|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Virus/Trojan/Spyware Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
LinkBack | Thread Tools |
04-18-2009, 01:12 PM
|
#1 (permalink) |
|
Registered User
Join Date: Apr 2009
Posts: 4
OS: xp
|
*antivirus.exe* is not a valid win32....
Hi,
the symptoms of my suspected worm/virus are: WZC is inactive and cannot be activated (error 1068) any AV, antispyware (inc. combofix), windows security fix results with "file is not a valid win32 application" srosa2.sys keeps appearing in "C:\..\aplication data\drivers" the Dir "c:\..\aplication data\m\" keeps reappearing safe mode/recovery console won't start i would appriciate any help. thanks Loads DDS (Ver_09-03-16.01) - NTFSx86 Run by menachem at 21:43:24.39 on Sat 04/18/2009 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.3062.2156 [GMT 3:00] ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\IPSSVC.EXE C:\Program Files\Common Files\atserv.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Lenovo\PM Driver\PMSveH.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\igfxpers.exe C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Lexmark Applications\QLink\QLINK.EXE C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\7-Zip\7zFM.exe C:\Documents and Settings\User\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ mDefault_Page_URL = hxxp://lenovo.live.com uInternet Settings,ProxyOverride = *.local BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll BHO: {54B02808-B60E-44CD-A72D-9865117E4E62} - No File BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: AGFormHelperObj Class: {6620e618-1ab9-4eb2-aca4-cbbe9066dbe6} - c:\program files\agat\agform\AGFormsHelper.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File TB: AGForms: {ed2e7de7-07db-4941-a06d-f780b93ba730} - c:\program files\agat\agform\AGForms.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe uRun: [Google Update] "c:\documents and settings\user\local settings\application data\google\update\GoogleUpdate.exe" /c mRun: [PMHandler] c:\progra~1\lenovo\pmdriv~1\PMHandler.exe mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [SkyTel] SkyTel.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [FingerPrintSoftware] "c:\program files\lenovo fingerprint software\fpapp.exe" \s mRun: [LPManager] c:\progra~1\lenovo\lenovo~2\LPMGR.exe mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\qlink.lnk - c:\program files\lexmark applications\qlink\QLINK.EXE uPolicies-explorer: HideClock = 0 (0x0) uPolicies-explorer: NoWindowsUpdate = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) dPolicies-explorer: HideClock = 0 (0x0) IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201 IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204 IE: &ייצוא אל Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202 IE: Send to &Bluetooth Device... - c:\program files\lenovo\bluetooth software\btsendto_ie_ctx.htm IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL LSP: c:\program files\vmware\vmware server\vsocklib.dll DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab DPF: {1ACECAFE-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab DPF: {1ACECAFE-0015-0000-0000-ABCDEFFEDCBA} - hxxp:// DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1227001188281 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574} DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp:// DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp:// DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {D3CCEFAF-8EE1-40FE-BE25-366E2B016DAB} - hxxp://menachem-nb/VirtualServer/activex/VMRCActiveXClient.cab Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - Notify: ATFUS - c:\windows\system32\FpWinLogonNp.dll Notify: igfxcui - igfxdev.dll Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\fwjuvcnz.default\ FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll ============= SERVICES / DRIVERS =============== R1 PMHler;PMHler;c:\windows\system32\drivers\PMHler.sys [2006-5-24 10240] R1 sK9Ou0s;sK9Ou0s;c:\documents and settings\user\application data\drivers\srosa2.sys [2009-4-14 7168] R2 atserv;AutoTrace Runtime;c:\program files\common files\atserv.exe [2009-2-15 407040] R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2008-10-12 54960] R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2006-9-13 35264] S2 asc3550p;asc3550p;c:\windows\system32\drivers\asc3550p.sys [2006-4-30 42688] S2 KNTCMA_Primary;Monitoring Agent for Windows OS - Primary;c:\ibm\itm2\tmaitm6\kntcma.exe [2009-4-14 1273856] S2 KSYSRV;Warehouse Summarization and Pruning Agent;c:\ibm\itm2\tmaitm6\ksy610.exe [2009-4-14 126976] S2 VMwareHostd;VMware Host Agent;c:\program files\vmware\vmware server\vmware-hostd.exe [2008-10-12 322096] S2 VMwareServerWebAccess;VMware Server Web Access;c:\program files\vmware\vmware server\tomcat\bin\tomcat6.exe [2008-10-12 57344] S3 CredentialSlave;Tideway Credential Discovery Slave;c:\program files\tideway foundation\credential slave\tw_svc_credslave.exe [2009-3-11 26112] S3 DB2-0;DB2 - DB2COPY1 - DB2-0;c:\progra~1\ibm\sqllib~1\bin\db2syscs.exe [2008-4-7 128288] S3 DB2GOVERNOR_DB2COPY1;DB2 Governor (DB2COPY1);c:\program files\ibm\sqllib-new\bin\db2govds.exe [2008-4-7 18720] S3 DB2LICD_DB2COPY1;DB2 License Server (DB2COPY1);c:\program files\ibm\sqllib-new\bin\db2licd.exe [2008-4-7 124192] S3 DB2MGMTSVC_DB2COPY1;DB2 Management Service (DB2COPY1);c:\program files\ibm\sqllib-new\bin\db2mgmtsvc.exe [2008-4-7 38688] S3 DB2REMOTECMD_DB2COPY1;DB2 Remote Command Server (DB2COPY1);c:\program files\ibm\sqllib-new\bin\db2rcmd.exe [2008-4-7 29984] S3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [2007-6-22 106496] S3 KFWSRV;Tivoli Enterprise Portal Server;c:\ibm\itm2\cnps\KfwServices.exe [2009-4-14 98304] S3 khdxprto;Tivoli Warehouse Proxy;c:\ibm\itm2\tmaitm6\khdxprto.exe [2009-4-14 5120] S3 KKF_HELPSVR;Eclipse Help Server for TEP;c:\ibm\itm2\helpsvr\kkfhelpsvr.exe [2009-4-14 36864] S3 KNTCMA_Watchdog;Monitoring Agent for Windows OS - Watchdog;c:\ibm\itm2\tmaitm6\kcawd.exe [2009-4-14 49152] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-3-16 138112] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-3-16 8320] S3 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-6-1 34064] S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\drivers\pcamp50.sys --> c:\windows\system32\drivers\PCAMp50.sys [?] S3 SliceDisk5;SliceDisk5;\??\c:\docume~1\user\locals~1\temp\slicedisk.sys --> c:\docume~1\user\locals~1\temp\slicedisk.sys [?] S3 TEMS1;Tivoli Enterprise Monitoring Svcs - TEMS1;c:\ibm\itm2\cms\cms.exe tems1 --> c:\ibm\itm2\cms\cms.exe TEMS1 [?] S3 vmwriter;VMware VSS Writer;c:\program files\vmware\vmware server\vmVssWriter.exe [2008-10-12 29744] S3 WorkgroupSlave;Tideway Workgroup Discovery Slave;c:\program files\tideway foundation\workgroup slave\tw_svc_wgslave.exe [2009-3-11 26112] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-11 47128] S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-11 369688] =============== Created Last 30 ================ 2009-04-17 15:00 <DIR> --d----- c:\program files\Trend Micro 2009-04-17 13:46 <DIR> --d----- c:\program files\CCleaner 2009-04-17 12:04 <DIR> --d----- c:\program files\EsetOnlineScanner 2009-04-17 11:36 <DIR> --d----- c:\docume~1\user\applic~1\GetRightToGo 2009-04-17 10:04 <DIR> --d----- c:\program files\Remove-it 2009-04-16 22:16 <DIR> --d----- c:\program files\NortonInstaller 2009-04-16 00:48 <DIR> --d----- c:\program files\jdbc 2009-04-14 17:46 <DIR> --d----- c:\windows\IBM 2009-04-14 16:12 <DIR> --d-h--- c:\docume~1\user\applic~1\m 2009-04-14 15:24 <DIR> --d-h--- c:\docume~1\user\applic~1\drivers 2009-04-14 15:19 <DIR> --d----- c:\program files\eMule 2009-04-14 07:56 50,200 a------- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll 2009-04-14 07:56 79,896 a------- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll 2009-04-14 07:55 <DIR> --d----- c:\windows\system32\RsFx 2009-04-13 22:20 <DIR> --d----- c:\program files\MSXML 6.0 2009-04-13 20:50 <DIR> --d----- c:\windows\cluster 2009-04-11 20:24 <DIR> --d----- c:\program files\GOV.IL 2009-04-11 20:24 <DIR> --d----- c:\program files\agat 2009-04-01 10:57 <DIR> --d----- c:\program files\TeamViewer 2009-03-25 14:03 <DIR> --d----- c:\documents and settings\user\Tracing 2009-03-25 14:01 <DIR> --d----- c:\program files\Microsoft 2009-03-25 14:00 <DIR> --d----- c:\program files\Windows Live SkyDrive 2009-03-25 13:58 <DIR> --d----- c:\program files\common files\Windows Live ==================== Find3M ==================== 2009-03-16 22:31 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf 2009-03-16 22:31 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2009-02-22 21:06 79,668 a---h--- c:\windows\system32\mlfcache.dat 2009-02-20 10:32 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2009-02-20 10:32 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf 2009-02-17 10:32 53 a------- C:\test.bat 2009-02-09 14:13 1,846,784 a------- c:\windows\system32\win32k.sys 2009-02-09 14:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys 2009-02-06 19:52 49,504 a------- c:\windows\system32\sirenacm.dll 2007-09-22 04:30 407,040 a------- c:\program files\common files\atserv.exe 2008-01-31 09:25 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat 2008-10-02 13:02 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092220080929\index.dat 2008-10-02 13:02 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008100220081003\index.dat 2008-11-20 16:44 16,384 a--sh--- c:\windows\temp\cookies\index.dat 2008-11-20 16:44 32,768 a--sh--- c:\windows\temp\history\history.ie5\index.dat 2008-11-20 16:44 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat ============= FINISH: 21:43:38.87 =============== |
|
     
|
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
04-18-2009, 09:38 PM
|
#2 (permalink) |
|
Analyst, Security Team
Join Date: Feb 2006
Posts: 228
OS: 2K
|
Re: *antivirus.exe* is not a valid win32....
Welcome to TSF msshapira,
The log info almost suggests an older Bagle infection installed there. Let's see if you can run a repair scan successfully before we switch to the more manual methods to address this. We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/comb...o-use-combofix * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Please include the C:\ComboFix.txt in your next reply for further review. One exception to those steps is to make sure you rename ComboFix.exe as you download it (don't download and then rename after). Right click the download link and select Save Target/File As, then as you save the file rename it to combi.com Then click that to start ComboFix.
__________________
|
|
|
|
|
04-18-2009, 10:12 PM
|
#4 (permalink) |
|
Analyst, Security Team
Join Date: Feb 2006
Posts: 228
OS: 2K
|
Re: *antivirus.exe* is not a valid win32....
I do my best to review the info folks post but to keep up with the requests gotta admit that often is cursory. This malware is monitoring and keeping track of all executables run as well as it looks like it has a hook in all .dll's as well. One work-around method is to locate and disable some of the source before Windows itself loads, using the Recovery Console. Do you have or can borrow an XP CD to do that? If not see go here and create a Recovery Console CD. Just click the link provided there to download the recovery_console_cd.zip and unzip that to your desktop.
Then inside the recovery_console_cd folder that created locate and click on the IE icon titled Readme. This will open a webpage, which will provide the simple steps you will need to follow, as well as a clickable link to go to the MS download page where you can select the BootDisk file download appropriate for your operating system. For example, for an XP SP2 Home Edition you would be downloading WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe. For emergency boot disk uses, as well as to access the Recovery Console, the SP2 version can also be used on systems that have the SP3 upgrade. Let me know and then we can do some steps to get a list of boot services to check.
__________________
Last edited by Jintan; 04-18-2009 at 10:15 PM. |
|
|
|
|
04-19-2009, 08:31 AM
|
#6 (permalink) |
|
Analyst, Security Team
Join Date: Feb 2006
Posts: 228
OS: 2K
|
Re: *antivirus.exe* is not a valid win32....
I very much need to have details to work from to assist here, so do post the C:\ComboFix.txt log. Also I would like to know what measures you took to get it to run there.
If you would, also try to avoid adding new security software in the midst of effecting repairs. If malware is active it will corrupt the installs, leaving you with a worse situation than before.
