:\windows\system32\drivers\OLD127.tmp"
    "c:\windows\system32\drivers\OLD12A.tmp"
    "c:\windows\system32\drivers\OLD12D.tmp"
    "c:\windows\system32\drivers\OLD130.tmp"
    "c:\windows\system32\drivers\OLD133.tmp"
    "c:\windows\system32\drivers\OLD136.tmp"
    "c:\windows\system32\drivers\OLD139.tmp"
    "c:\windows\system32\drivers\OLD13C.tmp"
    "c:\windows\system32\drivers\OLD13F.tmp"
    "c:\windows\system32\drivers\OLD142.tmp"
    "c:\windows\system32\drivers\OLD145.tmp"
    "c:\windows\system32\drivers\OLD148.tmp"
    "c:\windows\system32\drivers\OLD14B.tmp"
    "c:\windows\system32\drivers\OLD14E.tmp"
    "c:\windows\system32\drivers\OLD151.tmp"
    "c:\windows\system32\drivers\OLD154.tmp"
    "c:\windows\system32\drivers\OLD157.tmp"
    "c:\windows\system32\drivers\OLD15A.tmp"
    "c:\windows\system32\drivers\OLD15D.tmp"
    "c:\windows\system32\drivers\OLD160.tmp"
    "c:\windows\system32\drivers\OLD163.tmp"
    "c:\windows\system32\drivers\OLD166.tmp"
    "c:\windows\system32\drivers\OLD169.tmp"
    "c:\windows\system32\drivers\OLD16C.tmp"
    "c:\windows\system32\drivers\OLD16F.tmp"
    "c:\windows\system32\drivers\OLD172.tmp"
    "c:\windows\system32\drivers\OLD175.tmp"
    "c:\windows\system32\drivers\OLD178.tmp"
    "c:\windows\system32\drivers\OLD17B.tmp"
    "c:\windows\system32\drivers\OLD17E.tmp"
    "c:\windows\system32\drivers\OLD181.tmp"
    "c:\windows\system32\drivers\OLD184.tmp"
    "c:\windows\system32\drivers\OLD187.tmp"
    "c:\windows\system32\drivers\OLD18A.tmp"
    "c:\windows\system32\drivers\OLD18D.tmp"
    "c:\windows\system32\drivers\OLD60.tmp"
    "c:\windows\system32\drivers\OLD63.tmp"
    "c:\windows\system32\drivers\OLD66.tmp"
    "c:\windows\system32\drivers\OLD69.tmp"
    "c:\windows\system32\drivers\OLD6C.tmp"
    "c:\windows\system32\drivers\OLD6F.tmp"
    "c:\windows\system32\drivers\OLD72.tmp"
    "c:\windows\system32\drivers\OLD75.tmp"
    "c:\windows\system32\drivers\OLD78.tmp"
    "c:\windows\system32\drivers\OLD7B.tmp"
    "c:\windows\system32\drivers\OLD7E.tmp"
    "c:\windows\system32\drivers\OLD81.tmp"
    "c:\windows\system32\drivers\OLD84.tmp"
    "c:\windows\system32\drivers\OLD87.tmp"
    "c:\windows\system32\drivers\OLD8A.tmp"
    "c:\windows\system32\drivers\OLD8D.tmp"
    "c:\windows\system32\drivers\OLD90.tmp"
    "c:\windows\system32\drivers\OLD93.tmp"
    "c:\windows\system32\drivers\OLD96.tmp"
    "c:\windows\system32\drivers\OLD99.tmp"
    "c:\windows\system32\drivers\OLD9C.tmp"
    "c:\windows\system32\drivers\OLD9F.tmp"
    "c:\windows\system32\drivers\OLDA2.tmp"
    "c:\windows\system32\drivers\OLDA5.tmp"
    "c:\windows\system32\drivers\OLDA9.tmp"
    "c:\windows\system32\drivers\OLDAC.tmp"
    "c:\windows\system32\drivers\OLDAF.tmp"
    "c:\windows\system32\drivers\OLDB2.tmp"
    "c:\windows\system32\drivers\OLDB5.tmp"
    "c:\windows\system32\drivers\OLDB8.tmp"
    "c:\windows\system32\drivers\OLDBB.tmp"
    "c:\windows\system32\drivers\OLDBE.tmp"
    "c:\windows\system32\drivers\OLDC1.tmp"
    "c:\windows\system32\drivers\OLDC4.tmp"
    "c:\windows\system32\drivers\OLDC7.tmp"
    "c:\windows\system32\drivers\OLDCA.tmp"
    "c:\windows\system32\drivers\OLDCE.tmp"
    "c:\windows\system32\drivers\OLDD8.tmp"
    "c:\windows\system32\drivers\OLDDB.tmp"
    "c:\windows\system32\drivers\OLDDE.tmp"
    "c:\windows\system32\drivers\OLDE1.tmp"
    "c:\windows\system32\drivers\OLDE4.tmp"
    "c:\windows\system32\drivers\OLDE7.tmp"
    "c:\windows\system32\drivers\OLDEA.tmp"
    "c:\windows\system32\drivers\OLDED.tmp"
    "c:\windows\system32\drivers\OLDF0.tmp"
    "c:\windows\system32\drivers\OLDF3.tmp"
    "c:\windows\system32\drivers\OLDF6.tmp"
    "c:\windows\system32\drivers\OLDF9.tmp"
    "c:\windows\system32\drivers\OLDFC.tmp"
    "c:\windows\system32\drivers\OLDFF.tmp"

    file zipped: c:\windows\SYSTEM32\birenavo.exe
    file zipped: c:\windows\SYSTEM32\edacded0.dat
    file zipped: c:\windows\SYSTEM32\karopidu.exe
    file zipped: c:\windows\SYSTEM32\mayonibe.exe
    file zipped: c:\windows\system32\o.sys
    file zipped: c:\windows\SYSTEM32\wobakubi.exe
    file zipped: c:\windows\SYSTEM32\zuyetode.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\NetworkService\Local Settings\Application Data\ehjeiwkxq
    c:\windows\SYSTEM32\birenavo.exe
    c:\windows\system32\drivers\disk.sys
    c:\windows\SYSTEM32\edacded0.dat
    c:\windows\SYSTEM32\karopidu.exe
    c:\windows\SYSTEM32\mayonibe.exe
    c:\windows\system32\o.sys
    c:\windows\system32\wobakubi.exe
    c:\windows\SYSTEM32\zuyetode.exe
    c:\windows\Tasks\At1.job
    c:\windows\Tasks\At10.job
    c:\windows\Tasks\At11.job
    c:\windows\Tasks\At12.job
    c:\windows\Tasks\At13.job
    c:\windows\Tasks\At14.job
    c:\windows\Tasks\At15.job
    c:\windows\Tasks\At16.job
    c:\windows\Tasks\At17.job
    c:\windows\Tasks\At18.job
    c:\windows\Tasks\At19.job
    c:\windows\Tasks\At2.job
    c:\windows\Tasks\At20.job
    c:\windows\Tasks\At21.job
    c:\windows\Tasks\At22.job
    c:\windows\Tasks\At23.job
    c:\windows\Tasks\At24.job
    c:\windows\Tasks\At3.job
    c:\windows\Tasks\At697.job
    c:\windows\Tasks\At698.job
    c:\windows\Tasks\At699.job
    c:\windows\Tasks\At700.job
    c:\windows\Tasks\At701.job
    c:\windows\Tasks\At702.job
    c:\windows\Tasks\At703.job
    c:\windows\Tasks\At704.job
    c:\windows\Tasks\At705.job
    c:\windows\Tasks\At706.job
    c:\windows\Tasks\At707.job
    c:\windows\Tasks\At708.job
    c:\windows\Tasks\At709.job
    c:\windows\Tasks\At710.job
    c:\windows\Tasks\At711.job
    c:\windows\Tasks\At712.job
    c:\windows\Tasks\At713.job
    c:\windows\Tasks\At714.job
    c:\windows\Tasks\At715.job
    c:\windows\Tasks\At716.job
    c:\windows\Tasks\At717.job
    c:\windows\Tasks\At718.job
    c:\windows\Tasks\At719.job
    c:\windows\Tasks\At720.job

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_K
    -------\Service_k


    ((((((((((((((((((((((((( Files Created from 2010-03-28 to 2010-04-30 )))))))))))))))))))))))))))))))
    .

    2010-04-29 17:07 . 2010-03-30 07:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-29 17:07 . 2010-03-30 07:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-29 17:07 . 2010-04-30 15:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-04-28 16:58 . 2010-04-28 16:58 70254592 --sha-w- C:\NRTPage.sys
    2010-04-28 12:01 . 2010-04-29 23:38 -------- d-----w- c:\documents and settings\Dave\Application Data\ACommander
    2010-04-27 23:23 . 2010-04-27 23:23 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
    2010-04-27 23:20 . 2010-04-29 23:38 -------- d-----w- c:\documents and settings\Dave\Application Data\CCommander
    2010-04-26 19:46 . 2010-04-26 19:46 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
    2010-04-26 18:00 . 2010-04-26 18:00 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
    2010-04-26 17:02 . 2010-04-26 17:02 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
    2010-04-22 18:05 . 2010-04-22 18:05 0 ----a-w- c:\windows\nsreg.dat
    2010-04-22 18:05 . 2010-04-22 18:05 -------- d-----w- c:\documents and settings\Dave\Local Settings\Application Data\Mozilla
    2010-04-21 20:01 . 2010-04-26 16:26 -------- dc----w- c:\windows\system32\DRVSTORE
    2010-04-21 20:01 . 2010-04-21 20:00 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-04-12 23:23 . 2010-04-12 23:23 -------- d-----w- c:\documents and settings\Dave\Local Settings\Application Data\Opera
    2010-04-12 23:22 . 2010-04-19 23:22 -------- d-----w- c:\program files\Opera
    2010-04-12 14:51 . 2010-04-12 14:51 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
    2010-04-12 14:51 . 2010-04-12 14:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2010-04-07 19:42 . 2010-04-07 19:42 -------- d-----w- c:\program files\MSXML 6.0
    2010-04-07 19:37 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2010-04-07 19:37 . 2010-02-25 06:24 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
    2010-04-07 19:37 . 2010-02-25 06:24 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
    2010-04-07 19:37 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2010-04-07 19:37 . 2010-02-25 06:24 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
    2010-04-07 19:37 . 2010-02-25 18:54 11070976 -c----w- c:\windows\system32\dllcache\ieframe.dll
    2010-04-07 19:36 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2010-04-07 16:40 . 2008-04-13 17:27 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
    2010-04-07 16:40 . 2009-07-31 17:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
    2010-04-07 16:38 . 2008-04-14 00:11 81920 ------w- c:\windows\system32\ieencode.dll
    2010-04-07 15:54 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
    2010-04-07 15:54 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
    2010-04-07 15:53 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
    2010-04-07 15:51 . 2010-02-16 13:25 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
    2010-04-07 15:48 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
    2010-04-07 15:47 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
    2010-04-07 15:47 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
    2010-04-07 15:45 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
    2010-04-07 15:44 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
    2010-04-06 21:33 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
    2010-04-06 19:56 . 2005-06-22 07:43 163840 ----a-w- c:\windows\system32\igfxres.dll
    2010-04-06 19:37 . 2004-08-04 12:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
    2010-04-06 19:37 . 2004-08-04 12:00 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
    2010-04-06 19:37 . 2004-08-04 12:00 9216 -c--a-w- c:\windows\system32\dllcache\wamps51.dll
    2010-04-06 19:37 . 2004-08-04 12:00 73728 -c--a-w- c:\windows\system32\dllcache\w3ext.dll
    2010-04-06 19:37 . 2004-08-04 12:00 5632 -c--a-w- c:\windows\system32\dllcache\w3svapi.dll
    2010-04-06 19:37 . 2004-08-04 12:00 4608 -c--a-w- c:\windows\system32\dllcache\w3ctrs51.dll
    2010-04-06 19:37 . 2004-08-04 12:00 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll
    2010-04-06 19:37 . 2008-04-14 00:11 86073 -c--a-w- c:\windows\system32\dllcache\voicesub.dll
    2010-04-06 19:37 . 2008-04-14 00:11 426041 -c--a-w- c:\windows\system32\dllcache\voicepad.dll
    2010-04-06 19:37 . 2008-04-14 00:11 76288 -c--a-w- c:\windows\system32\dllcache\uniime.dll
    2010-04-06 19:37 . 2004-08-04 12:00 14336 -c--a-w- c:\windows\system32\dllcache\tsprof.exe
    2010-04-06 19:35 . 2001-08-18 05:36 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
    2010-04-06 19:35 . 2004-08-04 12:00 53248 -c--a-w- c:\windows\system32\dllcache\nextlink.dll
    2010-04-06 19:35 . 2004-08-04 12:00 229439 -c--a-w- c:\windows\system32\dllcache\multibox.dll
    2010-04-06 19:35 . 2004-08-04 12:00 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
    2010-04-06 19:35 . 2004-08-04 12:00 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys
    2010-04-06 19:35 . 2004-08-04 12:00 92032 -c--a-w- c:\windows\system32\dllcache\mga.dll
    2010-04-06 19:35 . 2004-08-04 12:00 26624 -c--a-w- c:\windows\system32\dllcache\mdsync.dll
    2010-04-06 19:35 . 2001-08-18 05:36 65536 -c--a-w- c:\windows\system32\dllcache\EXCH_mailmsg.dll
    2010-04-06 19:35 . 2004-08-04 12:00 22016 -c--a-w- c:\windows\system32\dllcache\logscrpt.dll
    2010-04-06 19:33 . 2004-08-04 12:00 14848 -c--a-w- c:\windows\system32\dllcache\flattemp.exe
    2010-04-06 19:32 . 2004-08-04 12:00 29184 -c--a-w- c:\windows\system32\dllcache\asptxn.dll
    2010-04-06 19:32 . 2004-08-04 12:00 10240 -c--a-w- c:\windows\system32\dllcache\aspperf.dll
    2010-04-06 19:32 . 2001-08-18 05:36 45056 -c--a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll
    2010-04-06 19:32 . 2004-08-04 12:00 49664 -c--a-w- c:\windows\system32\dllcache\adrot.dll
    2010-04-06 19:32 . 2001-08-18 05:36 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
    2010-04-06 19:32 . 2004-08-04 12:00 6144 -c--a-w- c:\windows\system32\dllcache\admxprox.dll
    2010-04-06 19:32 . 2004-08-04 12:00 7168 -c--a-w- c:\windows\system32\dllcache\wamregps.dll
    2010-04-06 19:32 . 2004-08-04 12:00 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
    2010-04-06 19:32 . 2004-08-04 12:00 19968 -c--a-w- c:\windows\system32\dllcache\inetsloc.dll
    2010-04-06 19:32 . 2004-08-04 12:00 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll
    2010-04-06 19:32 . 2004-08-04 12:00 169984 -c--a-w- c:\windows\system32\dllcache\iisui.dll
    2010-04-06 19:32 . 2004-08-04 12:00 14336 -c--a-w- c:\windows\system32\dllcache\iisreset.exe
    2010-04-06 19:32 . 2004-08-04 12:00 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll
    2010-04-06 19:26 . 2004-08-04 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
    2010-04-06 19:17 . 2003-12-08 23:17 487424 ----a-w- c:\windows\system32\ldapssl.dll
    2010-04-06 19:17 . 2003-12-08 23:17 208896 ----a-w- c:\windows\system32\ldapsdk.dll
    2010-04-06 19:17 . 1999-04-17 05:50 8464 ----a-w- c:\windows\system32\sporder.dll
    2010-04-06 19:01 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
    2010-04-06 19:01 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
    2010-04-06 19:01 . 2004-08-04 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
    2010-04-06 19:01 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
    2010-04-06 18:36 . 2010-04-06 18:36 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-04-06 11:47 . 2010-04-06 11:47 -------- d-----w- c:\windows\dell

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-04-30 15:47 . 2004-08-04 12:00 36352 ----a-w- c:\windows\system32\drivers\Disk.sys
    2010-04-30 15:34 . 2006-06-26 22:32 -------- d-----w- c:\program files\WinFax
    2010-04-30 15:34 . 2004-08-10 19:48 -------- d-----w- c:\program files\QuickTime
    2010-04-30 15:34 . 2007-12-11 17:31 -------- d-----w- c:\program files\Microsoft IntelliType Pro
    2010-04-30 15:34 . 2007-12-11 17:32 -------- d-----w- c:\program files\Microsoft IntelliPoint
    2010-04-30 15:03 . 2010-04-26 14:49 112 ----a-w- c:\documents and settings\All Users\Application Data\qUj68YXm.dat
    2010-04-30 15:03 . 2010-04-30 15:03 68610 ----a-w- c:\documents and settings\All Users\Application Data\BfQE8DTr.exe
    2010-04-30 15:03 . 2010-04-30 15:03 68610 ----a-w- c:\documents and settings\All Users\Application Data\BfQE8DTr.exe
    2010-04-29 18:38 . 2008-05-14 21:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
    2010-04-29 17:08 . 2010-04-29 17:08 5918775 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2010-04-28 18:59 . 2010-04-28 18:59 36352 ----a-w- c:\windows\system32\drivers\OLD6D.tmp
    2010-04-28 18:59 . 2010-04-28 18:59 36352 ----a-w- c:\windows\system32\drivers\OLD6A.tmp
    2010-04-28 18:59 . 2010-04-28 18:59 36352 ----a-w- c:\windows\system32\drivers\OLD67.tmp
    2010-04-28 18:59 . 2010-04-28 18:59 36352 ----a-w- c:\windows\system32\drivers\OLD64.tmp
    2010-04-28 18:59 . 2010-04-28 18:59 36352 ----a-w- c:\windows\system32\drivers\OLD61.tmp
    2010-04-28 18:59 . 2010-04-28 18:59 36352 ----a-w- c:\windows\system32\drivers\OLD5E.tmp
    2010-04-28 18:58 . 2010-04-28 18:59 36352 ----a-w- c:\windows\system32\drivers\OLD5B.tmp
    2010-04-28 18:58 . 2010-04-28 18:58 36352 ----a-w- c:\windows\system32\drivers\OLD58.tmp
    2010-04-28 18:58 . 2010-04-28 18:58 36352 ----a-w- c:\windows\system32\drivers\OLD55.tmp
    2010-04-28 18:58 . 2010-04-28 18:58 36352 ----a-w- c:\windows\system32\drivers\OLD52.tmp
    2010-04-28 18:58 . 2010-04-28 18:58 36352 ----a-w- c:\windows\system32\drivers\OLD4F.tmp
    2010-04-28 18:58 . 2010-04-28 18:58 36352 ----a-w- c:\windows\system32\drivers\OLD4C.tmp
    2010-04-28 18:58 . 2010-04-28 18:58 36352 ----a-w- c:\windows\system32\drivers\OLD49.tmp
    2010-04-28 18:58 . 2010-04-28 18:58 36352 ----a-w- c:\windows\system32\drivers\OLD46.tmp
    2010-04-28 18:58 . 2010-04-28 18:58 36352 ----a-w- c:\windows\system32\drivers\OLD43.tmp
    2010-04-28 18:58 . 2010-04-28 18:58 36352 ----a-w- c:\windows\system32\drivers\OLD40.tmp
    2010-04-28 18:58 . 2010-04-28 18:58 36352 ----a-w- c:\windows\system32\drivers\OLD3D.tmp
    2010-04-28 18:57 . 2010-04-28 18:58 36352 ----a-w- c:\windows\system32\drivers\OLD3A.tmp
    2010-04-28 18:57 . 2010-04-28 18:57 36352 ----a-w- c:\windows\system32\drivers\OLD37.tmp
    2010-04-28 18:57 . 2010-04-28 18:57 36352 ----a-w- c:\windows\system32\drivers\OLD34.tmp
    2010-04-28 18:57 . 2010-04-28 18:57 36352 ----a-w- c:\windows\system32\drivers\OLD31.tmp
    2010-04-28 18:57 . 2010-04-28 18:57 36352 ----a-w- c:\windows\system32\drivers\OLD2E.tmp
    2010-04-28 18:57 . 2010-04-28 18:57 36352 ----a-w- c:\windows\system32\drivers\OLD2B.tmp
    2010-04-28 17:49 . 2010-04-28 17:49 36352 ----a-w- c:\windows\system32\drivers\OLD51.tmp
    2010-04-28 17:49 . 2010-04-28 17:49 36352 ----a-w- c:\windows\system32\drivers\OLD4E.tmp
    2010-04-28 17:49 . 2010-04-28 17:49 36352 ----a-w- c:\windows\system32\drivers\OLD4B.tmp
    2010-04-28 17:49 . 2010-04-28 17:49 36352 ----a-w- c:\windows\system32\drivers\OLD48.tmp
    2010-04-28 17:49 . 2010-04-28 17:49 36352 ----a-w- c:\windows\system32\drivers\OLD45.tmp
    2010-04-28 17:49 . 2010-04-28 17:49 36352 ----a-w- c:\windows\system32\drivers\OLD42.tmp
    2010-04-28 17:49 . 2010-04-28 17:49 36352 ----a-w- c:\windows\system32\drivers\OLD3F.tmp
    2010-04-28 17:49 . 2010-04-28 17:49 36352 ----a-w- c:\windows\system32\drivers\OLD3C.tmp
    2010-04-28 17:49 . 2010-04-28 17:49 36352 ----a-w- c:\windows\system32\drivers\OLD39.tmp
    2010-04-28 17:49 . 2010-04-28 17:49 36352 ----a-w- c:\windows\system32\drivers\OLD36.tmp
    2010-04-28 17:48 . 2010-04-28 17:49 36352 ----a-w- c:\windows\system32\drivers\OLD33.tmp
    2010-04-28 17:48 . 2010-04-28 17:48 36352 ----a-w- c:\windows\system32\drivers\OLD30.tmp
    2010-04-28 17:48 . 2010-04-28 17:48 36352 ----a-w- c:\windows\system32\drivers\OLD2D.tmp
    2010-04-28 17:48 . 2010-04-28 17:48 36352 ----a-w- c:\windows\system32\drivers\OLD2A.tmp
    2010-04-28 17:48 . 2010-04-28 17:48 36352 ----a-w- c:\windows\system32\drivers\OLD27.tmp
    2010-04-28 17:48 . 2010-04-28 17:48 36352 ----a-w- c:\windows\system32\drivers\OLD24.tmp
    2010-04-28 17:48 . 2010-04-28 17:48 36352 ----a-w- c:\windows\system32\drivers\OLD21.tmp
    2010-04-28 17:48 . 2010-04-28 17:48 36352 ----a-w- c:\windows\system32\drivers\OLD1E.tmp
    2010-04-28 17:48 . 2010-04-28 17:48 36352 ----a-w- c:\windows\system32\drivers\OLD1B.tmp
    2010-04-28 17:48 . 2010-04-28 17:48 36352 ----a-w- c:\windows\system32\drivers\OLD18.tmp
    2010-04-28 17:48 . 2010-04-28 17:48 36352 ----a-w- c:\windows\system32\drivers\OLD15.tmp
    2010-04-28 17:47 . 2010-04-28 17:47 36352 ----a-w- c:\windows\system32\drivers\OLD12.tmp
    2010-04-28 17:47 . 2010-04-28 17:47 36352 ----a-w- c:\windows\system32\drivers\OLDF.tmp
    2010-04-28 17:47 . 2010-04-28 17:47 36352 ----a-w- c:\windows\system32\drivers\OLDC.tmp
    2010-04-26 16:26 . 2004-04-13 15:52 -------- d-----w- c:\program files\Lavasoft
    2010-04-26 16:26 . 2008-02-14 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2010-04-23 17:48 . 2004-07-02 00:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-04-21 20:03 . 2010-04-21 20:04 36352 ----a-w- c:\windows\system32\drivers\OLD28C.tmp
    2010-04-19 16:59 . 2005-03-10 20:37 -------- d-----w- c:\program files\CUAgent
    2010-04-12 19:45 . 2007-06-05 21:53 -------- d-----w- c:\program files\Google
    2010-04-09 22:35 . 2004-03-13 12:48 -------- d-----w- c:\program files\Common Files\Java
    2010-04-09 22:33 . 2010-04-09 22:33 503808 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-652d9443-n\msvcp71.dll
    2010-04-09 22:33 . 2010-04-09 22:33 499712 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-652d9443-n\jmc.dll
    2010-04-09 22:33 . 2010-04-09 22:33 348160 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-652d9443-n\msvcr71.dll
    2010-04-09 22:33 . 2010-04-09 22:33 61440 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-29aef1da-n\decora-sse.dll
    2010-04-09 22:33 . 2010-04-09 22:33 12800 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-29aef1da-n\decora-d3d.dll
    2010-04-09 22:32 . 2004-03-13 12:48 -------- d-----w- c:\program files\Java
    2010-04-07 18:46 . 2005-03-10 20:06 88765 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
    2010-04-06 22:11 . 2004-03-17 22:57 121688 ----a-w- c:\documents and settings\Dave\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-04-06 19:24 . 2002-09-03 14:56 23360 ----a-w- c:\windows\system32\emptyregdb.dat
    2010-03-22 15:55 . 2010-03-22 15:55 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
    2010-03-22 15:55 . 2010-03-22 15:55 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
    2010-03-22 15:55 . 2010-03-22 15:55 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
    2010-03-22 15:55 . 2010-03-22 15:55 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
    2010-03-22 15:55 . 2010-03-22 15:55 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
    2010-03-22 15:55 . 2010-03-22 15:55 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
    2010-03-22 15:55 . 2010-03-22 15:55 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
    2010-03-22 15:55 . 2010-03-22 15:55 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    2010-03-22 15:55 . 2010-03-22 15:55 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    2010-03-22 15:55 . 2007-02-15 19:50 -------- d-----w- c:\program files\Common Files\Real
    2010-03-22 15:53 . 2007-02-15 19:49 -------- d-----w- c:\program files\Real
    2010-03-22 15:53 . 2010-03-22 15:53 -------- d-----w- c:\program files\Common Files\xing shared
    2010-03-10 06:15 . 2004-08-04 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-03-09 11:28 . 2010-01-06 20:45 411368 ----a-w- c:\windows\system32\deploytk.dll
    2010-02-25 06:24 . 2004-08-04 12:00 916480 ------w- c:\windows\system32\wininet.dll
    2010-02-24 13:11 . 2004-08-04 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-02-17 16:10 . 2004-08-04 12:00 2189952 ------w- c:\windows\system32\ntoskrnl.exe
    2010-02-16 13:25 . 2004-08-03 22:59 2066816 ------w- c:\windows\system32\ntkrnlpa.exe
    2010-02-12 04:33 . 2004-08-04 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
    2010-02-11 12:02 . 2004-08-04 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
    .
    Code:
    <pre>
    c:\program files\Malwarebytes' Anti-Malware\mbam  .exe
    c:\program files\QuickTime\qttask                                     .exe
    c:\program files\QuickTime\qttask                                    .exe
    c:\program files\QuickTime\qttask                                   .exe
    c:\program files\QuickTime\qttask                                  .exe
    c:\program files\QuickTime\qttask                                 .exe
    c:\program files\Spybot - Search & Destroy\TeaTimer .exe
    </pre>
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 68856]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2010-04-23 37384]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="c:\program files\QuickTime\qttask .exe -atboottime" [X]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
    "BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
    "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800]
    "DVDBitSet"="c:\program files\HP CD-DVD\Umbrella\DVDBitSet.exe" [2002-12-06 200704]
    "ChangeICON"="c:\windows\SPMSMON.EXE" [N/A]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2002-11-19 106551]
    "NWTRAY"="NWTRAY.EXE" [N/A]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
    "WFXSwtch"="c:\progra~1\WinFax\WFXSWTCH.exe" [2002-12-12 28160]
    "WinFaxAppPortStarter"="wfxsnt40.exe" [N/A]
    "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImage\TrueImageMonitor.exe" [2005-11-28 988701]
    "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2005-11-28 118784]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
    "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512]
    "NA1Messenger"="c:\ups\WSTD\UPSNA1Msgr.exe" [2010-04-23 37380]
    "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-22 155648]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-22 202256]
    "Malwarebytes Anti-Malware (rootkit-scan)"="g:\malwarebytes' anti-malware\mbam.exe" [N/A]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Acrobat Assistant.lnk - c:\program files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-4-9 110592]
    Controller.LNK - c:\program files\WinFax\WFXCTL32.EXE [2006-6-26 549888]
    Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]
    UPS WorldShip Messaging Utility.lnk - c:\ups\WSTD\WSTDMessaging.exe [2008-12-4 65536]
    UPS WorldShip PLD Reminder Utility.lnk - c:\ups\WSTD\wstdPldReminder.exe [2008-12-2 31744]
    Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2006-3-26 257752]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "CompatibleRUPSecurity"= 1 (0x1)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "c:\program files\WinFax\WfxSeh32.Dll" [1998-07-27 38400]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0stera

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0 relog_ap

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Configuration Wizard.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Configuration Wizard.lnk
    backup=c:\windows\pss\Configuration Wizard.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeVersionCue]
    2003-10-13 23:24 1732608 ----a-w- c:\program files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2006-02-23 23:45 278528 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-04-29 16:11 37488 ----a-w- c:\program files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
    2003-02-13 07:01 155648 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "iPodService"=3 (0x3)
    "AdobeVersionCue"=3 (0x3)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Kinko's\\FPFK\\FPKMain.exe"=
    "c:\\Program Files\\Kinko's\\FPFK\\Kinkos.Jupiter.GUI.Queue.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=

    R1 crlscsi;crlscsi;c:\windows\SYSTEM32\DRIVERS\crlscsi.sys [4/9/2004 3:19 PM 6144]
    R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [9/29/2008 8:07 AM 19456]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 11:23 AM 135664]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\SYSTEM32\mfevtps.exe [5/14/2009 10:11 AM 67904]
    S2 MSSQL$UPSWSDBSERVER;MSSQL$UPSWSDBSERVER;c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe -sUPSWSDBSERVER --> c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe -sUPSWSDBSERVER [?]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\SYSTEM32\DRIVERS\mferkdet.sys [5/14/2009 10:11 AM 64432]
    S3 SQLAgent$UPSWSDBSERVER;SQLAgent$UPSWSDBSERVER;c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE -i UPSWSDBSERVER --> c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE -i UPSWSDBSERVER [?]
    S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 10:23 AM 24652]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-04-30 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
    - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 19:20]

    2010-04-30 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-05 17:20]

    2010-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 18:23]

    2010-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 18:23]

    2010-04-30 c:\windows\Tasks\OGALogon.job
    - c:\windows\system32\OGAEXEC.exe [2009-08-03 22:07]

    2010-04-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

    2010-04-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-4148092319-2653427624-1057764221-1007.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

    2010-04-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

    2010-04-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-4148092319-2653427624-1057764221-1007.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

    2010-04-30 c:\windows\Tasks\User_Feed_Synchronization-{3FB82B26-03BF-4DBF-88D9-C4EC327F8F8C}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    TCP: {77F17C75-92C5-40FF-80CF-C4A5EA750574} = 206.13.28.12,206.13.31.12
    DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
    FF - ProfilePath - c:\documents and settings\Dave\Application Data\Mozilla\Firefox\Profiles\aba30w5j.default\
    FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com/
    FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
    FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: c:\program files\Adobe\Adobe Acrobat 6.0\Acrobat\browser\nppdf32.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{A2BA40A0-74F1-52BD-F411-00B15A2C8953} - (no file)
    AddRemove-CrystalReports - m:\crw\UNCSTUB.EXE



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-04-30 08:56
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x872D7AC8]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\Disk -> CLASSPNP.SYS @ 0xf7877f28
    \Driver\ACPI -> ACPI.sys @ 0xf77eacb8
    \Driver\atapi -> atapi.sys @ 0xf777c852
    IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
    ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
    \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
    ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
    user & kernel MBR OK

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d3,dd,13,c0,c9,d7,4d,4c,9f,5d,59,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d3,dd,13,c0,c9,d7,4d,4c,9f,5d,59,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(280)
    c:\windows\system32\WININET.dll

    - - - - - - - > 'lsass.exe'(340)
    c:\windows\system32\WININET.dll
    c:\windows\system32\relog_ap.dll

    - - - - - - - > 'explorer.exe'(1852)
    c:\windows\system32\WININET.dll
    .
    Completion time: 2010-04-30 09:11:21 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-04-30 16:11
    ComboFix2.txt 2010-04-29 21:25

    Pre-Run: 50,067,619,840 bytes free
    Post-Run: 50,028,580,864 bytes free

    - - End Of File - - 281C09DE9A5622F5A42A7577CA5868DF
     
  14. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi,

    Please do the following:

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
    • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    Copy/paste the text inside the Codebox below into notepad:

    Here's how to do that:
    Click Start > Run type Notepad click OK.
    This will open an empty notepad file:

    Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

    Code:
    Collect::
    c:\documents and settings\All Users\Application Data\qUj68YXm.dat
    c:\documents and settings\All Users\Application Data\BfQE8DTr.exe
    c:\documents and settings\All Users\Application Data\BfQE8DTr.exe
    
    File::
    c:\windows\system32\drivers\OLD28C.tmp
    c:\windows\system32\drivers\OLD6D.tmp
    c:\windows\system32\drivers\OLD6A.tmp
    c:\windows\system32\drivers\OLD67.tmp
    c:\windows\system32\drivers\OLD64.tmp
    c:\windows\system32\drivers\OLD61.tmp
    c:\windows\system32\drivers\OLD5E.tmp
    c:\windows\system32\drivers\OLD5B.tmp
    c:\windows\system32\drivers\OLD58.tmp
    c:\windows\system32\drivers\OLD55.tmp
    c:\windows\system32\drivers\OLD52.tmp
    c:\windows\system32\drivers\OLD4F.tmp
    c:\windows\system32\drivers\OLD4C.tmp
    c:\windows\system32\drivers\OLD49.tmp
    c:\windows\system32\drivers\OLD46.tmp
    c:\windows\system32\drivers\OLD43.tmp
    c:\windows\system32\drivers\OLD40.tmp
    c:\windows\system32\drivers\OLD3D.tmp
    c:\windows\system32\drivers\OLD3A.tmp
    c:\windows\system32\drivers\OLD37.tmp
    c:\windows\system32\drivers\OLD34.tmp
    c:\windows\system32\drivers\OLD31.tmp
    c:\windows\system32\drivers\OLD2E.tmp
    c:\windows\system32\drivers\OLD2B.tmp
    c:\windows\system32\drivers\OLD51.tmp
    c:\windows\system32\drivers\OLD4E.tmp
    c:\windows\system32\drivers\OLD4B.tmp
    c:\windows\system32\drivers\OLD48.tmp
    c:\windows\system32\drivers\OLD45.tmp
    c:\windows\system32\drivers\OLD42.tmp
    c:\windows\system32\drivers\OLD3F.tmp
    c:\windows\system32\drivers\OLD3C.tmp
    c:\windows\system32\drivers\OLD39.tmp
    c:\windows\system32\drivers\OLD36.tmp
    c:\windows\system32\drivers\OLD33.tmp
    c:\windows\system32\drivers\OLD30.tmp
    c:\windows\system32\drivers\OLD2D.tmp
    c:\windows\system32\drivers\OLD2A.tmp
    c:\windows\system32\drivers\OLD27.tmp
    c:\windows\system32\drivers\OLD24.tmp
    c:\windows\system32\drivers\OLD21.tmp
    c:\windows\system32\drivers\OLD1E.tmp
    c:\windows\system32\drivers\OLD1B.tmp
    c:\windows\system32\drivers\OLD18.tmp
    c:\windows\system32\drivers\OLD15.tmp
    c:\windows\system32\drivers\OLD12.tmp
    c:\windows\system32\drivers\OLDF.tmp
    c:\windows\system32\drivers\OLDC.tmp
    
    RenV::
    c:\program files\Malwarebytes' Anti-Malware\mbam  .exe
    c:\program files\QuickTime\qttask                                     .exe
    c:\program files\QuickTime\qttask                                    .exe
    c:\program files\QuickTime\qttask                                   .exe
    c:\program files\QuickTime\qttask                                  .exe
    c:\program files\QuickTime\qttask                                 .exe
    c:\program files\Spybot - Search & Destroy\TeaTimer .exe
    
    
    
    Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

    Save this file to your desktop, Save this as "CFScript"


    Here's how to do that:

    1.Click File;
    2.Click Save As... Change the directory to your desktop;
    3.Change the Save as type to "All Files";
    4.Type in the file name: CFScript
    5.Click Save ...

    [​IMG]
    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you.
    • Copy and paste the contents of the log in your next reply.

    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


    **Note**

    When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
    • Ensure you are connected to the internet and click OK on the message box.
     
  15. Gorgon88

    Gorgon88 Thread Starter

    Joined:
    Feb 24, 2010
    Messages:
    32
    Here is the Combofix log.

    ComboFix 10-05-02.03 - Dave 05/03/2010 9:32.4.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.527 [GMT -7:00]
    Running from: c:\documents and settings\Dave\Desktop\ComboFix.com
    Command switches used :: c:\docume~1\ALLUSE~1\Desktop\CFScript.txt
    AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
    * Resident AV is active


    FILE ::
    "c:\windows\system32\drivers\OLD12.tmp"
    "c:\windows\system32\drivers\OLD15.tmp"
    "c:\windows\system32\drivers\OLD18.tmp"
    "c:\windows\system32\drivers\OLD1B.tmp"
    "c:\windows\system32\drivers\OLD1E.tmp"
    "c:\windows\system32\drivers\OLD21.tmp"
    "c:\windows\system32\drivers\OLD24.tmp"
    "c:\windows\system32\drivers\OLD27.tmp"
    "c:\windows\system32\drivers\OLD28C.tmp"
    "c:\windows\system32\drivers\OLD2A.tmp"
    "c:\windows\system32\drivers\OLD2B.tmp"
    "c:\windows\system32\drivers\OLD2D.tmp"
    "c:\windows\system32\drivers\OLD2E.tmp"
    "c:\windows\system32\drivers\OLD30.tmp"
    "c:\windows\system32\drivers\OLD31.tmp"
    "c:\windows\system32\drivers\OLD33.tmp"
    "c:\windows\system32\drivers\OLD34.tmp"
    "c:\windows\system32\drivers\OLD36.tmp"
    "c:\windows\system32\drivers\OLD37.tmp"
    "c:\windows\system32\drivers\OLD39.tmp"
    "c:\windows\system32\drivers\OLD3A.tmp"
    "c:\windows\system32\drivers\OLD3C.tmp"
    "c:\windows\system32\drivers\OLD3D.tmp"
    "c:\windows\system32\drivers\OLD3F.tmp"
    "c:\windows\system32\drivers\OLD40.tmp"
    "c:\windows\system32\drivers\OLD42.tmp"
    "c:\windows\system32\drivers\OLD43.tmp"
    "c:\windows\system32\drivers\OLD45.tmp"
    "c:\windows\system32\drivers\OLD46.tmp"
    "c:\windows\system32\drivers\OLD48.tmp"
    "c:\windows\system32\drivers\OLD49.tmp"
    "c:\windows\system32\drivers\OLD4B.tmp"
    "c:\windows\system32\drivers\OLD4C.tmp"
    "c:\windows\system32\drivers\OLD4E.tmp"
    "c:\windows\system32\drivers\OLD4F.tmp"
    "c:\windows\system32\drivers\OLD51.tmp"
    "c:\windows\system32\drivers\OLD52.tmp"
    "c:\windows\system32\drivers\OLD55.tmp"
    "c:\windows\system32\drivers\OLD58.tmp"
    "c:\windows\system32\drivers\OLD5B.tmp"
    "c:\windows\system32\drivers\OLD5E.tmp"
    "c:\windows\system32\drivers\OLD61.tmp"
    "c:\windows\system32\drivers\OLD64.tmp"
    "c:\windows\system32\drivers\OLD67.tmp"
    "c:\windows\system32\drivers\OLD6A.tmp"
    "c:\windows\system32\drivers\OLD6D.tmp"
    "c:\windows\system32\drivers\OLDC.tmp"
    "c:\windows\system32\drivers\OLDF.tmp"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Dave\Application Data\CCommander
    c:\documents and settings\Dave\Application Data\CCommander\faq\guide.html
    c:\documents and settings\Dave\Application Data\CCommander\faq\images\05.png
    c:\documents and settings\Dave\Application Data\CCommander\faq\images\06.png
    c:\documents and settings\Dave\Application Data\CCommander\faq\images\07.png
    c:\documents and settings\Dave\Application Data\CCommander\faq\images\08.png
    c:\documents and settings\Dave\Application Data\CCommander\faq\images\09.png
    c:\documents and settings\Dave\Application Data\CCommander\faq\images\10.png
    c:\documents and settings\Dave\Application Data\CCommander\settings.ini
    c:\program files\WindowsUpdate
    c:\windows\system32\drivers\OLD12.tmp
    c:\windows\system32\drivers\OLD15.tmp
    c:\windows\system32\drivers\OLD18.tmp
    c:\windows\system32\drivers\OLD1B.tmp
    c:\windows\system32\drivers\OLD1E.tmp
    c:\windows\system32\drivers\OLD21.tmp
    c:\windows\system32\drivers\OLD24.tmp
    c:\windows\system32\drivers\OLD27.tmp
    c:\windows\system32\drivers\OLD28C.tmp
    c:\windows\system32\drivers\OLD2A.tmp
    c:\windows\system32\drivers\OLD2B.tmp
    c:\windows\system32\drivers\OLD2D.tmp
    c:\windows\system32\drivers\OLD2E.tmp
    c:\windows\system32\drivers\OLD30.tmp
    c:\windows\system32\drivers\OLD31.tmp
    c:\windows\system32\drivers\OLD33.tmp
    c:\windows\system32\drivers\OLD34.tmp
    c:\windows\system32\drivers\OLD36.tmp
    c:\windows\system32\drivers\OLD37.tmp
    c:\windows\system32\drivers\OLD39.tmp
    c:\windows\system32\drivers\OLD3A.tmp
    c:\windows\system32\drivers\OLD3C.tmp
    c:\windows\system32\drivers\OLD3D.tmp
    c:\windows\system32\drivers\OLD3F.tmp
    c:\windows\system32\drivers\OLD40.tmp
    c:\windows\system32\drivers\OLD42.tmp
    c:\windows\system32\drivers\OLD43.tmp
    c:\windows\system32\drivers\OLD45.tmp
    c:\windows\system32\drivers\OLD46.tmp
    c:\windows\system32\drivers\OLD48.tmp
    c:\windows\system32\drivers\OLD49.tmp
    c:\windows\system32\drivers\OLD4B.tmp
    c:\windows\system32\drivers\OLD4C.tmp
    c:\windows\system32\drivers\OLD4E.tmp
    c:\windows\system32\drivers\OLD4F.tmp
    c:\windows\system32\drivers\OLD51.tmp
    c:\windows\system32\drivers\OLD52.tmp
    c:\windows\system32\drivers\OLD55.tmp
    c:\windows\system32\drivers\OLD58.tmp
    c:\windows\system32\drivers\OLD5B.tmp
    c:\windows\system32\drivers\OLD5E.tmp
    c:\windows\system32\drivers\OLD61.tmp
    c:\windows\system32\drivers\OLD64.tmp
    c:\windows\system32\drivers\OLD67.tmp
    c:\windows\system32\drivers\OLD6A.tmp
    c:\windows\system32\drivers\OLD6D.tmp
    c:\windows\system32\drivers\OLDC.tmp
    c:\windows\system32\drivers\OLDF.tmp

    .
    ((((((((((((((((((((((((( Files Created from 2010-04-03 to 2010-05-03 )))))))))))))))))))))))))))))))
    .

    2010-05-03 16:10 . 2010-04-29 23:17 37384 ----a-w- c:\windows\system32\config\systemprofile\2b24u8b.com
    2010-05-01 02:10 . 2010-04-29 23:17 37384 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe
    2010-05-01 01:10 . 2010-05-01 01:10 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Malwarebytes
    2010-04-30 19:17 . 2010-04-29 23:17 37384 ----a-w- c:\documents and settings\Dave\2b24u8b.com
    2010-04-30 19:17 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-30 19:17 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-30 19:08 . 2010-04-29 23:17 37384 ----a-w- c:\windows\system32\2b24u8b.com
    2010-04-29 17:07 . 2010-05-03 16:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-04-28 16:58 . 2010-04-28 16:58 70254592 --sha-w- C:\NRTPage.sys
    2010-04-27 23:23 . 2010-04-27 23:23 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
    2010-04-26 19:46 . 2010-04-26 19:46 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
    2010-04-26 18:00 . 2010-04-26 18:00 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
    2010-04-26 17:02 . 2010-04-26 17:02 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
    2010-04-22 18:05 . 2010-04-22 18:05 0 ----a-w- c:\windows\nsreg.dat
    2010-04-22 18:05 . 2010-04-22 18:05 -------- d-----w- c:\documents and settings\Dave\Local Settings\Application Data\Mozilla
    2010-04-21 20:01 . 2010-04-26 16:26 -------- dc----w- c:\windows\system32\DRVSTORE
    2010-04-21 20:01 . 2010-04-21 20:00 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-04-12 23:23 . 2010-04-12 23:23 -------- d-----w- c:\documents and settings\Dave\Local Settings\Application Data\Opera
    2010-04-12 23:22 . 2010-04-19 23:22 -------- d-----w- c:\program files\Opera
    2010-04-12 14:51 . 2010-04-12 14:51 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
    2010-04-12 14:51 . 2010-04-12 14:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2010-04-07 19:42 . 2010-04-07 19:42 -------- d-----w- c:\program files\MSXML 6.0
    2010-04-07 19:37 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2010-04-07 19:37 . 2010-02-25 06:24 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
    2010-04-07 19:37 . 2010-02-25 06:24 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
    2010-04-07 19:37 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2010-04-07 19:37 . 2010-02-25 06:24 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
    2010-04-07 19:37 . 2010-02-25 18:54 11070976 -c----w- c:\windows\system32\dllcache\ieframe.dll
    2010-04-07 19:36 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2010-04-07 16:40 . 2008-04-13 17:27 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
    2010-04-07 16:40 . 2009-07-31 17:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
    2010-04-07 16:38 . 2008-04-14 00:11 81920 ------w- c:\windows\system32\ieencode.dll
    2010-04-07 15:54 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
    2010-04-07 15:54 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
    2010-04-07 15:53 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
    2010-04-07 15:51 . 2010-02-16 13:25 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
    2010-04-07 15:48 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
    2010-04-07 15:47 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
    2010-04-07 15:47 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
    2010-04-07 15:45 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
    2010-04-07 15:44 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
    2010-04-06 21:33 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
    2010-04-06 19:56 . 2005-06-22 07:43 163840 ----a-w- c:\windows\system32\igfxres.dll
    2010-04-06 19:37 . 2004-08-04 12:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
    2010-04-06 19:37 . 2004-08-04 12:00 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
    2010-04-06 19:37 . 2004-08-04 12:00 9216 -c--a-w- c:\windows\system32\dllcache\wamps51.dll
    2010-04-06 19:37 . 2004-08-04 12:00 73728 -c--a-w- c:\windows\system32\dllcache\w3ext.dll
    2010-04-06 19:37 . 2004-08-04 12:00 5632 -c--a-w- c:\windows\system32\dllcache\w3svapi.dll
    2010-04-06 19:37 . 2004-08-04 12:00 4608 -c--a-w- c:\windows\system32\dllcache\w3ctrs51.dll
    2010-04-06 19:37 . 2004-08-04 12:00 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll
    2010-04-06 19:37 . 2008-04-14 00:11 86073 -c--a-w- c:\windows\system32\dllcache\voicesub.dll
    2010-04-06 19:37 . 2008-04-14 00:11 426041 -c--a-w- c:\windows\system32\dllcache\voicepad.dll
    2010-04-06 19:37 . 2008-04-14 00:11 76288 -c--a-w- c:\windows\system32\dllcache\uniime.dll
    2010-04-06 19:37 . 2004-08-04 12:00 14336 -c--a-w- c:\windows\system32\dllcache\tsprof.exe
    2010-04-06 19:35 . 2001-08-18 05:36 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
    2010-04-06 19:35 . 2004-08-04 12:00 53248 -c--a-w- c:\windows\system32\dllcache\nextlink.dll
    2010-04-06 19:35 . 2004-08-04 12:00 229439 -c--a-w- c:\windows\system32\dllcache\multibox.dll
    2010-04-06 19:35 . 2004-08-04 12:00 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
    2010-04-06 19:35 . 2004-08-04 12:00 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys
    2010-04-06 19:35 . 2004-08-04 12:00 92032 -c--a-w- c:\windows\system32\dllcache\mga.dll
    2010-04-06 19:35 . 2004-08-04 12:00 26624 -c--a-w- c:\windows\system32\dllcache\mdsync.dll
    2010-04-06 19:35 . 2001-08-18 05:36 65536 -c--a-w- c:\windows\system32\dllcache\EXCH_mailmsg.dll
    2010-04-06 19:35 . 2004-08-04 12:00 22016 -c--a-w- c:\windows\system32\dllcache\logscrpt.dll
    2010-04-06 19:33 . 2004-08-04 12:00 14848 -c--a-w- c:\windows\system32\dllcache\flattemp.exe
    2010-04-06 19:32 . 2004-08-04 12:00 29184 -c--a-w- c:\windows\system32\dllcache\asptxn.dll
    2010-04-06 19:32 . 2004-08-04 12:00 10240 -c--a-w- c:\windows\system32\dllcache\aspperf.dll
    2010-04-06 19:32 . 2001-08-18 05:36 45056 -c--a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll
    2010-04-06 19:32 . 2004-08-04 12:00 49664 -c--a-w- c:\windows\system32\dllcache\adrot.dll
    2010-04-06 19:32 . 2001-08-18 05:36 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
    2010-04-06 19:32 . 2004-08-04 12:00 6144 -c--a-w- c:\windows\system32\dllcache\admxprox.dll
    2010-04-06 19:32 . 2004-08-04 12:00 7168 -c--a-w- c:\windows\system32\dllcache\wamregps.dll
    2010-04-06 19:32 . 2004-08-04 12:00 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
    2010-04-06 19:32 . 2004-08-04 12:00 19968 -c--a-w- c:\windows\system32\dllcache\inetsloc.dll
    2010-04-06 19:32 . 2004-08-04 12:00 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll
    2010-04-06 19:32 . 2004-08-04 12:00 169984 -c--a-w- c:\windows\system32\dllcache\iisui.dll
    2010-04-06 19:32 . 2004-08-04 12:00 14336 -c--a-w- c:\windows\system32\dllcache\iisreset.exe
    2010-04-06 19:32 . 2004-08-04 12:00 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll
    2010-04-06 19:26 . 2004-08-04 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
    2010-04-06 19:17 . 2003-12-08 23:17 487424 ----a-w- c:\windows\system32\ldapssl.dll
    2010-04-06 19:17 . 2003-12-08 23:17 208896 ----a-w- c:\windows\system32\ldapsdk.dll
    2010-04-06 19:17 . 1999-04-17 05:50 8464 ----a-w- c:\windows\system32\sporder.dll
    2010-04-06 19:01 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
    2010-04-06 19:01 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
    2010-04-06 19:01 . 2004-08-04 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
    2010-04-06 19:01 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
    2010-04-06 18:36 . 2010-04-06 18:36 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-04-06 11:47 . 2010-04-06 11:47 -------- d-----w- c:\windows\dell

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-05-03 17:00 . 2004-08-10 19:48 -------- d-----w- c:\program files\QuickTime
    2010-05-03 15:57 . 2010-04-26 14:49 112 ----a-w- c:\documents and settings\All Users\Application Data\qUj68YXm.dat
    2010-05-03 15:57 . 2010-04-30 15:03 68616 ----a-w- c:\documents and settings\All Users\Application Data\BfQE8DTr.exe
    2010-05-03 15:57 . 2010-04-30 15:03 68616 ----a-w- c:\documents and settings\All Users\Application Data\BfQE8DTr.exe
    2010-05-02 21:41 . 2008-05-14 21:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
    2010-05-02 21:36 . 2004-08-04 12:00 36352 ----a-w- c:\windows\system32\drivers\disk.sys
    2010-04-30 19:29 . 2006-06-26 22:32 -------- d-----w- c:\program files\WinFax
    2010-04-30 16:20 . 2007-12-11 17:32 -------- d-----w- c:\program files\Microsoft IntelliPoint
    2010-04-30 16:20 . 2007-12-11 17:31 -------- d-----w- c:\program files\Microsoft IntelliType Pro
    2010-04-29 23:17 . 2010-04-30 19:07 37384 ----a-w- c:\windows\Fonts\2b24u8b.com
    2010-04-26 16:26 . 2004-04-13 15:52 -------- d-----w- c:\program files\Lavasoft
    2010-04-26 16:26 . 2008-02-14 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2010-04-23 17:48 . 2004-07-02 00:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-04-19 16:59 . 2005-03-10 20:37 -------- d-----w- c:\program files\CUAgent
    2010-04-14 15:36 . 2004-03-17 22:56 121688 ----a-w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-04-12 19:45 . 2007-06-05 21:53 -------- d-----w- c:\program files\Google
    2010-04-09 22:35 . 2004-03-13 12:48 -------- d-----w- c:\program files\Common Files\Java
    2010-04-09 22:33 . 2010-04-09 22:33 503808 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-652d9443-n\msvcp71.dll
    2010-04-09 22:33 . 2010-04-09 22:33 499712 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-652d9443-n\jmc.dll
    2010-04-09 22:33 . 2010-04-09 22:33 348160 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-652d9443-n\msvcr71.dll
    2010-04-09 22:33 . 2010-04-09 22:33 61440 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-29aef1da-n\decora-sse.dll
    2010-04-09 22:33 . 2010-04-09 22:33 12800 ----a-w- c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-29aef1da-n\decora-d3d.dll
    2010-04-09 22:32 . 2004-03-13 12:48 -------- d-----w- c:\program files\Java
    2010-04-07 18:46 . 2005-03-10 20:06 88765 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
    2010-04-06 22:11 . 2004-03-17 22:57 121688 ----a-w- c:\documents and settings\Dave\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-04-06 19:24 . 2002-09-03 14:56 23360 ----a-w- c:\windows\system32\emptyregdb.dat
    2010-03-22 15:55 . 2010-03-22 15:55 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
    2010-03-22 15:55 . 2010-03-22 15:55 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
    2010-03-22 15:55 . 2010-03-22 15:55 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
    2010-03-22 15:55 . 2010-03-22 15:55 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
    2010-03-22 15:55 . 2010-03-22 15:55 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
    2010-03-22 15:55 . 2010-03-22 15:55 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
    2010-03-22 15:55 . 2010-03-22 15:55 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
    2010-03-22 15:55 . 2010-03-22 15:55 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    2010-03-22 15:55 . 2010-03-22 15:55 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    2010-03-22 15:55 . 2007-02-15 19:50 -------- d-----w- c:\program files\Common Files\Real
    2010-03-22 15:53 . 2007-02-15 19:49 -------- d-----w- c:\program files\Real
    2010-03-22 15:53 . 2010-03-22 15:53 -------- d-----w- c:\program files\Common Files\xing shared
    2010-03-10 06:15 . 2004-08-04 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-03-09 11:28 . 2010-01-06 20:45 411368 ----a-w- c:\windows\system32\deploytk.dll
    2010-02-25 06:24 . 2004-08-04 12:00 916480 ------w- c:\windows\system32\wininet.dll
    2010-02-24 13:11 . 2004-08-04 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-02-17 16:10 . 2004-08-04 12:00 2189952 ------w- c:\windows\system32\ntoskrnl.exe
    2010-02-16 13:25 . 2004-08-03 22:59 2066816 ------w- c:\windows\system32\ntkrnlpa.exe
    2010-02-12 04:33 . 2004-08-04 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
    2010-02-11 12:02 . 2004-08-04 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
    .
    Code:
    <pre>
    c:\program files\Acronis\TrueImage\TrueImageMonitor .exe
    c:\program files\Common Files\Acronis\Schedule2\schedhlp .exe
    c:\program files\Common Files\InstallShield\UpdateService\issch .exe
    c:\program files\Common Files\Real\Update_OB\realsched .exe
    c:\program files\Dell\Media Experience\PCMService .exe
    c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
    c:\program files\HP CD-DVD\Umbrella\DVDBitSet .exe
    c:\program files\Malwarebytes' Anti-Malware\mbam .exe
    c:\program files\McAfee\Common Framework\udaterui .exe
    c:\program files\McAfee\VirusScan Enterprise\SHSTAT .exe
    c:\program files\Microsoft IntelliPoint\ipoint .exe
    c:\program files\Microsoft IntelliType Pro\itype .exe
    c:\program files\QuickTime\qttask                                                                                                                        .exe
    c:\program files\QuickTime\qttask                                                                                                                       .exe
    c:\program files\QuickTime\qttask                                                                                                                      .exe
    c:\program files\QuickTime\qttask                                                                                                                     .exe
    c:\program files\QuickTime\qttask                                                                                                                    .exe
    c:\program files\QuickTime\qttask                                                                                                                   .exe
    c:\program files\QuickTime\qttask                                                                                                                  .exe
    c:\program files\QuickTime\qttask                                                                                                                 .exe
    c:\program files\QuickTime\qttask                                                                                                                .exe
    c:\program files\QuickTime\qttask                                                                                                               .exe
    c:\program files\QuickTime\qttask                                                                                                              .exe
    c:\program files\QuickTime\qttask                                                                                                             .exe
    c:\program files\QuickTime\qttask                                                                                                            .exe
    c:\program files\QuickTime\qttask                                                                                                           .exe
    c:\program files\QuickTime\qttask                                                                                                          .exe
    c:\program files\QuickTime\qttask                                                                                                         .exe
    c:\program files\QuickTime\qttask                                                                                                        .exe
    c:\program files\QuickTime\qttask                                                                                                       .exe
    c:\program files\QuickTime\qttask                                                                                                      .exe
    c:\program files\QuickTime\qttask                                                                                                     .exe
    c:\program files\QuickTime\qttask                                                                                                    .exe
    c:\program files\QuickTime\qttask                                                                                                   .exe
    c:\program files\QuickTime\qttask                                                                                                  .exe
    c:\program files\QuickTime\qttask                                                                                                 .exe
    c:\program files\QuickTime\qttask                                                                                                .exe
    c:\program files\QuickTime\qttask                                                                                               .exe
    c:\program files\QuickTime\qttask                                                                                              .exe
    c:\program files\QuickTime\qttask                                                                                             .exe
    c:\program files\QuickTime\qttask                                                                                            .exe
    c:\program files\QuickTime\qttask                                                                                           .exe
    c:\program files\QuickTime\qttask                                                                                          .exe
    c:\program files\QuickTime\qttask                                                                                         .exe
    c:\program files\QuickTime\qttask                                                                                        .exe
    c:\program files\QuickTime\qttask                                                                                       .exe
    c:\program files\QuickTime\qttask                                                                                      .exe
    c:\program files\QuickTime\qttask                                                                                     .exe
    c:\program files\QuickTime\qttask                                                                                    .exe
    c:\program files\QuickTime\qttask                                                                                   .exe
    c:\program files\QuickTime\qttask                                                                                  .exe
    c:\program files\QuickTime\qttask                                                                                 .exe
    c:\program files\QuickTime\qttask                                                                                .exe
    c:\program files\QuickTime\qttask                                                                               .exe
    c:\program files\QuickTime\qttask                                                                              .exe
    c:\program files\QuickTime\qttask                                                                             .exe
    c:\program files\QuickTime\qttask                                                                            .exe
    c:\program files\QuickTime\qttask                                                                          .exe
    c:\program files\QuickTime\qttask                                                                         .exe
    c:\program files\QuickTime\qttask                                                                        .exe
    c:\program files\QuickTime\qttask                                                                       .exe
    c:\program files\QuickTime\qttask                                                                      .exe
    c:\program files\QuickTime\qttask                                                                     .exe
    c:\program files\QuickTime\qttask                                                                   .exe
    c:\program files\QuickTime\qttask                                                                  .exe
    c:\program files\QuickTime\qttask                                                                 .exe
    c:\program files\QuickTime\qttask                                                                .exe
    c:\program files\QuickTime\qttask                                                               .exe
    c:\program files\QuickTime\qttask                                                              .exe
    c:\program files\QuickTime\qttask                                                             .exe
    c:\program files\QuickTime\qttask                                                            .exe
    c:\program files\QuickTime\qttask                                                           .exe
    c:\program files\QuickTime\qttask                                                         .exe
    c:\program files\QuickTime\qttask                                                        .exe
    c:\program files\QuickTime\qttask                                                       .exe
    c:\program files\QuickTime\qttask                                                      .exe
    c:\program files\QuickTime\qttask                                                     .exe
    c:\program files\QuickTime\qttask                                                    .exe
    c:\program files\QuickTime\qttask                                                   .exe
    c:\program files\QuickTime\qttask                                                  .exe
    c:\program files\QuickTime\qttask                                                 .exe
    c:\program files\QuickTime\qttask                                                .exe
    c:\program files\QuickTime\qttask                                               .exe
    c:\program files\QuickTime\qttask                                              .exe
    c:\program files\QuickTime\qttask                                             .exe
    c:\program files\QuickTime\qttask                                            .exe
    c:\program files\QuickTime\qttask                                           .exe
    c:\program files\QuickTime\qttask                                          .exe
    c:\program files\QuickTime\qttask                                         .exe
    c:\program files\QuickTime\qttask                                        .exe
    c:\program files\QuickTime\qttask                                       .exe
    c:\program files\QuickTime\qttask                                      .exe
    c:\program files\Spybot - Search & Destroy\TeaTimer .exe
    c:\program files\WinFax\WFXSWTCH .exe
    </pre>
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-30 37384]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2010-04-23 37384]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="c:\program files\QuickTime\qttask .exe -atboottime" [X]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
    "BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
    "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [N/A]
    "DVDBitSet"="c:\program files\HP CD-DVD\Umbrella\DVDBitSet.exe" [N/A]
    "ChangeICON"="c:\windows\SPMSMON.EXE" [N/A]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2002-11-19 106551]
    "NWTRAY"="NWTRAY.EXE" [N/A]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2010-04-30 37384]
    "WFXSwtch"="c:\progra~1\WinFax\WFXSWTCH.exe" [N/A]
    "WinFaxAppPortStarter"="wfxsnt40.exe" [N/A]
    "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImage\TrueImageMonitor.exe" [2010-04-30 37388]
    "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [N/A]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-04-30 37384]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-04-30 37384]
    "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2010-04-30 37384]
    "NA1Messenger"="c:\ups\WSTD\UPSNA1Msgr.exe" [N/A]
    "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [N/A]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-22 155648]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-30 37384]
    "Malwarebytes Anti-Malware (rootkit-scan)"="g:\malwarebytes' anti-malware\mbam.exe" [N/A]
    "ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2004-08-09 221184]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Acrobat Assistant.lnk - c:\program files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-4-9 110592]
    Controller.LNK - c:\program files\WinFax\WFXCTL32.EXE [2006-6-26 549888]
    Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]
    UPS WorldShip Messaging Utility.lnk - c:\ups\WSTD\WSTDMessaging.exe [2008-12-4 65536]
    UPS WorldShip PLD Reminder Utility.lnk - c:\ups\WSTD\wstdPldReminder.exe [2008-12-2 31744]
    Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2006-3-26 257752]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "CompatibleRUPSecurity"= 1 (0x1)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "c:\program files\WinFax\WfxSeh32.Dll" [1998-07-27 38400]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0stera

