Winbluesoft removal

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

Winbluesoft removalWed Mar 23, 2011 5:19 am

Hi,

My comp has winbluesoft (at least I assume that's it as i'm having the same problems as others who had it), have tried my best to remove but i'm none too tech-savvy so would be extremely grateful if anyone here could help me out.

So far I have:

- Installed MBAM (got an error message when I tried to updated it though so it was a 92 days old version) and run it in safe mode. It detected several problems and removed them, I rebooted as it instructed but nothing had changed.

- Tried to install the "updates to perform" as instructed at: http://www.GeekPolice.net/t3821-read-this-before-posting but my comp didn't allow me to run/install the Java JRE program while in safe mode so I gave up on that.

- Installed OTL and ran the scan as instructed, results below:

"OLT.txt" document:

OTL logfile created on: 3/23/2011 7:54:38 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\owner\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 40.21 Gb Total Space | 11.13 Gb Free Space | 27.67% Space Free | Partition Type: NTFS
Drive D: | 40.06 Gb Total Space | 38.01 Gb Free Space | 94.88% Space Free | Partition Type: NTFS
Drive E: | 40.10 Gb Total Space | 39.35 Gb Free Space | 98.12% Space Free | Partition Type: NTFS
Drive F: | 22.31 Gb Total Space | 21.35 Gb Free Space | 95.66% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/23 19:47:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.com
PRC - [2009/10/31 16:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/03/23 19:47:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.com
MOD - [2011/03/23 16:22:21 | 000,057,856 | -H-- | M] () -- C:\Windows\System32\cofinger.dll
MOD - [2010/08/21 16:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/06/07 20:55:37 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/01 18:29:37 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/14 12:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 12:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 12:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2010/06/07 18:22:43 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/07/14 12:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 12:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 12:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 10:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 10:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 10:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 10:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 10:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/14 09:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2009/07/14 09:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://iat.ninemsn.com.au/tickler/default.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5B 03 74 A7 53 C8 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[2010/08/17 20:25:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Extensions
[2010/08/17 20:25:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/03/23 17:46:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/06/11 08:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Daemon tools\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\RunOnce: [kDhMeDgEfPk09001] C:\ProgramData\kDhMeDgEfPk09001\kDhMeDgEfPk09001.exe ()
O4 - Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Users\owner\Desktop\Eds\Limewire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: comxa.com ([foonix] http in Trusted sites)
O15 - HKCU\..Trusted Domains: tinypic.com ([i40] http in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 08:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/03/15 14:19:55 | 000,000,093 | RH-- | M] () - C:\AutoRun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/03/15 14:19:55 | 000,000,093 | RH-- | M] () - D:\AutoRun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/03/15 14:19:55 | 000,000,093 | RH-- | M] () - E:\AutoRun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/03/15 14:19:55 | 000,000,093 | RH-- | M] () - F:\AutoRun.inf -- [ NTFS ]
O33 - MountPoints2\{ad55dae0-7205-11df-8fb5-001e378e5679}\Shell - "" = AutoRun
O33 - MountPoints2\{ad55dae0-7205-11df-8fb5-001e378e5679}\Shell\AutoRun\command - "" = H:\ADBEPHSPCS3_WWE.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: atfmon - (C:\Windows\system32\cofinger.dll) - C:\Windows\System32\cofinger.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {37B2D207-4C3A-DDBB-FED1-90B981E258F7} - Themes Setup
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6B49776A-8A65-C7D6-D816-8AF41BF9639C} - Themes Setup
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2011/03/23 19:47:21 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.com
[2011/03/23 18:36:29 | 016,525,088 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\owner\Desktop\jre-6u24-windows-i586.exe
[2011/03/23 17:19:08 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Malwarebytes
[2011/03/23 17:18:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/03/23 17:18:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/23 17:18:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/03/23 17:18:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/03/23 17:18:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/23 17:04:45 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\owner\Desktop\mbam-setup.exe
[2011/03/23 16:22:03 | 000,000,000 | ---D | C] -- C:\ProgramData\kDhMeDgEfPk09001
[2011/03/22 14:20:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/03/09 09:47:59 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/03/09 09:47:59 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2011/03/09 09:47:59 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/03/09 09:47:59 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/03/07 11:58:56 | 000,402,840 | ---- | C] (SATO International Pte Ltd) -- C:\Windows\System32\PrintAX.ocx
[2011/02/22 21:48:48 | 000,000,000 | ---D | C] -- C:\Program Files\XeroCreative
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\owner\Desktop\*.tmp files -> C:\Users\owner\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/23 19:47:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.com
[2011/03/23 19:42:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/23 19:42:14 | 1577,816,064 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/23 18:37:21 | 016,525,088 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\owner\Desktop\jre-6u24-windows-i586.exe
[2011/03/23 18:22:36 | 000,013,808 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/23 18:22:36 | 000,013,808 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/23 18:20:31 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2011/03/23 17:18:56 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/23 17:04:55 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\owner\Desktop\mbam-setup.exe
[2011/03/23 16:22:21 | 000,057,856 | -H-- | M] () -- C:\Windows\System32\cofinger.dll
[2011/03/17 16:48:37 | 000,000,059 | ---- | M] () -- C:\Windows\wpd99.drv
[2011/03/07 11:59:18 | 000,618,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/07 11:59:18 | 000,104,546 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/28 20:13:50 | 000,000,801 | ---- | M] () -- C:\Users\owner\Desktop\Anki.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\owner\Desktop\*.tmp files -> C:\Users\owner\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/23 18:20:31 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
[2011/03/23 17:18:56 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/23 16:22:21 | 000,057,856 | -H-- | C] () -- C:\Windows\System32\cofinger.dll
[2011/02/28 20:13:50 | 000,000,801 | ---- | C] () -- C:\Users\owner\Desktop\Anki.lnk
[2011/02/22 21:48:51 | 000,002,595 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shortcut to Yugioh Virtual Desktop 9_1.exe.lnk
[2010/09/26 15:00:48 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010/09/07 09:59:01 | 000,000,028 | ---- | C] () -- C:\Windows\pdf995.ini
[2010/09/07 09:56:05 | 000,051,716 | ---- | C] () -- C:\Windows\System32\pdf995mon.dll
[2010/09/07 09:56:05 | 000,000,059 | ---- | C] () -- C:\Windows\wpd99.drv
[2010/08/18 09:25:12 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010/06/22 15:45:02 | 000,003,584 | ---- | C] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/07 18:05:09 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2010/03/29 20:36:16 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/09/23 20:16:08 | 002,050,952 | ---- | C] () -- C:\Windows\System32\igkrng400.bin
[2009/07/14 15:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 15:33:53 | 002,475,656 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 13:05:48 | 000,618,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 13:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 13:05:48 | 000,104,546 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 13:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 13:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 13:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 11:59:08 | 000,011,776 | ---- | C] () -- C:\Windows\System32\SaSegFlt.dll
[2009/07/14 11:58:40 | 000,037,376 | ---- | C] () -- C:\Windows\System32\SaImgFlt.dll
[2009/07/14 11:58:25 | 000,010,240 | ---- | C] () -- C:\Windows\System32\SaErHdlr.dll
[2009/07/14 11:56:53 | 000,159,232 | ---- | C] () -- C:\Windows\System32\SaMinDrv.dll
[2009/07/14 11:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/14 10:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 10:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 10:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/11 08:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== Custom Scans ==========

< %systemroot%\Fonts\*.com >
[2009/07/14 15:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 15:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 15:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 15:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/11 08:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/07/14 12:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll
[2009/07/14 12:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2010/09/18 15:42:00 | 000,001,686 | -HS- | M] () -- C:\Users\owner\AppData\Roaming\Microsoft\LastFlashConfig.wfc

< %PROGRAMFILES%\*.* >
[2009/07/14 15:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/03/24 16:18:23 | 000,000,221 | -HS- | M] () -- C:\Users\owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/03/23 18:37:21 | 016,525,088 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\owner\Desktop\jre-6u24-windows-i586.exe
[2011/03/23 17:04:55 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\owner\Desktop\mbam-setup.exe
[1 C:\Users\owner\Desktop\*.tmp files -> C:\Users\owner\Desktop\*.tmp -> ]

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/11 08:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/08/03 20:27:33 | 000,000,402 | -HS- | M] () -- C:\Users\owner\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.sys >
[2009/07/14 08:40:41 | 000,009,029 | ---- | M] () -- C:\Windows\System32\ANSI.SYS
[2009/07/14 12:26:21 | 000,249,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2009/07/14 08:40:44 | 000,027,097 | ---- | M] () -- C:\Windows\System32\country.sys
[2009/07/14 08:40:40 | 000,004,768 | ---- | M] () -- C:\Windows\System32\HIMEM.SYS
[2009/07/14 08:40:43 | 000,042,809 | ---- | M] () -- C:\Windows\System32\KEY01.SYS
[2009/07/14 08:40:43 | 000,042,537 | ---- | M] () -- C:\Windows\System32\KEYBOARD.SYS
[2009/07/14 08:40:23 | 000,027,866 | ---- | M] () -- C:\Windows\System32\NTDOS.SYS
[2009/07/14 08:40:31 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS404.SYS
[2009/07/14 08:40:35 | 000,029,370 | ---- | M] () -- C:\Windows\System32\NTDOS411.SYS
[2009/07/14 08:40:39 | 000,029,274 | ---- | M] () -- C:\Windows\System32\NTDOS412.SYS
[2009/07/14 08:40:27 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS804.SYS
[2009/07/14 08:40:11 | 000,033,952 | ---- | M] () -- C:\Windows\System32\NTIO.SYS
[2009/07/14 08:40:15 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO404.SYS
[2009/07/14 08:40:17 | 000,035,776 | ---- | M] () -- C:\Windows\System32\NTIO411.SYS
[2009/07/14 08:40:19 | 000,035,536 | ---- | M] () -- C:\Windows\System32\NTIO412.SYS
[2009/07/14 08:40:13 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO804.SYS
[2011/01/05 14:37:38 | 002,329,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2009/07/14 12:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll
[2009/07/14 12:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

< %SYSTEMDRIVE%\*.* >
[2007/05/04 02:32:29 | 000,000,385 | ---- | M] () -- C:\10099.exe
[2007/05/04 02:32:29 | 000,000,385 | ---- | M] () -- C:\90210.exe
[2007/05/04 02:32:29 | 000,000,385 | ---- | M] () -- C:\apnet.exe
[2009/06/11 08:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2010/03/15 14:19:55 | 000,000,093 | RH-- | M] () -- C:\AutoRun.inf
[2010/03/13 12:22:01 | 000,000,211 | -H-- | M] () -- C:\Boot.BAK
[2010/03/18 15:14:32 | 000,000,355 | RHS- | M] () -- C:\Boot.ini.saved
[2008/04/14 23:00:00 | 000,322,730 | RHS- | M] () -- C:\bootfont.bin
[2009/07/14 12:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/03/18 15:14:34 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009/06/11 08:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/11/23 19:33:10 | 000,002,154 | RHS- | M] () -- C:\favorder3.dat
[2011/03/23 18:20:31 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2010/03/18 04:41:38 | 000,181,408 | RHS- | M] () -- C:\grldr
[2011/03/23 19:42:14 | 1577,816,064 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/04 23:09:50 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/01/21 18:08:43 | 000,002,676 | ---- | M] () -- C:\jtts4_sapi5.log
[2009/06/04 23:09:50 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 23:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 23:00:00 | 000,257,728 | RHS- | M] () -- C:\ntldr
[2011/03/23 19:42:18 | 2103,754,752 | -HS- | M] () -- C:\pagefile.sys

< %PROGRAMFILES%\*. >
[2010/06/07 20:59:41 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/04/22 17:41:14 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Media Player
[2010/06/07 21:00:37 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/09/26 14:59:46 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/07/14 18:50:29 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Maker
[2011/02/17 14:58:32 | 000,000,000 | ---D | M] -- C:\Program Files\Free RAR Extract Frog
[2010/03/30 15:30:53 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2011/02/09 23:17:16 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/08/17 20:24:23 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2011/03/23 17:18:56 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/03 13:25:59 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2010/03/29 20:35:36 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2009/07/14 18:50:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2010/04/07 10:38:17 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/03/29 20:35:18 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2011/03/22 14:20:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/07/14 15:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/04/07 10:37:52 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2010/09/07 09:58:28 | 000,000,000 | ---D | M] -- C:\Program Files\pdf995
[2010/08/01 22:35:14 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/09/26 14:59:51 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2009/07/14 15:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/03/25 21:13:39 | 000,000,000 | ---D | M] -- C:\Program Files\Skype
[2009/07/14 15:53:23 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/07/14 15:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009/07/14 18:50:04 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2010/04/03 13:25:53 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2010/04/03 13:25:42 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2010/12/16 17:34:33 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010/10/14 17:59:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/07/14 15:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/07/14 15:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Viewer
[2009/07/14 15:52:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2009/07/14 15:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2010/10/28 11:25:46 | 000,000,000 | ---D | M] -- C:\Program Files\WinZip
[2011/02/22 21:48:48 | 000,000,000 | ---D | M] -- C:\Program Files\XeroCreative

< %appdata%\*.* >

< MD5 for: AGP440.SYS >
[2009/07/14 12:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 12:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/14 12:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 12:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 12:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 12:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 12:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 12:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: DISK.SYS >
[2009/07/14 12:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\drivers\disk.sys
[2009/07/14 12:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_x86_neutral_b431b61a11f8df6c\disk.sys
[2009/07/14 12:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_f99cd807d58018cb\disk.sys

< MD5 for: IASTORV.SYS >
[2009/07/14 12:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/14 12:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 12:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 12:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/14 12:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/14 12:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/14 12:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 12:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 12:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/14 12:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< MD5 for: USBSTOR.SYS >
[2009/07/14 10:51:19 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=D8889D56E0D27E57ED4591837FE71D27 -- C:\Windows\System32\drivers\USBSTOR.SYS
[2009/07/14 10:51:19 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=D8889D56E0D27E57ED4591837FE71D27 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_x86_neutral_83027f5d5b2468d3\USBSTOR.SYS
[2009/07/14 10:51:19 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=D8889D56E0D27E57ED4591837FE71D27 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.1.7600.16385_none_485ca4d9f926b0b4\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-03-09 11:11:56

< >

< End of report >

"Extras.Txt" document:

OTL Extras logfile created on: 3/23/2011 7:54:38 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\owner\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 40.21 Gb Total Space | 11.13 Gb Free Space | 27.67% Space Free | Partition Type: NTFS
Drive D: | 40.06 Gb Total Space | 38.01 Gb Free Space | 94.88% Space Free | Partition Type: NTFS
Drive E: | 40.10 Gb Total Space | 39.35 Gb Free Space | 98.12% Space Free | Partition Type: NTFS
Drive F: | 22.31 Gb Total Space | 21.35 Gb Free Space | 95.66% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Users\owner\Desktop\Programs\Eds\IrfanView\i_view32.exe" "%1 /thumbs"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
"{AF36CE1D-FD2C-4BA0-93FA-1196785DD610}" = Adobe Flash Player 10 Plugin
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDD9B4E6-EEB7-4030-B141-F0E0C5429851}" = YVD
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Anki" = Anki
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Free RAR Extract Frog" = Free RAR Extract Frog
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IrfanView" = IrfanView (remove only)
"LimeWire" = LimeWire 5.5.13
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Pdf995" = Pdf995
"Power Management Driver" = ThinkPad Power Management Driver
"RealPlayer 12.0" = RealPlayer
"TVWiz" = Intel(R) TV Wizard
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/17/2011 2:02:07 AM | Computer Name = owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at:
with error: The data is invalid. .

Error - 3/17/2011 2:02:12 AM | Computer Name = owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at:
with error: The data is invalid. .

Error - 3/22/2011 7:23:01 AM | Computer Name = owner-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 3/22/2011 7:23:07 AM | Computer Name = owner-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\pdf995\res\drivedir\copy64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/23/2011 1:51:16 AM | Computer Name = owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Skype.exe, version: 3.8.4.42, time stamp:
0x2a425e19 Faulting module name: cofinger.dll, version: 20.34.2321.0, time stamp:
0x3d8911d5 Exception code: 0xc0000005 Fault offset: 0x0000144c Faulting process id:
0xa18 Faulting application start time: 0x01cbe91e4f44299a Faulting application path:
C:\Program Files\Skype\Phone\Skype.exe Faulting module path: C:\Windows\system32\cofinger.dll
Report
Id: 90936e85-5511-11e0-b30b-001e378e5679

Error - 3/23/2011 2:49:03 AM | Computer Name = owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Skype.exe, version: 3.8.4.42, time stamp:
0x2a425e19 Faulting module name: cofinger.dll, version: 20.34.2321.0, time stamp:
0x3d8911d5 Exception code: 0xc0000005 Fault offset: 0x0000144c Faulting process id:
0xb9c Faulting application start time: 0x01cbe9265e154862 Faulting application path:
C:\Program Files\Skype\Phone\Skype.exe Faulting module path: C:\Windows\system32\cofinger.dll
Report
Id: a31cb3bb-5519-11e0-9d1c-001e378e5679

Error - 3/23/2011 2:56:46 AM | Computer Name = owner-PC | Source = Windows Search Service | ID = 3100
Description =

Error - 3/23/2011 3:22:25 AM | Computer Name = owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Skype.exe, version: 3.8.4.42, time stamp:
0x2a425e19 Faulting module name: cofinger.dll, version: 20.34.2321.0, time stamp:
0x3d8911d5 Exception code: 0xc0000005 Fault offset: 0x0000144c Faulting process id:
0xb4c Faulting application start time: 0x01cbe92b09fc28ba Faulting application path:
C:\Program Files\Skype\Phone\Skype.exe Faulting module path: C:\Windows\system32\cofinger.dll
Report
Id: 4c66b166-551e-11e0-86df-001e378e5679

Error - 3/23/2011 3:29:39 AM | Computer Name = owner-PC | Source = Windows Search Service | ID = 3100
Description =

Error - 3/23/2011 3:41:25 AM | Computer Name = owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Skype.exe, version: 3.8.4.42, time stamp:
0x2a425e19 Faulting module name: cofinger.dll, version: 20.34.2321.0, time stamp:
0x3d8911d5 Exception code: 0xc0000005 Fault offset: 0x0000144c Faulting process id:
0xabc Faulting application start time: 0x01cbe92db22ef5ef Faulting application path:
C:\Program Files\Skype\Phone\Skype.exe Faulting module path: C:\Windows\system32\cofinger.dll
Report
Id: f3e958c7-5520-11e0-86ec-001e378e5679

[ System Events ]
Error - 9/15/2010 4:05:28 AM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7043
Description = The Group Policy Client service did not shut down properly after receiving
a preshutdown control.

Error - 9/15/2010 6:40:48 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 9/16/2010 6:35:56 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 9/18/2010 12:33:05 AM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 9/18/2010 12:54:44 AM | Computer Name = owner-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:51:54 PM on ?9/?18/?2010 was unexpected.

Error - 9/18/2010 12:54:48 AM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 9/18/2010 9:52:14 AM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 9/18/2010 7:53:14 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 9/19/2010 8:36:23 AM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 9/19/2010 6:18:01 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

< End of report >

Would be super grateful if someone can help!

Re: Winbluesoft removalWed Mar 23, 2011 9:31 am

Hello.

Please run OTL.exe.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
O4 - HKCU..\RunOnce: [kDhMeDgEfPk09001] C:\ProgramData\kDhMeDgEfPk09001\kDhMeDgEfPk09001.exe ()
O36 - AppCertDlls: atfmon - (C:\Windows\system32\cofinger.dll) - C:\Windows\System32\cofinger.dll ()
[2011/03/23 16:22:21 | 000,057,856 | -H-- | M] () -- C:\Windows\System32\cofinger.dll
[2011/03/23 16:22:03 | 000,000,000 | ---D | C] -- C:\ProgramData\kDhMeDgEfPk09001
Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Re: Winbluesoft removalWed Mar 23, 2011 7:19 pm

Hi, thanks for answering my post. I did you as you instructed, and got the below:

========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\kDhMeDgEfPk09001 deleted successfully.
C:\ProgramData\kDhMeDgEfPk09001\kDhMeDgEfPk09001.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\atfmon deleted successfully.
C:\Windows\System32\cofinger.dll moved successfully.
File C:\Windows\System32\cofinger.dll not found.
Folder C:\ProgramData\kDhMeDgEfPk09001\ not found.

OTL by OldTimer - Version 3.2.22.3 log created on 03242011_100125

Just rebooted my comp and it seems to be fixed, all the winbluesoft stuff has gone. So has it been removed?

There are a few icons on my desktop that weren't there before, they're in a darker shade than my normal desktop icons: 2 "desktop.ini" files, ~$Notes.doc, ~WRL3524.tmp, and a few other .tmp files lying around in other places tthan the desktop.

Thanks,

Ed

Re: Winbluesoft removalThu Mar 24, 2011 4:57 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Re: Winbluesoft removalMon Mar 28, 2011 3:32 am

Hi, please see contents of the log below, is there anything else I should do? Cheers, Ed

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6190

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

3/28/2011 6:30:49 PM
mbam-log-2011-03-28 (18-30-49).txt

Scan type: Quick scan
Objects scanned: 148071
Time elapsed: 5 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Re: Winbluesoft removalMon Mar 28, 2011 11:36 am

Hello.

Please download ComboFix Winbluesoft removal Combofix

from BleepingComputer.com

Alternate link: GeeksToGo.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

Re: Winbluesoft removalFri Apr 01, 2011 4:07 am

Hi, when I ran combofix it didn't give me the choice of pasting your command into the search box, it just ran, and produced the below log, I hope that's what we need?

ComboFix 11-03-31.02 - owner 04/01/2011 18:57:06.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2006.1308 [GMT 11:00]
Running from: c:\users\owner\Desktop\Combofix\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\10099.exe
C:\90210.exe
C:\apnet.exe
C:\autorun.inf
D:\AutoRun.inf
E:\AutoRun.inf
F:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-03-01 to 2011-04-01 )))))))))))))))))))))))))))))))
.
.
2011-04-01 07:53 . 2011-04-01 07:54 -------- d-----w- C:\32788R22FWJFW
2011-03-23 23:01 . 2011-03-23 23:01 -------- d-----w- C:\_OTL
2011-03-23 06:19 . 2011-03-23 06:19 -------- d-----w- c:\users\owner\AppData\Roaming\Malwarebytes
2011-03-23 06:18 . 2010-12-20 07:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-23 06:18 . 2011-03-23 06:18 -------- d-----w- c:\programdata\Malwarebytes
2011-03-23 06:18 . 2011-03-23 06:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-23 06:18 . 2010-12-20 07:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-23 05:22 . 2011-03-23 23:01 -------- d-----w- c:\programdata\kDhMeDgEfPk09001
2011-03-08 22:47 . 2010-12-23 05:28 850432 ----a-w- c:\windows\system32\sbe.dll
2011-03-08 22:47 . 2010-12-23 05:28 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-08 22:47 . 2010-12-23 05:28 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-03-08 22:47 . 2010-12-23 05:24 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-08 22:47 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\system32\mstscax.dll
2011-03-08 22:47 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\system32\mstsc.exe
2011-03-07 00:58 . 2009-06-01 23:47 402840 ----a-w- c:\windows\system32\PrintAX.ocx
2011-03-06 11:33 . 2011-03-06 11:34 83249512 ----a-w- c:\program files\Common Files\Windows Live\.cache\wlc31.tmp
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-07 07:27 . 2011-02-08 22:07 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33 . 2011-02-08 22:07 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 05:37 . 2011-02-08 22:07 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 03:37 . 2011-02-08 22:07 2329088 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-04 24359720]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"DAEMON Tools Lite"="c:\daemon tools\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-09-26 202256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCInstallQueue"="netman.dll" [2009-07-14 280576]
.
c:\users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\users\owner\Desktop\Eds\Limewire\LimeWire.exe [2010-7-30 503808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-01 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-06-07 691696]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ebay.com.au/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: comxa.com\foonix
Trusted Zone: tinypic.com\i40
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-7-Zip - c:\users\owner\Desktop\Programs\7-zip\Uninstall.exe
AddRemove-IrfanView - c:\users\owner\Desktop\Programs\Eds\IrfanView\iv_uninstall.exe
AddRemove-LimeWire - c:\users\owner\Desktop\Limewire\uninstall.exe
AddRemove-WinRAR archiver - c:\users\owner\Desktop\winrar\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-04-01 19:03:35
ComboFix-quarantined-files.txt 2011-04-01 08:03
.
Pre-Run: 12,359,917,568 bytes free
Post-Run: 15,411,228,672 bytes free
.
- - End Of File - - C2B60DC33DEC629156E0104C8A0A2EC4

Re: Winbluesoft removalFri Apr 01, 2011 4:10 pm

Hello.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

Check (tick) this box: YES, I accept the Terms of Use.
Click on the Start button next to it.
When prompted to run ActiveX. click Yes.
You will be asked to install an ActiveX. Click Install.
Once installed, the scanner will be initialized.
After the scanner is initialized, click Start.
Check (tick) Remove found threats box.
Check (tick) Scan unwanted applications.
Click on Scan.
It will start scanning. Please be patient.
Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

Re: Winbluesoft removalMon Apr 11, 2011 7:00 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=044ae33ed96df744931fad736c5bf3ea
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-04-11 10:55:50
# local_time=2011-04-11 08:55:50 (+1000, AUS Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776573 100 94 31147522 54151199 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=133432
# found=490
# cleaned=490
# scan_time=2942
C:\Photoshop\Adobe Photoshop CS3 Extended English\Patch\Adobe PhotoShop CS3 EXTENDED Patch.exe probably a variant of Win32/Hupigon.CVOFMVW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\AutoRun.inf.vir INF/Autorun.gen trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\D\AutoRun.inf.vir INF/Autorun.gen trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\E\AutoRun.inf.vir INF/Autorun.gen trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\F\AutoRun.inf.vir INF/Autorun.gen trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP251\A0057508.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP251\A0057509.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP251\A0057510.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP251\A0057511.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP251\A0057512.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP251\A0057553.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP251\A0057554.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP251\A0057555.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP251\A0057580.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP251\A0057581.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP251\A0057582.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP251\A0057583.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP251\A0057584.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP251\A0057603.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP251\A0057604.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP251\A0057605.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP251\A0057606.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP251\A0057607.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP251\A0057639.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP251\A0057640.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP251\A0057641.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP251\A0057642.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP251\A0057643.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP251\A0057686.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP251\A0057687.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP251\A0057688.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP253\A0057766.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP253\A0057767.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP253\A0057768.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP253\A0057769.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP253\A0057770.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP254\A0057898.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP254\A0057899.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP254\A0057900.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP254\A0057901.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP254\A0057902.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP255\A0057993.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP255\A0057994.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP255\A0057995.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP255\A0057996.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP255\A0057997.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP255\A0058034.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP255\A0058035.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP255\A0058036.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP255\A0058037.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP255\A0058038.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP256\A0058125.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP256\A0058126.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP256\A0058127.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP256\A0058128.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP256\A0058129.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP257\A0058200.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP257\A0058201.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP257\A0058202.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP257\A0058203.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP257\A0058204.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP257\A0058244.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP257\A0058245.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP257\A0058246.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP257\A0058247.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP257\A0058248.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP258\A0058320.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP258\A0058321.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP258\A0058322.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP260\A0058426.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP260\A0058427.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP260\A0058428.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP260\A0058488.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP260\A0058489.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP260\A0058490.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP260\A0058491.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP260\A0058492.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP261\A0058546.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP261\A0058547.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP261\A0058550.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP261\A0058551.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP261\A0058552.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP262\A0058631.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP262\A0058632.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP262\A0058633.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP262\A0058634.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP262\A0058635.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP263\A0058743.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP263\A0058744.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP263\A0058745.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP263\A0058746.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP263\A0058747.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP264\A0058820.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP264\A0058821.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP264\A0058822.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP264\A0058823.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP264\A0058824.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP264\A0059820.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP264\A0059821.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP264\A0059822.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP264\A0059823.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP264\A0059824.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP265\A0059894.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP265\A0059895.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP265\A0059896.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP265\A0059935.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP265\A0059950.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP265\A0059951.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP265\A0059952.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP266\A0060950.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP266\A0060951.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP266\A0060952.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP266\A0060953.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP266\A0060954.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP267\A0061018.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP267\A0061019.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP267\A0061020.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP267\A0061021.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP267\A0061022.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP268\A0061096.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP268\A0061097.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP268\A0061098.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP268\A0061099.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP268\A0061100.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP269\A0061175.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP269\A0061176.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP269\A0061177.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP269\A0061178.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP269\A0061179.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP269\A0062175.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP269\A0062176.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP269\A0062177.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP269\A0062178.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP269\A0062179.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP269\A0062199.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP269\A0062200.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP269\A0062201.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP269\A0062202.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP269\A0062203.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP270\A0062257.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP270\A0062258.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP270\A0062259.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP270\A0062260.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP270\A0062261.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP270\A0063257.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP270\A0063258.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP270\A0063259.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP270\A0063260.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP270\A0063261.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP271\A0063323.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP271\A0063324.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP271\A0063325.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP271\A0063326.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP271\A0063327.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP271\A0063388.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP271\A0063389.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP271\A0063390.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP271\A0063391.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP271\A0063392.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP272\A0063467.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP272\A0063468.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP272\A0063469.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP272\A0063470.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP272\A0063471.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP272\A0063524.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP272\A0063525.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP272\A0063526.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP272\A0063527.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP272\A0063528.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP272\A0063582.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP272\A0063583.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP272\A0063584.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP272\A0063585.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP272\A0063586.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP273\A0063660.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP273\A0063661.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP273\A0063662.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP273\A0063663.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP273\A0063664.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP274\A0063734.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP274\A0063735.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP274\A0063736.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP274\A0063737.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP274\A0063738.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP274\A0063796.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP274\A0063797.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP274\A0063798.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP274\A0063799.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP274\A0063800.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP274\A0064796.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP274\A0064797.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP274\A0064798.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP274\A0064799.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP274\A0064800.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP275\A0064858.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP275\A0064859.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP275\A0064860.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP275\A0064861.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP275\A0064862.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP275\A0064888.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP275\A0064889.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP275\A0064890.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP275\A0064891.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP275\A0064892.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP276\A0064966.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000

Re: Winbluesoft removalMon Apr 11, 2011 7:00 am

And continued here:

C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP276\A0064967.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP276\A0064968.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP276\A0064969.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP276\A0064970.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP276\A0065966.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP276\A0065967.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP276\A0065968.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP276\A0065969.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP276\A0065970.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP277\A0066027.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP277\A0066028.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP277\A0066029.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP277\A0066030.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP277\A0066031.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP278\A0066105.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP278\A0066106.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP278\A0066107.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP278\A0066108.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP278\A0066109.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP279\A0067105.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP279\A0067106.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP279\A0067107.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP279\A0067108.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP279\A0067109.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP279\A0068105.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP279\A0068106.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP279\A0068107.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP279\A0068108.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP279\A0068109.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP280\A0069105.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP280\A0069106.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP280\A0069107.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP280\A0069108.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP280\A0069109.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP280\A0069140.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP280\A0069141.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP280\A0069142.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP280\A0069143.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP280\A0069144.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP280\A0070140.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP280\A0070141.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP280\A0070142.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP280\A0070143.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP280\A0071140.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP280\A0071141.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP280\A0071142.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP280\A0071143.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP280\A0071144.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP281\A0071188.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP281\A0071189.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP281\A0071196.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP281\A0071197.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP281\A0071198.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP282\A0072196.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP282\A0072197.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP282\A0072198.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP282\A0072199.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP282\A0072200.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP282\A0072234.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP282\A0072235.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP282\A0072236.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP282\A0072237.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP282\A0072238.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP282\A0072259.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP282\A0072260.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP282\A0072261.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP282\A0072262.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP282\A0072263.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP283\A0072342.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP283\A0072343.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP283\A0072344.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP283\A0072345.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP283\A0072346.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP283\A0072406.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP283\A0072407.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP283\A0072408.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP283\A0072409.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP283\A0072410.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP283\A0072456.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP283\A0072457.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP283\A0072458.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP283\A0072459.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP283\A0072460.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP283\A0072492.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP283\A0072493.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP283\A0072494.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP283\A0072495.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP283\A0072496.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP284\A0072589.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP284\A0072590.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP284\A0072591.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP284\A0072592.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP284\A0072593.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP284\A0072627.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP284\A0072628.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP284\A0072629.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP284\A0072630.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP284\A0072631.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP284\A0073627.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP284\A0073628.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP285\A0073725.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP285\A0073726.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP285\A0073727.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP286\A0073810.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP286\A0073811.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP286\A0073812.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP286\A0073813.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP286\A0073814.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP286\A0073874.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP286\A0073875.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP286\A0073876.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP286\A0073877.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP286\A0073878.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP287\A0073929.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP287\A0073930.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP287\A0073931.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP287\A0073932.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP287\A0073933.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP287\A0074929.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP287\A0074930.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP287\A0074931.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP287\A0074932.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP287\A0074983.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP287\A0074984.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP287\A0074985.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP287\A0074986.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP287\A0074987.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP288\A0075055.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP288\A0075056.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP288\A0075057.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP288\A0075058.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP288\A0075059.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP289\A0075148.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP289\A0075149.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP289\A0075150.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP289\A0075151.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP289\A0075152.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP290\A0075226.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP290\A0075227.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP290\A0075228.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP290\A0075229.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP290\A0075230.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP291\A0075324.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP291\A0075325.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP291\A0075326.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP291\A0075327.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP291\A0075328.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP292\A0075391.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP292\A0075392.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP292\A0075393.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP292\A0075394.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP292\A0075395.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP292\A0075429.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP292\A0075430.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP292\A0075431.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP292\A0075432.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP292\A0075433.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP293\A0075515.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP293\A0075516.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP293\A0075517.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP293\A0075518.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP293\A0075519.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP293\A0075546.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP293\A0075547.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP293\A0075548.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP293\A0075549.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP293\A0075550.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP293\A0075601.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP293\A0075602.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP293\A0075603.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP293\A0075604.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP293\A0075605.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP293\A0075648.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP293\A0075649.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP293\A0075650.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP293\A0075651.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP293\A0075652.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP293\A0075681.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP293\A0075682.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP293\A0075683.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP293\A0075684.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP293\A0075685.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP293\A0075744.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP293\A0075745.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP293\A0075746.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP293\A0075747.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP293\A0075748.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP294\A0075818.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP294\A0075819.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP294\A0075820.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP294\A0075821.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP294\A0075822.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP294\A0075841.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP294\A0075842.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP294\A0075843.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP294\A0075844.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP294\A0075850.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP294\A0075851.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP294\A0075852.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP294\A0075853.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP294\A0075859.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP294\A0075860.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP294\A0075861.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP294\A0075862.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP294\A0075871.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP294\A0075872.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP294\A0075873.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP294\A0075874.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP294\A0075880.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP294\A0075881.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP294\A0075882.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP294\A0075883.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP294\A0075889.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP294\A0075890.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP294\A0075891.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP294\A0075892.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP294\A0075898.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP294\A0075899.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP294\A0075900.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP294\A0075901.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP294\A0076898.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP294\A0076899.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP294\A0076900.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP294\A0076901.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP295\A0076904.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP295\A0077077.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP295\A0077102.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP295\A0077103.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP295\A0077104.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP295\A0077105.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP295\A0077106.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP295\A0077107.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP295\A0077108.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP295\A0077109.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP295\A0078102.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP295\A0078103.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP295\A0078104.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP295\A0078105.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP295\A0078111.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP295\A0078112.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP295\A0078113.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP295\A0078114.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP296\A0078117.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP296\A0078201.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP296\A0078214.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP296\A0078312.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP296\A0078313.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP296\A0078404.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP296\A0078405.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP296\A0078406.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP296\A0078407.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP296\A0078408.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP296\A0078409.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP296\A0078410.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP296\A0078411.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP296\A0078430.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP296\A0078431.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP296\A0078432.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP296\A0078433.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP296\A0079430.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP296\A0079431.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP296\A0079432.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP296\A0079433.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP296\A0080430.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP296\A0080431.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP296\A0080432.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP296\A0080433.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP296\A0081430.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP296\A0081431.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP296\A0081432.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP296\A0081433.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP296\A0081439.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP296\A0081440.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP296\A0081441.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP296\A0081442.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP296\A0082439.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP296\A0082440.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP296\A0082441.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP296\A0082442.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP296\A0083439.dll a variant of Win32/Agent.QIP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP296\A0083440.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP296\A0083441.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{7095A05A-9C58-420C-9C7A-733B77725721}\RP296\A0083442.sys a variant of Win32/Agent.QIP trojan (cleaned by deleting) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\03242011_100125\C_ProgramData\kDhMeDgEfPk09001\kDhMeDgEfPk09001.exe a variant of Win32/Kryptik.LWW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\03242011_100125\C_Windows\System32\cofinger.dll Win32/PSW.Papras.BO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Re: Winbluesoft removalMon Apr 11, 2011 3:20 pm

Hello.

Please download CKScanner by askey127 from here
Save it to your desktop.

Doubleclick CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify that the file is saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Re: Winbluesoft removalSat Apr 16, 2011 3:41 am

CKScanner - Additional Security Risks - These are not necessarily bad
c:\users\owner\desktop\speed master\deliveries\delivery slips\paul cracknell.docx
scanner sequence 3.AP.11
----- EOF -----

Winbluesoft removal