__________________
|
|
|
|
|
04-19-2009, 09:58 AM
|
#7 (permalink) |
|
Registered User
Join Date: Apr 2009
Posts: 4
OS: xp
|
Re: *antivirus.exe* is not a valid win32....
i did as told- changed the name of combofix before downloading
attached is log file. norton is now screaming with a variety of viruses: MH690.A Trojan.Lodeight.C Bloodhound.Beagle thanks for your help MS ComboFix 09-04-19.04 - menachem 04/19/2009 6:57.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.3062.2544 [GMT 3:00] Running from: c:\game.com.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\bits.dll c:\documents and settings\User\Application Data\drivers\downld c:\documents and settings\User\Application Data\drivers\downld\100185718.exe c:\documents and settings\User\Application Data\drivers\downld\100375031.exe c:\documents and settings\User\Application Data\drivers\downld\100375500.exe c:\documents and settings\User\Application Data\drivers\downld\100376015.exe c:\documents and settings\User\Application Data\drivers\downld\100376718.exe c:\documents and settings\User\Application Data\drivers\downld\100378578.exe c:\documents and settings\User\Application Data\drivers\downld\100379265.exe c:\documents and settings\User\Application Data\drivers\downld\100397453.exe c:\documents and settings\User\Application Data\drivers\downld\100397484.exe c:\documents and settings\User\Application Data\drivers\downld\100397531.exe c:\documents and settings\User\Application Data\drivers\downld\100400500.exe c:\documents and settings\User\Application Data\drivers\downld\100402265.exe c:\documents and settings\User\Application Data\drivers\downld\100402640.exe c:\documents and settings\User\Application Data\drivers\downld\100403234.exe c:\documents and settings\User\Application Data\drivers\downld\100405078.exe c:\documents and settings\User\Application Data\drivers\downld\100405671.exe c:\documents and settings\User\Application Data\drivers\downld\1027078.exe c:\documents and settings\User\Application Data\drivers\downld\1040328.exe c:\documents and settings\User\Application Data\drivers\downld\1041828.exe c:\documents and settings\User\Application Data\drivers\downld\1041859.exe c:\documents and settings\User\Application Data\drivers\downld\1041875.exe c:\documents and settings\User\Application Data\drivers\downld\1041953.exe c:\documents and settings\User\Application Data\drivers\downld\1042062.exe c:\documents and settings\User\Application Data\drivers\downld\1044906.exe c:\documents and settings\User\Application Data\drivers\downld\1045921.exe c:\documents and settings\User\Application Data\drivers\downld\1049296.exe c:\documents and settings\User\Application Data\drivers\downld\1050000.exe c:\documents and settings\User\Application Data\drivers\downld\1056593.exe c:\documents and settings\User\Application Data\drivers\downld\1061031.exe c:\documents and settings\User\Application Data\drivers\downld\1061390.exe c:\documents and settings\User\Application Data\drivers\downld\1077343.exe c:\documents and settings\User\Application Data\drivers\downld\1080234.exe c:\documents and settings\User\Application Data\drivers\downld\1081171.exe c:\documents and settings\User\Application Data\drivers\downld\1084640.exe c:\documents and settings\User\Application Data\drivers\downld\1087718.exe c:\documents and settings\User\Application Data\drivers\downld\1087828.exe c:\documents and settings\User\Application Data\drivers\downld\1087859.exe c:\documents and settings\User\Application Data\drivers\downld\1088000.exe c:\documents and settings\User\Application Data\drivers\downld\1088046.exe c:\documents and settings\User\Application Data\drivers\downld\1088062.exe c:\documents and settings\User\Application Data\drivers\downld\1132734.exe c:\documents and settings\User\Application Data\drivers\downld\1137828.exe c:\documents and settings\User\Application Data\drivers\downld\1145171.exe c:\documents and settings\User\Application Data\drivers\downld\1147406.exe c:\documents and settings\User\Application Data\drivers\downld\1150375.exe c:\documents and settings\User\Application Data\drivers\downld\1155437.exe c:\documents and settings\User\Application Data\drivers\downld\1179125.exe c:\documents and settings\User\Application Data\drivers\downld\1180921.exe c:\documents and settings\User\Application Data\drivers\downld\1181703.exe c:\documents and settings\User\Application Data\drivers\downld\119908578.exe c:\documents and settings\User\Application Data\drivers\downld\119909000.exe c:\documents and settings\User\Application Data\drivers\downld\119909296.exe c:\documents and settings\User\Application Data\drivers\downld\119929828.exe c:\documents and settings\User\Application Data\drivers\downld\119937140.exe c:\documents and settings\User\Application Data\drivers\downld\119938531.exe c:\documents and settings\User\Application Data\drivers\downld\119993578.exe c:\documents and settings\User\Application Data\drivers\downld\120000328.exe c:\documents and settings\User\Application Data\drivers\downld\120003515.exe c:\documents and settings\User\Application Data\drivers\downld\120080921.exe c:\documents and settings\User\Application Data\drivers\downld\120082156.exe c:\documents and settings\User\Application Data\drivers\downld\120267593.exe c:\documents and settings\User\Application Data\drivers\downld\120267937.exe c:\documents and settings\User\Application Data\drivers\downld\120268156.exe c:\documents and settings\User\Application Data\drivers\downld\120279500.exe c:\documents and settings\User\Application Data\drivers\downld\120280187.exe c:\documents and settings\User\Application Data\drivers\downld\120280562.exe c:\documents and settings\User\Application Data\drivers\downld\120438125.exe c:\documents and settings\User\Application Data\drivers\downld\120439562.exe c:\documents and settings\User\Application Data\drivers\downld\120439859.exe c:\documents and settings\User\Application Data\drivers\downld\120444421.exe c:\documents and settings\User\Application Data\drivers\downld\120448718.exe c:\documents and settings\User\Application Data\drivers\downld\120450406.exe c:\documents and settings\User\Application Data\drivers\downld\120455562.exe c:\documents and settings\User\Application Data\drivers\downld\120457218.exe c:\documents and settings\User\Application Data\drivers\downld\120457718.exe c:\documents and settings\User\Application Data\drivers\downld\120468546.exe c:\documents and settings\User\Application Data\drivers\downld\120469359.exe c:\documents and settings\User\Application Data\drivers\downld\120471406.exe c:\documents and settings\User\Application Data\drivers\downld\120471515.exe c:\documents and settings\User\Application Data\drivers\downld\120471562.exe c:\documents and settings\User\Application Data\drivers\downld\120471703.exe c:\documents and settings\User\Application Data\drivers\downld\120471828.exe c:\documents and settings\User\Application Data\drivers\downld\120471906.exe c:\documents and settings\User\Application Data\drivers\downld\120572187.exe c:\documents and settings\User\Application Data\drivers\downld\120572328.exe c:\documents and settings\User\Application Data\drivers\downld\120572375.exe c:\documents and settings\User\Application Data\drivers\downld\120577109.exe c:\documents and settings\User\Application Data\drivers\downld\120766250.exe c:\documents and settings\User\Application Data\drivers\downld\120955296.exe c:\documents and settings\User\Application Data\drivers\downld\121144453.exe c:\documents and settings\User\Application Data\drivers\downld\121145359.exe c:\documents and settings\User\Application Data\drivers\downld\121146062.exe c:\documents and settings\User\Application Data\drivers\downld\121146718.exe c:\documents and settings\User\Application Data\drivers\downld\121150109.exe c:\documents and settings\User\Application Data\drivers\downld\121151062.exe c:\documents and settings\User\Application Data\drivers\downld\121222156.exe c:\documents and settings\User\Application Data\drivers\downld\121228343.exe c:\documents and settings\User\Application Data\drivers\downld\121230140.exe c:\documents and settings\User\Application Data\drivers\downld\121230984.exe c:\documents and settings\User\Application Data\drivers\downld\121231546.exe c:\documents and settings\User\Application Data\drivers\downld\121233531.exe c:\documents and settings\User\Application Data\drivers\downld\121234000.exe c:\documents and settings\User\Application Data\drivers\downld\1216140.exe c:\documents and settings\User\Application Data\drivers\downld\1231203.exe c:\documents and settings\User\Application Data\drivers\downld\1233968.exe c:\documents and settings\User\Application Data\drivers\downld\1248828.exe c:\documents and settings\User\Application Data\drivers\downld\1249343.exe c:\documents and settings\User\Application Data\drivers\downld\1249421.exe c:\documents and settings\User\Application Data\drivers\downld\1253390.exe c:\documents and settings\User\Application Data\drivers\downld\1273671.exe c:\documents and settings\User\Application Data\drivers\downld\1405296.exe c:\documents and settings\User\Application Data\drivers\downld\1405781.exe c:\documents and settings\User\Application Data\drivers\downld\1406234.exe c:\documents and settings\User\Application Data\drivers\downld\1406781.exe c:\documents and settings\User\Application Data\drivers\downld\1408125.exe c:\documents and settings\User\Application Data\drivers\downld\140866546.exe c:\documents and settings\User\Application Data\drivers\downld\140866875.exe c:\documents and settings\User\Application Data\drivers\downld\140867109.exe c:\documents and settings\User\Application Data\drivers\downld\140878765.exe c:\documents and settings\User\Application Data\drivers\downld\140881656.exe c:\documents and settings\User\Application Data\drivers\downld\140882515.exe c:\documents and settings\User\Application Data\drivers\downld\140933109.exe c:\documents and settings\User\Application Data\drivers\downld\140936062.exe c:\documents and settings\User\Application Data\drivers\downld\140938078.exe c:\documents and settings\User\Application Data\drivers\downld\140941515.exe c:\documents and settings\User\Application Data\drivers\downld\140941593.exe c:\documents and settings\User\Application Data\drivers\downld\140941625.exe c:\documents and settings\User\Application Data\drivers\downld\140949156.exe c:\documents and settings\User\Application Data\drivers\downld\140949218.exe c:\documents and settings\User\Application Data\drivers\downld\140949250.exe c:\documents and settings\User\Application Data\drivers\downld\140996406.exe c:\documents and settings\User\Application Data\drivers\downld\140996531.exe c:\documents and settings\User\Application Data\drivers\downld\140996562.exe c:\documents and settings\User\Application Data\drivers\downld\140996765.exe c:\documents and settings\User\Application Data\drivers\downld\140997125.exe c:\documents and settings\User\Application Data\drivers\downld\140997406.exe c:\documents and settings\User\Application Data\drivers\downld\141176312.exe c:\documents and settings\User\Application Data\drivers\downld\141176531.exe c:\documents and settings\User\Application Data\drivers\downld\141176625.exe c:\documents and settings\User\Application Data\drivers\downld\141184343.exe c:\documents and settings\User\Application Data\drivers\downld\141184921.exe c:\documents and settings\User\Application Data\drivers\downld\141185421.exe c:\documents and settings\User\Application Data\drivers\downld\141186125.exe c:\documents and settings\User\Application Data\drivers\downld\141186593.exe c:\documents and settings\User\Application Data\drivers\downld\141187531.exe c:\documents and settings\User\Application Data\drivers\downld\1412078.exe c:\documents and settings\User\Application Data\drivers\downld\141335953.exe c:\documents and settings\User\Application Data\drivers\downld\141336921.exe c:\documents and settings\User\Application Data\drivers\downld\141337140.exe c:\documents and settings\User\Application Data\drivers\downld\141346484.exe c:\documents and settings\User\Application Data\drivers\downld\141348984.exe c:\documents and settings\User\Application Data\drivers\downld\141349656.exe c:\documents and settings\User\Application Data\drivers\downld\141352781.exe c:\documents and settings\User\Application Data\drivers\downld\141354109.exe c:\documents and settings\User\Application Data\drivers\downld\141354453.exe c:\documents and settings\User\Application Data\drivers\downld\141376546.exe c:\documents and settings\User\Application Data\drivers\downld\141377843.exe c:\documents and settings\User\Application Data\drivers\downld\141377937.exe c:\documents and settings\User\Application Data\drivers\downld\141378015.exe c:\documents and settings\User\Application Data\drivers\downld\141378250.exe c:\documents and settings\User\Application Data\drivers\downld\141378343.exe c:\documents and settings\User\Application Data\drivers\downld\141378468.exe c:\documents and settings\User\Application Data\drivers\downld\141396875.exe c:\documents and settings\User\Application Data\drivers\downld\141399046.exe