Here is the RVAXA log and the comboFix log
I will now download SAS and install and run it.
--------------RVAXO.exe first run-------------
Files found:
C:\WINDOWS\system32\jooqfvqd.dllbox
C:\WINDOWS\system32\smgypojj.dllbox
C:\WINDOWS\system32\eddgh.ini2
C:\WINDOWS\system32\spads.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\dcads-remove.exe
C:\WINDOWS\system32\superiorads-uninst.exe
C:\WINDOWS\system32\actskn45.ocx
C:\Documents and Settings\All Users\STARTM~1\Online Security Guide.lnk
C:\Documents and Settings\All Users\STARTM~1\Live Safety Center.lnk
C:\Documents and Settings\User\FAVORI~1\Online Security Test.url
C:\Documents and Settings\User\FAVORI~1\Online Security Guide.lnk
Uninstallers Rogue scanners:
Folders Found:
C:\Program Files\Dcads Games Collection
C:\Program Files\Outerinfo
C:\Program Files\VirusProtect 3.8
Hosts-file was reset, If you use a custom hosts file please replace it...
--------------RVAXO.exe last run---------------
Files found:
Folders Found:
--------------RVAXO.exe finished----------------
ComboFix 07-11-19.3 - User 2007-11-25 22:34:04.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.463 [GMT -5:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
* Created a new restore point
.
Unable to gain System Privileges
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Administrator\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Administrator\Favorites\Online Security Guide.lnk
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\User\Desktop\Live Safety Center.lnk
C:\Documents and Settings\User\Desktop\Online Security Guide.lnk
C:\Documents and Settings\User\Favorites\Online Security Guide.lnk
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\eddgh.ini
C:\WINDOWS\system32\eddgh.ini2
C:\WINDOWS\system32\hgdde.dll
C:\WINDOWS\system32\nsm11.dll
C:\WINDOWS\system32\nss73.dll
C:\WINDOWS\system32\rptfwttw.exe
C:\WINDOWS\system32\smgypojj.dllbox
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_IPRIP
-------\LEGACY_NNSERV
-------\Iprip
-------\NNServ
((((((((((((((((((((((((( Files Created from 2007-10-26 to 2007-11-26 )))))))))))))))))))))))))))))))
.
2007-11-25 22:24 <DIR> d-------- C:\RVAXO
2007-11-25 22:22 468,442 --a------ C:\WINDOWS\system32\RVAXO.bat
2007-11-25 22:22 69,632 --a------ C:\WINDOWS\system32\remove.exe
2007-11-25 20:31 776,192 ---hs---- C:\WINDOWS\system32\dijwalxl.ini
2007-11-25 20:31 85,056 --a------ C:\WINDOWS\system32\lxlawjid.dll
2007-11-25 20:31 79,936 --a------ C:\WINDOWS\system32\htsbkrxw.dll
2007-11-25 20:28 71,232 --a------ C:\WINDOWS\system32\oeqnwpap.exe
2007-11-25 10:33 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-11-25 10:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-11-25 09:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Yahoo!
2007-11-25 09:28 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-11-24 20:40 81,472 --a------ C:\WINDOWS\system32\ipwkqmpk.dll
2007-11-24 20:35 775,988 --ahs---- C:\WINDOWS\system32\ugdrjpsd.ini
2007-11-24 20:32 71,232 --a------ C:\WINDOWS\system32\indewldj.exe
2007-11-24 20:30 145,984 --a------ C:\WINDOWS\system32\smgypojj.dll
2007-11-24 20:29 145,984 --a------ C:\WINDOWS\system32\specpkjj.dll
2007-11-18 07:54 36,352 --a------ C:\WINDOWS\system32\nnnmkig.dll
2007-11-15 18:16 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-11 11:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-26 14:28 <DIR> d-------- C:\Program Files\Guitar Pro 5
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-25 18:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-25 15:30 --------- d-----w C:\Program Files\Google
2007-11-24 20:33 --------- d-----w C:\Documents and Settings\User\Application Data\MediaScout
2007-11-23 01:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\MediaScout
2007-11-18 18:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-11-17 10:14 --------- d-----w C:\Program Files\mypoints
2007-11-14 23:53 --------- d-----w C:\Documents and Settings\User\Application Data\LimeWire
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
2007-10-05 06:35 --------- d-----w C:\Program Files\Guitar Pro 4
2007-06-05 03:56 39 ----a-w C:\Documents and Settings\User\go.bat
2007-03-12 19:26 30,880 ----a-w C:\Documents and Settings\User\Application Data\GDIPFONTCACHEV1.DAT
2006-06-24 21:04 3,126,084 ----a-w C:\Program Files\Name Munger.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9cee91ec-d70c-4eb8-b9dc-b82ed2f780e8}]
2007-11-25 20:31 79936 --a------ C:\WINDOWS\system32\htsbkrxw.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-24 20:30 145984 --a------ C:\WINDOWS\system32\smgypojj.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}]
2007-11-18 07:54 36352 --a------ C:\WINDOWS\system32\nnnmkig.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\smgypojj.dll [2007-11-24 20:30 145984]
[HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\smgypojj.dll [2007-11-24 20:30 145984]
[HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"NAV Agent"="C:\PROGRA~1\NORTON~1\navapw32.exe" [2001-10-26 06:24]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-06-07 22:09]
"EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-03-07 09:50]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 00:56 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2005-07-20 21:07 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RunDLL32.exe" [2004-08-04 00:56 C:\WINDOWS\system32\rundll32.exe]
"NWEReboot"="" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-11 10:21]
"785fbd9c"="C:\WINDOWS\system32\lxlawjid.dll" [2007-11-25 20:31]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"SchedulingAgent"="C:\WINDOWS\system32\mstask.exe" []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AutoStart IR.lnk - C:\Program Files\WinTV\Ir.exe [2006-08-08 23:52:31]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-11-25 10:30:35]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}"= C:\WINDOWS\system32\nnnmkig.dll [2007-11-18 07:54 36352]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnmkig]
nnnmkig.dll 2007-11-18 07:54 36352 C:\WINDOWS\system32\nnnmkig.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\smgypojj]
smgypojj.dll 2007-11-24 20:30 145984 C:\WINDOWS\system32\smgypojj.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\hgdde.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
"YBrowser"=C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
"YOP"=C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder
"2007-11-23 09:17:44 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\NAVW32.exe
"2007-11-26 04:02:33 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-11-25 23:02:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-25 23:05:36 - machine was rebooted
.
