|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
Thread Tools |
05-15-2008, 01:44 AM
|
#1 (permalink) |
|
Registered User
Join Date: May 2008
Posts: 17
OS: XP Pro SP2
|
flec006, srosa & co.
Hi,
my laptop started acting weird yesterday. My sound cut out, the antivirus (mcafee) disappeared and the cpu was running mostly at 100%. Plus, there was no way to restart it in safe mode (XP Pro SP2). After a while I managed to run Combofix and HijackThis. The situation at the moment is the following: ComboFix 08-05-12.1 - nlusr01472 2008-05-15 8:38:45.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.742 [GMT 2:00] Running from: C:\Documents and Settings\nlusr01472\Desktop\Combo-Fix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\nlusr01472\Application Data\m C:\Documents and Settings\nlusr01472\Application Data\m\data.oct C:\Documents and Settings\nlusr01472\Application Data\m\flec006.exe C:\Documents and Settings\nlusr01472\Application Data\m\list.oct C:\Documents and Settings\nlusr01472\Application Data\m\shared C:\Documents and Settings\nlusr01472\Application Data\m\shared\Accelerate_Video_to_Zune_Converter_3.7_[With_Crack].zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Access_Controller_3.1.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Actual_Checkers_2000_R_1.0.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Ad-Aware_SE_HexDump_Plug-in_1.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Advanced_Email_Extractor_2.86.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Advanced_Emailer_3.25.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\AJ_Screensaver_Maker_Professional_2.01.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Altdo_DVD_to_iPod_Ripper_1.2_[Patch].zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Article_Cash_1.0_Key+Serial.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\ASP.NET_Upload_1.0.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\AudioCommander_3.1.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Auto_Push_My_Buttons_2.1.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\AVAST.PRO.PORTUGUÊS.+.SERIALS.+.keygens.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\AVG.Anti-Spyware.Plus.7.5.0.50.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\AVI_Splitter_1.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Backup_To_EMail_1.3.1.b12.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Bananas_In_Space_1.4.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Battlefield_Vietnam_Operation_Starlight_map.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Calendar_Creator_12.0.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Capture_WebCam_2.03_(With_Crack).zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\CM_reporter_2.0.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Complete_PC_Care_10.0_Crack.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Comtekk_Tone_Generator_1.05.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Connect-pc!_2.01.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\CRC-32_Static_Library_for_Microsoft_VC++_1.0.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Custom_Splash_Installer_2.2.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\DBF_Doctor_1.68_Build_54.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\dsMD5_1.02.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\DVD_Copy_Machine_2.1.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\eAssistant_3.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Ebay_Typo_Auction_Locator_3.9.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Email_Backup_Guardian_1.1.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Evidence_Wiper_1.0.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\ExeShield_Deluxe_1.4.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\F-22_Raptor_Screen_Saver_1.0.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\FA_Premiere_League_Stars_1.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\febooti_fileTweak_Hash_&_CRC_2.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Fix_My_Inbox_1.8_build_575.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Flower_Screensaver_1.0.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Gadget_Explorer_Bar_1.0.0.40.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Gmail_Explorer_1.1.1.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\GreatCirc_1.0.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\GridPrint_1.0.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Groovy_Hex_Editor_1.6.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Guitar_Chords_Library_5.7.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Handy_Outlook_Tools_1.0.0.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\HidesFiles_1.3.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Highlighter_0.1.4.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Ident_Server_1.16.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\IMC_Messenger_1.0.4.2.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\info.xhead_1.0.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Internet_Speedster_2.0_[Key+Serial].zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\iRemotePC_1.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\JobCost_Controller_for_Excel_3.01_(Cracked).zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\JStock_0.9.1.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Kaspersky.Anti-Virus.6.0.1.411.serial.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Kaspersky.Personal.Pro.-.Licence.01-01-2009.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\KeyState_1.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Landformer_Pro_2.1.1.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\LEAD_H.264_Video_Codec_(Key).zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Lead_Maverick_1.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Lokad_OpenShell_1.0.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\M_Exe_Editor_1.0.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Mail_Monitor_1.17_beta.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Markosoft_TimeClock_3.1_(Serial).zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\microOLAP_Database_Designer_for_PostgreSQL_1.2.1a_(Patch).zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\MITCalc_-_V-Belts_Calculation_1.15_(KeyGen).zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\MITCalc3D_for_Autodesk_Inventor_1.40_(KeyGen).zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\MobiSystems_OfficeSuite_(Symbian_Series_60)_2.1.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Mouse_Locator_1.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Mozart_9.2.1.2_With_Crack.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Nail_Gun_Thumbnail_Picture_Creator_2.3.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\NCTImageStudio_ActiveX_DLLs_1.9.3.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\NetScream_1.8.13.2007a.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Network_Console_7.10.156_With_Crack.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\NOD32.2.51.30.ITA.+.CRACK.by.PIPPOINZAGHISANTOSUBITO.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Nod32.Antivirus.System.v2.70.16.For.Windows.Nt.2000.2003.Xp.Vista.x64-Final.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Nod32.v2.50.36.ITA.+.FiX.v1.9.Rel.by.Sabba81.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\NutriGenie_Omega_3_Counter_3.4_Serial.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Office_Organizer_4.8.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Pathways_Planner_3.3.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\PC_Video_Conference_4.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Personal_Time_Manager_Professional_1.9.2.1115.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Pic-a-POD_1.0.3.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Points_Import_for_IntelliCAD_1.0.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Prevx1.PC.Security.crack.[SCRiPTMAFiA].Working.Nov2005.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\ProRhythm_1.33.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\PwdDoubleCheck_1.0.1.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\rc4wa_2.6.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\ReachPlus_Alerts_4.0_With_Crack.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Rottweiler_Screensaver_1.0.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\RSS.DealNews_0.1.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\SasCam_Webcam_Server_2.6.5.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Schedule_Wizard_4.04_build_4041.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Secure_Image_Lite_2.1_[Key].zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Sexy_Ladies_Ca-Cl_Screensaver_3.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Shareview_Professional_4.7_Crack.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Simple_Date_and_Time_1.66.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\SmartGesture_Lite_1.1.1.31.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Spam_Blackout_1.5.0.27.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Stealth_Combat_1.0.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Super.crack.NOD32.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Super_Popup_Blocker_Pro_4.1.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\SwitchResX_3.7.4.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Symantec.Norton.Ghost.10.0.En.Español.y.Activacion.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\TaskLog_1.2.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\The_Elder_Scrolls_III_Morrowind_Faces_Compilation_mod.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\The_Family_Tree_of_Family_8_build_061006.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\TimeCEO_2.0_(Cracked).zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\TimeLeft_3.23.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\True_Eraser_1.0.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Twin_Folders_3.0_(Key).zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Virtual_Hymnal_2.01.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Voicent_Agent_Dialer_5.2.1_(Cracked).zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Webcam_Saver_1.3_Key+Serial.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Wild_Horses_3D_1_KeyGen.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\WinCHM_3.2.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Window_Master_1.0.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\WinLicense_1.9.0.0_[KeyGen].zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\WinSQL_Lite_5.5.60.568.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\WiSSH_Standard_Edition_2.79_Build_00.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\WMV_To_WMA_Converter_1.00_(Patch).zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Xolox_1.0.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Zoho_Virtual_Office_3_build_3010_Cracked.zip C:\Documents and Settings\nlusr01472\Application Data\m\srvlist.oct C:\WINDOWS\system32\drivers\hldrrr.exe C:\WINDOWS\system32\drivers\mdelk.exe C:\WINDOWS\system32\drivers\srosa.sys C:\WINDOWS\system32\mdelk.exe C:\WINDOWS\system32\wintems.exe . ---- Previous Run ------- . C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat C:\Documents and Settings\nlusr01472\Application Data\m\data.oct C:\Documents and Settings\nlusr01472\Application Data\m\list.oct C:\Documents and Settings\nlusr01472\Application Data\m\shared C:\Documents and Settings\nlusr01472\Application Data\m\shared\1-More_PhotoManager_1.20_Key.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\12Ghosts_Robo_8.11_With_Crack.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\3D_Dancing_Chocolate_Kisses_1.0_Serial.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Accent_Composer_1.09k_(With_Crack).zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Account_Lockout_Examiner_2.1.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\ActiveX_Instrument_Extension_Components_1.000_(KeyGen).zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Address4U_2.0.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Age_of_Mythology_The_Titans_Olympian_Clans_map.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Air_Messenger_LAN_Server_6.7.6_Key.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Airport_Status_1.0.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Anime_News_Network_2.1.2.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Aplus_Video_to_Pocket_PC_3.18.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Apollo_Pro_3.0.3_Crack.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Apple_Security_Update_for_Mac_OS_X_10.3.4_2004-08-09.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Ashampoo_Movie_Shrink_&_Burn_2_2.21_(KeyGen).zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Atelier_Web_Remote_Commander_6.1_[Key].zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\AttributeSuite_1.0_Patch.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Autocad_Tools_2005_9.5.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\AutoHide_1.0.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Auvisoft_CD_Ripper_1.50.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Avast.Professional.Edition.v4.1.418.Incl.Keymaker.WORKING.READ.NFO-AGAiN.[LinkoManija].zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\BBSMonitor_3.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\BibleReader_1.0.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\BitByBit_1.2.0.34.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Breme_Address_Book_2.6.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Bt_Watcher_Pro_1.2.1_With_Crack.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Bulk_Link_Popularity_Analyzer_1.23.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\CafeMan_1.5.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Call_Accounting_Mate_2.6.1.98.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Card_Reader_1.04.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Chrysanth_Inventory_Manager_2001_(Public_Edition)_3.00_Crack.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\ClickYes_Pro_2.5.9.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Crack.Norton.Antivirus.-.Extiende.La.Fecha.De.Renovacion.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\CutiePie_Free_ClipArt_Graphics_1.0.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Dazzling_Events_1.7.3.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Desktop_Dreamscapes_1.0_(With_Crack).zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\DiskTriage_8.1.5.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Download3k_search_plugin_1.0.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Dr.Web.AntiVirus.v4.33.FR-Incl-Key.par.eMule-Paradise.com.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Drilling_Billy.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Dropball_1.0.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Dropcloth_0.3.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Email_Password_Recovery_Wizard_1.1.1_(With_Crack).zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\EMS_SQL_Manager_2005_for_PostgreSQL_3.7.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Excel_Extract_Data_&_Emails_Software_7.0.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\EZ_Backup_IncrediMail_Pro_4.7.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\FileVan_for_DOS_2.60.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Flowers_Pack_2.0.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Folderprint_Assistant_1.0_(Key).zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\FontsOnCD_0.9.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Free_Barbie_Wallpaper_1_1.0.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Free_MSN_Emoticons_Pack_3_1.0.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Galerie_3.4.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\GCS_DayCare_9.0_Key+Serial.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Get_Anonymous_1.2.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\GradeBook_For_Windows_2.5.1.1.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\HaHa_Mobile_Ringtones--Polyphonic_and_Realtone_Creator_3.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Half-Life_CPU_Frenzy_Map.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\HDOB_1.01.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\High_Road_1.0.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Home_Mortgage_Refinance_Calculator_1.0.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\HTTP-Tunnel_NG_3.3.1784.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Kaspersky.Antivirus.v6.0.2.614.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Kicking_&_Screaming_Screensaver.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Kikoz_Bookmarks_Pro_2.0.6.8.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\KILLTHESPYWARE_9.3.0.10_With_Crack.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Learn_To_Speak_German_3.2_(Patch).zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\LingvoSoft_English-Azerbaijani_Talking_Dictionary_3.1.41.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\LingvoSoft_Suite_2007_English_-_Hungarian_2.0.23.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Link_Advisor_1.0.0.35_[Key+Serial].zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Link_Exchange_Manager_1.26_Crack.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Look_'Trojan'_Stop_2007_Build_703688_(Key).zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\ManageMore_Simple_Start_Edition_6.0_Serial.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Mars_Notebook_1.41.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\NetLimiter_2_Lite_2.0.10.1.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\NikSaver_1.6.2_build_192.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Nokia.F-Secure.Antivirus.2005(6630).zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\PC_On_Point_3.9.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\PDF_Printer_Driver_and_Batch_Converter_1.0.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\PestPatrol_4.4.4.81.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Photo_Recovery_Wizard.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\PictureNook_1.0.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Plato_DVD_to_PSP_Converter_6.72_KeyGen.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\PowerTCP_Sockets_for_.NET_1.0.4.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Project_Center_2005_1.2.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\QuizMaker_Pro_6.1.1_[Patch].zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Rad_FTP_Applet_1.51.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Red_Orchestra_mod_(Unreal_Tournament_2003)_v1.1_to_v1.2_patch.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\RegCell_1.1.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Return_to_Castle_Wolfenstein_Wild_West_mod.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Robot-Manager_3.1_Patch.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\ScalePhobia_1.2.2.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\She_1.05_[Serial].zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Sidebar_Icons_0.6.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Simnor_Web_Button_Studio_2007_With_Crack.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\SkimEdit_3.05.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\SmoothView_1.0.2.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Space_War_3.0.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\SQL_Password_1.5.470_[With_Crack].zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Streaming_Flag_Screen_saver_1.1.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Super_AJAX_Programming_Seed_1.0.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\TSkinForm_2.1.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\TVs_&_Webcams_3.0.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\TweakXP.com_Tweaking_Utility_1.6_build_4.9.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\uCertify_PrepKit_-_C220-602_CompTIA_A+_(IT_Technician)_8.02.05.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Ultra_Atom_Time_Synchronizer_1.0.2007.201_[Cracked].zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Unreal_Tournament_2003_-_Lost_Cavern_deathmatch_map.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\URL_Snooper_2.18.01_beta.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\VentaFax_Business_5.8.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Virtual_BassLine_3.5_[With_Crack].zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\ViVi_DVD_to_iPod_Converter_3.1.5.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Voxengo_r8brain_PRO_1.5_Patch.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\WAP_Proof_2.0.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Warcraft_III_-_AR_Natural_PicNic_map.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Warcraft_III_The_Frozen_Throne_UMSWE_4.1_editor.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Web_Palette_Pro_1.0.0_(Cracked).zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Website_Toolbox_Pro_1.0.6.0_Cracked.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Win2PDF_3.1.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Windows_2000_IrDA_Driver_Access_Violation_Patch_MS01-046.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\WinTools.net_Extra_Edition_8.3.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\WinTricks_4.0k.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\XPFit_1.2.1.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\Yoga_2.4.zip C:\Documents and Settings\nlusr01472\Application Data\m\shared\zTexter_SMS_Messanger_1.zip C:\Documents and Settings\nlusr01472\Application Data\m\srvlist.oct C:\WINDOWS\system32\ban_list.txt C:\WINDOWS\system32\Cache C:\WINDOWS\system32\drivers\downld C:\WINDOWS\system32\drivers\downld\1602894.exe C:\WINDOWS\system32\drivers\downld\1615823.exe C:\WINDOWS\system32\drivers\downld\1817243.exe C:\WINDOWS\system32\drivers\downld\1833766.exe C:\WINDOWS\system32\drivers\downld\1843801.exe C:\WINDOWS\system32\drivers\downld\1855658.exe C:\WINDOWS\system32\drivers\downld\2029658.exe C:\WINDOWS\system32\drivers\downld\2050668.exe C:\WINDOWS\system32\drivers\downld\2062685.exe C:\WINDOWS\system32\drivers\downld\2070236.exe C:\WINDOWS\system32\drivers\downld\2072369.exe C:\WINDOWS\system32\lsprst7.dll C:\WINDOWS\system32\ssprs.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SROSA ((((((((((((((((((((((((( Files Created from 2008-04-15 to 2008-05-15 ))))))))))))))))))))))))))))))) . 2008-05-15 08:45 . 2008-05-15 08:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-05-15 08:45 . 2008-05-15 08:45 1,409 --a------ C:\WINDOWS\QTFont.for 2008-05-15 00:22 . 2008-05-15 00:23 <DIR> d-------- C:\Program Files\Panda Security 2008-05-14 15:45 . 2008-05-14 15:45 <DIR> d-------- C:\Program Files\openpages.info 2008-05-14 12:30 . 2008-05-14 14:18 68 --a------ C:\WINDOWS\Wininit.ini 2008-05-09 13:18 . 2008-05-09 13:18 1,025 --a------ C:\WINDOWS\system32\sysprs7.tgz 2008-05-09 13:18 . 2008-05-09 13:18 1,025 --a------ C:\WINDOWS\system32\sysprs7.dll 2008-05-09 13:18 . 2008-05-09 13:18 1,025 --a------ C:\WINDOWS\system32\clauth2.dll 2008-05-09 13:18 . 2008-05-09 13:18 1,025 --a------ C:\WINDOWS\system32\clauth1.dll 2008-05-09 13:18 . 2008-05-12 15:52 219 --a------ C:\WINDOWS\system32\lsprst7.tgz 2008-05-09 13:18 . 2008-05-12 15:52 87 --a------ C:\WINDOWS\system32\ssprs.tgz 2008-05-09 00:20 . 2008-05-09 00:20 <DIR> d-------- C:\Program Files\Rainbow Technologies 2008-05-09 00:20 . 2013-10-24 22:24 127 --a------ C:\WINDOWS\system32\lservrc 2008-05-09 00:19 . 2005-06-02 15:07 141,312 -ra------ C:\WINDOWS\system32\drivers\MtxDma0.sys 2008-05-09 00:19 . 2005-06-02 15:07 134,144 -ra------ C:\WINDOWS\system32\drivers\MtxAux.sys 2008-05-09 00:19 . 2005-06-02 15:07 118,784 -ra------ C:\WINDOWS\system32\MtxWinCi.dll 2008-05-08 21:07 . 2008-05-08 21:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield 2008-05-01 16:05 . 2008-05-01 16:06 <DIR> d-------- C:\Documents and Settings\nlusr01472\Application Data\Media Player Classic 2008-05-01 12:48 . 2002-11-15 14:11 77,824 --a------ C:\WINDOWS\system32\MMSwitch.dll 2008-05-01 12:48 . 2002-11-18 17:15 62,464 --a------ C:\WINDOWS\system32\MMSwitch.ax 2008-05-01 12:48 . 2002-11-18 17:02 40,960 --a------ C:\WINDOWS\system32\MMAVILNG.exe 2008-04-27 19:04 . 2008-04-27 19:05 <DIR> d-------- C:\Documents and Settings\nlusr01472\Application Data\NeroDCTemplates 2008-04-26 08:42 . 2008-04-26 08:42 2,491 --a------ C:\WINDOWS\system32\NMMediaServer.cfg 2008-04-22 10:15 . 2007-08-21 10:12 21,760 --a------ C:\WINDOWS\system32\drivers\point32.sys 2008-04-22 10:15 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll 2008-04-22 10:15 . 2004-08-04 00:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll 2008-04-22 10:14 . 2008-04-22 10:14 <DIR> d-------- C:\Program Files\MSXML 6.0 2008-04-22 10:14 . 2008-04-22 10:15 <DIR> d-------- C:\Program Files\Microsoft IntelliPoint 2008-04-21 15:21 . 2008-04-21 15:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\EPSON 2008-04-19 14:06 . 2008-05-12 17:48 126 --a------ C:\WINDOWS\password.ini 2008-04-16 14:39 . 2008-04-16 14:39 <DIR> d-------- C:\Documents and Settings\nlusr01472W1\ASPNET 2008-04-16 14:39 . 2008-04-16 14:39 <DIR> d-------- C:\Documents and Settings\nlusr01472W1 2008-04-16 14:39 . 2008-04-29 11:06 <DIR> d-------- C:\Documents and Settings\nlusr01472\VSWebCache 2008-04-16 14:39 . 2008-05-15 03:02 1,024 --ah----- C:\Documents and Settings\nlusr01472W1\ASPNET\NTUSER.dat.LOG 2008-04-16 11:13 . 2008-04-16 11:13 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy 2008-04-15 16:02 . 2008-04-15 16:02 <DIR> d-------- C:\Program Files\Common Files\Janus Systems 2008-04-15 15:59 . 2008-04-15 15:59 <DIR> d-------- C:\Program Files\Common Files\Karamasoft WebControls 2008-04-15 15:39 . 2008-04-15 15:42 <DIR> d-------- C:\Program Files\Common Files\Infragistics 2008-04-15 15:29 . 2008-04-15 15:29 <DIR> d-------- C:\Program Files\Common Files\Basic Date Picker 2008-04-15 15:29 . 2008-04-15 15:29 <DIR> d-------- C:\Program Files\Basic Date Picker 2008-04-15 09:22 . 2008-04-15 09:22 <DIR> d-------- C:\spoolerlogs 2008-04-15 00:03 . 2004-08-03 23:10 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys 2008-04-15 00:03 . 2004-08-03 23:10 38,016 --a--c--- C:\WINDOWS\system32\dllcache\bthmodem.sys 2008-04-15 00:00 . 2004-08-03 22:58 100,992 --a------ C:\WINDOWS\system32\drivers\bthpan.sys 2008-04-15 00:00 . 2004-08-03 22:58 100,992 --a--c--- C:\WINDOWS\system32\dllcache\bthpan.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-15 00:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\pdf995 2008-05-14 12:56 --------- d-----w C:\Documents and Settings\nlusr01472\Application Data\Babylon 2008-05-08 22:20 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-08 22:06 --------- d-----w C:\Documents and Settings\nlusr01472\Application Data\Azureus 2008-05-08 18:58 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-05-08 12:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-05-08 12:52 --------- d-----w C:\Program Files\Common Files\Merge Modules 2008-05-01 16:00 --------- d-----w C:\Program Files\Apple Software Update 2008-04-29 15:08 --------- d-----w C:\Program Files\PLSQL Developer 2008-04-24 08:25 --------- d-----w C:\Program Files\Common Files\Crystal Decisions 2008-04-14 21:25 --------- d-----w C:\Program Files\Microsoft ActiveSync 2008-04-14 08:07 --------- d-----w C:\Program Files\HTML Help Workshop 2008-04-14 07:52 --------- d-----w C:\Program Files\Microsoft ACT 2008-04-13 13:43 --------- d-----w C:\Program Files\NeroInstall.bak 2008-04-13 13:40 --------- d-----w C:\Documents and Settings\nlusr01472\Application Data\Nero 2008-04-13 13:37 --------- d-----w C:\Program Files\Common Files\Nero 2008-04-13 13:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero 2008-04-13 12:11 --------- d-----w C:\Program Files\Common Files\Ahead 2008-04-12 18:34 --------- d-----w C:\Program Files\Java 2008-04-12 14:55 --------- d-----w C:\Documents and Settings\nlusr01472\Application Data\ErrorSweeper 2008-04-09 11:07 --------- d-----w C:\Program Files\CheckPoint 2008-04-09 08:21 --------- d-----w C:\Program Files\Motorola 2008-04-07 11:10 --------- d-----w C:\Documents and Settings\nlusr01472\Application Data\Skype 2008-03-27 22:02 97,600 -c--a-w C:\WINDOWS\system32\drivers\AnyDVD.sys 2008-03-27 10:12 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-28 15:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe 2008-02-28 11:04 238,888 ----a-w C:\WINDOWS\NuNInst.exe 2008-02-26 14:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe 2007-07-23 12:25 24,192 -c--a-w C:\Documents and Settings\nlusr01472\usbsermptxp.sys 2007-07-23 12:25 22,768 -c--a-w C:\Documents and Settings\nlusr01472\usbsermpt.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86C510E9-97EF-4749-914F-0280247BE3A6}] 2006-07-18 23:20 111616 --a--c--- C:\WINDOWS\VirtualDNS.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt] @={8D2223A2-B3C6-4e32-B096-CDD11F628C60} [HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}] 2008-02-28 13:04 97064 --a------ D:\Nero\Nero8\InCD\NBHShx.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 23:08 1211176] "Systweak Memory Optimizer"="d:\program files\advanced system optimizer\memtuneup.exe" [2007-06-22 11:55 119024] "\\fp-casa-2\EPSON Stylus DX4000 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.exe" [2006-09-21 04:01 139264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" [2007-03-27 15:06 136768] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 21:10 335872] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-07-15 19:09 110592] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-07-15 19:08 618496] "eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2003-12-11 08:50 241664] "Babylon Client"="D:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2006-08-15 11:09 2663480] "McAfeeFireTray"="C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe" [2008-05-15 03:29 655420] "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2008-05-15 03:29 81990] "AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 12:28 684032] "iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664] "SecurDisc"="D:\Nero\Nero8\InCD\NBHGui.exe" [2008-02-28 13:04 2049320] "InCD"="D:\Nero\Nero8\InCD\InCD.exe" [2008-02-28 13:03 1083176] "NBKeyScan"="D:\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 04:05 110592 C:\WINDOWS\system32\bthprops.cpl] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 21:01 1037736] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "ApacheTomcatMonitor"="D:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6w.exe" [2008-01-29 00:39 98304] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 03:56 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3fhg"= mp3fhg.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv "VIDC.YV12"= yv12vfw.dll "msacm.divxa32"= divxa32.acm [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0] "Script"=Addition to Administrators.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1379413555-1093665156-2662568585-2847\Scripts\Logon\0\0] "Script"=logon.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1379413555-1093665156-2662568585-2847\Scripts\Logon\1\0] "Script"=DTMT.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1379413555-1093665156-2662568585-2847\Scripts\Logon\1\1] "Script"=MigrUsAcc.LogonSc.bat [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PerfectDiskRx] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\rundisabled] "Mobile Backup"=C:\PROGRA~1\CA\BRIGHT~1\Client\rwclient.exe -Login "CloneCDTray"="F:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpSvc.exe"= "C:\\WINDOWS\\system32\\wbem\\unsecapp.exe"= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\\Program Files\\Messenger\\msmsgs.exe"= "D:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "139:TCP"= 139:TCP:@xpsp2res.dll,-22004 "445:TCP"= 445:TCP:@xpsp2res.dll,-22005 "137:UDP"= 137:UDP:@xpsp2res.dll,-22001 "138:UDP"= 138:UDP:@xpsp2res.dll,-22002 "135:TCP"= 135:TCP:RPC "2701:TCP"= 2701:TCP:RInformation "2701:UDP"= 2701:UDP:RInformation "2702:TCP"= 2702:TCP:RControl "2702:UDP"= 2702:UDP:RControl "2703:TCP"= 2703:TCP:Chat "2703:UDP"= 2703:UDP:Chat "2704:TCP"= 2704:TCP:FileTransfer "2704:UDP"= 2704:UDP:FileTransfer "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 FSM;CA File System Monitor;C:\WINDOWS\system32\drivers\fsmnt.sys [2005-07-07 11:59] R0 MtxDma0;Matrox Dma Manager (0);C:\WINDOWS\system32\drivers\MtxDma0.sys [2005-06-02 15:07] R1 CAFCR;CA File Change Recorder;C:\WINDOWS\system32\drivers\cafcr.sys [2005-07-07 16:20] R2 BjsPort;Canon BJ Scanner Port Driver;C:\WINDOWS\system32\drivers\BjsPort.SYS [1999-09-27 11:47] R2 CA BrightStor ARCserve Backup for Laptops & Desktops Scheduler;CA BrightStor ARCserve Backup for Laptops & Desktops Scheduler;C:\Program Files\CA\BrightStor ARCserve Backup for Laptops & Desktops\Client\ScheduleSrvc.exe [2005-10-26 13:05] R2 CcmExec;SMS Agent Host;C:\WINDOWS\system32\CCM\CcmExec.exe [2007-04-13 03:50] R2 NeroRegInCDSrv;Nero Registry InCD Service;D:\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2008-02-28 13:04] R2 OFADriver;CA Backup Agent for Open Files Driver;C:\WINDOWS\system32\drivers\ofant.sys [2005-11-10 19:53] R2 OpenFileAgent;CA Backup Agent for Open Files;"C:\Program Files\CA\BrightStor ARCserve Backup for Laptops & Desktops\Client\BAOF\Ofant.exe" [2005-11-10 19:52] R3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys [2003-07-29 04:49] S2 pgsql-8.2;PostgreSQL Database Server 8.2;"C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe" runservice -N "pgsql-8.2" -D "C:\Program Files\PostgreSQL\8.2\data\" [] S3 Engine;Engine;F:\Program Files\VB Decompiler Lite\Engine.sys [2007-09-19 10:09] S3 MbxStby;MbxStby;C:\WINDOWS\system32\drivers\MbxStby.sys [2003-07-24 18:50] S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-06-18 15:19] S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 19:03] S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-05-04 17:04] S3 MusCDriverV32;MusCDriverV32;C:\WINDOWS\system32\drivers\MusCDriverV32.sys [2007-06-15 12:29] S3 OracleOraHome81Agent;OracleOraHome81Agent;D:\oracle\ora81\bin\dbsnmp.exe [2000-11-11 23:48] S3 OracleOraHome81ClientCache;OracleOraHome81ClientCache;D:\oracle\ora81\BIN\ONRSD.EXE [2000-10-19 11:55] S3 OracleOraHome81DataGatherer;OracleOraHome81DataGatherer;D:\oracle\ora81\bin\vppdc.exe [2000-11-11 23:48] S3 OracleOraHome81HTTPServer;OracleOraHome81HTTPServer;D:\oracle\ora81\Apache\Apache\Apache.exe [2000-11-09 09:12] S3 OracleOraHome81TNSListener;OracleOraHome81TNSListener;D:\oracle\ora81\BIN\TNSLSNR [] S3 OracleServiceORACLE;OracleServiceORACLE;d:\oracle\ora81\bin\ORACLE.EXE ORACLE [] S3 OracleServiceXE;OracleServiceXE;d:\oracle10g\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [] S3 OracleXETNSListener;OracleXETNSListener;D:\oracle10g\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe [2006-02-02 00:49] S3 ose;Office Source Engine;"C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [2003-07-28 12:28] S3 pgsql-8.3;PostgreSQL Database Server 8.3;"C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe" runservice -w -N "pgsql-8.3" -D "C:\Program Files\PostgreSQL\8.3\data\" [] S3 prepdrvr;SMS Process Event Driver;C:\WINDOWS\system32\CCM\prepdrv.sys [2007-04-13 03:50] S3 SndTDriverV32;SndTDriverV32;C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2007-06-15 12:27] S3 Tomcat6;Apache Tomcat;"D:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe" //RS//Tomcat6 [] S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01] S4 OracleJobSchedulerXE;OracleJobSchedulerXE;d:\oracle10g\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder "2008-05-10 06:23:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-05-15 01:30:01 C:\WINDOWS\Tasks\ErrorSweeper Scheduled Scan.job" - C:\Program Files\ErrorSweeper\ErrorSweeper.ex - C:\Program Files\ErrorSweeper "2008-04-22 08:15:37 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job" - C:\Program Files\Microsoft IntelliPoint\ipoint.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-15 08:45:09 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\WINDOWS\QTFont.for 1409 bytes C:\WINDOWS\QTFont.qfn 54156 bytes scan completed successfully hidden files: 2 ************************************************************************** [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "\\\\h0m3-2\\EPSON Stylus DX4000 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIBEE.EXE /FU \"C:\\DOCUME~1\\nlusr01472\\LOCALS~1\\Temp\\E_S3C.tmp\" /EF \"HKCU\"" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\OracleOraHome81TNSListener] "ImagePath"="D:\oracle\ora81\BIN\TNSLSNR " . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\Ati2evxx.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\WINDOWS\system32\imapi.exe D:\Nero\Nero8\InCD\InCDsrv.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe D:\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\CCM\clicomp\RemCtrl\Wuser32.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Network Associates\Common Framework\Mctray.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\PROGRA~1\MICROS~3\rapimgr.exe . ************************************************************************** . Completion time: 2008-05-15 8:49:07 - machine was rebooted [nlusr01472] ComboFix-quarantined-files.txt 2008-05-15 06:49:02 Pre-Run: 1,151,234,048 bytes free Post-Run: 991,682,560 bytes free 553 --- E O F --- 2008-05-06 18:25:21 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:50, on 2008-05-15 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\CA\BrightStor ARCserve Backup for Laptops & Desktops\Client\ScheduleSrvc.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\WINDOWS\system32\imapi.exe D:\Nero\Nero8\InCD\InCDsrv.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe D:\Nero\Nero8\Nero BackItUp\NBService.exe D:\Nero\Nero8\InCD\NBHRegInCDSrv.exe C:\Program Files\CA\BrightStor ARCserve Backup for Laptops & Desktops\Client\BAOF\Ofant.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe C:\WINDOWS\system32\CCM\CcmExec.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Network Associates\Common Framework\UdaterUI.exe C:\Program Files\Network Associates\Common Framework\McTray.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe D:\Program Files\Babylon\Babylon-Pro\Babylon.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe D:\Nero\Nero8\InCD\NBHGui.exe D:\Nero\Nero8\InCD\InCD.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe D:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6w.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe D:\program files\advanced system optimizer\memtuneup.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\explorer.exe F:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = intl-prox:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = vz.atso.com;*.nl.eu.atso.com;<local> O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: CVirtualDNSObj Object - {86C510E9-97EF-4749-914F-0280247BE3A6} - C:\WINDOWS\VirtualDNS.dll O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Babylon Client] D:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart O4 - HKLM\..\Run: [McAfeeFireTray] C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe O4 - HKLM\..\Run: [iTunesHelper] D:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SecurDisc] D:\Nero\Nero8\InCD\NBHGui.exe O4 - HKLM\..\Run: [InCD] D:\Nero\Nero8\InCD\InCD.exe O4 - HKLM\..\Run: [NBKeyScan] "D:\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [ApacheTomcatMonitor] "D:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6w.exe" //MS//Tomcat6 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [Systweak Memory Optimizer] d:\program files\advanced system optimizer\memtuneup.exe O4 - HKCU\..\Run: [\\fp-casa-2\EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\DOCUME~1\nlusr01472\LOCALS~1\Temp\E_S3C.tmp" /EF "HKCU" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Crea preferito portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=https://src.atso.com/itnet/global/ O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = nl.nlroot.adnet O17 - HKLM\Software\..\Telephony: DomainName = nl.nlroot.adnet O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = nl.nlroot.adnet O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = nl.nlroot.adnet O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = nl.nlroot.adnet O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = nl.nlroot.adnet O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: CA BrightStor ARCserve Backup for Laptops & Desktops Scheduler - Computer Associates International, Inc. - C:\Program Files\CA\BrightStor ARCserve Backup for Laptops & Desktops\Client\ScheduleSrvc.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Nero\Nero8\InCD\InCDsrv.exe O23 - Service: iPassConnectEngine - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe O23 - Service: iPassPeriodicUpdateApp - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe O23 - Service: iPassPeriodicUpdateService - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - D:\Nero\Nero8\InCD\NBHRegInCDSrv.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: CA Backup Agent for Open Files (OpenFileAgent) - Computer Associates - C:\Program Files\CA\BrightStor ARCserve Backup for Laptops & Desktops\Client\BAOF\Ofant.exe O23 - Service: OracleMTSRecoveryService - Oracle Corporation - D:\oracle10g\app\oracle\product\10.2.0\server\BIN\omtsreco.exe O23 - Service: OracleOraHome81Agent - Oracle Corporation - D:\oracle\ora81\bin\dbsnmp.exe O23 - Service: OracleOraHome81ClientCache - Unknown owner - D:\oracle\ora81\BIN\ONRSD.EXE O23 - Service: OracleOraHome81DataGatherer - Oracle Corporation - D:\oracle\ora81\bin\vppdc.exe O23 - Service: OracleOraHome81HTTPServer - Unknown owner - D:\oracle\ora81\Apache\Apache\Apache.exe O23 - Service: OracleOraHome81PagingServer - Unknown owner - (no file) O23 - Service: OracleOraHome81TNSListener - Unknown owner - D:\oracle\ora81\BIN\TNSLSNR.exe O23 - Service: OracleServiceORACLE - Oracle Corporation - d:\oracle\ora81\bin\ORACLE.EXE O23 - Service: OracleServiceXE - Oracle Corporation - d:\oracle10g\app\oracle\product\10.2.0\server\bin\ORACLE.EXE O23 - Service: OracleXEClrAgent - Unknown owner - D:\oracle10g\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe O23 - Service: OracleXETNSListener - Unknown owner - D:\oracle10g\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: Apache Tomcat (Tomcat6) - Apache Software Foundation - D:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe -- End of file - 12733 bytes I'm performing an online scan (panda) and will provide a log asap. What should i do next ? Thanks |
|
     
|
|
05-17-2008, 08:27 AM
|
#3 (permalink) |
|
Registered User
Join Date: May 2008
Posts: 17
OS: XP Pro SP2
|
Re: flec006, srosa & co.
ActiveScan stopped working at around 70% ... in the end i managed to perform an online scan with kaspersky.
Here's the list of uninvited guests ... ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Saturday, May 17, 2008 5:07:50 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 16/05/2008 Kaspersky Anti-Virus database records: 779486 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ F:\ H:\ Scan Statistics: Total number of scanned objects: 933540 Number of viruses found: 48 Number of infected objects: 130 Number of suspicious objects: 0 Duration of the scan process: 16:17:03 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log Object is locked skipped C:\Documents and Settings\it02403\Application Data\$_hpcst$.hpc Object is locked skipped C:\Documents and Settings\it02403\Application Data\Babylon\log_file.txt Object is locked skipped C:\Documents and Settings\it02403\Cookies\index.dat Object is locked skipped C:\Documents and Settings\it02403\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\it02403\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\it02403\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\it02403\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\it02403\Local Settings\History\History.IE5\MSHist012008051720080518\index.dat Object is locked skipped C:\Documents and Settings\it02403\Local Settings\Temp\WCESLog.log Object is locked skipped C:\Documents and Settings\it02403\Local Settings\Temp\~DFE722.tmp Object is locked skipped C:\Documents and Settings\it02403\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\it02403\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\it02403\NTUSER.DAT Object is locked skipped C:\Documents and Settings\it02403\NTUSER.dat.LOG Object is locked skipped C:\Documents and Settings\it02403\UserData\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\postgres\Cookies\index.dat Object is locked skipped C:\Documents and Settings\postgres\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\postgres\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Program Files\CA\BrightStor ARCserve Backup for Laptops & Desktops\Client\BAOF\LOGS\20080307.000 Object is locked skipped C:\QooBox\Quarantine\C\Documents and Settings\it02403\Application Data\m\data.oct.vir Infected: Trojan-Downloader.Win32.Bagle.pf skipped C:\QooBox\Quarantine\C\Documents and Settings\it02403\Application Data\m\flec006.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\1615823.exe.vir Infected: Email-Worm.Win32.Bagle.vr skipped C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\1817243.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\1843801.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped C:\QooBox\Quarantine\catchme2008-05-15_ 3.51.03,16.zip/wintems.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\QooBox\Quarantine\catchme2008-05-15_ 3.51.03,16.zip/mdelk.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\QooBox\Quarantine\catchme2008-05-15_ 3.51.03,16.zip/hldrrr.exe Infected: Trojan-Downloader.Win32.Bagle.oe skipped C:\QooBox\Quarantine\catchme2008-05-15_ 3.51.03,16.zip/mdelk.exe.1 Infected: Trojan-Downloader.Win32.Bagle.oe skipped C:\QooBox\Quarantine\catchme2008-05-15_ 3.51.03,16.zip ZIP: infected - 4 skipped C:\QooBox\Quarantine\Registry_backups\Legacy_SROSA.reg.dat Infected: Trojan-Downloader.Win32.Bagle.hp skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{CA4187A9-C5FF-4ECA-AFF5-ECA7092B3744}\RP382\A0114684.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped C:\System Volume Information\_restore{CA4187A9-C5FF-4ECA-AFF5-ECA7092B3744}\RP382\A0114731.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped C:\System Volume Information\_restore{CA4187A9-C5FF-4ECA-AFF5-ECA7092B3744}\RP382\A0114825.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped C:\System Volume Information\_restore{CA4187A9-C5FF-4ECA-AFF5-ECA7092B3744}\RP382\A0114872.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped C:\System Volume Information\_restore{CA4187A9-C5FF-4ECA-AFF5-ECA7092B3744}\RP382\A0114917.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped C:\System Volume Information\_restore{CA4187A9-C5FF-4ECA-AFF5-ECA7092B3744}\RP382\A0115919.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped C:\System Volume Information\_restore{CA4187A9-C5FF-4ECA-AFF5-ECA7092B3744}\RP382\A0116917.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped C:\System Volume Information\_restore{CA4187A9-C5FF-4ECA-AFF5-ECA7092B3744}\RP382\A0117918.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped C:\System Volume Information\_restore{CA4187A9-C5FF-4ECA-AFF5-ECA7092B3744}\RP382\A0118918.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped C:\System Volume Information\_restore{CA4187A9-C5FF-4ECA-AFF5-ECA7092B3744}\RP382\A0119912.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped C:\System Volume Information\_restore{CA4187A9-C5FF-4ECA-AFF5-ECA7092B3744}\RP382\A0120917.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped C:\System Volume Information\_restore{CA4187A9-C5FF-4ECA-AFF5-ECA7092B3744}\RP383\A0120930.exe Infected: Email-Worm.Win32.Bagle.vr skipped C:\System Volume Information\_restore{CA4187A9-C5FF-4ECA-AFF5-ECA7092B3744}\RP383\A0120931.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{CA4187A9-C5FF-4ECA-AFF5-ECA7092B3744}\RP383\A0120933.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{CA4187A9-C5FF-4ECA-AFF5-ECA7092B3744}\RP383\A0121964.exe Infected: Email-Worm.Win32.Bagle.of skipped C:\System Volume Information\_restore{CA4187A9-C5FF-4ECA-AFF5-ECA7092B3744}\RP385\change.log Object is locked skipped C:\WINDOWS\bthservsdp.dat Object is locked skipped C:\WINDOWS\cafcr.db Object is locked skipped C:\WINDOWS\CSC\00000001 Object is locked skipped C:\WINDOWS\Debug\Netlogon.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SF2E1E9C2.tmp Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\CCM\Logs\CcmExec.log Object is locked skipped C:\WINDOWS\system32\CCM\Logs\CertificateMaintenance.log Object is locked skipped C:\WINDOWS\system32\CCM\Logs\ClientIDManagerStartup.log Object is locked skipped C:\WINDOWS\system32\CCM\Logs\FileSystemFile.log Object is locked skipped C:\WINDOWS\system32\CCM\Logs\InventoryAgent.log Object is locked skipped C:\WINDOWS\system32\CCM\Logs\LocationServices.log Object is locked skipped C:\WINDOWS\system32\CCM\Logs\mtrmgr.log Object is locked skipped C:\WINDOWS\system32\CCM\Logs\PatchInstall.log Object is locked skipped C:\WINDOWS\system32\CCM\Logs\PatchUIMonitor.log Object is locked skipped C:\WINDOWS\system32\CCM\Logs\PolicyAgent.log Object is locked skipped C:\WINDOWS\system32\CCM\Logs\PolicyAgentProvider.log Object is locked skipped C:\WINDOWS\system32\CCM\Logs\PolicyEvaluator.log Object is locked skipped C:\WINDOWS\system32\CCM\Logs\Scheduler.log Object is locked skipped C:\WINDOWS\system32\CCM\Logs\SrcUpdateMgr.log Object is locked skipped C:\WINDOWS\system32\CCM\Logs\StatusAgent.log Object is locked skipped C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\CertificateMaintenanceEndpoint\0000000G.msg Object is locked skipped C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\CertificateMaintenanceEndpoint\0000000G.que Object is locked skipped C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\CTMDTSReply\00000001.msg Object is locked skipped C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\CTMDTSReply\00000001.que Object is locked skipped C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\execmgr\00000001.msg Object is locked skipped C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\execmgr\00000001.que Object is locked skipped C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\InventoryAgent\00000008.msg Object is locked skipped C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\InventoryAgent\00000008.que Object is locked skipped C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\LS_ReplyLocations\00000001.msg Object is locked skipped C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\LS_ReplyLocations\00000001.que Object is locked skipped C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\LS_ScheduledCleanup\0000000K.msg Object is locked skipped C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\LS_ScheduledCleanup\0000000K.que Object is locked skipped C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\MtrMgr\00000001.msg Object is locked skipped C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\MtrMgr\00000001.que Object is locked skipped C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PatchUIMonitor\00000001.msg Object is locked skipped C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PatchUIMonitor\00000001.que Object is locked skipped C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_Cleanup\00000004.msg Object is locked skipped C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_Cleanup\00000004.que Object is locked skipped C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_PolicyDownload\00000001.msg Object is locked skipped C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_PolicyDownload\00000001.que Object is locked skipped C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_PolicyEvaluator\0000002K.msg Object is locked skipped C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_PolicyEvaluator\0000002K.que Object is locked skipped C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_ReplyAssignments\00000007.msg Object is locked skipped C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_ReplyAssignments\00000007.que Object is locked skipped C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_RequestAssignments\0000000S.msg Object is locked skipped C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_RequestAssignments\0000000S.que Object is locked skipped C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_ReRequestPolicy\00000001.msg Object is locked skipped C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_ReRequestPolicy\00000001.que Object is locked skipped C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\RemoteToolsAgent\00000001.msg Object is locked skipped C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\RemoteToolsAgent\00000001.que Object is locked skipped C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\SrcUpdateMgr\00000001.msg Object is locked skipped C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\SrcUpdateMgr\00000001.que Object is locked skipped C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\SWMTRReportGen\00000001.msg Object is locked skipped C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\SWMTRReportGen\00000001.que Object is locked skipped C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\UpdatesInstallMgr\00000001.msg Object is locked skipped C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\UpdatesInstallMgr\00000001.que Object is locked skipped C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\UploadProtocol\00000001.msg Object is locked skipped C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\UploadProtocol\00000001.que Object is locked skipped C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\amp_[http]mp_locationmanager\00000007.msg Object is locked skipped C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\amp_[http]mp_locationmanager\00000007.que Object is locked skipped C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_ddrendpoint\00000002.msg Object is locked skipped C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_ddrendpoint\00000002.que Object is locked skipped C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_hinvendpoint\00000001.msg Object is locked skipped C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_hinvendpoint\00000001.que Object is locked skipped C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_sinvendpoint\00000001.msg Object is locked skipped C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_sinvendpoint\00000001.que Object is locked skipped C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_statusreceiver\00000001.msg Object is locked skipped C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_statusreceiver\00000001.que Object is locked skipped C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_[http]mp_policymanager\0000000O.msg Object is locked skipped C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_[http]mp_policymanager\0000000O.que Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\VirtualDNS.dll Infected: not-a-virus:AdWare.Win32.Webdir.b skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped D:\Nero\Nero8\Nero BackItUp\BIU1.txt Object is locked skipped D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped D:\System Volume Information\_restore{CA4187A9-C5FF-4ECA-AFF5-ECA7092B3744}\RP385\change.log Object is locked skipped F:\Program Files\Trend Micro\HijackThis\backups\backup-20080515-110540-125.dll Infected: not-a-virus:AdWare.Win32.Webdir.b skipped F:\System Volume Information\_restore{CA4187A9-C5FF-4ECA-AFF5-ECA7092B3744}\RP385\A0124315.DLL Infected: not-a-virus:Monitor.Win32.KeyLogger.30 skipped F:\System Volume Information\_restore{CA4187A9-C5FF-4ECA-AFF5-ECA7092B3744}\RP385\change.log Object is locked skipped F:\Gif\gifs.ZIP/Cliparts-World.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped F:\Gif\gifs.ZIP ZIP: infected - 1 skipped F:\Emb\Sttcnv_Lib_1.1.exe Infected: Trojan-Downloader.Win32.Bagle.oe skipped H:\AVI Codec\AVICodecPackPlus21.exe/stream/data0051 Infected: not-a-virus:AdWare.Win32.Webdir.b skipped H:\AVI Codec\AVICodecPackPlus21.exe/stream Infected: not-a-virus:AdWare.Win32.Webdir.b skipped H:\AVI Codec\AVICodecPackPlus21.exe NSIS: infected - 2 skipped H:\Disk F HP\desktop\dmblnd_road_runner.exe/WISE0017.BIN Infected: not-a-virus:AdWare.Win32.180Solutions skipped H:\Disk F HP\desktop\dmblnd_road_runner.exe/WISE0018.BIN/data0001.cab/VVSN.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped H:\Disk F HP\desktop\dmblnd_road_runner.exe/WISE0018.BIN/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped H:\Disk F HP\desktop\dmblnd_road_runner.exe/WISE0018.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped H:\Disk F HP\desktop\dmblnd_road_runner.exe/WISE0019.BIN Infected: Backdoor.Win32.Ruledor.c skipped H:\Disk F HP\desktop\dmblnd_road_runner.exe/WISE0020.BIN Infected: Trojan-Dropper.Win32.Mudrop.o skipped H:\Disk F HP\desktop\dmblnd_road_runner.exe WiseSFX: infected - 6 skipped H:\Disk F HP\desktop\rrandwedt.exe/WISE0017.BIN Infected: not-a-virus:AdWare.Win32.Quick.a skipped H:\Disk F HP\desktop\rrandwedt.exe/WISE0018.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped H:\Disk F HP\desktop\rrandwedt.exe/WISE0019.BIN Infected: Trojan-Downloader.Win32.Small.akj skipped H:\Disk F HP\desktop\rrandwedt.exe/WISE0020.BIN Infected: Trojan-Downloader.Win32.Agent.er skipped H:\Disk F HP\desktop\rrandwedt.exe/WISE0021.BIN Infected: not-a-virus:AdWare.Win32.EZula.z skipped H:\Disk F HP\desktop\rrandwedt.exe WiseSFX: infected - 5 skipped H:\Disk F HP\desktop\rrbeepdt.exe/WISE0017.BIN Infected: not-a-virus:AdWare.Win32.Quick.a skipped H:\Disk F HP\desktop\rrbeepdt.exe/WISE0018.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped H:\Disk F HP\desktop\rrbeepdt.exe/WISE0019.BIN Infected: not-a-virus:AdWare.Win32.Gator.3103 skipped H:\Disk F HP\desktop\rrbeepdt.exe/WISE0020.BIN Infected: Trojan-Downloader.Win32.Agent.er skipped H:\Disk F HP\desktop\rrbeepdt.exe/WISE0021.BIN Infected: not-a-virus:AdWare.Win32.EZula.u skipped H:\Disk F HP\desktop\rrbeepdt.exe WiseSFX: infected - 5 skipped H:\manuals\internet\consf221.exe/WISE0410.BIN Infected: Trojan.JS.Loop skipped H:\manuals\internet\consf221.exe WiseSFX: infected - 1 skipped H:\Software\Sttcnv_Lib_1.1.zip/Sttcnv_Lib_1.1.exe Infected: Trojan-Downloader.Win32.Bagle.oe skipped H:\Software\Sttcnv_Lib_1.1.zip ZIP: infected - 1 skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/GeneXus.chm/GeneXus/Java/Docum/ReleaseNotes/7.5/TransaccionesHTTP_files/Best Matrix Screensaver new.scr Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/GeneXus.chm/GeneXus/Java/Docum/ReleaseNotes/7.5/TransaccionesHTTP_files/Dark Angels new.pif Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/GeneXus.chm/GeneXus/Java/Docum/ReleaseNotes/7.5/TransaccionesHTTP_files/Full album all.mp3.pif Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/GeneXus.chm/GeneXus/Java/Docum/ReleaseNotes/7.5/TransaccionesHTTP_files/netsky source code.scr Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/GeneXus.chm/GeneXus/Java/Docum/ReleaseNotes/7.5/TransaccionesHTTP_files/Porno Screensaver britney.scr Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/GeneXus.chm/GeneXus/Java/Docum/ReleaseNotes/7.5/TransaccionesHTTP_files/Screensaver2.scr Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/GeneXus.chm/GeneXus/Java/Docum/ReleaseNotes/7.5/TransaccionesHTTP_files/Teen Porn 15.jpg.pif Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/GeneXus.chm Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm/Genexus_8.0_Help_System/Functions/GxFtpCon_function_files/Best Matrix Screensaver new.scr Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm/Genexus_8.0_Help_System/Functions/GxFtpCon_function_files/Dark Angels new.pif Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm/Genexus_8.0_Help_System/Functions/GxFtpCon_function_files/Full album all.mp3.pif Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm/Genexus_8.0_Help_System/Functions/GxFtpCon_function_files/netsky source code.scr Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm/Genexus_8.0_Help_System/Functions/GxFtpCon_function_files/Porno Screensaver britney.scr Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm/Genexus_8.0_Help_System/Functions/GxFtpCon_function_files/Screensaver2.scr Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm/Genexus_8.0_Help_System/Functions/GxFtpCon_function_files/Teen Porn 15.jpg.pif Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm/Genexus_8.0_Help_System/Functions/GxFtpDelete_function_files/Best Matrix Screensaver new.scr Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm/Genexus_8.0_Help_System/Functions/GxFtpDelete_function_files/Dark Angels new.pif Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm/Genexus_8.0_Help_System/Functions/GxFtpDelete_function_files/Full album all.mp3.pif Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm/Genexus_8.0_Help_System/Functions/GxFtpDelete_function_files/netsky source code.scr Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm/Genexus_8.0_Help_System/Functions/GxFtpDelete_function_files/Porno Screensaver britney.scr Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm/Genexus_8.0_Help_System/Functions/GxFtpDelete_function_files/Screensaver2.scr Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm/Genexus_8.0_Help_System/Functions/GxFtpDelete_function_files/Teen Porn 15.jpg.pif Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm/Genexus_8.0_Help_System/Functions/GxFtpDis_function_files/Best Matrix Screensaver new.scr Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm/Genexus_8.0_Help_System/Functions/GxFtpDis_function_files/Dark Angels new.pif Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm/Genexus_8.0_Help_System/Functions/GxFtpDis_function_files/Full album all.mp3.pif Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm/Genexus_8.0_Help_System/Functions/GxFtpDis_function_files/netsky source code.scr Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm/Genexus_8.0_Help_System/Functions/GxFtpDis_function_files/Porno Screensaver britney.scr Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm/Genexus_8.0_Help_System/Functions/GxFtpDis_function_files/Screensaver2.scr Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm/Genexus_8.0_Help_System/Functions/GxFtpDis_function_files/Teen Porn 15.jpg.pif Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm/Genexus_8.0_Help_System/Functions/GxFTPError_function_files/Best Matrix Screensaver new.scr Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm/Genexus_8.0_Help_System/Functions/GxFTPError_function_files/Dark Angels new.pif Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm/Genexus_8.0_Help_System/Functions/GxFTPError_function_files/Full album all.mp3.pif Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm/Genexus_8.0_Help_System/Functions/GxFTPError_function_files/netsky source code.scr Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm/Genexus_8.0_Help_System/Functions/GxFTPError_function_files/Porno Screensaver britney.scr Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm/Genexus_8.0_Help_System/Functions/GxFTPError_function_files/Screensaver2.scr Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm/Genexus_8.0_Help_System/Functions/GxFTPError_function_files/Teen Porn 15.jpg.pif Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm/Genexus_8.0_Help_System/Functions/GxFTPGet_function_files/Best Matrix Screensaver new.scr Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm/Genexus_8.0_Help_System/Functions/GxFTPGet_function_files/Dark Angels new.pif Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm/Genexus_8.0_Help_System/Functions/GxFTPGet_function_files/Full album all.mp3.pif Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm/Genexus_8.0_Help_System/Functions/GxFTPGet_function_files/netsky source code.scr Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm/Genexus_8.0_Help_System/Functions/GxFTPGet_function_files/Porno Screensaver britney.scr Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm/Genexus_8.0_Help_System/Functions/GxFTPGet_function_files/Screensaver2.scr Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm/Genexus_8.0_Help_System/Functions/GxFTPGet_function_files/Teen Porn 15.jpg.pif Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm/Genexus_8.0_Help_System/Functions/GxFTPPut_function_files/Best Matrix Screensaver new.scr Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm/Genexus_8.0_Help_System/Functions/GxFTPPut_function_files/Dark Angels new.pif Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm/Genexus_8.0_Help_System/Functions/GxFTPPut_function_files/Full album all.mp3.pif Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm/Genexus_8.0_Help_System/Functions/GxFTPPut_function_files/netsky source code.scr Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm/Genexus_8.0_Help_System/Functions/GxFTPPut_function_files/Porno Screensaver britney.scr Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm/Genexus_8.0_Help_System/Functions/GxFTPPut_function_files/Screensaver2.scr Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm/Genexus_8.0_Help_System/Functions/GxFTPPut_function_files/Teen Porn 15.jpg.pif Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm/Genexus_8.0_Help_System/Functions/GxFtpStat_function_files/Best Matrix Screensaver new.scr Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm/Genexus_8.0_Help_System/Functions/GxFtpStat_function_files/Dark Angels new.pif Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm/Genexus_8.0_Help_System/Functions/GxFtpStat_function_files/Full album all.mp3.pif Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm/Genexus_8.0_Help_System/Functions/GxFtpStat_function_files/netsky source code.scr Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm/Genexus_8.0_Help_System/Functions/GxFtpStat_function_files/Porno Screensaver britney.scr Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm/Genexus_8.0_Help_System/Functions/GxFtpStat_function_files/Screensaver2.scr Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm/Genexus_8.0_Help_System/Functions/GxFtpStat_function_files/Teen Porn 15.jpg.pif Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm/Genexus_8.0_Help_System/Object_Properties/auto_compress_http_traffic_property_files/Best Matrix Screensaver new.scr Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm/Genexus_8.0_Help_System/Object_Properties/auto_compress_http_traffic_property_files/Dark Angels new.pif Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm/Genexus_8.0_Help_System/Object_Properties/auto_compress_http_traffic_property_files/Full album all.mp3.pif Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm/Genexus_8.0_Help_System/Object_Properties/auto_compress_http_traffic_property_files/netsky source code.scr Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm/Genexus_8.0_Help_System/Object_Properties/auto_compress_http_traffic_property_files/Porno Screensaver britney.scr Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm/Genexus_8.0_Help_System/Object_Properties/auto_compress_http_traffic_property_files/Screensaver2.scr Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm/Genexus_8.0_Help_System/Object_Properties/auto_compress_http_traffic_property_files/Teen Porn 15.jpg.pif Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab/Gxw80.chm Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi/Cabs.w1.cab Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip/gxdl.msi Infected: Email-Worm.Win32.NetSky.q skipped H:\Sw\download\genexus\developer library\gxdl.zip ZIP: infected - 67 skipped H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped Scan process completed. Any help would be highly appreciated. Thanks in advance |
|
|
|