c:\documents and settings\User\Application Data\drivers\downld\141401062.exe c:\documents and settings\User\Application Data\drivers\downld\141453765.exe c:\documents and settings\User\Application Data\drivers\downld\141453828.exe c:\documents and settings\User\Application Data\drivers\downld\141453859.exe c:\documents and settings\User\Application Data\drivers\downld\141459406.exe c:\documents and settings\User\Application Data\drivers\downld\141459453.exe c:\documents and settings\User\Application Data\drivers\downld\141459515.exe c:\documents and settings\User\Application Data\drivers\downld\141462406.exe c:\documents and settings\User\Application Data\drivers\downld\141651453.exe c:\documents and settings\User\Application Data\drivers\downld\141840500.exe c:\documents and settings\User\Application Data\drivers\downld\142029640.exe c:\documents and settings\User\Application Data\drivers\downld\142029953.exe c:\documents and settings\User\Application Data\drivers\downld\142030234.exe c:\documents and settings\User\Application Data\drivers\downld\142030671.exe c:\documents and settings\User\Application Data\drivers\downld\142032250.exe c:\documents and settings\User\Application Data\drivers\downld\142032875.exe c:\documents and settings\User\Application Data\drivers\downld\1420484.exe c:\documents and settings\User\Application Data\drivers\downld\142049640.exe c:\documents and settings\User\Application Data\drivers\downld\142049687.exe c:\documents and settings\User\Application Data\drivers\downld\142049718.exe c:\documents and settings\User\Application Data\drivers\downld\142053812.exe c:\documents and settings\User\Application Data\drivers\downld\142055156.exe c:\documents and settings\User\Application Data\drivers\downld\142055500.exe c:\documents and settings\User\Application Data\drivers\downld\1421390.exe c:\documents and settings\User\Application Data\drivers\downld\1421500.exe c:\documents and settings\User\Application Data\drivers\downld\1423015.exe c:\documents and settings\User\Application Data\drivers\downld\1428796.exe c:\documents and settings\User\Application Data\drivers\downld\1431578.exe c:\documents and settings\User\Application Data\drivers\downld\143343.exe c:\documents and settings\User\Application Data\drivers\downld\1437203.exe c:\documents and settings\User\Application Data\drivers\downld\1439109.exe c:\documents and settings\User\Application Data\drivers\downld\1439453.exe c:\documents and settings\User\Application Data\drivers\downld\1439906.exe c:\documents and settings\User\Application Data\drivers\downld\1440796.exe c:\documents and settings\User\Application Data\drivers\downld\1441234.exe c:\documents and settings\User\Application Data\drivers\downld\1442453.exe c:\documents and settings\User\Application Data\drivers\downld\144328.exe c:\documents and settings\User\Application Data\drivers\downld\144546.exe c:\documents and settings\User\Application Data\drivers\downld\145359.exe c:\documents and settings\User\Application Data\drivers\downld\1456046.exe c:\documents and settings\User\Application Data\drivers\downld\1456468.exe c:\documents and settings\User\Application Data\drivers\downld\1456734.exe c:\documents and settings\User\Application Data\drivers\downld\146187.exe c:\documents and settings\User\Application Data\drivers\downld\1462843.exe c:\documents and settings\User\Application Data\drivers\downld\1463687.exe c:\documents and settings\User\Application Data\drivers\downld\1464062.exe c:\documents and settings\User\Application Data\drivers\downld\1464562.exe c:\documents and settings\User\Application Data\drivers\downld\1465765.exe c:\documents and settings\User\Application Data\drivers\downld\1466375.exe c:\documents and settings\User\Application Data\drivers\downld\147671.exe c:\documents and settings\User\Application Data\drivers\downld\148250.exe c:\documents and settings\User\Application Data\drivers\downld\1482906.exe c:\documents and settings\User\Application Data\drivers\downld\1483531.exe c:\documents and settings\User\Application Data\drivers\downld\1515687.exe c:\documents and settings\User\Application Data\drivers\downld\1516500.exe c:\documents and settings\User\Application Data\drivers\downld\1516703.exe c:\documents and settings\User\Application Data\drivers\downld\1517031.exe c:\documents and settings\User\Application Data\drivers\downld\1517734.exe c:\documents and settings\User\Application Data\drivers\downld\1518140.exe c:\documents and settings\User\Application Data\drivers\downld\153265.exe c:\documents and settings\User\Application Data\drivers\downld\153500.exe c:\documents and settings\User\Application Data\drivers\downld\156456015.exe c:\documents and settings\User\Application Data\drivers\downld\156459593.exe c:\documents and settings\User\Application Data\drivers\downld\156462859.exe c:\documents and settings\User\Application Data\drivers\downld\157384921.exe c:\documents and settings\User\Application Data\drivers\downld\157389187.exe c:\documents and settings\User\Application Data\drivers\downld\157391234.exe c:\documents and settings\User\Application Data\drivers\downld\157441937.exe c:\documents and settings\User\Application Data\drivers\downld\157449234.exe c:\documents and settings\User\Application Data\drivers\downld\157460375.exe c:\documents and settings\User\Application Data\drivers\downld\157544343.exe c:\documents and settings\User\Application Data\drivers\downld\157727046.exe c:\documents and settings\User\Application Data\drivers\downld\157727265.exe c:\documents and settings\User\Application Data\drivers\downld\157727359.exe c:\documents and settings\User\Application Data\drivers\downld\157773859.exe c:\documents and settings\User\Application Data\drivers\downld\157775218.exe c:\documents and settings\User\Application Data\drivers\downld\157776218.exe c:\documents and settings\User\Application Data\drivers\downld\157946062.exe c:\documents and settings\User\Application Data\drivers\downld\157946890.exe c:\documents and settings\User\Application Data\drivers\downld\157947093.exe c:\documents and settings\User\Application Data\drivers\downld\157950406.exe c:\documents and settings\User\Application Data\drivers\downld\157952609.exe c:\documents and settings\User\Application Data\drivers\downld\157953468.exe c:\documents and settings\User\Application Data\drivers\downld\157958546.exe c:\documents and settings\User\Application Data\drivers\downld\157959687.exe c:\documents and settings\User\Application Data\drivers\downld\157960093.exe c:\documents and settings\User\Application Data\drivers\downld\157983453.exe c:\documents and settings\User\Application Data\drivers\downld\157983859.exe c:\documents and settings\User\Application Data\drivers\downld\157984078.exe c:\documents and settings\User\Application Data\drivers\downld\157984828.exe c:\documents and settings\User\Application Data\drivers\downld\157985218.exe c:\documents and settings\User\Application Data\drivers\downld\157985531.exe c:\documents and settings\User\Application Data\drivers\downld\158018437.exe c:\documents and settings\User\Application Data\drivers\downld\158025203.exe c:\documents and settings\User\Application Data\drivers\downld\158032750.exe c:\documents and settings\User\Application Data\drivers\downld\158094625.exe c:\documents and settings\User\Application Data\drivers\downld\158095250.exe c:\documents and settings\User\Application Data\drivers\downld\158095281.exe c:\documents and settings\User\Application Data\drivers\downld\158111265.exe c:\documents and settings\User\Application Data\drivers\downld\158111375.exe c:\documents and settings\User\Application Data\drivers\downld\158111406.exe c:\documents and settings\User\Application Data\drivers\downld\158114796.exe c:\documents and settings\User\Application Data\drivers\downld\158187.exe c:\documents and settings\User\Application Data\drivers\downld\158303875.exe c:\documents and settings\User\Application Data\drivers\downld\158492953.exe c:\documents and settings\User\Application Data\drivers\downld\158682171.exe c:\documents and settings\User\Application Data\drivers\downld\158682468.exe c:\documents and settings\User\Application Data\drivers\downld\158682781.exe c:\documents and settings\User\Application Data\drivers\downld\158684156.exe c:\documents and settings\User\Application Data\drivers\downld\158686687.exe c:\documents and settings\User\Application Data\drivers\downld\158687421.exe c:\documents and settings\User\Application Data\drivers\downld\158730734.exe c:\documents and settings\User\Application Data\drivers\downld\158730781.exe c:\documents and settings\User\Application Data\drivers\downld\158730843.exe c:\documents and settings\User\Application Data\drivers\downld\158737453.exe c:\documents and settings\User\Application Data\drivers\downld\158740921.exe c:\documents and settings\User\Application Data\drivers\downld\158741140.exe c:\documents and settings\User\Application Data\drivers\downld\158741500.exe c:\documents and settings\User\Application Data\drivers\downld\158742500.exe c:\documents and settings\User\Application Data\drivers\downld\158743031.exe c:\documents and settings\User\Application Data\drivers\downld\158796.exe c:\documents and settings\User\Application Data\drivers\downld\159125.exe c:\documents and settings\User\Application Data\drivers\downld\15918718.exe c:\documents and settings\User\Application Data\drivers\downld\15919343.exe c:\documents and settings\User\Application Data\drivers\downld\15920093.exe c:\documents and settings\User\Application Data\drivers\downld\15938296.exe c:\documents and settings\User\Application Data\drivers\downld\15942187.exe c:\documents and settings\User\Application Data\drivers\downld\15943578.exe c:\documents and settings\User\Application Data\drivers\downld\159812.exe c:\documents and settings\User\Application Data\drivers\downld\15997687.exe c:\documents and settings\User\Application Data\drivers\downld\16001406.exe c:\documents and settings\User\Application Data\drivers\downld\16003984.exe c:\documents and settings\User\Application Data\drivers\downld\16077406.exe c:\documents and settings\User\Application Data\drivers\downld\1612171.exe c:\documents and settings\User\Application Data\drivers\downld\1612484.exe c:\documents and settings\User\Application Data\drivers\downld\1612765.exe c:\documents and settings\User\Application Data\drivers\downld\1613171.exe c:\documents and settings\User\Application Data\drivers\downld\1614375.exe c:\documents and settings\User\Application Data\drivers\downld\1614953.exe c:\documents and settings\User\Application Data\drivers\downld\162468.exe c:\documents and settings\User\Application Data\drivers\downld\1624687.exe c:\documents and settings\User\Application Data\drivers\downld\1626140.exe c:\documents and settings\User\Application Data\drivers\downld\16264937.exe c:\documents and settings\User\Application Data\drivers\downld\16266000.exe c:\documents and settings\User\Application Data\drivers\downld\16266109.exe c:\documents and settings\User\Application Data\drivers\downld\1626937.exe c:\documents and settings\User\Application Data\drivers\downld\1630296.exe c:\documents and settings\User\Application Data\drivers\downld\1630500.exe c:\documents and settings\User\Application Data\drivers\downld\1631500.exe c:\documents and settings\User\Application Data\drivers\downld\16320062.exe c:\documents and settings\User\Application Data\drivers\downld\16320921.exe c:\documents and settings\User\Application Data\drivers\downld\16321281.exe c:\documents and settings\User\Application Data\drivers\downld\1632406.exe c:\documents and settings\User\Application Data\drivers\downld\1633343.exe c:\documents and settings\User\Application Data\drivers\downld\163359.exe c:\documents and settings\User\Application Data\drivers\downld\1637000.exe c:\documents and settings\User\Application Data\drivers\downld\1638296.exe c:\documents and settings\User\Application Data\drivers\downld\1638734.exe c:\documents and settings\User\Application Data\drivers\downld\1644453.exe c:\documents and settings\User\Application Data\drivers\downld\1647375.exe c:\documents and settings\User\Application Data\drivers\downld\16476031.exe c:\documents and settings\User\Application Data\drivers\downld\16481000.exe c:\documents and settings\User\Application Data\drivers\downld\16481343.exe c:\documents and settings\User\Application Data\drivers\downld\16484531.exe c:\documents and settings\User\Application Data\drivers\downld\16486796.exe c:\documents and settings\User\Application Data\drivers\downld\16487703.exe c:\documents and settings\User\Application Data\drivers\downld\16491687.exe c:\documents and settings\User\Application Data\drivers\downld\16493062.exe c:\documents and settings\User\Application Data\drivers\downld\16493515.exe c:\documents and settings\User\Application Data\drivers\downld\1650703.exe c:\documents and settings\User\Application Data\drivers\downld\1651343.exe c:\documents and settings\User\Application Data\drivers\downld\1651531.exe c:\documents and settings\User\Application Data\drivers\downld\1651875.exe c:\documents and settings\User\Application Data\drivers\downld\16524390.exe c:\documents and settings\User\Application Data\drivers\downld\16524531.exe c:\documents and settings\User\Application Data\drivers\downld\16524578.exe c:\documents and settings\User\Application Data\drivers\downld\16524765.exe c:\documents and settings\User\Application Data\drivers\downld\16524968.exe c:\documents and settings\User\Application Data\drivers\downld\16525109.exe c:\documents and settings\User\Application Data\drivers\downld\1652546.exe c:\documents and settings\User\Application Data\drivers\downld\1652890.exe c:\documents and settings\User\Application Data\drivers\downld\165875.exe c:\documents and settings\User\Application Data\drivers\downld\1658968.exe c:\documents and settings\User\Application Data\drivers\downld\1659265.exe c:\documents and settings\User\Application Data\drivers\downld\1659812.exe c:\documents and settings\User\Application Data\drivers\downld\1660953.exe c:\documents and settings\User\Application Data\drivers\downld\1661593.exe c:\documents and settings\User\Application Data\drivers\downld\16621484.exe c:\documents and settings\User\Application Data\drivers\downld\16621718.exe c:\documents and settings\User\Application Data\drivers\downld\16621812.exe c:\documents and settings\User\Application Data\drivers\downld\1662203.exe c:\documents and settings\User\Application Data\drivers\downld\16625515.exe c:\documents and settings\User\Application Data\drivers\downld\16815468.exe c:\documents and settings\User\Application Data\drivers\downld\168328.exe c:\documents and settings\User\Application Data\drivers\downld\169578.exe c:\documents and settings\User\Application Data\drivers\downld\17004531.exe c:\documents and settings\User\Application Data\drivers\downld\170468.exe c:\documents and settings\User\Application Data\drivers\downld\1704781.exe c:\documents and settings\User\Application Data\drivers\downld\1709968.exe c:\documents and settings\User\Application Data\drivers\downld\1712265.exe c:\documents and settings\User\Application Data\drivers\downld\171359.exe c:\documents and settings\User\Application Data\drivers\downld\171625.exe c:\documents and settings\User\Application Data\drivers\downld\17193718.exe c:\documents and settings\User\Application Data\drivers\downld\17194156.exe c:\documents and settings\User\Application Data\drivers\downld\17194484.exe c:\documents and settings\User\Application Data\drivers\downld\17195078.exe c:\documents and settings\User\Application Data\drivers\downld\17212765.exe c:\documents and settings\User\Application Data\drivers\downld\17228765.exe c:\documents and settings\User\Application Data\drivers\downld\17263046.exe c:\documents and settings\User\Application Data\drivers\downld\17271421.exe c:\documents and settings\User\Application Data\drivers\downld\17274984.exe c:\documents and settings\User\Application Data\drivers\downld\17275203.exe c:\documents and settings\User\Application Data\drivers\downld\17275609.exe c:\documents and settings\User\Application Data\drivers\downld\17277312.exe c:\documents and settings\User\Application Data\drivers\downld\17277843.exe c:\documents and settings\User\Application Data\drivers\downld\173143671.exe c:\documents and settings\User\Application Data\drivers\downld\173144593.exe c:\documents and settings\User\Application Data\drivers\downld\173144843.exe c:\documents and settings\User\Application Data\drivers\downld\174983359.exe c:\documents and settings\User\Application Data\drivers\downld\174986343.exe c:\documents and settings\User\Application Data\drivers\downld\174987468.exe c:\documents and settings\User\Application Data\drivers\downld\175038906.exe c:\documents and settings\User\Application Data\drivers\downld\175042796.exe c:\documents and settings\User\Application Data\drivers\downld\175049203.exe c:\documents and settings\User\Application Data\drivers\downld\175139265.exe c:\documents and settings\User\Application Data\drivers\downld\175328000.exe c:\documents and settings\User\Application Data\drivers\downld\175328468.exe c:\documents and settings\User\Application Data\drivers\downld\175328593.exe c:\documents and settings\User\Application Data\drivers\downld\175345312.exe c:\documents and settings\User\Application Data\drivers\downld\175346703.exe c:\documents and settings\User\Application Data\drivers\downld\175347140.exe c:\documents and settings\User\Application Data\drivers\downld\175518937.exe c:\documents and settings\User\Application Data\drivers\downld\175520078.exe c:\documents and settings\User\Application Data\drivers\downld\175520359.exe c:\documents and settings\User\Application Data\drivers\downld\175523921.exe c:\documents and settings\User\Application Data\drivers\downld\175525656.exe c:\documents and settings\User\Application Data\drivers\downld\175529453.exe c:\documents and settings\User\Application Data\drivers\downld\175533000.exe c:\documents and settings\User\Application Data\drivers\downld\175534015.exe c:\documents and settings\User\Application Data\drivers\downld\175534375.exe c:\documents and settings\User\Application Data\drivers\downld\175549437.exe c:\documents and settings\User\Application Data\drivers\downld\175549750.exe c:\documents and settings\User\Application Data\drivers\downld\175549937.exe c:\documents and settings\User\Application Data\drivers\downld\175550625.exe c:\documents and settings\User\Application Data\drivers\downld\175550875.exe c:\documents and settings\User\Application Data\drivers\downld\175551140.exe c:\documents and settings\User\Application Data\drivers\downld\175702093.exe c:\documents and settings\User\Application Data\drivers\downld\175702515.exe c:\documents and settings\User\Application Data\drivers\downld\175702781.exe c:\documents and settings\User\Application Data\drivers\downld\175711250.exe c:\documents and settings\User\Application Data\drivers\downld\175901531.exe c:\documents and settings\User\Application Data\drivers\downld\176091625.exe c:\documents and settings\User\Application Data\drivers\downld\176281187.exe c:\documents and settings\User\Application Data\drivers\downld\176282703.exe c:\documents and settings\User\Application Data\drivers\downld\176283265.exe c:\documents and settings\User\Application Data\drivers\downld\176283906.exe c:\documents and settings\User\Application Data\drivers\downld\176285578.exe c:\documents and settings\User\Application Data\drivers\downld\176286890.exe c:\documents and settings\User\Application Data\drivers\downld\176316187.exe c:\documents and settings\User\Application Data\drivers\downld\176331406.exe c:\documents and settings\User\Application Data\drivers\downld\176332296.exe c:\documents and settings\User\Application Data\drivers\downld\176332640.exe c:\documents and settings\User\Application Data\drivers\downld\176333187.exe c:\documents and settings\User\Application Data\drivers\downld\176334625.exe c:\documents and settings\User\Application Data\drivers\downld\176335109.exe c:\documents and settings\User\Application Data\drivers\downld\176453.exe c:\documents and settings\User\Application Data\drivers\downld\1805140.exe c:\documents and settings\User\Application Data\drivers\downld\1805203.exe c:\documents and settings\User\Application Data\drivers\downld\1805265.exe c:\documents and settings\User\Application Data\drivers\downld\181343.exe c:\documents and settings\User\Application Data\drivers\downld\1820671.exe c:\documents and settings\User\Application Data\drivers\downld\1824031.exe c:\documents and settings\User\Application Data\drivers\downld\1824625.exe c:\documents and settings\User\Application Data\drivers\downld\1825296.exe c:\documents and settings\User\Application Data\drivers\downld\1827015.exe c:\documents and settings\User\Application Data\drivers\downld\1827671.exe c:\documents and settings\User\Application Data\drivers\downld\183468.exe c:\documents and settings\User\Application Data\drivers\downld\184703.exe c:\documents and settings\User\Application Data\drivers\downld\186000.exe c:\documents and settings\User\Application Data\drivers\downld\186703.exe c:\documents and settings\User\Application Data\drivers\downld\187125.exe c:\documents and settings\User\Application Data\drivers\downld\1878984.exe c:\documents and settings\User\Application Data\drivers\downld\1893109.exe c:\documents and settings\User\Application Data\drivers\downld\1895093.exe c:\documents and settings\User\Application Data\drivers\downld\1895343.exe c:\documents and settings\User\Application Data\drivers\downld\1895750.exe c:\documents and settings\User\Application Data\drivers\downld\1896937.exe c:\documents and settings\User\Application Data\drivers\downld\1897375.exe c:\documents and settings\User\Application Data\drivers\downld\191531.exe c:\documents and settings\User\Application Data\drivers\downld\192468.exe c:\documents and settings\User\Application Data\drivers\downld\215828.exe c:\documents and settings\User\Application Data\drivers\downld\219171.exe c:\documents and settings\User\Application Data\drivers\downld\220531.exe c:\documents and settings\User\Application Data\drivers\downld\228187.exe c:\documents and settings\User\Application Data\drivers\downld\230921.exe c:\documents and settings\User\Application Data\drivers\downld\232984.exe c:\documents and settings\User\Application Data\drivers\downld\237312.exe c:\documents and settings\User\Application Data\drivers\downld\240171.exe c:\documents and settings\User\Application Data\drivers\downld\242265.exe c:\documents and settings\User\Application Data\drivers\downld\253140.exe c:\documents and settings\User\Application Data\drivers\downld\256625.exe c:\documents and settings\User\Application Data\drivers\downld\262234.exe c:\documents and settings\User\Application Data\drivers\downld\263890.exe c:\documents and settings\User\Application Data\drivers\downld\264171.exe c:\documents and settings\User\Application Data\drivers\downld\265156.exe c:\documents and settings\User\Application Data\drivers\downld\278109.exe c:\documents and settings\User\Application Data\drivers\downld\280843.exe c:\documents and settings\User\Application Data\drivers\downld\281406.exe c:\documents and settings\User\Application Data\drivers\downld\281718.exe c:\documents and settings\User\Application Data\drivers\downld\285718.exe c:\documents and settings\User\Application Data\drivers\downld\289718.exe c:\documents and settings\User\Application Data\drivers\downld\292640.exe c:\documents and settings\User\Application Data\drivers\downld\306921.exe c:\documents and settings\User\Application Data\drivers\downld\32204234.exe c:\documents and settings\User\Application Data\drivers\downld\32204484.exe c:\documents and settings\User\Application Data\drivers\downld\32204718.exe c:\documents and settings\User\Application Data\drivers\downld\32261562.exe c:\documents and settings\User\Application Data\drivers\downld\32287718.exe c:\documents and settings\User\Application Data\drivers\downld\32352546.exe c:\documents and settings\User\Application Data\drivers\downld\32355687.exe c:\documents and settings\User\Application Data\drivers\downld\32358218.exe c:\documents and settings\User\Application Data\drivers\downld\334359.exe c:\documents and settings\User\Application Data\drivers\downld\348609.exe c:\documents and settings\User\Application Data\drivers\downld\351687.exe c:\documents and settings\User\Application Data\drivers\downld\353750.exe c:\documents and settings\User\Application Data\drivers\downld\3828156.exe c:\documents and settings\User\Application Data\drivers\downld\3828703.exe c:\documents and settings\User\Application Data\drivers\downld\3828968.exe c:\documents and settings\User\Application Data\drivers\downld\3841468.exe c:\documents and settings\User\Application Data\drivers\downld\3844390.exe c:\documents and settings\User\Application Data\drivers\downld\3848343.exe c:\documents and settings\User\Application Data\drivers\downld\3912000.exe c:\documents and settings\User\Application Data\drivers\downld\3917437.exe c:\documents and settings\User\Application Data\drivers\downld\3925234.exe c:\documents and settings\User\Application Data\drivers\downld\3925984.exe c:\documents and settings\User\Application Data\drivers\downld\3926375.exe c:\documents and settings\User\Application Data\drivers\downld\392921.exe c:\documents and settings\User\Application Data\drivers\downld\393453.exe c:\documents and settings\User\Application Data\drivers\downld\393781.exe c:\documents and settings\User\Application Data\drivers\downld\3942406.exe c:\documents and settings\User\Application Data\drivers\downld\3942500.exe c:\documents and settings\User\Application Data\drivers\downld\3942687.exe c:\documents and settings\User\Application Data\drivers\downld\3991593.exe c:\documents and settings\User\Application Data\drivers\downld\3991843.exe c:\documents and settings\User\Application Data\drivers\downld\3992546.exe c:\documents and settings\User\Application Data\drivers\downld\3993265.exe c:\documents and settings\User\Application Data\drivers\downld\3993765.exe c:\documents and settings\User\Application Data\drivers\downld\3994156.exe c:\documents and settings\User\Application Data\drivers\downld\415859.exe c:\documents and settings\User\Application Data\drivers\downld\4175781.exe c:\documents and settings\User\Application Data\drivers\downld\4176484.exe c:\documents and settings\User\Application Data\drivers\downld\4176750.exe c:\documents and settings\User\Application Data\drivers\downld\4185125.exe c:\documents and settings\User\Application Data\drivers\downld\4200984.exe c:\documents and settings\User\Application Data\drivers\downld\4201718.exe c:\documents and settings\User\Application Data\drivers\downld\4203375.exe c:\documents and settings\User\Application Data\drivers\downld\435765.exe c:\documents and settings\User\Application Data\drivers\downld\436265.exe c:\documents and settings\User\Application Data\drivers\downld\436500.exe c:\documents and settings\User\Application Data\drivers\downld\4397906.exe c:\documents and settings\User\Application Data\drivers\downld\4399500.exe c:\documents and settings\User\Application Data\drivers\downld\4400078.exe c:\documents and settings\User\Application Data\drivers\downld\4405031.exe c:\documents and settings\User\Application Data\drivers\downld\4408265.exe c:\documents and settings\User\Application Data\drivers\downld\4409171.exe c:\documents and settings\User\Application Data\drivers\downld\4413218.exe c:\documents and settings\User\Application Data\drivers\downld\4414859.exe c:\documents and settings\User\Application Data\drivers\downld\4415234.exe c:\documents and settings\User\Application Data\drivers\downld\4417125.exe c:\documents and settings\User\Application Data\drivers\downld\4427390.exe c:\documents and settings\User\Application Data\drivers\downld\4429171.exe c:\documents and settings\User\Application Data\drivers\downld\4429937.exe c:\documents and settings\User\Application Data\drivers\downld\4430500.exe c:\documents and settings\User\Application Data\drivers\downld\4430812.exe c:\documents and settings\User\Application Data\drivers\downld\4430859.exe c:\documents and settings\User\Application Data\drivers\downld\4472375.exe c:\documents and settings\User\Application Data\drivers\downld\4475875.exe c:\documents and settings\User\Application Data\drivers\downld\4478390.exe c:\documents and settings\User\Application Data\drivers\downld\4546484.exe c:\documents and settings\User\Application Data\drivers\downld\4547484.exe c:\documents and settings\User\Application Data\drivers\downld\4547718.exe c:\documents and settings\User\Application Data\drivers\downld\4556546.exe c:\documents and settings\User\Application Data\drivers\downld\4556687.exe c:\documents and settings\User\Application Data\drivers\downld\4556906.exe c:\documents and settings\User\Application Data\drivers\downld\4561750.exe c:\documents and settings\User\Application Data\drivers\downld\465531.exe c:\documents and settings\User\Application Data\drivers\downld\468343.exe c:\documents and settings\User\Application Data\drivers\downld\472718.exe c:\documents and settings\User\Application Data\drivers\downld\478140.exe c:\documents and settings\User\Application Data\drivers\downld\478328.exe c:\documents and settings\User\Application Data\drivers\downld\478421.exe c:\documents and settings\User\Application Data\drivers\downld\485953.exe c:\documents and settings\User\Application Data\drivers\downld\486421.exe c:\documents and settings\User\Application Data\drivers\downld\487171.exe c:\documents and settings\User\Application Data\drivers\downld\489390.exe c:\documents and settings\User\Application Data\drivers\downld\489578.exe c:\documents and settings\User\Application Data\drivers\downld\489687.exe c:\documents and settings\User\Application Data\drivers\downld\497109.exe c:\documents and settings\User\Application Data\drivers\downld\498562.exe c:\documents and settings\User\Application Data\drivers\downld\499656.exe c:\documents and settings\User\Application Data\drivers\downld\50767359.exe c:\documents and settings\User\Application Data\drivers\downld\50767765.exe c:\documents and settings\User\Application Data\drivers\downld\50768046.exe c:\documents and settings\User\Application Data\drivers\downld\50779203.exe c:\documents and settings\User\Application Data\drivers\downld\50781859.exe c:\documents and settings\User\Application Data\drivers\downld\50782734.exe c:\documents and settings\User\Application Data\drivers\downld\50846265.exe c:\documents and settings\User\Application Data\drivers\downld\50849046.exe c:\documents and settings\User\Application Data\drivers\downld\50851140.exe c:\documents and settings\User\Application Data\drivers\downld\50909031.exe c:\documents and settings\User\Application Data\drivers\downld\51089359.exe c:\documents and settings\User\Application Data\drivers\downld\51090140.exe c:\documents and settings\User\Application Data\drivers\downld\51090265.exe c:\documents and settings\User\Application Data\drivers\downld\51097234.exe c:\documents and settings\User\Application Data\drivers\downld\51097625.exe c:\documents and settings\User\Application Data\drivers\downld\51098234.exe c:\documents and settings\User\Application Data\drivers\downld\51245015.exe c:\documents and settings\User\Application Data\drivers\downld\51246078.exe c:\documents and settings\User\Application Data\drivers\downld\51246296.exe c:\documents and settings\User\Application Data\drivers\downld\51249015.exe c:\documents and settings\User\Application Data\drivers\downld\51250734.exe c:\documents and settings\User\Application Data\drivers\downld\51251406.exe c:\documents and settings\User\Application Data\drivers\downld\51254406.exe c:\documents and settings\User\Application Data\drivers\downld\51255593.exe c:\documents and settings\User\Application Data\drivers\downld\51255984.exe c:\documents and settings\User\Application Data\drivers\downld\51287843.exe c:\documents and settings\User\Application Data\drivers\downld\51288000.exe c:\documents and settings\User\Application Data\drivers\downld\51288171.exe c:\documents and settings\User\Application Data\drivers\downld\51288421.exe c:\documents and settings\User\Application Data\drivers\downld\51288640.exe c:\documents and settings\User\Application Data\drivers\downld\51288781.exe c:\documents and settings\User\Application Data\drivers\downld\51379500.exe c:\documents and settings\User\Application Data\drivers\downld\51379546.exe c:\documents and settings\User\Application Data\drivers\downld\51379578.exe c:\documents and settings\User\Application Data\drivers\downld\51381843.exe c:\documents and settings\User\Application Data\drivers\downld\51570906.exe c:\documents and settings\User\Application Data\drivers\downld\51759937.exe c:\documents and settings\User\Application Data\drivers\downld\51949093.exe c:\documents and settings\User\Application Data\drivers\downld\51949406.exe c:\documents and settings\User\Application Data\drivers\downld\51949703.exe c:\documents and settings\User\Application Data\drivers\downld\51950109.exe c:\documents and settings\User\Application Data\drivers\downld\51951218.exe c:\documents and settings\User\Application Data\drivers\downld\51951781.exe c:\documents and settings\User\Application Data\drivers\downld\52010625.exe c:\documents and settings\User\Application Data\drivers\downld\52015187.exe c:\documents and settings\User\Application Data\drivers\downld\52015921.exe c:\documents and settings\User\Application Data\drivers\downld\52016125.exe c:\documents and settings\User\Application Data\drivers\downld\52016437.exe c:\documents and settings\User\Application Data\drivers\downld\52017671.exe c:\documents and settings\User\Application Data\drivers\downld\52018015.exe c:\documents and settings\User\Application Data\drivers\downld\520890.exe c:\documents and settings\User\Application Data\drivers\downld\521265.exe c:\documents and settings\User\Application Data\drivers\downld\521421.exe c:\documents and settings\User\Application Data\drivers\downld\531953.exe c:\documents and settings\User\Application Data\drivers\downld\534390.exe c:\documents and settings\User\Application Data\drivers\downld\535546.exe c:\documents and settings\User\Application Data\drivers\downld\540109.exe c:\documents and settings\User\Application Data\drivers\downld\544078.exe c:\documents and settings\User\Application Data\drivers\downld\548359.exe c:\documents and settings\User\Application Data\drivers\downld\598578.exe c:\documents and settings\User\Application Data\drivers\downld\598781.exe c:\documents and settings\User\Application Data\drivers\downld\598953.exe c:\documents and settings\User\Application Data\drivers\downld\606578.exe c:\documents and settings\User\Application Data\drivers\downld\616078.exe c:\documents and settings\User\Application Data\drivers\downld\616421.exe c:\documents and settings\User\Application Data\drivers\downld\632140.exe c:\documents and settings\User\Application Data\drivers\downld\637609.exe c:\documents and settings\User\Application Data\drivers\downld\638781.exe c:\documents and settings\User\Application Data\drivers\downld\639000.exe c:\documents and settings\User\Application Data\drivers\downld\642296.exe c:\documents and settings\User\Application Data\drivers\downld\644140.exe c:\documents and settings\User\Application Data\drivers\downld\644843.exe c:\documents and settings\User\Application Data\drivers\downld\646687.exe c:\documents and settings\User\Application Data\drivers\downld\647515.exe c:\documents and settings\User\Application Data\drivers\downld\647750.exe c:\documents and settings\User\Application Data\drivers\downld\647953.exe c:\documents and settings\User\Application Data\drivers\downld\649078.exe c:\documents and settings\User\Application Data\drivers\downld\649421.exe c:\documents and settings\User\Application Data\drivers\downld\654062.exe c:\documents and settings\User\Application Data\drivers\downld\654718.exe c:\documents and settings\User\Application Data\drivers\downld\654906.exe c:\documents and settings\User\Application Data\drivers\downld\655359.exe c:\documents and settings\User\Application Data\drivers\downld\657046.exe c:\documents and settings\User\Application Data\drivers\downld\657265.exe c:\documents and settings\User\Application Data\drivers\downld\657359.exe c:\documents and settings\User\Application Data\drivers\downld\657687.exe c:\documents and settings\User\Application Data\drivers\downld\657906.exe c:\documents and settings\User\Application Data\drivers\downld\658015.exe c:\documents and settings\User\Application Data\drivers\downld\658468.exe c:\documents and settings\User\Application Data\drivers\downld\659187.exe c:\documents and settings\User\Application Data\drivers\downld\659531.exe c:\documents and settings\User\Application Data\drivers\downld\688359.exe c:\documents and settings\User\Application Data\drivers\downld\689109.exe c:\documents and settings\User\Application Data\drivers\downld\690234.exe c:\documents and settings\User\Application Data\drivers\downld\690515.exe c:\documents and settings\User\Application Data\drivers\downld\694000.exe c:\documents and settings\User\Application Data\drivers\downld\695781.exe c:\documents and settings\User\Application Data\drivers\downld\697468.exe c:\documents and settings\User\Application Data\drivers\downld\702218.exe c:\documents and settings\User\Application Data\drivers\downld\703218.exe c:\documents and settings\User\Application Data\drivers\downld\703687.exe c:\documents and settings\User\Application Data\drivers\downld\720203.exe c:\documents and settings\User\Application Data\drivers\downld\720265.exe c:\documents and settings\User\Application Data\drivers\downld\720328.exe c:\documents and settings\User\Application Data\drivers\downld\720500.exe c:\documents and settings\User\Application Data\drivers\downld\720562.exe c:\documents and settings\User\Application Data\drivers\downld\720593.exe c:\documents and settings\User\Application Data\drivers\downld\758750.exe c:\documents and settings\User\Application Data\drivers\downld\758796.exe c:\documents and settings\User\Application Data\drivers\downld\758937.exe c:\documents and settings\User\Application Data\drivers\downld\764640.exe c:\documents and settings\User\Application Data\drivers\downld\765968.exe c:\documents and settings\User\Application Data\drivers\downld\766187.exe c:\documents and settings\User\Application Data\drivers\downld\769046.exe c:\documents and settings\User\Application Data\drivers\downld\769796.exe c:\documents and settings\User\Application Data\drivers\downld\770500.exe c:\documents and settings\User\Application Data\drivers\downld\773375.exe c:\documents and settings\User\Application Data\drivers\downld\774125.exe c:\documents and settings\User\Application Data\drivers\downld\774500.exe c:\documents and settings\User\Application Data\drivers\downld\781484.exe c:\documents and settings\User\Application Data\drivers\downld\781546.exe c:\documents and settings\User\Application Data\drivers\downld\781625.exe c:\documents and settings\User\Application Data\drivers\downld\781828.exe c:\documents and settings\User\Application Data\drivers\downld\781890.exe c:\documents and settings\User\Application Data\drivers\downld\781921.exe c:\documents and settings\User\Application Data\drivers\downld\817421.exe c:\documents and settings\User\Application Data\drivers\downld\817562.exe c:\documents and settings\User\Application Data\drivers\downld\817609.exe c:\documents and settings\User\Application Data\drivers\downld\817625.exe c:\documents and settings\User\Application Data\drivers\downld\829937.exe c:\documents and settings\User\Application Data\drivers\downld\830265.exe c:\documents and settings\User\Application Data\drivers\downld\830375.exe c:\documents and settings\User\Application Data\drivers\downld\834812.exe c:\documents and settings\User\Application Data\drivers\downld\834875.exe c:\documents and settings\User\Application Data\drivers\downld\834953.exe c:\documents and settings\User\Application Data\drivers\downld\838000.exe c:\documents and settings\User\Application Data\drivers\downld\853687.exe c:\documents and settings\User\Application Data\drivers\downld\854234.exe c:\documents and settings\User\Application Data\drivers\downld\854765.exe c:\documents and settings\User\Application Data\drivers\downld\892296.exe c:\documents and settings\User\Application Data\drivers\downld\892390.exe c:\documents and settings\User\Application Data\drivers\downld\892421.exe c:\documents and settings\User\Application Data\drivers\downld\894703.exe c:\documents and settings\User\Application Data\drivers\downld\99152171.exe c:\documents and settings\User\Application Data\drivers\downld\99152843.exe c:\documents and settings\User\Application Data\drivers\downld\99153156.exe c:\documents and settings\User\Application Data\drivers\downld\99172250.exe c:\documents and settings\User\Application Data\drivers\downld\99175406.exe c:\documents and settings\User\Application Data\drivers\downld\99177328.exe c:\documents and settings\User\Application Data\drivers\downld\99241875.exe c:\documents and settings\User\Application Data\drivers\downld\99246359.exe c:\documents and settings\User\Application Data\drivers\downld\99248546.exe c:\documents and settings\User\Application Data\drivers\downld\99252765.exe c:\documents and settings\User\Application Data\drivers\downld\99252843.exe c:\documents and settings\User\Application Data\drivers\downld\99253000.exe c:\documents and settings\User\Application Data\drivers\downld\99262718.exe c:\documents and settings\User\Application Data\drivers\downld\99262890.exe c:\documents and settings\User\Application Data\drivers\downld\99262921.exe c:\documents and settings\User\Application Data\drivers\downld\99309875.exe c:\documents and settings\User\Application Data\drivers\downld\99309953.exe c:\documents and settings\User\Application Data\drivers\downld\99310000.exe c:\documents and settings\User\Application Data\drivers\downld\99310140.exe c:\documents and settings\User\Application Data\drivers\downld\99310625.exe c:\documents and settings\User\Application Data\drivers\downld\99311062.exe c:\documents and settings\User\Application Data\drivers\downld\99490609.exe c:\documents and settings\User\Application Data\drivers\downld\99491015.exe c:\documents and settings\User\Application Data\drivers\downld\99491187.exe c:\documents and settings\User\Application Data\drivers\downld\99497703.exe c:\documents and settings\User\Application Data\drivers\downld\99498796.exe c:\documents and settings\User\Application Data\drivers\downld\99499375.exe c:\documents and settings\User\Application Data\drivers\downld\99500078.exe c:\documents and settings\User\Application Data\drivers\downld\99502187.exe c:\documents and settings\User\Application Data\drivers\downld\99502515.exe c:\documents and settings\User\Application Data\drivers\downld\99656703.exe c:\documents and settings\User\Application Data\drivers\downld\99657843.exe c:\documents and settings\User\Application Data\drivers\downld\99658078.exe c:\documents and settings\User\Application Data\drivers\downld\99661125.exe c:\documents and settings\User\Application Data\drivers\downld\99662453.exe c:\documents and settings\User\Application Data\drivers\downld\99663859.exe c:\documents and settings\User\Application Data\drivers\downld\99667781.exe c:\documents and settings\User\Application Data\drivers\downld\99668968.exe c:\documents and settings\User\Application Data\drivers\downld\99669562.exe c:\documents and settings\User\Application Data\drivers\downld\99671593.exe c:\documents and settings\User\Application Data\drivers\downld\99682703.exe c:\documents and settings\User\Application Data\drivers\downld\99683203.exe c:\documents and settings\User\Application Data\drivers\downld\99683328.exe c:\documents and settings\User\Application Data\drivers\downld\99683937.exe c:\documents and settings\User\Application Data\drivers\downld\99684609.exe c:\documents and settings\User\Application Data\drivers\downld\99685625.exe c:\documents and settings\User\Application Data\drivers\downld\99716890.exe c:\documents and settings\User\Application Data\drivers\downld\99719531.exe c:\documents and settings\User\Application Data\drivers\downld\99721859.exe c:\documents and settings\User\Application Data\drivers\downld\99791609.exe c:\documents and settings\User\Application Data\drivers\downld\99791656.exe c:\documents and settings\User\Application Data\drivers\downld\99791687.exe c:\documents and settings\User\Application Data\drivers\downld\99800765.exe c:\documents and settings\User\Application Data\drivers\downld\99800843.exe c:\documents and settings\User\Application Data\drivers\downld\99800906.exe c:\documents and settings\User\Application Data\drivers\downld\99805625.exe c:\documents and settings\User\Application Data\drivers\downld\99995671.exe c:\documents and settings\User\Application Data\drivers\srosa2.sys c:\documents and settings\User\Application Data\drivers\wfsintwq.sys c:\documents and settings\User\Application Data\drivers\winupgro.exe c:\documents and settings\User\Application Data\m c:\documents and settings\User\Application Data\m\data.oct c:\documents and settings\User\Application Data\m\flec006.exe c:\documents and settings\User\Application Data\m\list.oct c:\documents and settings\User\Application Data\m\shared\000-631 - ClearCase for UNIX Practice Exam Questions 1.0 Crack.zip c:\documents and settings\User\Application Data\m\shared\A-Z iPod Video Converter 4.45 [Key+Serial].zip c:\documents and settings\User\Application Data\m\shared\Acura RSX Screensaver 2.zip c:\documents and settings\User\Application Data\m\shared\Aigo Video to PSP Converter 2.0.15.zip c:\documents and settings\User\Application Data\m\shared\********* Apple TV Video Converter 3.1.22.zip c:\documents and settings\User\Application Data\m\shared\AIX 5L Communications Practice Exam Questions 1.0.zip c:\documents and settings\User\Application Data\m\shared\All-in-1 Personal Organizer 4.0.2.zip c:\documents and settings\User\Application Data\m\shared\All Video to Audio Converter 1.0 Key.zip c:\documents and settings\User\Application Data\m\shared\Allok Video to FLV Converter 2.3.2.zip c:\documents and settings\User\Application Data\m\shared\AppKill 1.0 [Key+Serial].zip c:\documents and settings\User\Application Data\m\shared\Apus 1.30.zip c:\documents and settings\User\Application Data\m\shared\Ashampoo Office 2006 1.20 (Key+Serial).zip c:\documents and settings\User\Application Data\m\shared\Audio Librarian Plus 5.1.zip c:\documents and settings\User\Application Data\m\shared\Automatronix 2.19 [Crack].zip c:\documents and settings\User\Application Data\m\shared\Auvisoft MP3 Recorder 1.50 (Key+Serial).zip c:\documents and settings\User\Application Data\m\shared\AVG.Anti-Virus.Pro.v7.5.432a867.Multilangages.Incl-Keygen.updated-fixed.12-2006.zip c:\documents and settings\User\Application Data\m\shared\BackupBuddy Professional 2.1.zip c:\documents and settings\User\Application Data\m\shared\Balloon Headed Boy 1.zip c:\documents and settings\User\Application Data\m\shared\Bar Code 93 Utility 3.4.zip c:\documents and settings\User\Application Data\m\shared\BestSync 2008 3.5.14.zip c:\documents and settings\User\Application Data\m\shared\Billiard Table Counter 2.0.zip c:\documents and settings\User\Application Data\m\shared\Blowfish Advanced CS 2.57.00.122.zip c:\documents and settings\User\Application Data\m\shared\Bulk Rename Utility 2.7.0.3.zip c:\documents and settings\User\Application Data\m\shared\Business2Go Small Business 2.8.zip c:\documents and settings\User\Application Data\m\shared\C-Organizer Pro 3.5.zip c:\documents and settings\User\Application Data\m\shared\Cafe Server 4.0.41.240.zip c:\documents and settings\User\Application Data\m\shared\Call Tape 1.2.8.zip c:\documents and settings\User\Application Data\m\shared\CD Throttle 1.47.zip c:\documents and settings\User\Application Data\m\shared\cobrowse 0.17.zip c:\documents and settings\User\Application Data\m\shared\Collectify 1.75.1585 (Patch).zip c:\documents and settings\User\Application Data\m\shared\Collectorz.com Comic Collector 4.2 Build 2.zip c:\documents and settings\User\Application Data\m\shared\CookTop 2.500 Beta.zip c:\documents and settings\User\Application Data\m\shared\CopyFilenames 2.0 Serial.zip c:\documents and settings\User\Application Data\m\shared\Credit Card Manager 2007 2.20.zip c:\documents and settings\User\Application Data\m\shared\Cucku Backup 1.21.30208.889.zip c:\documents and settings\User\Application Data\m\shared\CWIPanel 1.6.zip c:\documents and settings\User\Application Data\m\shared\Danish to English 4.1.zip c:\documents and settings\User\Application Data\m\shared\Digital Camera Data Recovery 2.0.1.5.zip c:\documents and settings\User\Application Data\m\shared\DiskInternals Word Recovery 1.8.zip c:\documents and settings\User\Application Data\m\shared\DiskJockey CD-ROM Builder 2.9.2.zip c:\documents and settings\User\Application Data\m\shared\DocSS Personal Edition 2.1.zip c:\documents and settings\User\Application Data\m\shared\Eset Nod32 Crack.zip c:\documents and settings\User\Application Data\m\shared\Exertrack Exercise Podcasts MP3 exercise instruction-Advanced 1.0 [Cracked].zip c:\documents and settings\User\Application Data\m\shared\Extension Manager Extended 2.6.2.zip c:\documents and settings\User\Application Data\m\shared\FaxTools eXPert 8.01.zip c:\documents and settings\User\Application Data\m\shared\Find motorola v3 mobile phone tools 4.0 ita using emule multimedia toolbar.zip c:\documents and settings\User\Application Data\m\shared\Flash SlideShow Maker Pro 4.75.zip c:\documents and settings\User\Application Data\m\shared\Folderico 3.5.zip c:\documents and settings\User\Application Data\m\shared\Frames Packs Volume 2 - Edge 1.0.0.zip c:\documents and settings\User\Application Data\m\shared\FTP Surfer 1.0.7.zip c:\documents and settings\User\Application Data\m\shared\Fun Desktop Wallpaper Changer 1.22.zip c:\documents and settings\User\Application Data\m\shared\Golden FTP Server Pro 2.80 Patch.zip c:\documents and settings\User\Application Data\m\shared\Graphic Workshop Professional 3.0a.033.zip c:\documents and settings\User\Application Data\m\shared\Icom Keyer Memory Set 0.3d.zip c:\documents and settings\User\Application Data\m\shared\IDentify! 5.0.0.zip c:\documents and settings\User\Application Data\m\shared\ImageElements 1.02 [KeyGen].zip c:\documents and settings\User\Application Data\m\shared\Industryplayer 4 build 408.zip c:\documents and settings\User\Application Data\m\shared\IrisSkin 2.7.zip c:\documents and settings\User\Application Data\m\shared\JM's Video Loader 1.0.8.zip c:\documents and settings\User\Application Data\m\shared\jPDF Tweak 0.9.zip c:\documents and settings\User\Application Data\m\shared\JzChat 1.12.zip c:\documents and settings\User\Application Data\m\shared\Kernel for BKF 4.02.zip c:\documents and settings\User\Application Data\m\shared\Lexis Rex with English 1.3.zip c:\documents and settings\User\Application Data\m\shared\MB Free Tea Leaf Reading 1.0.zip c:\documents and settings\User\Application Data\m\shared\mcafee 602 crack.zip c:\documents and settings\User\Application Data\m\shared\MCAFEE.TOTAL.PROTECTION.2007.GERMAN-EcHoS.zip c:\documents and settings\User\Application Data\m\shared\MechWarrior 4 Vengeance - Coastal map.zip c:\documents and settings\User\Application Data\m\shared\MenuModder 1.01.zip c:\documents and settings\User\Application Data\m\shared\Mimosa Scheduling Software 4.09.03 [Patch].zip c:\documents and settings\User\Application Data\m\shared\Mp3 Filter 4.2.6.zip c:\documents and settings\User\Application Data\m\shared\MST Password 1.6.22.67.zip c:\documents and settings\User\Application Data\m\shared\Musical Notes Preschool 1.0.zip c:\documents and settings\User\Application Data\m\shared\Mydoom.N Remover 3.5.1.11.zip c:\documents and settings\User\Application Data\m\shared\NConstruct 2.0.1.zip c:\documents and settings\User\Application Data\m\shared\net-runna DriverBackup 1.2.2.12.zip c:\documents and settings\User\Application Data\m\shared\Net Pulse 1.0 With Crack.zip c:\documents and settings\User\Application Data\m\shared\Nevron 3DChart for ActiveX 7.1.zip c:\documents and settings\User\Application Data\m\shared\Nod32.Antivirus.-.Espanol.Cracks.Con.Actualizacion.Infinita-2000-Xp.updated-fixed.01-2007.zip c:\documents and settings\User\Application Data\m\shared\Omziff 3.0.9.5.zip c:\documents and settings\User\Application Data\m\shared\Option Profit Calculator 1.0.0.zip c:\documents and settings\User\Application Data\m\shared\Oxford French Minidictionary (Symbian Series 80) 2.30.zip c:\documents and settings\User\Application Data\m\shared\PANDA.TITANIUM.ANTIVIRUS.2005.(Recopilación.de.cracks.y.seriales).zip c:\documents and settings\User\Application Data\m\shared\PASSyourself Windows Mail 1.0.0.68.zip c:\documents and settings\User\Application Data\m\shared\Picture Roller 1.0.zip c:\documents and settings\User\Application Data\m\shared\Portable GUIPDFTK 0.48.zip c:\documents and settings\User\Application Data\m\shared\Portable UK's Kalender 2.2.1.zip c:\documents and settings\User\Application Data\m\shared\ProLingo Japanese Korean Dictionary 1.4.8.zip c:\documents and settings\User\Application Data\m\shared\Question Writer - Publisher Edition 2.0 [Patch].zip c:\documents and settings\User\Application Data\m\shared\QuickTranslator 2007 R4 (KeyGen).zip c:\documents and settings\User\Application Data\m\shared\RFC Viewer 1.4.zip c:\documents and settings\User\Application Data\m\shared\RsShow 1.0.zip c:\documents and settings\User\Application Data\m\shared\Save Flash 4.0 (With Crack).zip c:\documents and settings\User\Application Data\m\shared\Save Multiple HTML Files As Text Files Software 7.0.zip c:\documents and settings\User\Application Data\m\shared\Screen Protractor 3.4.zip c:\documents and settings\User\Application Data\m\shared\Search Domain 1.0.zip c:\documents and settings\User\Application Data\m\shared\ShortCut Manager 1.01.zip c:\documents and settings\User\Application Data\m\shared\SmartWin Professional 2.0.3 Crack.zip c:\documents and settings\User\Application Data\m\shared\SoftX FTP Client 3.2 [KeyGen].zip c:\documents and settings\User\Application Data\m\shared\SQL Scripter 2.0.zip c:\documents and settings\User\Application Data\m\shared\SSCP Free Test Exam Questions 10.0.zip c:\documents and settings\User\Application Data\m\shared\StartUp Manager 1.01.zip c:\documents and settings\User\Application Data\m\shared\Strawberry 1.0.zip c:\documents and settings\User\Application Data\m\shared\Strip.Poker.Katharina.nokia.s40.by.HFFT-SFJ.zip c:\documents and settings\User\Application Data\m\shared\SubFind 1.5.zip c:\documents and settings\User\Application Data\m\shared\Super Bowl Champions Screensaver 1.0.zip c:\documents and settings\User\Application Data\m\shared\Super Email Verifier 1.67 Key+Serial.zip c:\documents and settings\User\Application Data\m\shared\Symantec Intruder Alert v3.6Ror.zip c:\documents and settings\User\Application Data\m\shared\TEA 20.0.0.zip c:\documents and settings\User\Application Data\m\shared\Tempest 1.0.zip c:\documents and settings\User\Application Data\m\shared\The Lock XP 5.07.0130 [KeyGen].zip c:\documents and settings\User\Application Data\m\shared\TheGoodBook 4.2.7.zip c:\documents and settings\User\Application Data\m\shared\Tiff Paging 1.01.zip c:\documents and settings\User\Application Data\m\shared\TIM USB Transfer 1.2.zip c:\documents and settings\User\Application Data\m\shared\Vista Folders Plus vol. 1.zip c:\documents and settings\User\Application Data\m\shared\Visual MP3 CD Burner 1.3.2.zip c:\documents and settings\User\Application Data\m\shared\Volleyball Scoreboard Deluxe 1.0.zip c:\documents and settings\User\Application Data\m\shared\Watermark Creator Real Estate Edition 3.6.0.zip c:\documents and settings\User\Application Data\m\shared\Whois 2.7.1.zip c:\documents and settings\User\Application Data\m\shared\WinQuota 2.0.zip c:\documents and settings\User\Application Data\m\shared\WinSesame 5.1 [Patch].zip c:\documents and settings\User\Application Data\m\shared\WordPerfect Converter - WP2DOC 2.0.zip c:\documents and settings\User\Application Data\m\shared\Worms 4 Mayhem demo.zip c:\documents and settings\User\Application Data\m\shared\X-Base 1.0.0.0 Key+Serial.zip c:\documents and settings\User\Application Data\m\shared\XMark 7.0 SP1 (KeyGen).zip c:\documents and settings\User\Application Data\m\shared\XSite 1.1.0.2.zip c:\documents and settings\User\Application Data\m\srvlist.oct c:\documents and settings\User\Application Data\Microsoft\SystemCertificates\Request c:\windows\system32\ban_list.txt c:\windows\system32\Cache c:\windows\system32\drivers\asc3550p.sys c:\windows\system32\mdelk.exe c:\windows\system32\wintems.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_SROSA -------\Legacy_SROSA -------\Legacy_SK9OU0S -------\Service_asc3550p ((((((((((((((((((((((((( Files Created from 2009-03-19 to 2009-04-19 ))))))))))))))))))))))))))))))) . 2009-04-19 03:51 . 2009-04-19 03:51 2993452 ----a-r C:\game.com.exe 2009-04-17 12:00 . 2009-04-17 12:00 -------- d-----w c:\program files\Trend Micro 2009-04-17 10:49 . 2009-04-17 10:49 -------- d-----w c:\documents and settings\User\Application Data\Lavasoft 2009-04-17 10:46 . 2009-04-17 10:46 -------- d-----w c:\program files\CCleaner 2009-04-17 09:04 . 2009-04-17 10:46 -------- d-----w c:\program files\EsetOnlineScanner 2009-04-17 08:36 . 2009-04-17 08:36 -------- d-----w c:\documents and settings\User\Application Data\GetRightToGo 2009-04-17 07:04 . 2009-04-17 08:36 -------- d-----w c:\program files\Remove-it 2009-04-16 19:16 . 2009-04-17 08:36 -------- d-----w c:\program files\NortonInstaller 2009-04-15 21:48 . 2009-04-15 21:48 -------- d-----w c:\program files\jdbc 2009-04-14 14:46 . 2009-04-14 14:46 -------- d-----w c:\windows\IBM 2009-04-14 12:24 . 2009-04-19 04:01 -------- d--h--w c:\documents and settings\User\Application Data\drivers 2009-04-14 12:19 . 2009-04-17 15:01 -------- d-----w c:\program files\eMule 2009-04-14 08:33 . 2009-04-16 16:20 -------- d-----w c:\documents and settings\db2admin.MENACHEM-NB\Local Settings\Application Data\javasharedresources 2009-04-14 05:05 . 2009-04-14 05:05 -------- d-----w c:\documents and settings\User\Local Settings\Application Data\Mozilla 2009-04-14 04:55 . 2009-04-14 04:55 -------- d-----w c:\windows\system32\RsFx 2009-04-13 20:05 . 2009-04-13 20:05 -------- d-----w c:\documents and settings\User\Local Settings\Application Data\Microsoft_Corporation 2009-04-13 19:20 . 2009-04-13 19:20 -------- d-----w c:\program files\MSXML 6.0 2009-04-13 17:50 . 2009-04-13 17:50 -------- d-----w c:\windows\cluster 2009-04-11 17:24 . 2009-04-11 17:24 -------- d-----w c:\program files\GOV.IL 2009-04-11 17:24 . 2009-04-11 17:24 -------- d-----w c:\program files\agat 2009-04-01 07:57 . 2009-04-01 07:57 -------- d-----w c:\program files\TeamViewer 2009-03-30 13:10 . 2009-03-30 13:10 -------- d-----w c:\documents and settings\User\Local Settings\Application Data\Symantec 2009-03-25 11:03 . 2009-03-25 11:03 -------- d-----w c:\documents and settings\User\Tracing 2009-03-25 11:01 . 2009-03-25 11:01 -------- d-----w c:\program files\Microsoft 2009-03-25 11:00 . 2009-03-25 11:00 -------- d-----w c:\program files\Windows Live SkyDrive 2009-03-25 10:58 . 2009-03-25 10:58 -------- d-----w c:\program files\Common Files\Windows Live 2009-03-24 19:59 . 2009-04-14 14:55 -------- d-----w c:\documents and settings\db2admin.MENACHEM-NB\Application Data\VMware . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-19 04:05 . 2008-09-25 22:01 -------- d-----w c:\documents and settings\LocalService\Application Data\VMware 2009-04-19 04:05 . 2008-09-25 21:57 -------- d-----w c:\documents and settings\All Users\Application Data\VMware 2009-04-19 03:50 . 2008-11-23 12:03 -------- d-----w c:\documents and settings\User\Application Data\Skype 2009-04-18 20:43 . 2008-11-23 12:06 -------- d-----w c:\documents and settings\User\Application Data\skypePM 2009-04-18 18:55 . 2008-09-25 21:58 -------- d-----w c:\documents and settings\NetworkService\Application Data\VMware 2009-04-18 18:15 . 2008-11-17 12:21 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-04-17 08:36 . 2009-01-20 04:25 -------- d-----w c:\documents and settings\All Users\Application Data\Norton 2009-04-16 19:21 . 2008-01-31 06:48 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2009-04-16 19:19 . 2008-12-31 17:58 -------- d-----w c:\documents and settings\User\Application Data\Orbit 2009-04-16 19:18 . 2008-01-31 06:48 -------- d-----w c:\program files\Common Files\Symantec Shared 2009-04-14 14:50 . 2009-01-20 04:25 -------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller 2009-04-14 13:14 . 2009-03-08 05:31 -------- d-----w c:\documents and settings\User\Application Data\uTorrent 2009-04-14 12:48 . 2009-01-20 05:11 -------- d-----w c:\program files\Norton Internet Security 2009-04-14 05:40 . 2009-04-14 05:39 598809 ----a-w C:\Uninstall IBM Tivoli Monitoring.log 2009-04-14 05:39 . 2008-01-31 06:25 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-14 04:59 . 2008-11-30 09:25 -------- d-----w c:\program files\IBM 2009-04-14 04:55 . 2008-12-07 06:49 -------- d-----w c:\program files\Microsoft SQL Server 2009-04-14 04:53 . 2008-11-17 12:25 -------- d-----w c:\program files\Microsoft.NET 2009-04-13 17:50 . 2008-12-22 07:01 -------- d-----w c:\documents and settings\All Users\Application Data\IBM 2009-04-12 20:30 . 2008-01-31 06:42 -------- d-----w c:\program files\Google 2009-04-08 14:46 . 2009-02-15 13:31 -------- d-----w c:\documents and settings\tivoli\Application Data\VMware 2009-04-08 05:18 . 2009-03-16 13:16 -------- d-----w c:\documents and settings\User\Application Data\Nokia 2009-03-31 20:06 . 2009-01-19 08:36 -------- d-----w c:\documents and settings\User\Application Data\codeblocks 2009-03-25 11:00 . 2009-02-02 12:48 -------- d-----w c:\program files\Windows Live 2009-03-21 19:35 . 2008-09-25 21:22 99584 ----a-w c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-16 19:33 . 2009-03-16 13:15 -------- d-----w c:\program files\Common Files\Nokia 2009-03-16 19:33 . 2009-03-16 13:14 -------- d-----w c:\program files\Nokia 2009-03-16 19:31 . 2009-03-16 19:31 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf 2009-03-16 19:31 . 2009-03-16 19:31 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2009-03-16 13:32 . 2009-03-16 13:32 0 ----a-w C:\tmp.xml 2009-03-16 13:30 . 2009-03-16 13:30 -------- d-----w c:\documents and settings\All Users\Application Data\Nokia 2009-03-16 13:29 . 2009-03-16 13:16 -------- d-----w c:\documents and settings\User\Application Data\PC Suite 2009-03-16 13:28 . 2009-03-16 13:14 -------- d-----w c:\documents and settings\All Users\Application Data\Installations 2009-03-16 13:16 . 2009-03-16 13:16 -------- d-----w c:\documents and settings\All Users\Application Data\PC Suite 2009-03-16 13:15 . 2009-03-16 13:15 -------- d-----w c:\program files\Common Files\PCSuite 2009-03-16 13:15 . 2009-03-16 13:15 -------- d-----w c:\program files\DIFX 2009-03-16 13:15 . 2009-03-16 13:15 -------- d-----w c:\program files\PC Connectivity Solution 2009-03-11 15:19 . 2009-01-04 10:04 -------- d-----w c:\program files\Notepad++ 2009-03-11 08:52 . 2009-03-11 08:45 -------- d-----w c:\program files\Tideway Foundation 2009-03-11 08:21 . 2008-09-25 22:02 -------- d-----w c:\documents and settings\User\Application Data\VMware 2009-03-08 05:37 . 2008-11-23 12:29 -------- d-----w c:\program files\FlashGet 2009-03-08 05:31 . 2009-03-08 05:31 -------- d-----w c:\program files\uTorrent 2009-03-07 17:50 . 2008-12-02 08:08 -------- d-----w c:\program files\Microsoft Silverlight 2009-03-05 05:30 . 2009-03-05 05:30 -------- d-----w c:\documents and settings\User\Application Data\Nero 2009-03-03 11:38 . 2009-03-03 11:38 -------- d-----w c:\program files\Lexmark_HostCD 2009-03-03 11:38 . 2009-03-03 11:38 -------- d-----w c:\program files\Lexmark Applications 2009-03-03 11:38 . 2009-03-03 11:38 -------- d-----w c:\program files\Lexmark 2009-02-26 01:07 . 2009-02-20 07:30 -------- d-----w c:\program files\Common Files\Logishrd 2009-02-22 18:06 . 2009-02-22 18:06 79668 ---ha-w c:\windows\system32\mlfcache.dat 2009-02-20 07:33 . 2009-02-20 07:33 -------- d-----w c:\documents and settings\All Users\Application Data\LogiShrd 2009-02-20 07:32 . 2009-02-20 07:32 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2009-02-20 07:32 . 2009-02-20 07:32 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf 2009-02-17 07:32 . 2009-02-17 07:31 53 ----a-w C:\test.bat 2009-02-09 11:13 . 2008-10-16 18:23 1846784 ------w c:\windows\system32\dllcache\win32k.sys 2009-02-09 11:13 . 2006-04-30 06:55 1846784 ----a-w c:\windows\system32\win32k.sys 2009-02-06 16:52 . 2009-02-06 16:52 49504 ----a-w c:\windows\system32\sirenacm.dll 2008-12-07 06:43 . 2008-12-07 06:43 197624 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2007-09-22 01:30 . 2009-02-15 12:03 407040 ----a-w c:\program files\Common Files\atserv.exe 2008-01-31 06:25 . 2008-09-23 06:15 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat 2008-10-02 10:02 . 2008-10-02 10:02 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092220080929\index.dat 2008-10-02 10:02 . 2008-10-02 10:02 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008100220081003\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-26 39408] "Google Update"="c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-27 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PMHandler"="c:\progra~1\Lenovo\PMDRIV~1\PMHandler.exe" [2007-03-16 31840] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-19 774233] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-23 138008] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-23 162584] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-23 138008] "FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe" [2007-05-31 946176] "LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2007-04-26 120368] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-04-12 68592] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-01-30 16116224] "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488] "AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2006-08-30 89542] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ QLINK.lnk - c:\program files\Lexmark Applications\QLink\QLINK.EXE [2009-3-3 1500752] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "HideClock"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS] 2007-05-31 21:57 155648 ----a-w c:\windows\system32\FpWinlogonNp.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] 2006-12-14 02:06 28672 ------w c:\program files\Lenovo\HOTKEY\tphklock.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ /P \??\C:\0autocheck autochk * [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\FlashGet\\FlashGet.exe"= "c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= "c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= "c:\\Program Files\\VMware\\VMware Server\\vmware-authd.exe"= "c:\\Program Files\\VMware\\VMware Server\\vmware-hostd.exe"= "c:\\Program Files\\UltraVNC\\vncviewer.exe"= "c:\\WINDOWS\\system32\\LMabcoms.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5900:TCP"= 5900:TCP:vnc5900 "5800:TCP"= 5800:TCP:vnc5800 R2 KNTCMA_Primary;Monitoring Agent for Windows OS - Primary;c:\ibm\itm2\TMAITM6\kntcma.exe [2009-04-14 1273856] R3 CredentialSlave;Tideway Credential Discovery Slave;c:\program files\Tideway Foundation\Credential Slave\tw_svc_credslave.exe [2008-11-03 26112] R3 DB2-0;DB2 - DB2COPY1 - DB2-0;c:\progra~1\IBM\SQLLIB~1\bin\db2syscs.exe [2008-04-07 128288] R3 DB2GOVERNOR_DB2COPY1;DB2 Governor (DB2COPY1);c:\program files\IBM\SQLLIB-new\BIN\db2govds.exe [2008-04-07 18720] R3 DB2LICD_DB2COPY1;DB2 License Server (DB2COPY1);c:\program files\IBM\SQLLIB-new\BIN\db2licd.exe [2008-04-07 124192] R3 DB2MGMTSVC_DB2COPY1;DB2 Management Service (DB2COPY1);c:\program files\IBM\SQLLIB-new\BIN\db2mgmtsvc.exe [2008-04-07 38688] R3 DB2REMOTECMD_DB2COPY1;DB2 Remote Command Server (DB2COPY1);c:\program files\IBM\SQLLIB-new\BIN\db2rcmd.exe [2008-04-07 29984] R3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [2007-06-22 106496] R3 KFWSRV;Tivoli Enterprise Portal Server;c:\ibm\itm2\CNPS\kfwservices.exe [2009-04-14 98304] R3 khdxprto;Tivoli Warehouse Proxy;c:\ibm\itm2\TMAITM6\khdxprto.exe [2009-04-14 5120] R3 KKF_HELPSVR;Eclipse Help Server for TEP;c:\ibm\itm2\HELPSVR\kkfhelpsvr.exe [2009-04-14 36864] R3 KNTCMA_Watchdog;Monitoring Agent for Windows OS - Watchdog;c:\ibm\itm2\TMAITM6\kcawd.exe [2009-04-14 49152] R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-02-01 138112] R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320] R3 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-06-01 34064] R3 PCAMp50;PCAMp50 NDIS Protocol Driver; [x] R3 TEMS1;Tivoli Enterprise Monitoring Svcs - TEMS1; [x] R3 vmwriter;VMware VSS Writer;c:\program files\VMware\VMware Server\vmVssWriter.exe [2008-10-12 29744] R3 WorkgroupSlave;Tideway Workgroup Discovery Slave;c:\program files\Tideway Foundation\Workgroup Slave\tw_svc_wgslave.exe [2008-11-03 26112] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128] R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-09 242712] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1005000.086\SYMEFA.SYS [2009-04-19 310320] S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1005000.086\BHDrvx86.sys [2009-04-19 258608] S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1005000.086\ccHPx86.sys [2009-04-19 482352] S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090206.001\IDSxpx86.sys [2009-04-19 276344] S1 PMHler;PMHler;c:\windows\system32\drivers\PMHler.sys [2006-05-24 10240] S2 atserv;AutoTrace Runtime;c:\program files\Common Files\atserv.exe [2007-09-22 407040] S2 KSYSRV;Warehouse Summarization and Pruning Agent;c:\ibm\itm2\TMAITM6\ksy610.exe [2009-04-14 126976] S2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [2009-04-19 115560] S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2008-10-12 54960] S2 VMwareHostd;VMware Host Agent;c:\program files\VMware\VMware Server\vmware-hostd.exe [2008-10-12 322096] S2 VMwareServerWebAccess;VMware Server Web Access;c:\program files\VMware\VMware Server\tomcat\bin\Tomcat6.exe [2008-10-12 57344] S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2006-09-13 35264] --- Other Services/Drivers In Memory --- *NewlyCreated* - BHDRVX86 *NewlyCreated* - CCHP *NewlyCreated* - NAVENG *NewlyCreated* - NAVEX15 *NewlyCreated* - NORTON_ANTIVIRUS *NewlyCreated* - SRTSP *NewlyCreated* - SRTSPX *Deregistered* - SYMFW *Deregistered* - SYMIDS *Deregistered* - SYMNDIS [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e883b60-d062-11dd-b136-001cbfc45ca6}] \Shell\AutoRun\command - G:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{87e85724-8acd-11dd-961f-001eec0913d1}] \Shell\AutoRun\command - G:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92a1b5b3-c5dc-11dd-b12f-005056c00008}] \Shell\Auto\command - F:\autorun.bat \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.bat \Shell\explore\Command - F:\autorun.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e18f582b-a67c-11dd-b103-005056c00008}] \Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e18f582d-a67c-11dd-b103-005056c00008}] \Shell\AutoRun\command - E:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4f8bf32-f03f-11dd-b14d-001cbfc45ca6}] \Shell\AutoRun\command - G:\AutoTransfer.exe . Contents of the 'Scheduled Tasks' folder 2009-04-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2795189963-2279578579-3646523319-1005.job - c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-27 08:58] 2009-04-19 c:\windows\Tasks\User_Feed_Synchronization-{92A4F883-B9F0-4365-9240-13F265E5BEC7}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 19:58] . - - - - ORPHANS REMOVED - - - - HKCU-Run-WMPNSCFG - c:\program files\Windows Media Player\WMPNSCFG.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201 IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204 IE: &ééöåà àì Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202 IE: Send to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm LSP: c:\program files\VMware\VMware Server\vsocklib.dll Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll DPF: {1ACECAFE-0015-0000-0000-ABCDEFFEDCBA} - hxxp:// DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574} DPF: {D3CCEFAF-8EE1-40FE-BE25-366E2B016DAB} - hxxp://menachem-nb/VirtualServer/activex/VMRCActiveXClient.cab FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\fwjuvcnz.default\ FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll FF - plugin: c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-19 07:33 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\asc3550p] -- [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\srosa] -- [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UnlockerDriver5] "ImagePath"="\??\c:\program files\Unlocker\UnlockerDriver5.sys" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG11.00.00.01WORKSTATION"="A44B193918042AA0C6219B88140BDC71C82C128BCCA8F949783390514353B164B4DC5C5FDDDE66F9BBC3AE6FC17BB41F87598A72B38314723E1E196D1394F99F3120A3A0DC7D182FE9D7907EC6FBA5A8C7447674E0C9BB0034644307CEF33F58D77AE8348E8C5894701FA031CCA780B6ADAA42734EA29B8F1D60220164C525C22D7F8623F1ADE393B48C2459070BBB071CF9BA22022904D5FE202E954752FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79339DB7CE019D40AA5CA6A0AC4980AC7933E5AA8D5C9DD2FE2C97983682DFA87777BF3058ABDE4C04D6330ACD5BD536C93F0D08E3CCAA66238902478965167D594F505F8F7AD0266D1EB571EF655BC96A6BFD8CB9E5481ECE671AD8725A2A7A82974D9E1BC07B805B40658FBD8E2914B5A786ED0B519D281D9987F78BA76A52FBCDD52C5A01F6B1E80CF9D775B54131F92E1A761A6B3484AA679364BAC68B8855E7305F71713DE6B6C252551BEF089085ACCB84EB447C091A0B2F712365A3F822CCC09D47FBB11CE8176EA2F703C7F5AFC6D68BC8A1C6DC10B36C05AFE32FD1F65896E486C097A5A5B47173986AAE794E111A8F3E79C97DB685021C8FD80C12EEDB5F451F11972A1A37270CCBD74C06C09595AB9E7A21BC3C16C945B30E7F122A1A70E2C3F23D2474B0FAC627AC96DBE553718F7C85493D51704524D300307B4A4B4074EAA1F9E16925FD8F0281680F22BBF5FB34AC27792C14156E67E129CAF59C6CC8508C2108AF8D65E778A07C075FB491485FBA7E3E06F481722F18D9D1D7ABB3BFF255EB0B845789E5E90BF6800A1855DDE22CFB2A9DF8F48CACBB17B79F8F7ACB17D276B6A6646732FBF2DB0912B4783AE0AFAB35B2FBFEB1261A96757ECDC8F5420EC12A5908200A16C115866D4C54F1C32B82268CCB50E8A4B67359AAE3C9DBC0473257E40D793F64916E309215E6AAB837D51AF32CC14DF6452E83E0C0CD2CA1F18E0614AFDAB5D7B11B9180B8519CB1A0DF0237D3CD0D2F30AA6C5E4A492C37328450B72051E823A6300B37D4DA18E1E6BEA1286E94ECA494AE5B66D5D2B319632525A2048FE3BFA627CE3A7B6DFE44BEF4149B9A56C46F44E7EE3F32A7AF2214E247ACF4E7C9689FDCE6923415C79490E9446B6B7C7E6F446298331DA79FF28698CCB27F55CE1F2E92ADCD77847B557A66F275E78F98454F159F914C5597ECB281A212A4F2BB27A76FD27C3313394B4B1A369B0BC0A8D851D51CADE6594138423C852FD8836F08137AD9B2CAB8B4FE8818F5C2C362D352EC5FFCDC8801D63F92508873866B5A0FAB221C09931532BC69546E55F569D6A1775103F942B9A9B138A493C78AB2814BE1B7C39DD6680C18DBAA3141767380F8793045E397999E" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(732) c:\windows\system32\VMGINA.DLL c:\windows\system32\ATGinaHook.dll c:\program files\Lenovo Fingerprint Software\ATCSSINT.DLL c:\program files\Lenovo Fingerprint Software\SharedResources.dll c:\program files\Lenovo Fingerprint Software\FPResource.dll c:\windows\system32\FpWinLogonNp.dll c:\program files\Lenovo\HOTKEY\tphklock.dll - - - - - - - > 'explorer.exe'(1552) c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\windows\system32\IPSSVC.EXE c:\program files\Lenovo\PM Driver\PMSveH.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe c:\windows\system32\vmnat.exe c:\windows\system32\vmnetdhcp.exe c:\program files\VMware\VMware Server\vmware-authd.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\inetsrv\inetinfo.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\wscntfy.exe c:\windows\system32\igfxsrvc.exe c:\program files\CCleaner\CCleaner.exe c:\documents and settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe c:\documents and settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe c:\documents and settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe c:\documents and settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe c:\documents and settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe c:\documents and settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe . ************************************************************************** . Completion time: 2009-04-19 7:44 - machine was rebooted ComboFix-quarantined-files.txt 2009-04-19 04:43 Pre-Run: 46,967,193,600 bytes free Post-Run: 46,947,676,160 bytes free 1232 --- E O F --- 2009-04-19 04:09 |
|
|
|
|
04-19-2009, 07:07 PM
|
#8 (permalink) |
|
Analyst, Security Team
Join Date: Feb 2006
Posts: 228
OS: 2K
|
Re: *antivirus.exe* is not a valid win32....
Likely Norton locating those many files ComboFix removed, in part. Let's remove some rootkit registry entries that still remain then scan after to see what might remain, if anything.
Be sure to continue to temporarily disable any protective software when running the scan tools we use here. Also disconnect from net access anytime you run ComboFix, reconnecting after it has completed it's scan. Open notepad (go to Start, Run, type notepad and press Enter) and copy/paste the text in the codebox below into it: Code:
Registry:: [-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\asc3550p] [-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\srosa] You should now have both ComboFix and that CFScript on the desktop. Just left click/hold on the CFScript file, and drag it into ComboFix to start the scan. ComboFix will now run as it did before. Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt. A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. ----------------- Also Go here and run the Kaspersky online scan, and post back the log it creates (it requires IE). To use the scan, once the download has completed click Scan Settings, then make sure the "extended option" is checked (leave all others as they are) and click OK. Then click My Computer to begin the scan. Save the Report as a text file and post that back here. To save it as a text file, still with the page in Internet Explorer, go to the top of the page and select File - Save As... Then make sure in the "Save as type" drop down you change it to "Text File(*.txt)". Post back that log along with the ComboFix.txt log please.
__________________
|
|
|
|
|
| Thread Tools | |
|
|