--- E O F ---
I let SAS run overnight
Here is the log file
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 11/26/2007 at 01:32 AM
Application Version : 3.9.1008
Core Rules Database Version : 3350
Trace Rules Database Version: 1349
Scan type : Complete Scan
Total Scan Time : 02:10:27
Memory items scanned : 446
Memory threats detected : 5
Registry items scanned : 6434
Registry threats detected : 136
File items scanned : 57208
File threats detected : 648
Adware.Vundo-Variant
C:\WINDOWS\SYSTEM32\SMGYPOJJ.DLL
C:\WINDOWS\SYSTEM32\SMGYPOJJ.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4BEAF1BF-8F9C-40C5-97D5-AE4D54DF8701}
HKCR\CLSID\{4BEAF1BF-8F9C-40C5-97D5-AE4D54DF8701}
HKCR\CLSID\{4BEAF1BF-8F9C-40C5-97D5-AE4D54DF8701}\InprocServer32
HKCR\CLSID\{4BEAF1BF-8F9C-40C5-97D5-AE4D54DF8701}\InprocServer32#ThreadingModel
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\smgypojj
C:\WINDOWS\SYSTEM32\SPECPKJJ.DLL
Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\NNNMKIG.DLL
C:\WINDOWS\SYSTEM32\NNNMKIG.DLL
HKLM\Software\Classes\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}\InprocServer32
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}
HKCR\CLSID\{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}
HKCR\CLSID\{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}\InprocServer32
HKCR\CLSID\{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\nnnmkig
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKCR\CLSID\{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}
Adware.Vundo-Variant/Small-A
C:\WINDOWS\SYSTEM32\LXLAWJID.DLL
C:\WINDOWS\SYSTEM32\LXLAWJID.DLL
HKLM\Software\Classes\CLSID\{9cee91ec-d70c-4eb8-b9dc-b82ed2f780e8}
HKCR\CLSID\{9CEE91EC-D70C-4EB8-B9DC-B82ED2F780E8}
HKCR\CLSID\{9CEE91EC-D70C-4EB8-B9DC-B82ED2F780E8}\InprocServer32
HKCR\CLSID\{9CEE91EC-D70C-4EB8-B9DC-B82ED2F780E8}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9cee91ec-d70c-4eb8-b9dc-b82ed2f780e8}
C:\WINDOWS\SYSTEM32\IPWKQMPK.DLL
Adware.Vundo Variant/Resident
C:\WINDOWS\SYSTEM32\GEBXX.DLL
C:\WINDOWS\SYSTEM32\GEBXX.DLL
Trojan.Downloader-NewJuan/VM
C:\WINDOWS\SYSTEM32\HTSBKRXW.DLL
C:\WINDOWS\SYSTEM32\HTSBKRXW.DLL
Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}\InprocServer32
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKU\S-1-5-21-1645522239-1708537768-1060284298-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{11A69AE4-FBED-4832-A2BF-45AF82825583}
Adware.Tracking Cookie
C:\Documents and Settings\User\Cookies\user@statcounter[1].txt
C:\Documents and Settings\User\Cookies\user@a.websponsors[2].txt
C:\Documents and Settings\User\Cookies\user@mediafire[1].txt
C:\Documents and Settings\User\Cookies\user@yadro[2].txt
C:\Documents and Settings\User\Cookies\user@crackle[2].txt
C:\Documents and Settings\User\Cookies\user@serving-sys[2].txt
C:\Documents and Settings\User\Cookies\user@buyrightjewelry[2].txt
C:\Documents and Settings\User\Cookies\user@ehg-valueclickmedia.hitbox[2].txt
C:\Documents and Settings\User\Cookies\user@fastclick[2].txt
C:\Documents and Settings\User\Cookies\user@xiti[1].txt
C:\Documents and Settings\User\Cookies\user@bidzcom.112.2o7[1].txt
C:\Documents and Settings\User\Cookies\user@www.burstbeacon[6].txt
C:\Documents and Settings\User\Cookies\user@trafficmp[3].txt
C:\Documents and Settings\User\Cookies\user@image.masterstats[2].txt
C:\Documents and Settings\User\Cookies\user@script[1].txt
C:\Documents and Settings\User\Cookies\user@ads.revsci[1].txt
C:\Documents and Settings\User\Cookies\user@adrevolver[4].txt
C:\Documents and Settings\User\Cookies\user@media.adrevolver[2].txt
C:\Documents and Settings\User\Cookies\user@48986480[1].txt
C:\Documents and Settings\User\Cookies\user@cz9.clickzs[2].txt
C:\Documents and Settings\User\Cookies\user@t4.trackalyzer[1].txt
C:\Documents and Settings\User\Cookies\user@CAIYZRAS.txt
C:\Documents and Settings\User\Cookies\user@tribalfusion[2].txt
C:\Documents and Settings\User\Cookies\user@revsci[2].txt
C:\Documents and Settings\User\Cookies\user@adopt.specificclick[4].txt
C:\Documents and Settings\User\Cookies\user@entrepreneur[1].txt
C:\Documents and Settings\User\Cookies\user@cgi[1].txt
C:\Documents and Settings\User\Cookies\user@cz6.clickzs[1].txt
C:\Documents and Settings\User\Cookies\user@questionmarket[1].txt
C:\Documents and Settings\User\Cookies\user@audit.median[1].txt
C:\Documents and Settings\User\Cookies\user@cz8.clickzs[1].txt
C:\Documents and Settings\User\Cookies\user@atdmt[2].txt
C:\Documents and Settings\User\Cookies\user@realmedia[4].txt
C:\Documents and Settings\User\Cookies\user@ads.expedia[1].txt
C:\Documents and Settings\User\Cookies\user@ads.realtechnetwork[1].txt
C:\Documents and Settings\User\Cookies\user@banner.32vegas[2].txt
C:\Documents and Settings\User\Cookies\user@tacoda[1].txt
C:\Documents and Settings\User\Cookies\user@partner2profit[2].txt
C:\Documents and Settings\User\Cookies\user@tase[2].txt
C:\Documents and Settings\User\Cookies\user@data1.perf.overture[2].txt
C:\Documents and Settings\User\Cookies\user@anad.tacoda[1].txt
C:\Documents and Settings\User\Cookies\user@ads.pointroll[1].txt
C:\Documents and Settings\User\Cookies\user@kaley[1].txt
C:\Documents and Settings\User\Cookies\user@belnk[1].txt
C:\Documents and Settings\User\Cookies\user@zedo[1].txt
C:\Documents and Settings\User\Cookies\user@doubleclick[1].txt
C:\Documents and Settings\User\Cookies\user@mediaplex[2].txt
C:\Documents and Settings\User\Cookies\user@rotator.adjuggler[1].txt
C:\Documents and Settings\User\Cookies\user@tgn.122.2o7[1].txt
C:\Documents and Settings\User\Cookies\user@tremor.adbureau[1].txt
C:\Documents and Settings\User\Cookies\user@ad[3].txt
C:\Documents and Settings\User\Cookies\user@fixionmedia[1].txt
C:\Documents and Settings\User\Cookies\user@adserver.easyad[1].txt
C:\Documents and Settings\User\Cookies\user@toplist[1].txt
C:\Documents and Settings\User\Cookies\user@cgi-bin[2].txt
C:\Documents and Settings\User\Cookies\user@serving.rpowermedia[1].txt
C:\Documents and Settings\User\Cookies\user@a-stat[1].txt
C:\Documents and Settings\User\Cookies\user@adlegend[1].txt
C:\Documents and Settings\User\Cookies\user@advertising[1].txt
C:\Documents and Settings\User\Cookies\user@statsgold[2].txt
C:\Documents and Settings\User\Cookies\user@onetruemedia[2].txt
C:\Documents and Settings\User\Cookies\user@www.drivecleaner[2].txt
C:\Documents and Settings\User\Cookies\user@ads.morpheus[1].txt
C:\Documents and Settings\User\Cookies\user@c22o7str7i9gnk5bi.usercash[1].txt
C:\Documents and Settings\User\Cookies\user@38286[2].txt
C:\Documents and Settings\User\Cookies\user@banner.rubybingo[2].txt
C:\Documents and Settings\User\Cookies\user@reunion.adbureau[2].txt
C:\Documents and Settings\User\Cookies\user@cgi-bin[3].txt
C:\Documents and Settings\User\Cookies\user@ads.addynamix[1].txt
C:\Documents and Settings\User\Cookies\user@popularmedia.directtrack[2].txt
C:\Documents and Settings\User\Cookies\user@adecn[2].txt
C:\Documents and Settings\User\Cookies\user@calc.avsystemcare[1].txt
C:\Documents and Settings\User\Cookies\user@nextag[2].txt
C:\Documents and Settings\User\Cookies\user@ad.zanox[1].txt
C:\Documents and Settings\User\Cookies\user@38266[1].txt
C:\Documents and Settings\User\Cookies\user@count.exitexchange[2].txt
C:\Documents and Settings\User\Cookies\user@login.tracking101[2].txt
C:\Documents and Settings\User\Cookies\user@cgi-bin[1].txt
C:\Documents and Settings\User\Cookies\user@ads3.blastro[2].txt
C:\Documents and Settings\User\Cookies\user@ads.fotolog[2].txt
C:\Documents and Settings\User\Cookies\user@adknowledge[2].txt
C:\Documents and Settings\User\Cookies\user@ats[2].txt
C:\Documents and Settings\User\Cookies\user@atwola[2].txt
C:\Documents and Settings\User\Cookies\user@cgi-bin[8].txt
C:\Documents and Settings\User\Cookies\user@www.macromedia[1].txt
C:\Documents and Settings\User\Cookies\user@adjuggler[1].txt
C:\Documents and Settings\User\Cookies\user@collective-media[2].txt
C:\Documents and Settings\User\Cookies\user@www2.burstnet[2].txt
C:\Documents and Settings\User\Cookies\user@ads.glispa[2].txt
C:\Documents and Settings\User\Cookies\user@vip.clickzs[2].txt
C:\Documents and Settings\User\Cookies\user@ad1.clickhype[1].txt
C:\Documents and Settings\User\Cookies\user@findwhat[1].txt
C:\Documents and Settings\User\Cookies\user@cz4.clickzs[1].txt
C:\Documents and Settings\User\Cookies\user@cgi-bin[10].txt
C:\Documents and Settings\User\Cookies\user@cz3.clickzs[1].txt
C:\Documents and Settings\User\Cookies\user@medianewsgroup[2].txt
C:\Documents and Settings\User\Cookies\user@clicktorrent[1].txt
C:\Documents and Settings\User\Cookies\user@bs.serving-sys[2].txt
C:\Documents and Settings\User\Cookies\user@banner.diamondclubcasino[2].txt
C:\Documents and Settings\User\Cookies\user@stats[4].txt
C:\Documents and Settings\User\Cookies\user@www.belstat[3].txt
C:\Documents and Settings\User\Cookies\user@www.belstat[2].txt
C:\Documents and Settings\User\Cookies\user@banner.ambercoastcasino[2].txt
C:\Documents and Settings\User\Cookies\user@stats.drivecleaner[2].txt
C:\Documents and Settings\User\Cookies\user@ads.image2share[2].txt
C:\Documents and Settings\User\Cookies\user@franceguide[2].txt
C:\Documents and Settings\User\Cookies\user@banners.decisionmark[2].txt
C:\Documents and Settings\User\Cookies\user@s50.drivecleaner[1].txt
C:\Documents and Settings\User\Cookies\user@ads.jokaroo[2].txt
C:\Documents and Settings\User\Cookies\user@ad.text.tbn[1].txt
C:\Documents and Settings\User\Cookies\user@ad.wedoo[1].txt
C:\Documents and Settings\User\Cookies\user@rapidresponse.directtrack[2].txt
C:\Documents and Settings\User\Cookies\user@banner.prestige-bingo[2].txt
C:\Documents and Settings\User\Cookies\user@38267[1].txt
C:\Documents and Settings\User\Cookies\user@www.belstat[4].txt
C:\Documents and Settings\User\Cookies\user@host.oddcast[1].txt
C:\Documents and Settings\User\Cookies\user@i[2].txt
C:\Documents and Settings\User\Cookies\user@drivecleaner[2].txt
C:\Documents and Settings\User\Cookies\user@www.adtrak[2].txt
C:\Documents and Settings\User\Cookies\user@go.drivecleaner[1].txt
C:\Documents and Settings\User\Cookies\user@cgi-bin[12].txt
C:\Documents and Settings\User\Cookies\user@try.starware[1].txt
C:\Documents and Settings\User\Cookies\user@mb[5].txt
C:\Documents and Settings\User\Cookies\user@38273[1].txt
C:\Documents and Settings\User\Cookies\user@banner.prestige-poker[2].txt
C:\Documents and Settings\User\Cookies\user@hit.stat[1].txt
C:\Documents and Settings\User\Cookies\user@38278[2].txt
C:\Documents and Settings\User\Cookies\user@specificclick[4].txt
C:\Documents and Settings\User\Cookies\user@intaclick[2].txt
C:\Documents and Settings\User\Cookies\user@adv.surinter[1].txt
C:\Documents and Settings\User\Cookies\user@track.adrevolver[2].txt
C:\Documents and Settings\User\Cookies\user@ads.gametap[2].txt
C:\Documents and Settings\User\Cookies\user@banner.rubybingo.co[2].txt
C:\Documents and Settings\User\Cookies\user@ltraffic[1].txt
C:\Documents and Settings\User\Cookies\user@free.wegcash[2].txt
C:\Documents and Settings\User\Cookies\user@richmedia.yahoo[2].txt
C:\Documents and Settings\User\Cookies\user@www.clickmanage[2].txt
C:\Documents and Settings\User\Cookies\user@ads.as4x.tmcs.ticketmaster[1].txt
C:\Documents and Settings\User\Cookies\user@banner.diamondclubpoker[2].txt
C:\Documents and Settings\User\Cookies\user@mediaservices.myspace[1].txt
C:\Documents and Settings\User\Cookies\user@ads.facebook[1].txt
C:\Documents and Settings\User\Cookies\user@linkto.mediafire[2].txt
C:\Documents and Settings\User\Cookies\user@38289[1].txt
C:\Documents and Settings\User\Cookies\user@ad.abum[1].txt
C:\Documents and Settings\User\Cookies\user@usenext[2].txt
C:\Documents and Settings\User\Cookies\user@banner.cdpoker[2].txt
C:\Documents and Settings\User\Cookies\user@trafficdashboard[2].txt
C:\Documents and Settings\User\Cookies\user@ehg-bestbuy.hitbox[2].txt
C:\Documents and Settings\User\Cookies\user@media[1].txt
C:\Documents and Settings\User\Cookies\user@stats[2].txt
C:\Documents and Settings\User\Cookies\user@onlinerewardcenter[1].txt
C:\Documents and Settings\User\Cookies\user@13045352[1].txt
C:\Documents and Settings\User\Cookies\user@www.viruslocker[1].txt
C:\Documents and Settings\User\Cookies\user@stats2.reliablestats[1].txt
C:\Documents and Settings\User\Cookies\user@apmebf[3].txt
C:\Documents and Settings\User\Cookies\user@ads.ak.facebook[2].txt
C:\Documents and Settings\User\Cookies\user@78132904[1].txt
C:\Documents and Settings\User\Cookies\user@komtrack[2].txt
C:\Documents and Settings\User\Cookies\user@entrepreneur.122.2o7[1].txt
C:\Documents and Settings\User\Cookies\user@media6degrees[1].txt
C:\Documents and Settings\User\Cookies\user@azjmp[3].txt
C:\Documents and Settings\User\Cookies\user@click.cashengines[1].txt
C:\Documents and Settings\User\Cookies\user@23326[2].txt
C:\Documents and Settings\User\Cookies\user@4stats[2].txt
C:\Documents and Settings\User\Cookies\user@rdr.hitmngr[2].txt
C:\Documents and Settings\User\Cookies\user@www.redorbit[1].txt
C:\Documents and Settings\User\Cookies\user@ads.cnn[2].txt
C:\Documents and Settings\User\Cookies\user@winspycontrol[1].txt
C:\Documents and Settings\User\Cookies\user@ads4.blastro[1].txt
C:\Documents and Settings\User\Cookies\user@ads.tarrobads[1].txt
C:\Documents and Settings\User\Cookies\user@ads.usercash[2].txt
C:\Documents and Settings\User\Cookies\user@eas.apm.emediate[1].txt
C:\Documents and Settings\User\Cookies\user@my-calorie-counter[1].txt
C:\Documents and Settings\User\Cookies\user@ad.xplusone[2].txt
C:\Documents and Settings\User\Cookies\user@st[13].txt
C:\Documents and Settings\User\Cookies\user@1[1].txt
C:\Documents and Settings\User\Cookies\user@2.marketbanker[2].txt
C:\Documents and Settings\User\Cookies\user@ads.as4x.tmcs[1].txt
C:\Documents and Settings\User\Cookies\user@edge.ru4[2].txt
C:\Documents and Settings\User\Cookies\user@winsecureav[2].txt
C:\Documents and Settings\User\Cookies\user@a[3].txt
C:\Documents and Settings\User\Cookies\user@classifiedventures1.112.2o7[1].txt
C:\Documents and Settings\User\Cookies\user@tracker.mediatracker.co[2].txt
C:\Documents and Settings\User\Cookies\user@euros4click[2].txt
C:\Documents and Settings\User\Cookies\user@freecodesource.advertserve[2].txt
C:\Documents and Settings\User\Cookies\user@www.tns-counter[1].txt
C:\Documents and Settings\User\Cookies\user@reunioncom.112.2o7[1].txt
C:\Documents and Settings\User\Cookies\user@watch[1].txt
C:\Documents and Settings\User\Cookies\user@secureorder.directtrack[2].txt
C:\Documents and Settings\User\Cookies\user@clickaider[1].txt
C:\Documents and Settings\User\Cookies\user@adsrevenue[2].txt
C:\Documents and Settings\User\Cookies\user@gostats[1].txt
C:\Documents and Settings\User\Cookies\user@directtrack[2].txt
C:\Documents and Settings\User\Cookies\user@interclick[1].txt
C:\Documents and Settings\User\Cookies\user@ads.crakmedia[1].txt
C:\Documents and Settings\User\Cookies\user@t6[2].txt
C:\Documents and Settings\User\Cookies\user@incentreward.directtrack[2].txt
C:\Documents and Settings\User\Cookies\user@ehg-aarp.hitbox[2].txt
C:\Documents and Settings\User\Cookies\user@www.avsystemcare[1].txt
C:\Documents and Settings\User\Cookies\user@atlas.entrepreneur[2].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[10].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[11].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[12].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[13].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[14].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[15].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[16].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[17].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[18].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[19].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[1].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[20].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[21].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[22].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[23].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[24].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[25].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[26].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[27].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[28].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[29].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[2].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[30].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[31].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[32].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[33].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[34].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[35].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[36].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[37].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[38].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[39].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[3].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[40].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[41].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[42].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[43].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[44].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[45].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[46].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[47].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[48].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[49].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[4].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[50].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[51].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[52].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[53].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[54].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[55].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[56].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[57].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[58].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[59].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[5].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[60].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[61].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[62].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[63].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[64].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[65].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[66].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[67].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[68].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[69].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[6].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[70].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[71].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[72].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[73].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[74].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[75].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[76].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[77].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[78].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[79].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[7].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[80].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[81].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[82].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[83].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[84].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[85].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[86].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[87].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[88].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[89].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[8].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[90].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[91].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[92].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[93].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[94].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[95].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[96].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[97].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[98].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[99].txt
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[9].txt
C:\Documents and Settings\User\Cookies\user@adopt.specificclick[1].txt
C:\Documents and Settings\User\Cookies\user@adopt.specificclick[2].txt
C:\Documents and Settings\User\Cookies\user@adrevolver[1].txt
C:\Documents and Settings\User\Cookies\user@adrevolver[3].txt
C:\Documents and Settings\User\Cookies\user@adrevolver[5].txt
C:\Documents and Settings\User\Cookies\user@adrevolver[6].txt
C:\Documents and Settings\User\Cookies\user@apmebf[1].txt
C:\Documents and Settings\User\Cookies\user@apmebf[2].txt
C:\Documents and Settings\User\Cookies\user@azjmp[1].txt
C:\Documents and Settings\User\Cookies\user@azjmp[2].txt
C:\Documents and Settings\User\Cookies\user@counter[1].txt
C:\Documents and Settings\User\Cookies\user@estats[1].txt
C:\Documents and Settings\User\Cookies\user@questionmarket[2].txt
C:\Documents and Settings\User\Cookies\user@realmedia[1].txt
C:\Documents and Settings\User\Cookies\user@realmedia[2].txt
C:\Documents and Settings\User\Cookies\user@specificclick[1].txt
C:\Documents and Settings\User\Cookies\user@specificclick[2].txt
C:\Documents and Settings\User\Cookies\user@trafficmp[1].txt
C:\Documents and Settings\User\Cookies\user@trafficmp[2].txt
C:\Documents and Settings\User\Cookies\user@traffic[1].txt
C:\Documents and Settings\User\Cookies\user@tribalfusion[1].txt
C:\Documents and Settings\User\Cookies\user@www.burstbeacon[1].txt
C:\Documents and Settings\User\Cookies\user@www.burstbeacon[2].txt
C:\Documents and Settings\User\Cookies\user@www.burstbeacon[3].txt
C:\Documents and Settings\User\Cookies\user@www.burstbeacon[5].txt
C:\Documents and Settings\User\Cookies\user@zedo[2].txt
Trojan.Security Toolbar
C:\Documents and Settings\User\Favorites\Antivirus Test Online.url
Trojan.Media-Codec/V4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Audio-Video Enhance
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Audio-Video Enhance#ProductionEnvironment
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Audio-Video Enhance#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Audio-Video Enhance#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Audio-Video Enhance#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Audio-Video Enhance#DisplayIcon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Audio-Video Enhance#DisplayVersion
HKCR\multimediaControls.chl
HKCR\multimediaControls.chl\CLSID
Malware.VirusProtect
HKCR\CLSID\{B7C9058D-0F9C-32C0-83B6-740DFD8A6726}
HKCR\CLSID\{B7C9058D-0F9C-32C0-83B6-740DFD8A6726}\boBe
HKCR\CLSID\{B7C9058D-0F9C-32C0-83B6-740DFD8A6726}\iiaurQ
HKCR\CLSID\{B7C9058D-0F9C-32C0-83B6-740DFD8A6726}\InprocServer32
HKCR\CLSID\{B7C9058D-0F9C-32C0-83B6-740DFD8A6726}\InprocServer32#ThreadingModel
HKCR\CLSID\{B7C9058D-0F9C-32C0-83B6-740DFD8A6726}\rDqs
HKCR\CLSID\{B7C9058D-0F9C-32C0-83B6-740DFD8A6726}\rzmNnf
HKCR\CLSID\{B7C9058D-0F9C-32C0-83B6-740DFD8A6726}\StNqozWcdaK
HKCR\CLSID\{B7C9058D-0F9C-32C0-83B6-740DFD8A6726}\vmXoliSscqdEt
HKCR\CLSID\{B7C9058D-0F9C-32C0-83B6-740DFD8A6726}\xBud
HKCR\TypeLib\{3B8E549E-0C73-4AAB-8939-5EA2ED102CC6}
HKCR\TypeLib\{3B8E549E-0C73-4AAB-8939-5EA2ED102CC6}\1.0
HKCR\TypeLib\{3B8E549E-0C73-4AAB-8939-5EA2ED102CC6}\1.0\0
HKCR\TypeLib\{3B8E549E-0C73-4AAB-8939-5EA2ED102CC6}\1.0\0\win32
HKCR\TypeLib\{3B8E549E-0C73-4AAB-8939-5EA2ED102CC6}\1.0\FLAGS
HKCR\TypeLib\{3B8E549E-0C73-4AAB-8939-5EA2ED102CC6}\1.0\HELPDIR
HKCR\Interface\{21688E5D-A895-4B60-B127-B76607420334}
HKCR\Interface\{21688E5D-A895-4B60-B127-B76607420334}\ProxyStubClsid
HKCR\Interface\{21688E5D-A895-4B60-B127-B76607420334}\ProxyStubClsid32
HKCR\Interface\{21688E5D-A895-4B60-B127-B76607420334}\TypeLib
HKCR\Interface\{21688E5D-A895-4B60-B127-B76607420334}\TypeLib#Version
HKCR\Interface\{40E563B2-61B2-4215-819A-A7E24CF8AA3E}
HKCR\Interface\{40E563B2-61B2-4215-819A-A7E24CF8AA3E}\ProxyStubClsid
HKCR\Interface\{40E563B2-61B2-4215-819A-A7E24CF8AA3E}\ProxyStubClsid32
HKCR\Interface\{40E563B2-61B2-4215-819A-A7E24CF8AA3E}\TypeLib
HKCR\Interface\{40E563B2-61B2-4215-819A-A7E24CF8AA3E}\TypeLib#Version
HKCR\Interface\{45FBEFBF-E8B6-44A5-B0A1-A143E1A74816}
HKCR\Interface\{45FBEFBF-E8B6-44A5-B0A1-A143E1A74816}\ProxyStubClsid
HKCR\Interface\{45FBEFBF-E8B6-44A5-B0A1-A143E1A74816}\ProxyStubClsid32
HKCR\Interface\{45FBEFBF-E8B6-44A5-B0A1-A143E1A74816}\TypeLib
HKCR\Interface\{45FBEFBF-E8B6-44A5-B0A1-A143E1A74816}\TypeLib#Version
HKCR\Interface\{5146B43E-B36D-4A2A-B617-CC05CC500150}
HKCR\Interface\{5146B43E-B36D-4A2A-B617-CC05CC500150}\ProxyStubClsid
HKCR\Interface\{5146B43E-B36D-4A2A-B617-CC05CC500150}\ProxyStubClsid32
HKCR\Interface\{5146B43E-B36D-4A2A-B617-CC05CC500150}\TypeLib
HKCR\Interface\{5146B43E-B36D-4A2A-B617-CC05CC500150}\TypeLib#Version
HKCR\Interface\{5B8BED0F-5F18-4051-9908-C5C569A1AAE9}
HKCR\Interface\{5B8BED0F-5F18-4051-9908-C5C569A1AAE9}\ProxyStubClsid
HKCR\Interface\{5B8BED0F-5F18-4051-9908-C5C569A1AAE9}\ProxyStubClsid32
HKCR\Interface\{5B8BED0F-5F18-4051-9908-C5C569A1AAE9}\TypeLib
HKCR\Interface\{5B8BED0F-5F18-4051-9908-C5C569A1AAE9}\TypeLib#Version
HKCR\Interface\{63667718-EBF2-4CAB-B1E8-994D41589C24}
HKCR\Interface\{63667718-EBF2-4CAB-B1E8-994D41589C24}\ProxyStubClsid
HKCR\Interface\{63667718-EBF2-4CAB-B1E8-994D41589C24}\ProxyStubClsid32
HKCR\Interface\{63667718-EBF2-4CAB-B1E8-994D41589C24}\TypeLib
HKCR\Interface\{63667718-EBF2-4CAB-B1E8-994D41589C24}\TypeLib#Version
HKCR\Interface\{972F0BE3-976F-40B8-8EB4-88A25987416E}
HKCR\Interface\{972F0BE3-976F-40B8-8EB4-88A25987416E}\ProxyStubClsid
HKCR\Interface\{972F0BE3-976F-40B8-8EB4-88A25987416E}\ProxyStubClsid32
HKCR\Interface\{972F0BE3-976F-40B8-8EB4-88A25987416E}\TypeLib
HKCR\Interface\{972F0BE3-976F-40B8-8EB4-88A25987416E}\TypeLib#Version
HKCR\Interface\{9F80EA2D-53CF-4AA5-A154-F4FBF1EF6A5A}
HKCR\Interface\{9F80EA2D-53CF-4AA5-A154-F4FBF1EF6A5A}\ProxyStubClsid
HKCR\Interface\{9F80EA2D-53CF-4AA5-A154-F4FBF1EF6A5A}\ProxyStubClsid32
HKCR\Interface\{9F80EA2D-53CF-4AA5-A154-F4FBF1EF6A5A}\TypeLib
HKCR\Interface\{9F80EA2D-53CF-4AA5-A154-F4FBF1EF6A5A}\TypeLib#Version
HKCR\Interface\{A35F8FAC-755D-4F90-A5D3-F7E18D9EB100}
HKCR\Interface\{A35F8FAC-755D-4F90-A5D3-F7E18D9EB100}\ProxyStubClsid
HKCR\Interface\{A35F8FAC-755D-4F90-A5D3-F7E18D9EB100}\ProxyStubClsid32
HKCR\Interface\{A35F8FAC-755D-4F90-A5D3-F7E18D9EB100}\TypeLib
HKCR\Interface\{A35F8FAC-755D-4F90-A5D3-F7E18D9EB100}\TypeLib#Version
HKCR\Interface\{C269F4C1-7558-4DFC-9FB6-4C149B482586}
HKCR\Interface\{C269F4C1-7558-4DFC-9FB6-4C149B482586}\ProxyStubClsid
HKCR\Interface\{C269F4C1-7558-4DFC-9FB6-4C149B482586}\ProxyStubClsid32
HKCR\Interface\{C269F4C1-7558-4DFC-9FB6-4C149B482586}\TypeLib
HKCR\Interface\{C269F4C1-7558-4DFC-9FB6-4C149B482586}\TypeLib#Version
HKCR\Interface\{CE92A296-3142-493C-B64E-6ED73EAFB9AE}
HKCR\Interface\{CE92A296-3142-493C-B64E-6ED73EAFB9AE}\ProxyStubClsid
HKCR\Interface\{CE92A296-3142-493C-B64E-6ED73EAFB9AE}\ProxyStubClsid32
HKCR\Interface\{CE92A296-3142-493C-B64E-6ED73EAFB9AE}\TypeLib
HKCR\Interface\{CE92A296-3142-493C-B64E-6ED73EAFB9AE}\TypeLib#Version
HKCR\Interface\{D7C0DF6C-91FF-48BD-AD98-E35769394138}
HKCR\Interface\{D7C0DF6C-91FF-48BD-AD98-E35769394138}\ProxyStubClsid
HKCR\Interface\{D7C0DF6C-91FF-48BD-AD98-E35769394138}\ProxyStubClsid32
HKCR\Interface\{D7C0DF6C-91FF-48BD-AD98-E35769394138}\TypeLib
HKCR\Interface\{D7C0DF6C-91FF-48BD-AD98-E35769394138}\TypeLib#Version
HKCR\Interface\{D8EC2704-B249-4495-A7A4-A90857BDDF4D}
HKCR\Interface\{D8EC2704-B249-4495-A7A4-A90857BDDF4D}\ProxyStubClsid
HKCR\Interface\{D8EC2704-B249-4495-A7A4-A90857BDDF4D}\ProxyStubClsid32
HKCR\Interface\{D8EC2704-B249-4495-A7A4-A90857BDDF4D}\TypeLib
HKCR\Interface\{D8EC2704-B249-4495-A7A4-A90857BDDF4D}\TypeLib#Version
HKCR\Interface\{D91E9F36-9E44-44AB-803C-0D941FDA7988}
HKCR\Interface\{D91E9F36-9E44-44AB-803C-0D941FDA7988}\ProxyStubClsid
HKCR\Interface\{D91E9F36-9E44-44AB-803C-0D941FDA7988}\ProxyStubClsid32
HKCR\Interface\{D91E9F36-9E44-44AB-803C-0D941FDA7988}\TypeLib
HKCR\Interface\{D91E9F36-9E44-44AB-803C-0D941FDA7988}\TypeLib#Version
HKCR\Interface\{E0757BDD-69BE-4C3F-AFC6-50D6524FA9B6}
HKCR\Interface\{E0757BDD-69BE-4C3F-AFC6-50D6524FA9B6}\ProxyStubClsid
HKCR\Interface\{E0757BDD-69BE-4C3F-AFC6-50D6524FA9B6}\ProxyStubClsid32
HKCR\Interface\{E0757BDD-69BE-4C3F-AFC6-50D6524FA9B6}\TypeLib
HKCR\Interface\{E0757BDD-69BE-4C3F-AFC6-50D6524FA9B6}\TypeLib#Version
HKCR\Interface\{F2F8C877-B06C-4B5E-95E7-AACFC9E8219D}
HKCR\Interface\{F2F8C877-B06C-4B5E-95E7-AACFC9E8219D}\ProxyStubClsid
HKCR\Interface\{F2F8C877-B06C-4B5E-95E7-AACFC9E8219D}\ProxyStubClsid32
HKCR\Interface\{F2F8C877-B06C-4B5E-95E7-AACFC9E8219D}\TypeLib
HKCR\Interface\{F2F8C877-B06C-4B5E-95E7-AACFC9E8219D}\TypeLib#Version
Trojan.Unknown Origin
C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\ICO10.TMP
C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\ICO11.TMP
C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\ICO12.TMP
C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\ICO1A.TMP
C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\ICO1B.TMP
C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\ICO1C.TMP
C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\ICO1D.TMP
C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\ICO1E.TMP
C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\ICO1F.TMP
C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\ICO20.TMP
C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\ICO21.TMP
C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\ICO22.TMP
C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\ICO23.TMP
C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\ICOE.TMP
C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\ICOF.TMP
Trojan.Downloader-Gen/Inst2
C:\FE4.TMP
Adware.Vundo/Traff-2
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\RPTFWTTW.EXE.VIR
Trojan.Downloader-Gen/DDC
C:\WINDOWS\SYSTEM32\INDEWLDJ.EXE
C:\WINDOWS\SYSTEM32\OEQNWPAP.EXE
C:\WINDOWS\Prefetch\OEQNWPAP.EXE-2A02AA5F.pf
Edited by Denny k, 26 November 2007 - 05:54 AM.