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0 relog_ap

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Configuration Wizard.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Configuration Wizard.lnk
    backup=c:\windows\pss\Configuration Wizard.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeVersionCue]
    2003-10-13 23:24 1732608 ----a-w- c:\program files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2006-02-23 23:45 278528 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-04-29 22:38 37388 ----a-w- c:\program files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
    2003-02-13 07:01 155648 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "iPodService"=3 (0x3)
    "AdobeVersionCue"=3 (0x3)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Kinko's\\FPFK\\FPKMain.exe"=
    "c:\\Program Files\\Kinko's\\FPFK\\Kinkos.Jupiter.GUI.Queue.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=

    R1 crlscsi;crlscsi;c:\windows\SYSTEM32\DRIVERS\crlscsi.sys [4/9/2004 3:19 PM 6144]
    R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [9/29/2008 8:07 AM 19456]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\SYSTEM32\mfevtps.exe [5/14/2009 10:11 AM 67904]
    R2 MSSQL$UPSWSDBSERVER;MSSQL$UPSWSDBSERVER;c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe -sUPSWSDBSERVER --> c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe -sUPSWSDBSERVER [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 11:23 AM 135664]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\SYSTEM32\DRIVERS\mferkdet.sys [5/14/2009 10:11 AM 64432]
    S3 SQLAgent$UPSWSDBSERVER;SQLAgent$UPSWSDBSERVER;c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE -i UPSWSDBSERVER --> c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE -i UPSWSDBSERVER [?]
    S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 10:23 AM 24652]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-05-03 c:\windows\Tasks\At1.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At10.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At1000.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At1001.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At1002.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At1003.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At1004.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At1005.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At1006.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At1007.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At1008.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At1009.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At101.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At1010.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At1011.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At1012.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At1013.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At1014.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At1015.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At1016.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At1017.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At1018.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At1019.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At1020.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At1021.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At1022.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At1023.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At1024.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At1025.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At1026.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At1027.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At1028.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At1029.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At103.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At1030.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At1031.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At1032.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At105.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At1057.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At1058.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At1059.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At1060.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At1061.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At1062.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At1063.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At1064.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At1065.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At1066.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At1067.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At1068.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At1069.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-02 c:\windows\Tasks\At107.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At1070.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At1071.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At1072.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At1073.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At1074.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At1075.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At1076.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At1077.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At1078.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At1079.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At1080.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-02 c:\windows\Tasks\At109.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At11.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At110.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-02 c:\windows\Tasks\At111.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-02 c:\windows\Tasks\At112.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-02 c:\windows\Tasks\At113.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At114.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At115.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At116.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At117.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At118.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At119.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-02 c:\windows\Tasks\At12.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At120.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At121.job
    - c:\documents and settings\Dave\2b24u8b.com [2010-04-30 23:17]

    2010-05-03 c:\windows\Tasks\At122.job
    - c:\documents and settings\Dave\2b24u8b.com [2010-04-30 23:17]

    2010-05-03 c:\windows\Tasks\At123.job
    - c:\documents and settings\Dave\2b24u8b.com [2010-04-30 23:17]

    2010-05-03 c:\windows\Tasks\At124.job
    - c:\documents and settings\Dave\2b24u8b.com [2010-04-30 23:17]

    2010-05-03 c:\windows\Tasks\At125.job
    - c:\documents and settings\Dave\2b24u8b.com [2010-04-30 23:17]

    2010-05-03 c:\windows\Tasks\At126.job
    - c:\documents and settings\Dave\2b24u8b.com [2010-04-30 23:17]

    2010-05-03 c:\windows\Tasks\At127.job
    - c:\documents and settings\Dave\2b24u8b.com [2010-04-30 23:17]

    2010-05-03 c:\windows\Tasks\At128.job
    - c:\documents and settings\Dave\2b24u8b.com [2010-04-30 23:17]

    2010-05-03 c:\windows\Tasks\At129.job
    - c:\documents and settings\Dave\2b24u8b.com [2010-04-30 23:17]

    2010-05-02 c:\windows\Tasks\At13.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At130.job
    - c:\documents and settings\Dave\2b24u8b.com [2010-04-30 23:17]

    2010-05-03 c:\windows\Tasks\At131.job
    - c:\documents and settings\Dave\2b24u8b.com [2010-04-30 23:17]

    2010-05-02 c:\windows\Tasks\At132.job
    - c:\documents and settings\Dave\2b24u8b.com [2010-04-30 23:17]

    2010-05-02 c:\windows\Tasks\At133.job
    - c:\documents and settings\Dave\2b24u8b.com [2010-04-30 23:17]

    2010-05-02 c:\windows\Tasks\At134.job
    - c:\documents and settings\Dave\2b24u8b.com [2010-04-30 23:17]

    2010-05-02 c:\windows\Tasks\At135.job
    - c:\documents and settings\Dave\2b24u8b.com [2010-04-30 23:17]

    2010-05-02 c:\windows\Tasks\At136.job
    - c:\documents and settings\Dave\2b24u8b.com [2010-04-30 23:17]

    2010-05-02 c:\windows\Tasks\At137.job
    - c:\documents and settings\Dave\2b24u8b.com [2010-04-30 23:17]

    2010-05-03 c:\windows\Tasks\At138.job
    - c:\documents and settings\Dave\2b24u8b.com [2010-04-30 23:17]

    2010-05-03 c:\windows\Tasks\At139.job
    - c:\documents and settings\Dave\2b24u8b.com [2010-04-30 23:17]

    2010-05-02 c:\windows\Tasks\At14.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At140.job
    - c:\documents and settings\Dave\2b24u8b.com [2010-04-30 23:17]

    2010-05-03 c:\windows\Tasks\At141.job
    - c:\documents and settings\Dave\2b24u8b.com [2010-04-30 23:17]

    2010-05-03 c:\windows\Tasks\At142.job
    - c:\documents and settings\Dave\2b24u8b.com [2010-04-30 23:17]

    2010-05-03 c:\windows\Tasks\At143.job
    - c:\documents and settings\Dave\2b24u8b.com [2010-04-30 23:17]

    2010-05-03 c:\windows\Tasks\At144.job
    - c:\documents and settings\Dave\2b24u8b.com [2010-04-30 23:17]

    2010-05-03 c:\windows\Tasks\At145.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-03 c:\windows\Tasks\At147.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-03 c:\windows\Tasks\At149.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-02 c:\windows\Tasks\At15.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At151.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-03 c:\windows\Tasks\At153.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-03 c:\windows\Tasks\At155.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-03 c:\windows\Tasks\At157.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-03 c:\windows\Tasks\At159.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-02 c:\windows\Tasks\At16.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At161.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-03 c:\windows\Tasks\At163.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-03 c:\windows\Tasks\At165.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-02 c:\windows\Tasks\At167.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-02 c:\windows\Tasks\At169.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-02 c:\windows\Tasks\At17.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At171.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-02 c:\windows\Tasks\At173.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-02 c:\windows\Tasks\At175.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-02 c:\windows\Tasks\At177.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-03 c:\windows\Tasks\At179.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-03 c:\windows\Tasks\At18.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At181.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-03 c:\windows\Tasks\At183.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-03 c:\windows\Tasks\At185.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-03 c:\windows\Tasks\At187.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-03 c:\windows\Tasks\At189.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-03 c:\windows\Tasks\At19.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At191.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-03 c:\windows\Tasks\At193.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At194.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At195.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At196.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At197.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At198.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At199.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At2.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At20.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At200.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At201.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At202.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At203.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At204.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At205.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At206.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At207.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At208.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At209.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At21.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At210.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At211.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At212.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At213.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At214.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At215.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At216.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At217.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At218.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At219.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At22.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At220.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At221.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At222.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At223.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At224.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At225.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At226.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At227.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-02 c:\windows\Tasks\At228.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-02 c:\windows\Tasks\At229.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At23.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At230.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-02 c:\windows\Tasks\At231.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-02 c:\windows\Tasks\At232.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-02 c:\windows\Tasks\At233.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At234.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At235.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At236.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At237.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At238.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At239.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At24.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At240.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At241.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At242.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At243.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At244.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At245.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At246.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At247.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At248.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At249.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At25.job
    - c:\windows\Fonts\2b24u8b.com [2010-04-30 23:17]

    2010-05-03 c:\windows\Tasks\At250.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At251.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At252.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At253.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At254.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At255.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At256.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At257.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At258.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At259.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At26.job
    - c:\windows\Fonts\2b24u8b.com [2010-04-30 23:17]

    2010-05-03 c:\windows\Tasks\At260.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At261.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At262.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At263.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At264.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At265.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-03 c:\windows\Tasks\At266.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-03 c:\windows\Tasks\At267.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-03 c:\windows\Tasks\At268.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-03 c:\windows\Tasks\At269.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-03 c:\windows\Tasks\At27.job
    - c:\windows\Fonts\2b24u8b.com [2010-04-30 23:17]

    2010-05-03 c:\windows\Tasks\At270.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-03 c:\windows\Tasks\At271.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-03 c:\windows\Tasks\At272.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-03 c:\windows\Tasks\At273.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-03 c:\windows\Tasks\At274.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-03 c:\windows\Tasks\At275.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-02 c:\windows\Tasks\At276.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-02 c:\windows\Tasks\At277.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-02 c:\windows\Tasks\At278.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-02 c:\windows\Tasks\At279.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-03 c:\windows\Tasks\At28.job
    - c:\windows\Fonts\2b24u8b.com [2010-04-30 23:17]

    2010-05-02 c:\windows\Tasks\At280.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-02 c:\windows\Tasks\At281.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-03 c:\windows\Tasks\At282.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-03 c:\windows\Tasks\At283.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-03 c:\windows\Tasks\At284.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-03 c:\windows\Tasks\At285.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-03 c:\windows\Tasks\At286.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-03 c:\windows\Tasks\At287.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-03 c:\windows\Tasks\At288.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-03 c:\windows\Tasks\At289.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At29.job
    - c:\windows\Fonts\2b24u8b.com [2010-04-30 23:17]

    2010-05-03 c:\windows\Tasks\At290.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At291.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At292.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At293.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At294.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At295.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At296.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At297.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At298.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At299.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At3.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At30.job
    - c:\windows\Fonts\2b24u8b.com [2010-04-30 23:17]

    2010-05-02 c:\windows\Tasks\At300.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-02 c:\windows\Tasks\At301.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-02 c:\windows\Tasks\At302.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-02 c:\windows\Tasks\At303.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-02 c:\windows\Tasks\At304.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-02 c:\windows\Tasks\At305.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At306.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At307.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At308.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At309.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At31.job
    - c:\windows\Fonts\2b24u8b.com [2010-04-30 23:17]

    2010-05-03 c:\windows\Tasks\At310.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At311.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At312.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At313.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-03 c:\windows\Tasks\At314.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-03 c:\windows\Tasks\At315.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-03 c:\windows\Tasks\At316.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-03 c:\windows\Tasks\At317.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-03 c:\windows\Tasks\At318.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-03 c:\windows\Tasks\At319.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-03 c:\windows\Tasks\At32.job
    - c:\windows\Fonts\2b24u8b.com [2010-04-30 23:17]

    2010-05-03 c:\windows\Tasks\At320.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-03 c:\windows\Tasks\At321.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-03 c:\windows\Tasks\At322.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-03 c:\windows\Tasks\At323.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-02 c:\windows\Tasks\At324.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-02 c:\windows\Tasks\At325.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-02 c:\windows\Tasks\At326.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-02 c:\windows\Tasks\At327.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-02 c:\windows\Tasks\At328.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-02 c:\windows\Tasks\At329.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-03 c:\windows\Tasks\At33.job
    - c:\windows\Fonts\2b24u8b.com [2010-04-30 23:17]

    2010-05-03 c:\windows\Tasks\At330.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-03 c:\windows\Tasks\At331.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-03 c:\windows\Tasks\At332.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-03 c:\windows\Tasks\At333.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-03 c:\windows\Tasks\At334.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-03 c:\windows\Tasks\At335.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-03 c:\windows\Tasks\At336.job
    - c:\documents and settings\NetworkService\Local Settings\Application Data\2b24u8b.exe [2010-05-01 23:17]

    2010-05-03 c:\windows\Tasks\At337.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At338.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At339.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At34.job
    - c:\windows\Fonts\2b24u8b.com [2010-04-30 23:17]

    2010-05-03 c:\windows\Tasks\At340.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At341.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At342.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At343.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At344.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At345.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At346.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At347.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At348.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At349.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At35.job
    - c:\windows\Fonts\2b24u8b.com [2010-04-30 23:17]

    2010-05-02 c:\windows\Tasks\At350.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At351.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At352.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At353.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At354.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At355.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At356.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At357.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At358.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At359.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At36.job
    - c:\windows\Fonts\2b24u8b.com [2010-04-30 23:17]

    2010-05-03 c:\windows\Tasks\At360.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At361.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At362.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At363.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At364.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At365.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At366.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At367.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At368.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At369.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At37.job
    - c:\windows\Fonts\2b24u8b.com [2010-04-30 23:17]

    2010-05-03 c:\windows\Tasks\At370.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At371.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At372.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At373.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At374.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At375.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At376.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At377.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At378.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At379.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At38.job
    - c:\windows\Fonts\2b24u8b.com [2010-04-30 23:17]

    2010-05-03 c:\windows\Tasks\At380.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At381.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At382.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At383.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At384.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At385.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At386.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At387.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At388.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At389.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At39.job
    - c:\windows\Fonts\2b24u8b.com [2010-04-30 23:17]

    2010-05-03 c:\windows\Tasks\At390.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At391.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At392.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At393.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At394.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At395.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At396.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At397.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At398.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At399.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At4.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At40.job
    - c:\windows\Fonts\2b24u8b.com [2010-04-30 23:17]

    2010-05-02 c:\windows\Tasks\At400.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At401.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At402.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At403.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At404.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At405.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At406.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At407.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At408.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At409.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At41.job
    - c:\windows\Fonts\2b24u8b.com [2010-04-30 23:17]

    2010-05-03 c:\windows\Tasks\At410.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At411.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At412.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At413.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At414.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At415.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At416.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At417.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At418.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At419.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At42.job
    - c:\windows\Fonts\2b24u8b.com [2010-04-30 23:17]

    2010-05-02 c:\windows\Tasks\At420.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At421.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At422.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At423.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At424.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At425.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At426.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At427.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At428.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At429.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At43.job
    - c:\windows\Fonts\2b24u8b.com [2010-04-30 23:17]

    2010-05-03 c:\windows\Tasks\At430.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At431.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At432.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At433.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At434.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At435.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At436.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At437.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At438.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At439.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At44.job
    - c:\windows\Fonts\2b24u8b.com [2010-04-30 23:17]

    2010-05-03 c:\windows\Tasks\At440.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At441.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At442.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At443.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At444.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At445.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At446.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At447.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At448.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At449.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At45.job
    - c:\windows\Fonts\2b24u8b.com [2010-04-30 23:17]

    2010-05-03 c:\windows\Tasks\At450.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At451.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At452.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At453.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At454.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At455.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At456.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At457.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At458.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At459.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At46.job
    - c:\windows\Fonts\2b24u8b.com [2010-04-30 23:17]

    2010-05-03 c:\windows\Tasks\At460.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At461.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At462.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At463.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At464.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At465.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At466.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At467.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At468.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At469.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At47.job
    - c:\windows\Fonts\2b24u8b.com [2010-04-30 23:17]

    2010-05-02 c:\windows\Tasks\At470.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At471.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At472.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At473.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At474.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At475.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At476.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At477.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At478.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At479.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At48.job
    - c:\windows\Fonts\2b24u8b.com [2010-04-30 23:17]

    2010-05-03 c:\windows\Tasks\At480.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At481.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At482.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At483.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At484.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At485.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At486.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At487.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At488.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At489.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At49.job
    - c:\windows\system32\2b24u8b.com [2010-04-30 23:17]

    2010-05-03 c:\windows\Tasks\At490.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At491.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At492.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At493.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At494.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At495.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At496.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At497.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At498.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At499.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At5.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At50.job
    - c:\windows\system32\2b24u8b.com [2010-04-30 23:17]

    2010-05-03 c:\windows\Tasks\At500.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At501.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At502.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At503.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At504.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At505.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At506.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At507.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At508.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At509.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At51.job
    - c:\windows\system32\2b24u8b.com [2010-04-30 23:17]

    2010-05-03 c:\windows\Tasks\At510.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At511.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At512.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At513.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At514.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At515.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At516.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At517.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At518.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At519.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At52.job
    - c:\windows\system32\2b24u8b.com [2010-04-30 23:17]

    2010-05-02 c:\windows\Tasks\At520.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At521.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At522.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At523.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At524.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At525.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At526.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At527.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At528.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At529.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At53.job
    - c:\windows\system32\2b24u8b.com [2010-04-30 23:17]

    2010-05-03 c:\windows\Tasks\At530.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At531.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At532.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At533.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At534.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At535.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At536.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At537.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At538.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At539.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At54.job
    - c:\windows\system32\2b24u8b.com [2010-04-30 23:17]

    2010-05-02 c:\windows\Tasks\At540.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At541.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At542.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At543.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At544.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At545.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At546.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At547.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At548.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At549.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At55.job
    - c:\windows\system32\2b24u8b.com [2010-04-30 23:17]

    2010-05-03 c:\windows\Tasks\At550.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At551.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At552.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At553.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At554.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At555.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At556.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At557.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At558.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At559.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At56.job
    - c:\windows\system32\2b24u8b.com [2010-04-30 23:17]

    2010-05-03 c:\windows\Tasks\At560.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At561.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At562.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At563.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At564.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At565.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At566.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At567.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At568.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At569.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At57.job
    - c:\windows\system32\2b24u8b.com [2010-04-30 23:17]

    2010-05-03 c:\windows\Tasks\At570.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At571.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At572.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At573.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At574.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At575.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At576.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At577.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At578.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At579.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At58.job
    - c:\windows\system32\2b24u8b.com [2010-04-30 23:17]

    2010-05-03 c:\windows\Tasks\At580.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At581.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At582.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At583.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At584.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At585.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At586.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At587.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At588.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At589.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At59.job
    - c:\windows\system32\2b24u8b.com [2010-04-30 23:17]

    2010-05-02 c:\windows\Tasks\At590.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At591.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At592.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At593.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At594.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At595.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At596.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At597.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At598.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At599.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At6.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At60.job
    - c:\windows\system32\2b24u8b.com [2010-04-30 23:17]

    2010-05-03 c:\windows\Tasks\At600.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At601.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At602.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At603.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At604.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At605.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At606.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At607.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At608.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At609.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At61.job
    - c:\windows\system32\2b24u8b.com [2010-04-30 23:17]

    2010-05-03 c:\windows\Tasks\At610.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At611.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At612.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At613.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At614.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At615.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At616.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At617.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At618.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At619.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At62.job
    - c:\windows\system32\2b24u8b.com [2010-04-30 23:17]

    2010-05-03 c:\windows\Tasks\At620.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At621.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At622.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At623.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At624.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At625.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At626.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At627.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At628.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At629.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At63.job
    - c:\windows\system32\2b24u8b.com [2010-04-30 23:17]

    2010-05-03 c:\windows\Tasks\At630.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At631.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At632.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At633.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At634.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At635.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At636.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At637.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At638.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At639.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At64.job
    - c:\windows\system32\2b24u8b.com [2010-04-30 23:17]

    2010-05-02 c:\windows\Tasks\At640.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At641.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At642.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At643.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At644.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At645.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At646.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At647.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At648.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At649.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At65.job
    - c:\windows\system32\2b24u8b.com [2010-04-30 23:17]

    2010-05-03 c:\windows\Tasks\At650.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At651.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At652.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At653.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At654.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At655.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At656.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At657.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At658.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At659.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At66.job
    - c:\windows\system32\2b24u8b.com [2010-04-30 23:17]

    2010-05-02 c:\windows\Tasks\At660.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At661.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At662.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At663.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At664.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At665.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At666.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At667.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At668.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At669.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At67.job
    - c:\windows\system32\2b24u8b.com [2010-04-30 23:17]

    2010-05-03 c:\windows\Tasks\At670.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At671.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At672.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At673.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At674.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At675.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At676.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At677.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At678.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At679.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At68.job
    - c:\windows\system32\2b24u8b.com [2010-04-30 23:17]

    2010-05-03 c:\windows\Tasks\At680.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At681.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At682.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At683.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At684.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At685.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At686.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At687.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At688.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At689.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At69.job
    - c:\windows\system32\2b24u8b.com [2010-04-30 23:17]

    2010-05-03 c:\windows\Tasks\At690.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At691.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At692.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At693.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At694.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At695.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At696.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At697.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At698.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At699.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At7.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At70.job
    - c:\windows\system32\2b24u8b.com [2010-04-30 23:17]

    2010-05-03 c:\windows\Tasks\At700.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At701.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At702.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At703.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At704.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At705.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At706.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At707.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At708.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At709.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At71.job
    - c:\windows\system32\2b24u8b.com [2010-04-30 23:17]

    2010-05-02 c:\windows\Tasks\At710.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At711.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At712.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At713.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At714.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At715.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At716.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At717.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At718.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At719.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At72.job
    - c:\windows\system32\2b24u8b.com [2010-04-30 23:17]

    2010-05-03 c:\windows\Tasks\At720.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At721.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At722.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At723.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At724.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At725.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At726.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At727.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At728.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At729.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At730.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At731.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At732.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At733.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At734.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At735.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At736.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At737.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At738.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At739.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At740.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At741.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At742.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At743.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At744.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At745.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At746.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At747.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At748.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At749.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At750.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At751.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At752.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At753.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At754.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At755.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At756.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At757.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At758.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At759.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At760.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At761.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At762.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At763.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At764.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At765.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At766.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At767.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At768.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At769.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At770.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At771.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At772.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At773.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At774.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At775.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At776.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At777.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At778.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At779.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At780.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At781.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At782.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At783.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At784.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At785.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At786.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At787.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At788.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At789.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At790.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At791.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At792.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At793.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At794.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At795.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At796.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At797.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At798.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At799.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At8.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At800.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At801.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At802.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At803.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At804.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At805.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At806.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At807.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At808.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-02 c:\windows\Tasks\At809.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At810.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At811.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At812.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At813.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At814.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At815.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At816.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At817.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At818.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At819.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At820.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At821.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At822.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At823.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At824.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At825.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At826.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At827.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At828.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At829.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At830.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At831.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At832.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At833.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At834.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At835.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At836.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At837.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At838.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At839.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At840.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At841.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At842.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At843.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At844.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At845.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At846.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At847.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At848.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At849.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At85.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At850.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At851.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At852.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At853.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At854.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At855.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At856.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At857.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At858.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At859.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At860.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At861.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At862.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At863.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At864.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At865.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At866.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At867.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At868.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At869.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At87.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At870.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At871.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At872.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At873.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At874.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At875.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At876.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At877.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At878.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At879.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At880.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At881.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At882.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At883.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At884.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At885.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At886.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At887.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At888.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At889.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At89.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At890.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At891.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At892.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At893.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At894.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At895.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At896.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At897.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At898.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At899.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At9.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At900.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At901.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At902.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At903.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At904.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At905.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At906.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At907.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At908.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At909.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At91.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At910.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At911.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At912.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At913.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At914.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At915.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At916.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At917.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At918.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At919.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At920.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At921.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At922.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At923.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At924.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At925.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At926.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At927.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At928.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At929.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At93.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At930.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At931.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At932.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At933.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At934.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At935.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At936.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At937.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At938.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At939.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At940.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At941.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At942.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At943.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At944.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At945.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At946.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At947.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At948.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At949.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At95.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At950.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At951.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At952.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At953.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At954.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At955.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At956.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At957.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At958.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At959.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At960.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At961.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At962.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At963.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At964.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At965.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At966.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At967.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At968.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At969.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At97.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At970.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At971.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At972.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At973.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At974.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At975.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At976.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At977.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At978.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At979.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At980.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At981.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At982.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At983.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At984.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At985.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At986.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At987.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At988.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At989.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At99.job
    - c:\documents and settings\All Users\Application Data\2b24u8b.exe [2010-05-03 23:17]

    2010-05-03 c:\windows\Tasks\At990.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At991.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At992.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At993.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At994.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At995.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At996.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At997.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At998.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\At999.job
    - c:\documents and settings\All Users\Application Data\BfQE8DTr.exe [2010-04-30 15:57]

    2010-05-03 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
    - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 19:20]

    2010-05-03 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-05 17:20]

    2010-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 18:23]

    2010-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 18:23]

    2010-05-03 c:\windows\Tasks\OGALogon.job
    - c:\windows\system32\OGAEXEC.exe [2009-08-03 22:07]

    2010-05-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

    2010-05-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-4148092319-2653427624-1057764221-1007.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

    2010-04-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

    2010-04-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-4148092319-2653427624-1057764221-1007.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

    2010-05-03 c:\windows\Tasks\User_Feed_Synchronization-{3FB82B26-03BF-4DBF-88D9-C4EC327F8F8C}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    TCP: {77F17C75-92C5-40FF-80CF-C4A5EA750574} = 206.13.28.12,206.13.31.12
    DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
    FF - ProfilePath - c:\documents and settings\Dave\Application Data\Mozilla\Firefox\Profiles\aba30w5j.default\
    FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com/
    FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
    FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: c:\program files\Adobe\Adobe Acrobat 6.0\Acrobat\browser\nppdf32.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-05-03 09:58
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8730FAC8]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\Disk -> CLASSPNP.SYS @ 0xf7869f28
    \Driver\ACPI -> ACPI.sys @ 0xf77dccb8
    \Driver\atapi -> atapi.sys @ 0xf776e852
    IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
    ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
    \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
    ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
    NDIS: Broadcom 440x 10/100 Integrated Controller -> SendCompleteHandler -> NDIS.sys @ 0xf764ebb0
    PacketIndicateHandler -> NDIS.sys @ 0xf765ba21
    SendHandler -> NDIS.sys @ 0xf763987b
    user & kernel MBR OK

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d3,dd,13,c0,c9,d7,4d,4c,9f,5d,59,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d3,dd,13,c0,c9,d7,4d,4c,9f,5d,59,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(724)
    c:\windows\system32\WININET.dll
    c:\windows\system32\NRDWIN32.dll
    c:\windows\system32\AXNMAS~1.OCX
    c:\windows\system32\AXNMAS~2.OCX
    c:\windows\system32\NLS\ENGLISH\MAPBASER.DLL
    c:\windows\system32\NLS\ENGLISH\NWSHLXNR.DLL
    c:\windows\system32\NLS\ENGLISH\NOVNPNTR.DLL

    - - - - - - - > 'lsass.exe'(784)
    c:\windows\system32\WININET.dll
    c:\windows\system32\relog_ap.dll

    - - - - - - - > 'Explorer.exe'(1452)
    c:\windows\system32\WININET.dll
    c:\program files\Windows Desktop Search\deskbar.dll
    c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
    c:\program files\Windows Desktop Search\dbres.dll
    c:\program files\Windows Desktop Search\wordwheel.dll
    c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
    c:\program files\Windows Desktop Search\msnlExtRes.dll
    c:\program files\Windows Desktop Search\wds_slps.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\mshtml.dll
    c:\windows\system32\msls31.dll
    c:\windows\IME\SPGRMR.DLL
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
    c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\system32\NLS\ENGLISH\NWSHLXNR.DLL
    c:\windows\system32\NLS\ENGLISH\NOVNPNTR.DLL
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
    c:\windows\system32\cusrvc.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\McAfee\Common Framework\FrameworkService.exe
    c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    c:\program files\McAfee\Common Framework\naPrdMgr.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe
    c:\windows\system32\WFXSVC.EXE
    c:\program files\WinFax\WFXMOD32.EXE
    c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
    c:\program files\McAfee\VirusScan Enterprise\mfeann.exe
    c:\windows\BCMSMMSG.exe
    c:\program files\Dell\Media Experience\PCMService .exe
    c:\program files\Microsoft IntelliType Pro\itype .exe
    c:\program files\Acronis\TrueImage\TrueImageMonitor .exe
    c:\program files\Common Files\Real\Update_OB\realsched .exe
    c:\program files\McAfee\Common Framework\udaterui .exe
    c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
    c:\program files\Microsoft IntelliPoint\ipoint .exe
    c:\program files\McAfee\Common Framework\McTray.exe
    .
    **************************************************************************
    .
    Completion time: 2010-05-03 10:40:41 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-05-03 17:40
    ComboFix2.txt 2010-04-30 16:11
    ComboFix3.txt 2010-04-29 21:25

    Pre-Run: 49,710,018,560 bytes free
    Post-Run: 49,668,517,888 bytes free

    Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
    - - End Of File - - C89DBD7A3B26230AECA040D945FE99C0
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/919399

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice