Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by reginaac on Fri Aug 26, 2011 6:15 am

OTL part 2 of 3


========== Files - Modified Within 30 Days ==========

[2011/08/25 21:36:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FC5CA896-1EC2-43B6-B82F-9CD4B98BFBD1}.job
[2011/08/25 21:28:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/25 20:12:41 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1229272821-1409082233-1801674531-1003.job
[2011/08/25 20:12:41 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1229272821-1409082233-1801674531-1003.job
[2011/08/25 20:12:15 | 001,406,768 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2011/08/25 19:58:38 | 000,012,568 | ---- | M] (Sysinternals - [You must be registered and logged in to see this link.] -- C:\WINDOWS\System32\drivers\PROCEXP113.SYS
[2011/08/25 19:58:02 | 000,000,504 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/08/25 19:40:08 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/08/25 19:39:58 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc4f842548fa1e.job
[2011/08/25 19:39:58 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011/08/25 19:39:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/25 14:59:14 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/08/25 14:49:27 | 004,183,543 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/08/23 22:55:40 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/23 22:51:49 | 009,545,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup.exe
[2011/08/23 20:42:02 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/08/23 17:42:00 | 000,676,536 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\sreng2.zip
[2011/08/21 11:37:15 | 000,025,372 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2011/08/21 07:20:33 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2011/08/21 06:25:36 | 000,879,225 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SecurityCheck.exe
[2011/08/21 05:16:48 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2011/08/21 04:31:20 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
[2011/08/18 17:44:18 | 000,546,256 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2011/08/18 17:44:18 | 000,132,560 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2011/08/18 17:44:18 | 000,022,992 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2011/08/18 17:44:16 | 000,456,144 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2011/08/18 17:44:16 | 000,398,800 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2011/08/18 17:44:16 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2011/08/18 17:44:16 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2011/08/18 17:44:16 | 000,028,624 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2011/08/18 17:44:14 | 000,738,768 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2011/08/18 17:44:14 | 000,390,608 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2011/08/18 17:44:14 | 000,230,864 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2011/08/18 17:44:14 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2011/08/18 11:34:58 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AquaPearls.lnk
[2011/08/15 13:29:45 | 000,001,807 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2011/08/15 13:29:45 | 000,001,801 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/08/14 23:10:01 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/08/14 12:41:48 | 000,001,204 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MSN Games.lnk
[2011/08/13 21:44:24 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/12 16:30:28 | 000,001,687 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CenturyLink Remote Control.lnk
[2011/08/11 21:23:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/11 00:10:23 | 000,450,614 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/11 00:10:23 | 000,075,424 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/10 18:23:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/04 20:20:41 | 000,004,290 | ---- | M] () -- C:\Documents and Settings\Owner\r
[2011/07/28 20:42:09 | 000,000,279 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HP Printing Software.url

========== Files Created - No Company Name ==========

[2011/08/25 19:48:50 | 000,000,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/08/25 14:59:13 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/08/25 14:59:04 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/08/25 14:54:48 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/25 14:54:48 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/25 14:54:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/25 14:54:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/25 14:54:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/08/23 22:55:40 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/23 20:42:02 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/08/23 17:41:40 | 000,676,536 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\sreng2.zip
[2011/08/21 06:25:30 | 000,879,225 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SecurityCheck.exe
[2011/08/21 05:49:58 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2011/08/18 11:34:58 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\AquaPearls.lnk
[2011/08/16 16:47:33 | 000,001,584 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Game Manager.lnk
[2011/08/16 16:47:31 | 000,001,184 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\More Great Games.lnk
[2011/08/15 13:29:45 | 000,001,807 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2011/08/15 13:29:39 | 000,001,801 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/08/14 23:10:01 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/08/14 23:10:00 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/08/14 12:41:48 | 000,001,204 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MSN Games.lnk
[2011/08/12 16:30:28 | 000,001,687 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CenturyLink Remote Control.lnk
[2011/08/10 11:13:52 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/08/04 20:20:41 | 000,004,290 | ---- | C] () -- C:\Documents and Settings\Owner\r
[2011/07/31 08:17:06 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc4f842548fa1e.job
[2011/07/28 20:42:09 | 000,000,279 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HP Printing Software.url
[2011/07/02 18:21:49 | 000,000,286 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2011/03/30 02:55:31 | 000,000,461 | ---- | C] () -- C:\Program Files\033020112553104.bat
[2011/03/28 10:33:01 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/21 23:15:52 | 000,000,462 | ---- | C] () -- C:\Program Files\0321201123155192.bat
[2011/01/24 00:01:59 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/10/21 12:46:55 | 000,000,462 | ---- | C] () -- C:\Program Files\1021201012465568.bat
[2010/10/19 03:05:24 | 000,000,391 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\prefsdb.dat
[2010/09/09 02:06:11 | 000,023,085 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2010/08/31 23:26:57 | 000,000,476 | ---- | C] () -- C:\Program Files\0831201023265700.bat
[2010/08/04 12:18:52 | 000,000,190 | ---- | C] () -- C:\WINDOWS\settings.ini
[2010/06/19 11:22:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2010/01/05 21:21:47 | 000,000,471 | ---- | C] () -- C:\Program Files\0105201020214746.bat
[2009/09/28 21:53:27 | 000,000,110 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2009/06/02 18:40:12 | 000,137,540 | ---- | C] () -- C:\WINDOWS\hpqins00.dat
[2009/04/05 18:45:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/03/10 15:57:42 | 000,000,030 | ---- | C] () -- C:\WINDOWS\sav.ini
[2009/02/22 09:42:50 | 000,003,840 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\slot1.mm1
[2009/01/11 00:43:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2009/01/06 05:40:45 | 000,000,026 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2009/01/02 15:57:07 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/11 17:46:45 | 000,157,453 | ---- | C] () -- C:\WINDOWS\hphins26.dat
[2008/10/11 17:46:44 | 000,000,787 | ---- | C] () -- C:\WINDOWS\hphmdl26.dat
[2008/08/31 10:14:08 | 000,123,125 | ---- | C] () -- C:\WINDOWS\HPHins11.dat
[2008/08/31 10:14:07 | 000,013,767 | ---- | C] () -- C:\WINDOWS\hphmdl11.dat
[2008/07/15 22:50:29 | 000,025,372 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2008/06/29 04:46:15 | 000,000,766 | ---- | C] () -- C:\WINDOWS\wwwconfig.dat
[2008/06/28 16:12:21 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2008/06/22 16:03:41 | 000,000,199 | ---- | C] () -- C:\WINDOWS\wstdUPSWSHIP.INI
[2008/06/22 15:54:39 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/22 00:38:38 | 000,000,512 | ---- | C] () -- C:\WINDOWS\extend.dat
[2008/06/22 00:08:53 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2008/06/22 00:08:39 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2008/06/21 20:39:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/06/21 20:34:54 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/06/21 13:28:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/06/21 13:27:53 | 000,250,288 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/02/04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2005/05/03 13:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2005/03/22 13:48:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 13:48:43 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/10/22 18:07:54 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\GetHostIP.exe
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,450,614 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,075,424 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/10/02 12:48:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2003/04/08 15:41:20 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\nssckbi.dll
[2002/07/01 09:13:30 | 000,000,224 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\brun_nbeta12.dat
[1997/08/19 02:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/08/19 02:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1997/08/14 02:00:00 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\XLREC.DLL
[1997/08/14 02:00:00 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\RECNCL.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:82E1D3A4
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FD8F016
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:59C113EC
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:551BED5F
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F0A5896
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C282BEA
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AAA14AF9
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A96D3F23
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90865A6D
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3FD496E1
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:179D1352
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E9B629B
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F2BA284
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F97CB10D
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D708EEF9
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:506E1E25
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2032CC2B
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:11FC043F
@Alternate Data Stream - 85 bytes -> C:\Documents and Settings\All Users\Desktop:$SS_DESCRIPTOR_PVX2VCGKMVF9FFNYTKBRVLNGCMSMYJ598W2L4WERXPUL6HHXVJ4TVVVVVVVVVVVVV
@Alternate Data Stream - 85 bytes -> C:\Documents and Settings\All Users\Desktop:$SS_DESCRIPTOR_PBVUV9VK9VF9FPMVAP4RKXT95KVVVVVVVVVVVVV
@Alternate Data Stream - 85 bytes -> C:\Documents and Settings\All Users\Desktop:$SS_DESCRIPTOR_PBPUV9VF9VF9VSNFUP4WKLVY2ELP3JM6UEGRJKDVVJVKVFJVMJV7
@Alternate Data Stream - 85 bytes -> C:\Documents and Settings\All Users\Application Data:$SS_DESCRIPTOR_PVX2VCGKMVF9FFNYTKBRVLNGCMSMYJ598W2L4WERXPUL6HHXVJ4TVVVVVVVVVVVVV
@Alternate Data Stream - 85 bytes -> C:\Documents and Settings\All Users\Application Data:$SS_DESCRIPTOR_PBVUV9VK9VF9FPMVAP4RKXT95KVVVVVVVVVVVVV
@Alternate Data Stream - 85 bytes -> C:\Documents and Settings\All Users\Application Data:$SS_DESCRIPTOR_PBPUV9VF9VF9VSNFUP4WKLVY2ELP3JM6UEGRJKDVVJVKVFJVMJV7
@Alternate Data Stream - 400 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECC73CDC
@Alternate Data Stream - 381 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F94040F
@Alternate Data Stream - 380 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B8CAAE22
@Alternate Data Stream - 376 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6283A8D3
@Alternate Data Stream - 361 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:84002417
@Alternate Data Stream - 354 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C8F07A8
@Alternate Data Stream - 353 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C70F0C51
@Alternate Data Stream - 347 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90BE311E
@Alternate Data Stream - 343 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB9746A6
@Alternate Data Stream - 338 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0ACD5C
@Alternate Data Stream - 337 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E2533C29
@Alternate Data Stream - 336 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EDC977B
@Alternate Data Stream - 333 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D1BA810
@Alternate Data Stream - 325 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9AF3A05F
@Alternate Data Stream - 324 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:141BCC26
@Alternate Data Stream - 323 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:79FA7767
@Alternate Data Stream - 322 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E269FCB5
@Alternate Data Stream - 322 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:202A6D97
@Alternate Data Stream - 317 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F585932D
@Alternate Data Stream - 317 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:76F78684
@Alternate Data Stream - 317 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52556249
@Alternate Data Stream - 316 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF1A3FF2
@Alternate Data Stream - 316 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F984905
@Alternate Data Stream - 316 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B928EF8
@Alternate Data Stream - 315 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D81A09B0
@Alternate Data Stream - 315 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BAC6697B
@Alternate Data Stream - 315 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2C3170A8
@Alternate Data Stream - 314 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EE0E96C6
@Alternate Data Stream - 313 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:702D1DFE
@Alternate Data Stream - 313 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1387592D
@Alternate Data Stream - 312 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1002D91
@Alternate Data Stream - 311 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CB560CF
@Alternate Data Stream - 310 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4173B541
@Alternate Data Stream - 309 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F7A45A6D
@Alternate Data Stream - 309 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CD998290
@Alternate Data Stream - 308 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D52D3C91
@Alternate Data Stream - 308 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A2400EF3
@Alternate Data Stream - 308 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:72E74C26
@Alternate Data Stream - 308 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1DFBC3C0
@Alternate Data Stream - 308 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A085469
@Alternate Data Stream - 308 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:06F1C6E5
@Alternate Data Stream - 307 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:995B275C
@Alternate Data Stream - 306 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C5DFEA1
@Alternate Data Stream - 305 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1E76E30F
@Alternate Data Stream - 305 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:029B3C8C
@Alternate Data Stream - 303 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F68A1815
@Alternate Data Stream - 303 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90281753
@Alternate Data Stream - 302 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07557E0B
@Alternate Data Stream - 301 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52841B01
@Alternate Data Stream - 300 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E0AE1C7A
@Alternate Data Stream - 300 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C2DD77D8
@Alternate Data Stream - 299 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B59658A8
@Alternate Data Stream - 298 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91163577
@Alternate Data Stream - 297 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F6411A2E
@Alternate Data Stream - 295 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7EC52BE0
@Alternate Data Stream - 295 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09A9B355
@Alternate Data Stream - 293 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:36D4F33D
@Alternate Data Stream - 292 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF4E51E1
@Alternate Data Stream - 292 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0312EC65
@Alternate Data Stream - 291 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B72729D8
@Alternate Data Stream - 230 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:014BC3B4
@Alternate Data Stream - 228 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9F3CCE0A
@Alternate Data Stream - 227 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:943E8182
@Alternate Data Stream - 226 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDDD8917
@Alternate Data Stream - 224 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C5EC3CD
@Alternate Data Stream - 223 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80E965A3
@Alternate Data Stream - 223 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:213AFE42
@Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED9B661E
@Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6677D85A
@Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48FEA089
@Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10D98D98
@Alternate Data Stream - 213 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:969C0C96
@Alternate Data Stream - 213 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CE87230
@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:439E3411
@Alternate Data Stream - 205 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0FEE2B
@Alternate Data Stream - 205 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93226FE3
@Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43982D5E
@Alternate Data Stream - 203 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE13DA72
@Alternate Data Stream - 203 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3991CD7D
@Alternate Data Stream - 196 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:74699137
@Alternate Data Stream - 182 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DD842FD5
@Alternate Data Stream - 176 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5216CD26
@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF2E5A21
@Alternate Data Stream - 162 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32AF55F1
@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FF510ADC
@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F4BE8180
@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D532A897
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AAC11624
@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DDAC654B
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:01453AF3
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8207BE2
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7079A696
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62D72D41
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A63D33A
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E23D0CEC
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:54D9AD66
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2A8A3140
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:100CB1DD
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E95E2173
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF6C81B2
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8DFD30C
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:858D9994
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:759B7D6F
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70258565
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5690D76E
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FAB64002
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DF0DB8AB
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE875C30
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A819A132
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A652BC99
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99C301D0
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6E11933F
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5CE91C67
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F7FE589
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A01545C
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:441D63A8
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33E12B7A
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30D9D4CB
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:217A2324
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2176484C
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:082EF53F
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F18BEDBC
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA031481
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC3B4B43
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:92D91D7E
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8B1249CD
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A3AAF2E
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:36FFA2FB
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CC32B31
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:203CAFEE
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16ADBA30
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0EC7A545
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E67073E
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F43B7E8F
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E8760BFE
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E29063FF
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC96947B
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A86C5761
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6622852D
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:627153F1
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:124B94C0
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E22C5DB
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0785072C
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA341DB1
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9812B773
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:96DE870D
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89CF6F9C
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40DB6D00
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB4FEEF5
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CD444B22
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C49A5AD1
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B722BCE5
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A2FF62A6
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:908A1B53
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B7447D4
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52110139
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EE7AAC75
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CAFB99F9
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BC29ABAC
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BACB6B6C
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91DEEE71
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7BFAAE70
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63337BE2
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EC637CB
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:589743E1
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C8FA829
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:35FAD15D
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:217A2A36
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0BA6C13A
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09446E68
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:084B0270
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F3A27FDE
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC4C59B4
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C0440C86
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BCDBBA6D
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89C28CF6
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:729F0E7F
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32FFF2D1
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2DF93164
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A5D64BE
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E8117B1
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC5FFC81
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FBE5FDB9
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F9EDCFB0
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC5801E4
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E895790F
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1610EDC
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D93AABC7
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8F9D810
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8059174
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADF4C56B
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADE67221
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A88BE334
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:96646EC1
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8D2A565D
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:76466F4C
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7198E1D2
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26FE5B17
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F67AAFC5
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EFF3C3C8
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB4F49FB
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DDF112BD
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D9F34335
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8D58038
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF9BF410
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADFAD95A
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E76E7F3
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9C337CCE
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7EF59135
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B7430D1
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:65B8650D
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51545BC7
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4DDE401B
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3EDD05D8
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E45FA8F
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D8B851C
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2A27E0C5
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:193CB03B
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0696EC8E
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F878F14A
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F41E22A9
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE73B0FE
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CBB29B31
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AD020DC3
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE601F5
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8855A119
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A032A04
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67CF910D
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:602146E4
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:47417312
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43ECEA33
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32A82570
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16A4620C
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8AC0D6D
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F19A4790
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E7B4296D
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E2C80DE4
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE9AC04F
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DB4C77AD
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C6D0ABC3
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AB7FF0C9
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6D6E537
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9491C9C7
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:891DBAFE
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FCB9D0D
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:79EB58D0
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53DF4438
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:512336B9
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:46B38AB3
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3086B95F
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:08801FDB
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05670151
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EAF954B6
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA1919C7
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DF0F61BB
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9D6EAEC3
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7EEAEC9B
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:696F7DA7
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61B54B15
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4FA837B4
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1585E7B2
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13EF4AF6
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F3F6B1E
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA7D76BE
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C1F1392C
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B7C6AAAB
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9BE587B9
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:771316F5
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:75CC0165
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:74A34D19
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C31986D
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3EA715B9
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25D6137A
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1786630
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A73EAFFB
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9DB67071
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:996104FC
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8B4B9596
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80F63EC3
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71AEFFEB
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A448DB2
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:413E2927
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CEFEABF
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:151760F0
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0915A718
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F9A04C32
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF0C5444
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E5121D26
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BBCB4421
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7596EAE
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A02025CE
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DD20B4A
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89C2A42C
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C75AF4C
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6A1486AD
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4D066AD2
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CA7FA57

reginaac
Novice
Novice

Posts Posts : 44
Joined Joined : 2011-08-21
Gender Gender : Female
OS OS : Windows XP
Points Points : 19968
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by reginaac on Fri Aug 26, 2011 6:17 am

OTL part 3 of 3

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:393F7B1E
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:34445512
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0588E665
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FED25C29
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC0279DC
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D92981EA
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D6BEA85D
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3EC24B3
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CFFC9DD0
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8E29393
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B7E8F29F
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AE2EA3C2
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91FFEC32
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8101D728
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7BE471CB
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:593E515D
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:560D46AC
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A966CC2
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:41884BBE
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:329BA65B
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BFCDF84
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:21B987C4
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:054F0F17
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8CDA1A5
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E5816AB5
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D6BE1CEA
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C820549A
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3D26A8A
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADAD2FFE
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B0F9E15
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:961A5109
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:937C8022
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7EABF26C
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:79BE9D5A
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:698B483C
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62B9E014
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5080697C
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:49F896E9
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:443F2F8E
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:41DAF48E
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33384BC0
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:29F0CA7D
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:22F6EE1A
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F94BD29B
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E83EE313
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DC0B1070
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B652B720
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1E64E47
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ABE818FA
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A636021B
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E75B01B
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:864881BF
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FE17A89
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6710EF08
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5A437AC3
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:42228396
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3FD69132
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B5038B1
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B07E6F4
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:31F2397C
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:31A7D544
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2FBB2B9B
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2EB79F01
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D3CB929
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2A48233F
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:290A724C
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26233902
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16EEDD02
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1095ECE1
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:04BB186B
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F0A06891
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA10407C
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E774F04D
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:97995ED4
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8EEBEAB3
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:83D58AD2
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C99C213
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:56EE2CAF
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:47C3EF59
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40D7AF1D
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26FBC1F9
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1DA424AA
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15769D8A
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10D45FC3
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:098DBB8A
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0860D6D6
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07348C09
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA701346
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E732B44B
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DB77E2C4
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D9987109
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B0FAC520
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AB15E5CC
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B7E8561
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9AB56A06
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9290C91C
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8678F6BD
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7CEDF9F3
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FD36C4B
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:65AB2A58
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6017A808
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5795E8B2
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53DF59D1
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EC7F009
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48A80ACF
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:436BE28C
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3939CF5F
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1DEF8447
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E46A89F4
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CFC8A5FD
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8EAE2CC
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A39CF033
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94260FE6
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71F96743
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6D6D6E2B
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:627B7F7C
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EE323A4
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:206470A5
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1C4D3509
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A74923C
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E9FAC3AB
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D72D7897
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3112F12
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AE9351E0
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B2BD056
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:84CFEE62
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:831F2C78
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7ADB695A
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:72D2E2A0
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71612023
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:614F17D3
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FFC2819
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:514E900B
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:50636E35
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38849DE5
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:37C86456
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F6462DF
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:29DA7FEE
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:268BA8AB
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDC41D2C
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F5B99CA4
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF5B3572
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6F951B7
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DCFF7C43
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF6E4175
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C0893153
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE6B5FC3
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B227F86E
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A774141A
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A1023D41
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BF54D33
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7DC5D762
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FD219F5
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FC8527A
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D19AF4A
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57176330
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4D7FCCD3
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3539CD43
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2EC5D66C
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2C678471
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2C27D9EC
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:257AC7F8
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:122B409D
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1170D6E4
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDDE312D
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1DEA771
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E10DCAF3
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D197DC80
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CFF6B3FF
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A58B27C9
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9857FAE3
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:962FBFE7
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94CE30A1
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8924043A
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E082023
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7091055F
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48F5C64F
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D7D575C
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B059D79
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A051701
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:03D08225
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F6DD5F80
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D9592966
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D46D2E5A
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C5CE2DF6
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF4CC666
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9CAC5FE6
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:96C9689F
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91486201
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:817F0659
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:705F47E4
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:700B9342
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68B61847
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6407DD2D
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:620EC79A
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:569CEE83
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F636E25
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:417B6FAC
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:403D77D3
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3651A580
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26A148EB
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F9283DA1
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB40BC91
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA9F45B5
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DD04902E
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3C52D24
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CA99FD89
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C35B4B19
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C186F20B
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AB7A26C6
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5264343
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A1CD17F9
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9D605054
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FF4A12D
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7757A6D4
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68887B7E
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6401C7FF
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6309F7F1
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EEC7800
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4E2A5A6D
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F0007D6
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E9900EE
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25BB767E
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B7E2022
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1968990D
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1709732A
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:163B8B93
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F55D468
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:072F1F69
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F78518BB
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DD629819
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0A97B5
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C72A744C
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3942462
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B31F805F
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FBE0E9C
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8944C195
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:698AFB4D
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:50F94E7B
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:42A3BDD7
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:405D842B
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:342886D8
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33EA030E
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2EA99C48
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2512FA90
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:119BAB3D
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C0B833D
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05F547A9
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FD000392
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC855C73
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E8F2B426
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E51234A9
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE9F4320
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2593961
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CA23BCFD
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3196E8D
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A42A9F39
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A41FEAA2
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:92D18A5E
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BFA0030
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:87B05421
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7D48DC2D
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:647640E1
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D10C56A
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4111E573
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:31A07C00
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2DF54B62
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D5A2122
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:29629382
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:283B4301
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1C90EF4F
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0DE96CF5
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A1C1AD8
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09708CB7
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FEB0595A
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E80802C7
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2032EBB
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CCB49694
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7857F06
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BC2A20FD
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BBF60A29
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9485E512
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9371B810
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BA6C9F8
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81F83028
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B2BB690
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:73AFBB96
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5B6F7F60
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52B439AA
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C9CF9A7
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B1EA607
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:294E6480
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1D6B18F1
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:17F7AEA3
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:147A3409
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0DAD93FF
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B3EC7D1
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:041C0562
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F33C37D5
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E77558A0
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6CDFB4A
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D48500F8
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B55AADB5
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA199F0F
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A724744F
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A60D0FA6
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A4BF246C
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A05F750A
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9EE6560D
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:82C50600
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:748520A2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71187328
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F9C17A2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63DBE157
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:54362937
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:517B507A
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F8B72C9
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A9FA516
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E06C78F
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3DB6F365
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:386B39C3
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E0B7D8A
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1C9565AC
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D52F295
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AE9D0697
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9C31E38F
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98DFF516
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:638C0C6C
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B1195DD
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:450ABF8D
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2775F9E2
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FD931C5F
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E90251A2
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E7B49FBF
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BBE07C18
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93E6A368
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AB6C1D7
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:860D9052
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7174C105
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:583D44CB
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53C0A7FF
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5345C8F6
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52D492DA
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:488F7244
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:315B4A13
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:132714FA
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1D818F7
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DF0BC727
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D92485C9
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE5EC04C
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1FBA7E1
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9B2AAD0
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A2865730
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F067037
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8999FD56
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88E8CC2E
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:848CC150
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C7AA745
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B15C5BC
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57B4E612
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51E1A4D8
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:109734F6
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C13C008
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC60E0F8
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1031541
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB52BE62
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B419A171
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A0CB43B2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8401B6D5
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7F4DB476
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7CAB0377
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:79F970BE
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:666D6386
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FD26EF3
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1DEE6B65
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CB4A530
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0AC32449
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA206A00
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C76CFF82
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C356A185
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AFB24B00
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6813E7F4
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4D5FDAEA
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3AD6342E
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E49D185
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:28CDD861
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:02C84B46
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1F85068
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A692C296
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8BE7A048
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A0FEE87
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68F4B378
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:551E1CB4
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45F3AD49
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3433021E
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:164FA86E
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F14D1F80
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0668210
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C22674B6
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B4980368
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF5361E7
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A19A9C88
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77846FFE
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E31DE83
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BD27B7FC
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CCDAB14
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:294F888B
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05816AFA
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05113FB9
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F0AB86C0
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E3CEEC4C
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AABCC5A7
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A4076A3B
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99C1A08E
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8EEE3BBB
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:708BB0FA
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52641FBE
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4FE42FFC
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3595B780
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:193426B4
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15752405
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:02B823FE
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8A67568
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C0A2E219
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BA4AE5FC
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:918B7566
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:65929158
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D7D48CA
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A8BB29B
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18379B4C
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE6EED8B
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D02FBAEC
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB16385F
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9DF07E8F
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:997E6AF4
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:896E1EFF
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7F66BF58
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C6EBC69
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:561B1D2B
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3612C9BE
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0DA384B0
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B3B557D
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09CEBED1
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:086DE893
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB97DB91
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F0E8F4FE
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2935AA1D
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0BFCB272
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EE39C93C
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E91ADC66
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C63E7DE2
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:880F0FEF
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:687D1056
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:102394C6
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B61DB9F
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E945C214
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E2CB42C9
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DF68137
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A1628E5
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3473F385
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12D2EB9C
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C07C446
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FE9F7F81
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:95198126
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:538A9F02
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CF76F21
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4673E9EA
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1ECED34B
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1381B34
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88B61AC3
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:60A4BB64
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D351BC6
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D36932D
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2AF478DB
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C9CD455
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F16B288B
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0D17155
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78DEA3A4
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7881FECE
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5A99DEB7
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3815BC84
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FE0D0B5A
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EEF1584F
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF61CE5A
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:883EDFB5
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CDB9CA3
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:177313FB
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:059167AF

< End of report >

reginaac
Novice
Novice

Posts Posts : 44
Joined Joined : 2011-08-21
Gender Gender : Female
OS OS : Windows XP
Points Points : 19968
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by Superdave on Fri Aug 26, 2011 11:00 pm

Thank you. Could you please run this again for me? You may still have the program on your desktop.

Please download [You must be registered and logged in to see this link.] ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it



Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



On completion of the scan click save log, save it to your desktop and post in your next reply

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by reginaac on Fri Aug 26, 2011 11:49 pm

Hi Dave,

aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-26 18:04:30
-----------------------------
18:04:30.125 OS Version: Windows 5.1.2600 Service Pack 3
18:04:30.125 Number of processors: 1 586 0x304
18:04:30.140 ComputerName: GINA UserName:
18:04:36.921 Initialize success
18:09:33.562 AVAST engine defs: 11082601
18:09:45.234 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:09:45.234 Disk 0 Vendor: WDC_WD1600AAJB-00PVA0 00.07H00 Size: 152627MB BusType: 3
18:09:47.328 Disk 0 MBR read successfully
18:09:47.328 Disk 0 MBR scan
18:09:47.531 Disk 0 Windows XP default MBR code
18:09:47.578 Disk 0 scanning sectors +312560640
18:09:48.000 Disk 0 scanning C:\WINDOWS\system32\drivers
18:10:10.609 Service scanning
18:10:14.468 Modules scanning
18:10:24.515 Disk 0 trace - called modules:
18:10:24.531 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
18:10:24.531 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82fd7030]
18:10:24.546 3 CLASSPNP.SYS[f8728fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82fab030]
18:10:27.187 AVAST engine scan C:\WINDOWS
18:10:41.125 AVAST engine scan C:\WINDOWS\system32
18:13:09.890 AVAST engine scan C:\WINDOWS\system32\drivers
18:13:24.156 AVAST engine scan C:\Documents and Settings\Owner
18:23:04.140 AVAST engine scan C:\Documents and Settings\All Users
18:32:13.156 Scan finished successfully
18:46:15.046 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
18:46:15.187 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR08262011.txt"



reginaac
Novice
Novice

Posts Posts : 44
Joined Joined : 2011-08-21
Gender Gender : Female
OS OS : Windows XP
Points Points : 19968
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by Superdave on Sat Aug 27, 2011 1:37 am

How's the computer working now?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
[You must be registered and logged in to see this link.]
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by reginaac on Sat Aug 27, 2011 2:07 am

Hi Dave,

Last night I started getting a black screen come up just before windows logs on. It said something about booting up normally. Never had that before.

Also, Stopzilla has 2 infections (it did have 138, mostly cookies).

1. Internet Security - File - Critical
c:\docume~1\owner\locals~1\temp\rarsfx0\securitycheck\other\nircmcd.exe


2. Cognac - Adware - File - Moderate

c:\docume~1\owner\locals~1\temp\rarsfx0\securitycheck\other\sed.exe

I'm going to run that ESet Scann right now.

Thanks

reginaac
Novice
Novice

Posts Posts : 44
Joined Joined : 2011-08-21
Gender Gender : Female
OS OS : Windows XP
Points Points : 19968
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by reginaac on Sat Aug 27, 2011 5:32 am

Hi Dave,

Here is the ESETScan.

Thanks

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g7evd8kn.default\extensions\textlinks@playsushi.com\components\PlaySushiFF.dll probably a variant of Win32/Adware.Gamevance.AG application cleaned by deleting - quarantined
C:\Downloads\reSetup[1].exe a variant of Win32/Adware.Trymedia application cleaned by deleting - quarantined
C:\GameFools\GourmaniaSetup.exe Win32/Adware.InternetAntivirus application cleaned by deleting - quarantined
C:\Program Files\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6DCDF204-BED2-4A47-866A-5E39E7E8C520}\RP127\A0022687.dll probably a variant of Win32/Adware.Gamevance.AG application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6DCDF204-BED2-4A47-866A-5E39E7E8C520}\RP128\A0022729.rbf a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6DCDF204-BED2-4A47-866A-5E39E7E8C520}\RP128\A0022732.rbf probably a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6DCDF204-BED2-4A47-866A-5E39E7E8C520}\RP135\A0024697.dll probably a variant of Win32/Adware.Gamevance.AG application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6DCDF204-BED2-4A47-866A-5E39E7E8C520}\RP135\A0024698.exe a variant of Win32/Adware.Trymedia application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6DCDF204-BED2-4A47-866A-5E39E7E8C520}\RP135\A0024699.exe Win32/Adware.InternetAntivirus application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6DCDF204-BED2-4A47-866A-5E39E7E8C520}\RP135\A0024700.exe probably a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6DCDF204-BED2-4A47-866A-5E39E7E8C520}\RP135\A0024701.exe a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6DCDF204-BED2-4A47-866A-5E39E7E8C520}\RP84\A0014840.rbf a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6DCDF204-BED2-4A47-866A-5E39E7E8C520}\RP84\A0014843.rbf probably a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined

reginaac
Novice
Novice

Posts Posts : 44
Joined Joined : 2011-08-21
Gender Gender : Female
OS OS : Windows XP
Points Points : 19968
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by Superdave on Sat Aug 27, 2011 6:57 pm

That looks good. If there are no other issues, we can do some cleanup.

To uninstall ComboFix


  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /uninstall




(Note: Make sure there's a space between the word ComboFix and the forward-slash.)


  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

*****************************************************
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
***************************************************
Clean out your temporary internet files and temp files.

Download [You must be registered and logged in to see this link.] to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
****************************************************
Use the [You must be registered and logged in to see this link.] to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to [You must be registered and logged in to see this link.] and get all critical updates.

----------

I suggest using [You must be registered and logged in to see this link.]. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

[You must be registered and logged in to see this link.]- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* [You must be registered and logged in to see this link.] from Spyware and Malware
* If you don't know what ActiveX controls are, see [You must be registered and logged in to see this link.]

Protect yourself against spyware using the Immunize feature in [You must be registered and logged in to see this link.] Guide: [You must be registered and logged in to see this link.] to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. [You must be registered and logged in to see this link.]

Check out [You must be registered and logged in to see this link.] for tips and free tools to help keep you safe in the future.

Also see [You must be registered and logged in to see this link.] for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by reginaac on Sat Aug 27, 2011 8:08 pm

Hi Dave,

I don't know if you saw the post before my last scan where I mentioned the 2 infections that Stopzilla show having.

Also, I'm still not able to get into gamehouse.com. From what I'm understanding there is a virus there that people have got in the past and I was wondering if we can see if we (you) help me get that fixed.

Thank you,
Regina

reginaac
Novice
Novice

Posts Posts : 44
Joined Joined : 2011-08-21
Gender Gender : Female
OS OS : Windows XP
Points Points : 19968
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by Superdave on Sun Aug 28, 2011 1:29 am

I don't know if you saw the post before my last scan where I mentioned the 2 infections that Stopzilla show having.
All the other scans we've run did not show those files. It could be false-positives.
What browser are you using?
I can't see any malware that would be causing that problem with Gamehouse.com. I sounds like perhaps your firewall could be blocking it.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by reginaac on Sun Aug 28, 2011 1:56 am

Last night I started getting a black screen come up just before windows logs on. It said something about booting up normally. Never had that before.


I had checked my firewall for the Game House problem and didn't find it.

Also, one last thing, would it be possible to get that black screen that pops up just before Windows logs on to go away. That just started the night before last. I would appreciate it.

Thank you,
Regina

reginaac
Novice
Novice

Posts Posts : 44
Joined Joined : 2011-08-21
Gender Gender : Female
OS OS : Windows XP
Points Points : 19968
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by Superdave on Sun Aug 28, 2011 10:50 pm

Download BlueScreenView to your desktop.
[You must be registered and logged in to see this link.]
unzip downloaded file and double click on BlueScreenView.exe to run the program.
when scanning is done, go to EDIT - Select All
Go to FILE - SAVE Selected Items, and save the report as BSOD.txt
Open BSOD.txt in Notepad, copy all of the content, and paste it into your next reply

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by reginaac on Mon Aug 29, 2011 9:49 am

Hi Dave,

I ran the program and I came up with 2 boxes and were blank. At the bottom left it said "0 crashes".

Also, a few posts ago, you had asked which browser I use and I forgot to let you know. I use IE version 8.

Thanks

reginaac
Novice
Novice

Posts Posts : 44
Joined Joined : 2011-08-21
Gender Gender : Female
OS OS : Windows XP
Points Points : 19968
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by Superdave on Mon Aug 29, 2011 10:39 pm

I use IE version 8.
You could try another browser to see if the problem is still there.

We Need to Diagnose Your BlueScreen
1.When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter [You must be registered and logged in to see this link.]
2.Select "Disable Automatic Restart on System Failure", as shown here:


3.When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not. You are looking for this:

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by reginaac on Tue Aug 30, 2011 8:16 pm

Hi Dave,

Whew, finally got my keyboard to type again.

Anyway, I tried and tried (6 times) to do the F8 "Disable Automatic Restart". Every time I got to that line I would hit enter and it would go to another screen that would ask which operating system I wanted for start up and the "Disable Automatic Restart" would be at the bottom and the line above it would say to press F8 to go to that line. Well it was a vicious circle doing and saying the same thing every time.

The enter worked fine for going to selecting the start up I wanted, but didn't work for what you wanted.

Thanks

reginaac
Novice
Novice

Posts Posts : 44
Joined Joined : 2011-08-21
Gender Gender : Female
OS OS : Windows XP
Points Points : 19968
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by Superdave on Tue Aug 30, 2011 10:49 pm

Do you have more than one OS on that computer?

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by reginaac on Wed Aug 31, 2011 12:26 am

I just have Windows...is that what you mean?

reginaac
Novice
Novice

Posts Posts : 44
Joined Joined : 2011-08-21
Gender Gender : Female
OS OS : Windows XP
Points Points : 19968
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by Superdave on Wed Aug 31, 2011 1:50 am

Every time I got to that line I would hit enter and it would go to another screen that would ask which operating system I wanted for start up and the "Disable Automatic Restart" would be at the bottom and the line above it would say to press F8 to go to that line.
I think that's the Recovery Console that was installed when you ran ComboFix. You can remove it using this:

Deleting the Recovery Console

Warning: To remove the Recovery Console you need to modify the Boot.ini file. Modifying this file incorrectly can prevent your computer from starting properly. Please only attempt this step if you feel comfortable doing this.

To remove the Recovery Console from your hard drive follow these steps:

1.Double-click on My Computer and then double-click on the drive you installed the Recovery Console (usually the C: drive).

2.Click on the Tools menu and select Folder Options.

3.Click on the View tab.

4.Select Show hidden files and folders and uncheck Hide protected operating system files.

5.Press the OK button.

6.Now at the root folder delete the Cmdcons folder and the Cmldr file.

7.At the root folder, right-click the Boot.ini file, and then click Properties.

8.Click to clear the Read-only check box, and then click the OK button.

9.Click on Start, then Run and type Notepad.exe c:\boot.ini in the Open: field and press the OK button.

10.Remove the entry for the Recovery Console. It will look similar to this:
C:\cmdcons\bootsect.dat="Microsoft Windows Recovery Console" /cmdcons

Make sure you only delete that one entry.

11.When you are done, close the notepad and save when it asks.

12.Right click again on the boot.ini file and select Properties.

13.Put a checkmark back in the Read-only checkbox and then press the OK button.
The recovery console should now be removed from your system.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by reginaac on Wed Aug 31, 2011 2:08 am

Hi Dave,

Before I do that I had gone back and rebooted up and did the F8.

It says:

"Please select the operating system to start.

Microsoft Windows Recovery Console
Do not select this [debugged enabled]
Microsoft Windows XP Home Edition"

I just want to make sure I should remove that since it says "Microsoft" and not "Combo Fix". (please note a lot of what we've done is new to me).
Also, I haven't removed the programs and files that we did because I still had questions. Should I go ahead and remove them anyway?

Thanks for your patience


reginaac
Novice
Novice

Posts Posts : 44
Joined Joined : 2011-08-21
Gender Gender : Female
OS OS : Windows XP
Points Points : 19968
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by reginaac on Wed Aug 31, 2011 6:42 pm

Hi Dave,

I posted last night, just above this post and said "I just want to make sure I should remove that since it says "Microsoft" and not "Combo Fix". (please note a lot of what we've done is new to me).
Also, I haven't removed the programs and files that we did because I still had questions. Should I go ahead and remove them anyway?"

Well, I went ahead and uninstalled Combofix, installed TFC, Spyblaster, WOT, and Spybot.

Ran some scans with Spybot and Spyblaster. Removed infected things that were found.

I rebooted and just before the desk top would load a box popped up that said "windows\system32\command Parameters are not correct" I think I wrote that right.

Anyway, I would click "OK" and it kept popping up each time. Finally, I hit control, alt, delete and ended that box and my desk top came up.

I don't know what went wrong.

Thanks


reginaac
Novice
Novice

Posts Posts : 44
Joined Joined : 2011-08-21
Gender Gender : Female
OS OS : Windows XP
Points Points : 19968
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by Superdave on Wed Aug 31, 2011 7:23 pm

Don't bother trying to run BlueScreenViewer. It was the Recovery Console that was giving you a black screen on start-up. Actually, the recovery system is a good thing to have on your computer but if you don't want it, you can uninstall it.
windows\system32\command Parameters are not correct
I think this has something to do with Spybot S&D. If it continues, you should try uninstalling Spybot.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by reginaac on Thu Sep 01, 2011 4:12 pm

[You must be registered and logged in to see this link.] wrote:Don't bother trying to run BlueScreenViewer. It was the Recovery Console that was giving you a black screen on start-up. Actually, the recovery system is a good thing to have on your computer but if you don't want it, you can uninstall it.
windows\system32\command Parameters are not correct
I think this has something to do with Spybot S&D. If it continues, you should try uninstalling Spybot.

Yes, I definitely do want the recovery system please. So, if I should I will do that fix for the Recovery Console you had posted. Let me know.

In reference to Spybot S&D, I got a box message once my computer booted up this morning.

It said:
"Spy Bot has detected an important registry entry that has been changed.
Catagory: System Startup user entry
Change: Value deleted
Entry: SpybotDeletingD5539
Old Data: cmd.exe /c del "C: \Documents and settings \ " and then it didn't show the rest.

It seems like this might be related to the above message I sent where you thought it was Spybot related.

If I uninstall Spybot will it put back all the viruses, trojans, etc.? Also, will it mess up my computer where I am unable to get on? (this is my only computer) Should we fix what Spybot was saying this morning?

Also, are you going to be here over this Labor Weekend? Just checking, I will be, but I know people need time off too

Thank you

reginaac
Novice
Novice

Posts Posts : 44
Joined Joined : 2011-08-21
Gender Gender : Female
OS OS : Windows XP
Points Points : 19968
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by Superdave on Thu Sep 01, 2011 7:39 pm

Yes, I definitely do want the recovery system please. So, if I should I will do that fix for the Recovery Console you had posted. Let me know.
If you want to leave the RC, you don't have to do anything. If you want to remove it, follow the instructions I gave you.
If I uninstall Spybot will it put back all the viruses, trojans, etc.? Also, will it mess up my computer where I am unable to get on? (this is my only computer) Should we fix what Spybot was saying this morning?
You should uninstall Spybot and leave it off for a few days to see how things work. Your computer is clean and removing it won't affect the computer, malware-wise. I have no holidays.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by reginaac on Fri Sep 02, 2011 3:49 pm

Hi Dave,

Well, I just have a few more programs to update through that Secunia Software and it's done.

My computer is running pretty good. Faster then it has for quite a while.

Is there anything else we need to do or undo?


reginaac
Novice
Novice

Posts Posts : 44
Joined Joined : 2011-08-21
Gender Gender : Female
OS OS : Windows XP
Points Points : 19968
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by reginaac on Fri Sep 02, 2011 6:57 pm

Hi Dave,

I guess my above post was jumping the gun.

I don't know what happened, but some how my my System Restore got turned off by some thing or some program. I went to do a system restore and I only have todays date without a restore point. I click to go to August and it won't let me. Did all my previous restore points get deleted in my System Tools?

Also, when I type in a web address to go to, it doesn't try to connect the first time, then I have to hit enter again (I realize this one is a small thing). Finally, Wednesday morning I tried Game House again and couldn't get into it still, but in the afternoon after I had installed Spyware Blaster, Spybot and something else Game House would come up. Now this morning, I can't access it again.

Thanks

reginaac
Novice
Novice

Posts Posts : 44
Joined Joined : 2011-08-21
Gender Gender : Female
OS OS : Windows XP
Points Points : 19968
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by Superdave on Sat Sep 03, 2011 1:06 am

Is there anything else we need to do or undo?
No, that's about it.
I click to go to August and it won't let me. Did all my previous restore points get deleted in my System Tools?
That happens when ComboFix is uninstalled. The reason why we do that is because malware can hide in System Restore and by doing a SR, you're infecting your computer all over again.
Finally, Wednesday morning I tried Game House again and couldn't get into it still, but in the afternoon after I had installed Spyware Blaster, Spybot and something else Game House would come up. Now this morning, I can't access it again.
Something is blocking it but I don't really know what.

Download [You must be registered and logged in to see this link.]

•Unzip HostXpert to your Desktop

•Open up the HostXpert program.

•Make sure that the "Make Hosts Writable?" button in the upper right corner is enabled.

•Click Create Back Up

•Then click on Restore Microsoft's Host Files

•Close the HostXpert program

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by reginaac on Sat Sep 03, 2011 5:39 am

Hi Dave,

I don't have an unzipping program. My Winzip trial expired. Is there a free unzipping program?

Thanks

reginaac
Novice
Novice

Posts Posts : 44
Joined Joined : 2011-08-21
Gender Gender : Female
OS OS : Windows XP
Points Points : 19968
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by Superdave on Sat Sep 03, 2011 6:24 pm

[You must be registered and logged in to see this link.]

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by reginaac on Sat Sep 03, 2011 6:54 pm

Hi Dave,

Thanks for the 7-Zip program.
I opened HostX and when I clicked on the Restore MS host files I came up with the following error:

Cannot creat file C:\WINDOWS\system32\DRIVERS\ETC\hosts

reginaac
Novice
Novice

Posts Posts : 44
Joined Joined : 2011-08-21
Gender Gender : Female
OS OS : Windows XP
Points Points : 19968
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by Superdave on Mon Sep 05, 2011 6:51 pm

Can you please check with your ISP(internet service provider) and ask them if Gamehouse.com is being blocked by them?

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by reginaac on Tue Sep 06, 2011 7:34 pm

Hi Dave,

I just checked with them and tech support said "Absolutely not. Century Link does not block any web sites". Then she said that I should check my computer for any blocks and to see if I need to clear anything out, etc.

That HostX program that comes up with that error, that seems to me that it is and important thing. Is there a way to fix that?

Thank you

reginaac
Novice
Novice

Posts Posts : 44
Joined Joined : 2011-08-21
Gender Gender : Female
OS OS : Windows XP
Points Points : 19968
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by Superdave on Fri Sep 09, 2011 7:34 pm

Sorry for being so late in getting back to you. It's quite possible that you have been banned from Gamehouse. You should contact them about this.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by reginaac on Sun Sep 11, 2011 3:01 am

"That HostX program that comes up with that error, that seems to me that it is and important thing. Is there a way to fix that?"

The above is from my Sept. 6th post.

I'll check with them, but I've heard they have some kind of virus...I will check though.




reginaac
Novice
Novice

Posts Posts : 44
Joined Joined : 2011-08-21
Gender Gender : Female
OS OS : Windows XP
Points Points : 19968
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by Superdave on Sun Sep 11, 2011 4:52 pm

Please try this:

Please download the following batch file and save it to your desktop: [You must be registered and logged in to see this link.]

When the file has finished downloading, double-click on the HostsPerm.bat file that is now on your desktop. If Windows asks if you if you are sure you want to run it, please allow it to run. Once it starts you will see a small black window that opens and then quickly goes away. This is normal and is nothing to be worried about.

Reset Hosts File:

* Go to Start > Run and type Notepad.exe then click OK
* Copy and Paste everything from the Code Box below into Notepad:
Code:
@Echo off
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1  localhost>HOSTS
attrib +r +h +s hosts
popd
del %0

* Go to File > Save As
* Save File name as Reset.bat
* Change Save as Type to All Files and save the file to your desktop.

On the desktop double click the Reset.bat to run the batch file. It will self-delete when completed.

Download [You must be registered and logged in to see this link.]

•Unzip HostXpert to your Desktop

•Open up the HostXpert program.

•Make sure that the "Make Hosts Writable?" button in the upper right corner is enabled.

•Click Create Back Up

•Then click on Restore Microsoft's Host Files

•Close the HostXpert program

Note: if you use SpywareBlaster, Spybot and/or IE-SPYAD, it will be necessary to re-install the protection they afford. For SpywareBlaster, run the program and select Enable all protection. For Spybot run the program and select Immunize. For IE-SPYAD, run the batch file and reinstall the protection.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by reginaac on Tue Sep 13, 2011 3:44 pm

Hi Dave,

I'm still getting the following error when I click on Restore Microsoft's Host Files.

Cannot creat file C:\WINDOWS\system32\DRIVERS\ETC\hosts.

Let me know what I should do.

Thanks

reginaac
Novice
Novice

Posts Posts : 44
Joined Joined : 2011-08-21
Gender Gender : Female
OS OS : Windows XP
Points Points : 19968
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by Superdave on Tue Sep 13, 2011 11:09 pm

Are you sure that you're doing this?
Make sure that the "Make Hosts Writable?" button in the upper right corner is enabled

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by reginaac on Sat Sep 17, 2011 4:48 am

Hi Dave,

Yes, I'm sure.

This is what I see...

It's a big box that's white and it has a left hand column.

The titles in the column are:

File Handling (to the right of that is a picture of a pencil)

"Make Read only?" and it shows an unlocked lock (because it's writeable)
"Make Writeable?" and it shows a locked lock (so I can't write)

Backup/Restore

Import Options

Restore MS Hosts Files

File Handling

Editing

Download

Tools

Help

I've tried it both ways (I've always done it with the lock unlocked). When it's locked I can't create a backup.

So, with the lock unlocked I'm able to click on the Backup/Restore button and create a backup. Then it confirms that did happen.

Then I go to Restore MS Hosts File and it asks if I want to do this I click on OK and then the error appears.

I believe I'm doing it correctly, but if I'm not, please tell me what I'm doing wrong.

Thanks

reginaac
Novice
Novice

Posts Posts : 44
Joined Joined : 2011-08-21
Gender Gender : Female
OS OS : Windows XP
Points Points : 19968
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by Superdave on Mon Sep 19, 2011 7:29 pm

Please try the information in [You must be registered and logged in to see this link.] to set your hosts file back to default.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by reginaac on Wed Sep 21, 2011 1:07 am

Hi Dave,

I went to the link and clicked on the icon so it would make the changes automatically.

What should I do now?

Thanks

reginaac
Novice
Novice

Posts Posts : 44
Joined Joined : 2011-08-21
Gender Gender : Female
OS OS : Windows XP
Points Points : 19968
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by Superdave on Wed Sep 21, 2011 1:15 am

Click on the FixIt icon and when the box comes up click Run and follow the directions.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by reginaac on Wed Sep 21, 2011 3:25 pm

[You must be registered and logged in to see this link.] wrote:Click on the FixIt icon and when the box comes up click Run and follow the directions.

Hi Dave,

I'm sorry, I didn't explain myself properly. I already did this when I click on the icon. I did run the fix it program.

Is there something else I need to do to check it...or do I need to run any reports for you?

Thanks

reginaac
Novice
Novice

Posts Posts : 44
Joined Joined : 2011-08-21
Gender Gender : Female
OS OS : Windows XP
Points Points : 19968
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by Superdave on Wed Sep 21, 2011 6:25 pm

I did run the fix it program.

Is there something else I need to do to check it...or do I need to run any reports for you?
Sorry. I've never run this program before. Could you describe to me what happens after you let it run?

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by reginaac on Sat Oct 01, 2011 3:24 am

Hi Dave,

I'm sorry I hadn't been on sooner, I've been ill.

Anyway, I just clicked on the icon for it to run. It did run and that was it. That's why I was wondering if there was some way I should check it or something.

Thanks

reginaac
Novice
Novice

Posts Posts : 44
Joined Joined : 2011-08-21
Gender Gender : Female
OS OS : Windows XP
Points Points : 19968
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by Superdave on Sat Oct 01, 2011 5:05 pm

Anyway, I just clicked on the icon for it to run. It did run and that was it. That's why I was wondering if there was some way I should check it or something.
That should have reset your hosts file. It's been so long. Do you have any more problems with your computer?

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by reginaac on Sat Oct 08, 2011 6:40 am

Hi Dave,

Just little things that weren't there before, so other than those, nothing else.

reginaac
Novice
Novice

Posts Posts : 44
Joined Joined : 2011-08-21
Gender Gender : Female
OS OS : Windows XP
Points Points : 19968
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by Superdave on Sat Oct 08, 2011 6:41 pm

[You must be registered and logged in to see this link.] wrote:Hi Dave,

Just little things that weren't there before, so other than those, nothing else.
That's good. Just do the cleanup I suggested earlier in this thread and you're good to go.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by reginaac on Tue Oct 11, 2011 5:01 pm

Hi Dave,

I want to thank you so much for all of your help. I really appreciate everything you've done.

Sincerely,
Gina

reginaac
Novice
Novice

Posts Posts : 44
Joined Joined : 2011-08-21
Gender Gender : Female
OS OS : Windows XP
Points Points : 19968
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Dropper, Trojan.Generic, Trojan.Crypt and more

Post by Superdave on Tue Oct 11, 2011 7:27 pm

[You must be registered and logged in to see this link.] wrote:Hi Dave,

I want to thank you so much for all of your help. I really appreciate everything you've done.

Sincerely,
Gina
You're welcome, Gina. I will lock this thread. If you need it re-opened, please send me a pm.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum