|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
06-04-2007, 09:46 AM
|
#1 (permalink) |
|
Registered User
Join Date: Dec 2006
Posts: 26
OS: WinXP
|
Windows cant run in normal mode
I started having problems with my computer running slowly and started getting tons of ads. I would wake up and have over 25 ads in Internet Explorer windows. I ran Spybot-S&D and after my computer would shut down on its own at random times while I was working or playing a game.
I came on this site to put a Hijackthis log so I followed the 5 steps. After following the steps, my computer can no longer run in normal mode, only safe mode. I had to do the scans (dss and hijackthis) in safe mode and am making this post in safe mode. Please help! Activescan.txt Incident Status Location Virus:Trj/Spammer.ABI Disinfected Operating system Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\vtussts.dll Virus:trj/spammer.h Disinfected Operating system Virus:w32/locksky.au.worm Disinfected Operating system Adware:adware/statblaster Not disinfected Windows Registry Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jtn11rkt.default\cookies.txt[.2o7.net/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jtn11rkt.default\cookies.txt[.advertising.com/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jtn11rkt.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jtn11rkt.default\cookies.txt[.advertising.com/] Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jtn11rkt.default\cookies.txt[.atwola.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jtn11rkt.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jtn11rkt.default\cookies.txt[.com.com/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jtn11rkt.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jtn11rkt.default\cookies.txt[.zedo.com/] Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jtn11rkt.default\cookies.txt[.systemdoctor.com/] Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jtn11rkt.default\cookies.txt[www.systemdoctor.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jtn11rkt.default\cookies.txt[.247realmedia.com/] Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jtn11rkt.default\cookies.txt[.ads.pointroll.com/] Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jtn11rkt.default\cookies.txt[.adtech.de/] Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jtn11rkt.default\cookies.txt[.as-eu.falkag.net/] Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jtn11rkt.default\cookies.txt[.bravenet.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jtn11rkt.default\cookies.txt[.bs.serving-sys.com/] Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jtn11rkt.default\cookies.txt[.burstnet.com/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jtn11rkt.default\cookies.txt[.overture.com/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jtn11rkt.default\cookies.txt[.perf.overture.com/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jtn11rkt.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jtn11rkt.default\cookies.txt[.realmedia.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jtn11rkt.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jtn11rkt.default\cookies.txt[.trafficmp.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jtn11rkt.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jtn11rkt.default\cookies.txt[.weborama.fr/] Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jtn11rkt.default\cookies.txt[.www.myaffiliateprogram.com/] Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jtn11rkt.default\cookies.txt[.xiti.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jtn11rkt.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jtn11rkt.default\cookies.txt[www.burstbeacon.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Owner\Cookies\owner@stats1.reliablestats[1].txt Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Owner\Cookies\owner@systemdoctor[1].txt Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Owner\Cookies\owner@winantivirus[1].txt Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Owner\Cookies\owner@www.systemdoctor[1].txt Potentially unwanted tool:Application/HideWindow.S Not disinfected C:\Documents and Settings\Owner\Desktop\13740_RemotejoySDLGUI\RemotejoySDLGUI\PC\cmdow.exe Adware:Adware/Adsmart Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\aqv3xt3.game Adware:Adware/Adsmart Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\aqvxt34.game Adware:Adware/Adsmart Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\aqvxt42.game Adware:Adware/Ucmore Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\CmarP1065.exe Adware:Adware/Ucmore Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\GLB52.tmp Adware:Adware/SuperSpider Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\mst2C.tmp Virus:Trj/Agent.FNK Disinfected C:\Documents and Settings\Owner\Local Settings\Temp\swchost.exe Adware:Adware/Adsmart Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Tam01065.exe Adware:Adware/Zenosearch Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\TICHD003.exe Adware:Adware/Yazzle Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\v4x3.ga2me Adware:Adware/Yazzle Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\YazzleBundle-1281.exe Virus:Trj/Spammer.ABI Disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JKL4N67\wincg[1].exe Virus:Trj/Spammer.ABI Disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JKL4N67\wincg[2].exe Virus:Trj/Spammer.ABI Disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8RABUDWX\wincg[1].exe Virus:Trj/Agent.FNK Disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OPQRSBUD\game[1].exe Adware:Adware/Yazzle Not disinfected C:\Program Files\Common Files\Yazzle1162OinAdmin.exe Adware:Adware/Yazzle Not disinfected C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe Adware:Adware/TopInstalls Not disinfected C:\sysrrpf.exe Adware:Adware/WebBuying Not disinfected C:\Temp\gorPUS.exe[lb2.exe] Adware:Adware/TTC Not disinfected C:\Temp\gorPUS.exe[lib67.exe] Adware:Adware/DeluxeComunications Not disinfected C:\Temp\gorPUS.exe[lb5.exe] Virus:Trj/Downloader.OJF Not disinfected C:\Temp\gorPUS.exe[lib06.exe] Adware:Adware/DigInk Not disinfected C:\WINDOWS\rau001978.exe Virus:Trj/Downloader.OLY Disinfected C:\WINDOWS\retadpu1000106.exe Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\cqjterhd.dll Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\ddcdbbb.dll Adware:Adware/Adsmart Not disinfected C:\WINDOWS\system32\dlh9jkd1q1.exe Virus:Trj/Qhost.gen Disinfected C:\WINDOWS\system32\drivers\etc\hosts.20070603-085243.backup Virus:Trj/Qhost.gen Disinfected C:\WINDOWS\system32\drivers\etc\hosts.20070603-085244.backup Virus:Trj/Qhost.gen Disinfected C:\WINDOWS\system32\drivers\etc\hosts.20070603-085245.backup Virus:Trj/Qhost.gen Disinfected C:\WINDOWS\system32\drivers\etc\hosts.20070603-085304.backup Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\eqvewwnd.dll Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\fmvctjtg.dll Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\fwgradtt.dll Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\fxndqjiv.dll Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\hggdccb.dll Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\jsgiwoxs.dll Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\kupgabrr.dll Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\ltvptyll.dll Adware:Adware/SpyAway Not disinfected C:\WINDOWS\system32\msorcl32.exe Adware:Adware/WinAntivirus2006 Not disinfected C:\WINDOWS\system32\nfmsjnas.dll Virus:Trj/Downloader.OHN Disinfected C:\WINDOWS\system32\nso12k.sys Adware:Adware/CWS.GoogleError Not disinfected C:\WINDOWS\system32\nwjvgqry.dll Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\osptnjfq.dll Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\padphetg.dll Virus:Trj/Agent.FIB Disinfected C:\WINDOWS\system32\sBdciH14.exe Virus:Trj/Downloader.OJW Disinfected C:\WINDOWS\system32\SBO\SB1065.exe Hacktool:Rootkit/NTRootkit.AK Not disinfected C:\WINDOWS\system32\spoolsvv.sys Adware:Adware/Adsmart Not disinfected C:\WINDOWS\system32\sqvx5gamet2.exe Adware:Adware/Adsmart Not disinfected C:\WINDOWS\system32\sqvxga6met3.exe Adware:Adware/Adsmart Not disinfected C:\WINDOWS\system32\sqvxga7met4.exe Adware:Adware/Adsmart Not disinfected C:\WINDOWS\system32\T1QaSQ\T1QaSQ1065.exe Adware:Adware/Ucmore Not disinfected C:\WINDOWS\system32\T2\dlb66.exe Adware:Adware/TTC Not disinfected C:\WINDOWS\system32\T3\dlltk67.exe Adware:Adware/DeluxeComunications Not disinfected C:\WINDOWS\system32\T4\d5ll.exe Virus:Trj/Downloader.OJF Disinfected C:\WINDOWS\system32\T6\dlwr.exe Virus:W32/Nuwar.CG.worm Disinfected C:\WINDOWS\system32\vexga1me4t1.exe Adware:Adware/Adsmart Not disinfected C:\WINDOWS\system32\vexga3me2.exe Adware:Adware/Yazzle Not disinfected C:\WINDOWS\system32\vexga5me3.exe Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\vjbagrvb.dll Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\yaywusq.dll Virus:Trj/Spammer.ABA Disinfected C:\WINDOWS\Temp\bot4967.tmp Deckard's System Scanner v20070603.47 Run by Owner on 2007-06-04 at 11:26:38 Computer is in Safe Mode with Networking. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Failed to create restore point; computer is in safe mode. -- Last 5 Restore Point(s) -- 22: 2007-06-04 12:39:44 UTC - RP117 - Software Distribution Service 2.0 21: 2007-06-04 03:14:28 UTC - RP116 - Software Distribution Service 2.0 20: 2007-06-03 23:25:33 UTC - RP115 - Installed Ad-Aware SE Personal 19: 2007-06-03 13  12 UTC - RP114 - Removed SUPERAntiSpyware Professional18: 2007-06-03 13:04:32 UTC - RP113 - Removed Project64 1.6 -- First Restore Point -- 1: 2007-05-18 23:17:06 UTC - RP96 - Installed SUPERAntiSpyware Professional Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Owner.exe) ----------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 11:29:19 AM, on 6/4/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\savedump.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\Explorer.EXE C:\Documents and Settings\Owner\Desktop\dss.exe C:\DOCUME~1\Owner\Desktop\Owner.exe C:\Program Files\Mozilla Firefox\firefox.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://mozilla.com/ R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O2 - BHO: H - {040FA520-78C6-41ce-81D0-9E733ABC1A29} - C:\WINDOWS\system32\comi.dll O2 - BHO: (no name) - {105244C1-A5D7-457B-BBC3-A4460E2F264F} - (no file) O2 - BHO: (no name) - {3E8EC2D9-806B-4C7F-AE7F-F44AD4ABE8B5} - C:\WINDOWS\system32\vtussts.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: PsapiAnalyzer Object - {6D7D5679-4E81-430C-9C18-75FE169F1D07} - c:\windows\cursors\msw.dll O2 - BHO: (no name) - {6F533C2A-D436-4894-B878-33D5F0C55FE1} - C:\WINDOWS\system32\gebyy.dll (file missing) O2 - BHO: (no name) - {BC1F5455-DCE0-4340-976E-3889A023DAC1} - C:\WINDOWS\system32\mllmn.dll O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\imxaefts.dll O2 - BHO: (no name) - {E37FF575-FA89-40E6-B704-3A24555BD3Ec} - C:\WINDOWS\system32\qiqfrdkg.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [{ZN}] C:\Documents and Settings\Owner\Desktop\TISKY002.exe CHD003 O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [Genuine] rundll32.exe "C:\WINDOWS\system32\bvbdhunv.dll",realset O4 - HKLM\..\Run: [WMDM PMSP Service] C:\WINDOWS\system32\cssrss.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [4030397943.exe] C:\WINDOWS\system32\4030397943.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [Cbrqnr] "C:\Documents and Settings\Owner\My Documents\F?nts\t?skmgr.exe" O4 - HKCU\..\Run: [Service Pack 1] C:\WINDOWS\system32\vexg6ame4.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: MiniEYE-MiniREAD Launch.lnk = C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe O4 - Global Startup: Smart Wizard Wireless Settings.lnk = C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1180922990500 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O20 - Winlogon Notify: A3dxq - C:\WINDOWS\system32\a3dx8.dll O20 - Winlogon Notify: botreg - C:\Documents and Settings\All Users\Documents\Settings\bot.dll O20 - Winlogon Notify: khfcbab - khfcbab.dll (file missing) O20 - Winlogon Notify: mllmn - C:\WINDOWS\system32\mllmn.dll O20 - Winlogon Notify: msw - c:\windows\cursors\msw.dll O20 - Winlogon Notify: vtussts - C:\WINDOWS\SYSTEM32\vtussts.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O21 - SSODL: VLLVoWNcM - {F03ACDCF-5A90-6765-2422-71CEC1B369B9} - C:\WINDOWS\system32\ii.dll (file missing) O21 - SSODL: DCOM Server 20509 - {2C1CD3D7-86AC-4068-93BC-A02304B20509} - (no file) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: hpdj00 - Unknown owner - C:\DOCUME~1\Owner\LOCALS~1\Temp\hpdj00.exe (file missing) O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:exe.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7> R3 vaxscsi - c:\windows\system32\drivers\vaxscsi.sys R3 wg111nd5 (NETGEAR WG111 802.11g Wireless USB Adapter Driver) - c:\windows\system32\drivers\wg111nd5.sys <Not Verified; NETGEAR, Inc.; NETGEAR 802.11g Wireless LAN> S1 bdpredir - c:\program files\softwin\bitdefender10\bdpredir.sys (file missing) S1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu> S2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver> S3 libusb0 (LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120) - c:\windows\system32\drivers\libusb0.sys <Not Verified; http://libusb-win32.sourceforge.net; LibUSB-Win32 - Kernel Driver> S3 PCANDIS5 (PCANDIS5 Protocol Driver) - c:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows> S3 SunkFilt (Alcor Micro Corp - 9360) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt92> S3 SunkFilt39 (Alcor Micro Corp - 3239) - c:\windows\system32\drivers\sunkfilt39.sys <Not Verified; Alcor Micro Corp.; SunkFilt39> S3 Sunkfiltp (HP && Alcor Micro Corp for Phison) - c:\windows\system32\drivers\sunkfiltp.sys (file missing) S3 SYMREDRV - temroot\system32\drivers\symredrv.sys (file missing) pe386 driver present -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- S2 hpdj00 - c:\docume~1\owner\locals~1\temp\hpdj00.exe -servicerunning=true -uninstall=hp deskjet 3840 series -product=3840 (file missing) S2 ICF - c:\windows\system32\svchost.exe:exe.exe S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe -- Scheduled Tasks ------------------------------------------------------------- 2007-06-04 08:37:50 350 --a------ C:\WINDOWS\Tasks\At30.job 2007-06-04 08:00:30 350 --a------ C:\WINDOWS\Tasks\At33.job 2007-06-04 08:00:00 350 --a------ C:\WINDOWS\Tasks\At9.job 2007-06-04 07:00:30 350 --a------ C:\WINDOWS\Tasks\At32.job 2007-06-04 07:00:00 350 --a------ C:\WINDOWS\Tasks\At8.job 2007-06-04 06:00:30 350 --a------ C:\WINDOWS\Tasks\At31.job 2007-06-04 06:00:00 350 --a------ C:\WINDOWS\Tasks\At7.job 2007-06-04 05:00:00 350 --a------ C:\WINDOWS\Tasks\At6.job 2007-06-04 04:14:52 350 --a------ C:\WINDOWS\Tasks\At29.job 2007-06-04 04:00:11 350 --a------ C:\WINDOWS\Tasks\At5.job 2007-06-04 03:00:30 350 --a------ C:\WINDOWS\Tasks\At28.job 2007-06-04 03:00:00 350 --a------ C:\WINDOWS\Tasks\At4.job 2007-06-04 02:01:52 350 --a------ C:\WINDOWS\Tasks\At27.job 2007-06-04 02:00:00 350 --a------ C:\WINDOWS\Tasks\At3.job 2007-06-04 01:00:30 350 --a------ C:\WINDOWS\Tasks\At26.job 2007-06-04 01:00:00 350 --a------ C:\WINDOWS\Tasks\At2.job 2007-06-04 00:01:59 350 --a------ C:\WINDOWS\Tasks\At25.job 2007-06-04 00:00:00 350 --a------ C:\WINDOWS\Tasks\At1.job 2007-06-03 23:00:33 350 --a------ C:\WINDOWS\Tasks\At48.job 2007-06-03 23:00:00 350 --a------ C:\WINDOWS\Tasks\At24.job 2007-06-03 22:00:38 350 --a------ C:\WINDOWS\Tasks\At47.job 2007-06-03 22:00:03 350 --a------ C:\WINDOWS\Tasks\At23.job 2007-06-03 21:02:04 350 --a------ C:\WINDOWS\Tasks\At46.job 2007-06-03 21:00:01 350 --a------ C:\WINDOWS\Tasks\At22.job 2007-06-03 20:01:54 350 --a------ C:\WINDOWS\Tasks\At45.job 2007-06-03 20:00:04 350 --a------ C:\WINDOWS\Tasks\At21.job 2007-06-03 19:00:47 350 --a------ C:\WINDOWS\Tasks\At44.job 2007-06-03 19:00:08 350 --a------ C:\WINDOWS\Tasks\At20.job 2007-06-03 18:01:20 350 --a------ C:\WINDOWS\Tasks\At43.job 2007-06-03 18:00:00 350 --a------ C:\WINDOWS\Tasks\At19.job 2007-06-03 15:00:43 350 --a------ C:\WINDOWS\Tasks\At40.job 2007-06-03 15:00:04 350 --a------ C:\WINDOWS\Tasks\At16.job 2007-06-03 14:00:32 350 --a------ C:\WINDOWS\Tasks\At39.job 2007-06-03 14:00:00 350 --a------ C:\WINDOWS\Tasks\At15.job 2007-06-03 13:00:31 350 --a------ C:\WINDOWS\Tasks\At38.job 2007-06-03 13:00:00 350 --a------ C:\WINDOWS\Tasks\At14.job 2007-06-03 12:00:35 350 --a------ C:\WINDOWS\Tasks\At37.job 2007-06-03 12:00:00 350 --a------ C:\WINDOWS\Tasks\At13.job 2007-06-03 11:00:39 350 --a------ C:\WINDOWS\Tasks\At36.job 2007-06-03 11:00:00 350 --a------ C:\WINDOWS\Tasks\At12.job 2007-06-03 10:00:41 350 --a------ C:\WINDOWS\Tasks\At35.job 2007-06-03 10:00:04 350 --a------ C:\WINDOWS\Tasks\At11.job 2007-06-03 09:34:31 350 --a------ C:\WINDOWS\Tasks\At42.job 2007-06-03 09:34:31 350 --a------ C:\WINDOWS\Tasks\At41.job 2007-06-03 09:34:30 350 --a------ C:\WINDOWS\Tasks\At34.job 2007-06-03 09:00:00 350 --a------ C:\WINDOWS\Tasks\At10.job 2007-06-02 17:00:00 350 --a------ C:\WINDOWS\Tasks\At18.job 2007-06-02 16:00:01 350 --a------ C:\WINDOWS\Tasks\At17.job 2007-06-01 20:00:00 530 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job 2007-03-28 04:29:03 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 1.job 2004-09-23 20:50:53 412 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job -- Files created between 2007-05-04 and 2007-06-04 ----------------------------- 2007-06-04 09:55:27 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-06-04 09:12:36 31363 -rahs---- C:\WINDOWS\system32\spoolsvv.exe 2007-06-04 08:41:47 0 d-------- C:\WINDOWS\LastGood 2007-06-04 03:58:45 8641 --a------ C:\WINDOWS\system32\4030397943.exe 2007-06-03 22:25:31 0 d--h----- C:\Program Files\WindowsUpdate 2007-06-03 21:36:04 0 d-------- C:\Program Files\SpywareGuard 2007-06-03 21:02:03 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-06-03 21:01:43 0 d-------- C:\WINDOWS\LastGood.Tmp 2007-06-03 19:27:38 0 d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft 2007-06-03 19:25:45 0 d-------- C:\Program Files\Lavasoft 2007-06-03 18:53:34 0 d-------- C:\Documents and Settings\Administrator\Application Data\Talkback 2007-06-03 18:51:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla 2007-06-03 18:05:32 2580 --a------ C:\WINDOWS\system32\wridrmyj.exe 2007-06-03 18:04:31 23497 --a------ C:\WINDOWS\system32\cssrss.exe 2007-06-03 18:02:36 76412 --a------ C:\WINDOWS\system32\nfmsjnas.dll 2007-06-03 17:39:21 1611822 ---hs---- C:\WINDOWS\system32\nmllm.bak2 2007-06-03 16:02:05 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft 2007-06-03 16:02:05 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities 2007-06-03 16:02:05 0 d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink 2007-06-03 16:02:04 0 d--h----- C:\Documents and Settings\Administrator\Templates 2007-06-03 16:02:04 0 dr------- C:\Documents and Settings\Administrator\Start Menu 2007-06-03 16:02:04 0 dr-h----- C:\Documents and Settings\Administrator\SendTo 2007-06-03 16:02:04 0 d--h----- C:\Documents and Settings\Administrator\Recent 2007-06-03 16:02:04 0 d--h----- C:\Documents and Settings\Administrator\PrintHood 2007-06-03 16:02:04 0 d--h----- C:\Documents and Settings\Administrator\NetHood 2007-06-03 16:02:04 0 dr------- C:\Documents and Settings\Administrator\My Documents 2007-06-03 16:02:04 0 d--h----- C:\Documents and Settings\Administrator\Local Settings 2007-06-03 16:02:04 0 dr------- C:\Documents and Settings\Administrator\Favorites 2007-06-03 16:02:04 0 d-------- C:\Documents and Settings\Administrator\Desktop 2007-06-03 16:02:04 0 d---s---- C:\Documents and Settings\Administrator\Cookies 2007-06-03 16:02:04 0 dr-h----- C:\Documents and Settings\Administrator\Application Data 2007-06-03 16:02:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver 2007-06-03 16:02:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec 2007-06-03 16:02:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun 2007-06-03 16:02:03 0 d-------- C:\Documents and Settings\Administrator\WINDOWS 2007-06-03 16:02:03 1835008 --ah----- C:\Documents and Settings\Administrator\ntuser.dat 2007-06-03 15:36:38 263220 ---hs---- C:\WINDOWS\system32\mllmn.dll 2007-06-03 15:31:52 7008 --a------ C:\WINDOWS\system32\spoolsvv.sys 2007-06-03 15:17:43 0 d-------- C:\Program Files\PCPitstop 2007-06-03 15:13:54 1635164 ---hs---- C:\WINDOWS\system32\yybeg.ini2 2007-06-03 10:17:16 1 --a------ C:\WINDOWS\system32\boa.dat 2007-06-03 10:17:13 1 --a------ C:\WINDOWS\system32\ps.dat 2007-06-03 10:15:05 44177 --a------ C:\WINDOWS\system32\comi.dll <Not Verified; ; Helper Module> 2007-06-03 09:34:22 19520 --a------ C:\WINDOWS\system32\W6b2c62p.exe 2007-06-03 09:24:14 50740 --a------ C:\WINDOWS\system32\imxaefts.dll 2007-06-03 09:14:53 125460 --a------ C:\WINDOWS\system32\qiqfrdkg.dll 2007-06-03 09:12:34 131124 --a------ C:\WINDOWS\system32\bvbdhunv.dll 2007-06-03 09:12:33 2580 --a------ C:\WINDOWS\system32\drtvhrcn.exe 2007-06-03 09:09:34 1612017 ---hs---- C:\WINDOWS\system32\yybeg.bak2 2007-06-03 08:08:26 169984 --a------ C:\WINDOWS\system32\xloigsu.dll 2007-06-03 07:21:40 2580 --a------ C:\WINDOWS\system32\mtdwdjjp.exe 2007-06-03 07:21:05 125460 --a------ C:\WINDOWS\system32\jstlantf.dll 2007-06-03 07:15:39 1 --a------ C:\WINDOWS\system32\kr_done1 2007-06-03 07:13:59 61040 --a------ C:\WINDOWS\system32\xpdx.sys 2007-06-03 07:13:56 1632 --a------ C:\WINDOWS\system32\sqvxga7met4.exe 2007-06-03 07:13:31 1632 --a------ C:\WINDOWS\system32\sqvxga6met3.exe 2007-06-03 07:13:20 1632 --a------ C:\WINDOWS\system32\sqvx5gamet2.exe 2007-06-03 07:13:08 40960 --a------ C:\WINDOWS\retadpu27.exe <Not Verified; ; retadpu Application> 2007-06-03 07:11:29 0 d-------- C:\WINDOWS\system32\T5QaSQ 2007-06-03 07:10:55 14390 --a------ C:\sysloxt.exe 2007-06-02 14:52:35 131124 --a------ C:\WINDOWS\system32\engrhrjj.dll 2007-06-02 14:49:35 50740 --a------ C:\WINDOWS\system32\mgewhkcl.dll 2007-06-02 14:46:35 2580 --a------ C:\WINDOWS\system32\pdbrqwhj.exe 2007-06-02 14:44:12 1624076 ---hs---- C:\WINDOWS\system32\sttss.bak1 2007-06-02 07:16:14 2580 --a------ C:\WINDOWS\system32\fuskuomt.exe 2007-06-02 07:13:19 131124 --a------ C:\WINDOWS\system32\meeaseaq.dll 2007-06-01 07:13:31 50740 --a------ C:\WINDOWS\system32\qxjavxac.dll 2007-05-30 21:29:41 0 d-------- C:\Documents and Settings\Owner\Application Data\Gaijin Ent 2007-05-30 21:21:48 0 d-------- C:\Program Files\Stand O Food 2007-05-30 21:20:35 0 d-------- C:\Program Files\ReflexiveArcade 2007-05-27 18:55:13 124436 --a------ C:\WINDOWS\system32\nwjvgqry.dll 2007-05-25 18:52:15 50745 --a------ C:\WINDOWS\system32\fmvctjtg.dll 2007-05-24 19:46:10 0 d-------- C:\Program Files\Ventrilo 2007-05-24 19:16:21 131604 --a------ C:\WINDOWS\system32\jsgiwoxs.dll 2007-05-24 19:16:14 49204 --a------ C:\WINDOWS\system32\vjbagrvb.dll 2007-05-24 19:07:20 209526 --a------ C:\WINDOWS\system32\nlplodtd.exe 2007-05-24 18:49:26 1433215 ---hs---- C:\WINDOWS\system32\stutv.bak1 2007-05-24 06:18:09 0 d---s---- C:\Documents and Settings\Owner\UserData 2007-05-22 22:45:15 42496 --a------ C:\WINDOWS\system32\libusb0.dll <Not Verified; http://libusb-win32.sourceforge.net; LibUSB-Win32 - DLL> 2007-05-22 22:45:15 29184 --a------ C:\WINDOWS\system32\drivers\libusb0.sys <Not Verified; http://libusb-win32.sourceforge.net; LibUSB-Win32 - Kernel Driver> 2007-05-22 21:29:28 49204 --a------ C:\WINDOWS\system32\osptnjfq.dll 2007-05-22 21:29:06 132660 --a------ C:\WINDOWS\system32\fxndqjiv.dll 2007-05-22 21:26:31 1526783 ---hs---- C:\WINDOWS\system32\kjkmp.bak1 2007-05-21 20:25:20 131604 --a------ C:\WINDOWS\system32\padphetg.dll 2007-05-21 20:16:17 132660 --a------ C:\WINDOWS\system32\ltvptyll.dll 2007-05-21 20:14:03 1527191 ---hs---- C:\WINDOWS\system32\jmllm.bak1 2007-05-21 19:08:07 29206 --a------ C:\WINDOWS\system32\vtussts.dll 2007-05-21 18:58:31 0 d-------- C:\WINDOWS\system32\TQ0 2007-05-21 18:58:31 0 d-------- C:\WINDOWS\system32\T6 2007-05-21 18:58:31 0 d-------- C:\WINDOWS\system32\T4 2007-05-21 18:58:31 0 d-------- C:\WINDOWS\system32\T3 2007-05-21 18:58:31 0 d-------- C:\WINDOWS\system32\T2 2007-05-21 18:58:31 0 d-------- C:\WINDOWS\system32\pog 2007-05-21 18:58:27 0 d-------- C:\WINDOWS\system32\T1QaSQ 2007-05-19 19:42:44 132660 --a------ C:\WINDOWS\system32\kupgabrr.dll 2007-05-19 19:40:46 1526331 ---hs---- C:\WINDOWS\system32\rttss.bak1 2007-05-19 19:40:27 29206 --a------ C:\WINDOWS\system32\hggdccb.dll 2007-05-18 22:46:05 0 d-------- C:\WINDOWS\system32\?ppPatch 2007-05-18 20:42:48 132660 --a------ C:\WINDOWS\system32\eqvewwnd.dll 2007-05-18 20:41:11 1526946 ---hs---- C:\WINDOWS\system32\jlkkj.bak2 2007-05-18 20:28:31 1534915 ---hs---- C:\WINDOWS\system32\jlkkj.ini2 2007-05-18 19:59:13 1174284 --a------ C:\Documents and Settings\Owner\Application Data\Install.dat 2007-05-18 19:48:49 29206 --a------ C:\WINDOWS\system32\yaywusq.dll 2007-05-18 19:47:33 8464 --a------ C:\WINDOWS\system32\sporder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System> 2007-05-18 19:46:36 34816 --a------ C:\WINDOWS\rau001978.exe 2007-05-18 19:45:35 14390 --a------ C:\sysrrpf.exe 2007-05-18 19:23:19 0 d-------- C:\Program Files\LittleFighter2 2007-05-18 19:18:18 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2007-05-18 19:17:21 0 d-------- C:\Program Files\SUPERAntiSpyware 2007-05-18 19:17:19 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com 2007-05-18 19:16:17 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-05-18 18:48:26 0 d-------- C:\WINDOWS\system32\smpi1 2007-05-18 18:48:09 0 d-------- C:\WINDOWS\system32\SBO 2007-05-18 18:48:09 0 d-------- C:\Temp 2007-05-18 18:44:13 29206 --a------ C:\WINDOWS\system32\ddcdbbb.dll 2007-05-18 14:10:39 132660 -----n--- C:\WINDOWS\system32\fwgradtt.dll 2007-05-18 14:07:40 49204 --a------ C:\WINDOWS\system32\cqjterhd.dll 2007-05-18 14:02:47 1526255 ---hs---- C:\WINDOWS\system32\jlkkj.bak1 2007-05-10 06:50:21 0 d-------- C:\Documents and Settings\Owner\Application Data\Real -- Find3M Report --------------------------------------------------------------- 2007-06-03 22:08:19 0 d-------- C:\Program Files\AIM6 2007-06-03 22:00:49 0 d-------- C:\Program Files\7-Zip 2007-06-03 21:19:13 0 d-------- C:\Program Files\Common Files\Symantec Shared 2007-06-03 21:19:03 0 d-------- C:\Program Files\Norton AntiVirus 2007-06-03 21:18:57 0 d-------- C:\Program Files\Digital Media Reader 2007-06-03 21:18:55 0 d-------- C:\Program Files\QuickTime 2007-06-03 21:18:52 0 d-------- C:\Program Files\Messenger 2007-06-03 21:17:53 0 d-------- C:\Program Files\PowerISO 2007-06-03 09:05:21 0 d-------- C:\Program Files\Project64 1.6 2007-06-03 08:13:26 0 d-------- C:\Program Files\Max Registry Cleaner 2007-06-03 07:12:39 13444 --a------ C:\WINDOWS\system32\a3dx8.dll 2007-06-01 20:28:20 0 d-------- C:\Documents and Settings\Owner\Application Data\Azureus 2007-06-01 20:26:09 0 d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM 2007-05-30 20:43:17 0 d-------- C:\Program Files\World of Warcraft 2007-05-24 18:55:09 0 d-------- C:\Program Files\Hewlett-Packard 2007-05-24 18:55:06 0 d-------- C:\Program Files\HP 2007-05-19 19:40:29 0 --ahs---- C:\Program Files\Common Files\Yazzle1281OinAdmin.exe 2007-05-18 21 10 0 d-------- C:\Program Files\MSN Gaming Zone2007-05-18 20:04:12 0 d-------- C:\Program Files\Intel 2007-05-18 19:47:07 16 --a------ C:\Documents and Settings\Owner\Application Data\.rdr.ini 2007-05-05 14:44:20 571 --a------ C:\Documents and Settings\Owner\Application Data\AutoGK.ini 2007-05-02 21:39:07 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-05-02 21:35:10 0 d-------- C:\Program Files\OLYMPUS 2007-05-02 21:33:41 0 d-------- C:\Program Files\PIXELA 2007-05-02 21:33:34 0 d-------- C:\Program Files\Common Files\InstallShield 2007-04-30 07:11:01 0 d-------- C:\Program Files\AutoGK 2007-04-30 07:10:53 43602 --a------ C:\WINDOWS\system32\xvid-uninstall.exe 2007-04-30 07:10:27 0 d-------- C:\Program Files\AviSynth 2.5 2007-04-29 08:19:04 0 d--h----- C:\Program Files\Movies 2007-04-26 18:31:41 0 d-------- C:\Program Files\Electronic Arts 2007-04-26 08:56:45 0 d-------- C:\Program Files\Xilisoft 2007-04-23 23:34:16 0 d-------- C:\Program Files\DivX 2007-04-23 23:27:51 0 d-------- C:\Program Files\Gabest 2007-04-23 23:04:34 0 d-------- C:\Program Files\DVD Decrypter 2007-04-23 18:40:02 0 d-------- C:\Documents and Settings\Owner\Application Data\DivX 2007-04-20 13:55:34 1019904 --a------ C:\WINDOWS\system32\VchReg.dll <Not Verified; Max Secure Software; Voucher Registration> 2007-04-17 22:07:09 0 d-------- C:\Program Files\iPod 2007-04-17 20:47:47 0 d-------- C:\Documents and Settings\Owner\Application Data\U3 2007-04-17 20:11:19 0 d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer 2007-04-17 20:10:07 0 d-------- C:\Program Files\iTunes 2007-04-16 19:23:35 0 d-------- C:\Documents and Settings\Owner\Application Data\Lionhead Studios 2007-04-16 18:44:56 0 d-------- C:\Program Files\Lionhead Studios Ltd 2007-04-15 22:57:40 0 d-------- C:\Program Files\Alcohol Soft 2007-04-15 22:20:14 0 d-------- C:\Program Files\Infinite Mind LC 2007-04-13 19:29:22 0 d-------- C:\Program Files\WinXMedia 2007-04-11 00:21:03 0 d-------- C:\Documents and Settings\Owner\Application Data\Microsoft Web Folders 2007-04-11 00:20:31 0 d-------- C:\Program Files\microsoft frontpage 2007-04-10 21:19:19 81984 --a------ C:\WINDOWS\system32\bdod.bin 2007-04-10 00 21 0 d-------- C:\Program Files\MTV Networks2007-04-09 11:23:28 0 d-------- C:\Documents and Settings\Owner\Application Data\acccore 2007-04-09 11:17:11 0 d-------- C:\Program Files\Common Files\AOL 2007-04-09 11:14:23 0 d-------- C:\Program Files\AIM 2007-04-09 11:14:16 0 d-------- C:\Documents and Settings\Owner\Application Data\Aim 2007-04-09 10:43:48 0 d-------- C:\Program Files\Windows Media Connect 2 2007-04-08 23:55:34 0 d-------- C:\Program Files\AOD 2007-04-08 23:47:47 0 d-------- C:\Program Files\Warcraft III 2007-04-08 23:47:43 0 d-------- C:\Program Files\Common Files\aolshare 2007-04-08 23:47:43 0 d-------- C:\Program Files\America Online 9.0 2007-04-08 23:46:20 0 d-------- C:\Program Files\AOL Toolbar 2007-04-08 17:40:46 60 --a------ C:\WINDOWS\system32\SYSDRV.DAT 2007-04-08 17:38:46 0 d-------- C:\Program Files\Windows NT 2007-04-08 17:38:41 0 d-------- C:\Program Files\Movie Maker 2007-04-06 13:43:50 0 d-------- C:\Program Files\VideoLAN 2007-04-06 11:43:39 0 d-------- C:\Documents and Settings\Owner\Application Data\Ahead 2007-04-06 10 10 0 d-------- C:\Program Files\Common Files\Ahead2007-04-06 10:03:00 0 d-------- C:\Program Files\Nero 2007-04-05 23:24:09 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia 2007-04-05 00:42:33 0 d-------- C:\Program Files\Xvid 2007-04-04 10:17:09 54915 --a------ C:\WINDOWS\War3Unin.dat 2007-04-04 10:16:24 2829 --a------ C:\WINDOWS\War3Unin.pif 2007-04-04 10:16:24 139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller> 2007-03-28 19:32:41 1168 --a------ C:\WINDOWS\mozver.dat -- Registry Dump --------------------------------------------------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {040FA520-78C6-41ce-81D0-9E733ABC1A29} C:\WINDOWS\system32\comi.dll {3E8EC2D9-806B-4C7F-AE7F-F44AD4ABE8B5} C:\WINDOWS\system32\vtussts.dll {4A368E80-174F-4872-96B5-0B27DDD11DB2} C:\Program Files\SpywareGuard\dlprotect.dll {6D7D5679-4E81-430C-9C18-75FE169F1D07} c:\windows\cursors\msw.dll {6F533C2A-D436-4894-B878-33D5F0C55FE1} C:\WINDOWS\system32\gebyy.dll [x] {BC1F5455-DCE0-4340-976E-3889A023DAC1} C:\WINDOWS\system32\mllmn.dll {CD3447D4-CA39-4377-8084-30E86331D74C} C:\WINDOWS\system32\imxaefts.dll {E37FF575-FA89-40E6-B704-3A24555BD3Ec} C:\WINDOWS\system32\qiqfrdkg.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "SoundMan"="SOUNDMAN.EXE" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "nForce Tray Options"="sstray.exe /r" "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\"" "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "SunKistEM"="C:\\Program Files\\Digital Media Reader\\shwiconem.exe" "HP Software Update"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe\"" "Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe" "PWRISOVM.EXE"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE" "NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe" "HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe" "iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "{ZN}"="C:\\Documents and Settings\\Owner\\Desktop\\TISKY002.exe CHD003" "HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\"" "Genuine"="rundll32.exe \"C:\\WINDOWS\\system32\\bvbdhunv.dll\",realset" "WMDM PMSP Service"="C:\\WINDOWS\\system32\\cssrss.exe" "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\ "4030397943.exe"="C:\\WINDOWS\\system32\\4030397943.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\"" "Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp" "Cbrqnr"="\"C:\\Documents and Settings\\Owner\\My Documents\\F?nts\\t?skmgr.exe\"" "Service Pack 1"="C:\\WINDOWS\\system32\\vexg6ame4.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "Wallpaper"="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoActiveDesktop"=dword:00000000 "ForceActiveDesktopOn"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{3E8EC2D9-806B-4C7F-AE7F-F44AD4ABE8B5}"="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "VLLVoWNcM"="{F03ACDCF-5A90-6765-2422-71CEC1B369B9}" "DCOM Server 20509"="{2C1CD3D7-86AC-4068-93BC-A02304B20509}" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\A3dxq HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\botreg HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfcbab HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mllmn HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\msw HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtussts HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E] Shell\AutoRun\command E:\LaunchCD.exe [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24dd31f2-ed46-11db-b9a5-000fb502b53a}] Shell\AutoRun\command J:\LaunchU3.exe -- End of Deckard's System Scanner: finished at 2007-06-04 at 11:31:18 --------- Logfile of HijackThis v1.99.1 Scan saved at 11:32:02 AM, on 6/4/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Owner\Desktop\Owner.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://mozilla.com/ R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O2 - BHO: H - {040FA520-78C6-41ce-81D0-9E733ABC1A29} - C:\WINDOWS\system32\comi.dll O2 - BHO: (no name) - {105244C1-A5D7-457B-BBC3-A4460E2F264F} - (no file) O2 - BHO: (no name) - {3E8EC2D9-806B-4C7F-AE7F-F44AD4ABE8B5} - C:\WINDOWS\system32\vtussts.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: PsapiAnalyzer Object - {6D7D5679-4E81-430C-9C18-75FE169F1D07} - c:\windows\cursors\msw.dll O2 - BHO: (no name) - {6F533C2A-D436-4894-B878-33D5F0C55FE1} - C:\WINDOWS\system32\gebyy.dll (file missing) O2 - BHO: (no name) - {BC1F5455-DCE0-4340-976E-3889A023DAC1} - C:\WINDOWS\system32\mllmn.dll O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\imxaefts.dll O2 - BHO: (no name) - {E37FF575-FA89-40E6-B704-3A24555BD3Ec} - C:\WINDOWS\system32\qiqfrdkg.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [{ZN}] C:\Documents and Settings\Owner\Desktop\TISKY002.exe CHD003 O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [Genuine] rundll32.exe "C:\WINDOWS\system32\bvbdhunv.dll",realset O4 - HKLM\..\Run: [WMDM PMSP Service] C:\WINDOWS\system32\cssrss.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [4030397943.exe] C:\WINDOWS\system32\4030397943.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [Cbrqnr] "C:\Documents and Settings\Owner\My Documents\F?nts\t?skmgr.exe" O4 - HKCU\..\Run: [Service Pack 1] C:\WINDOWS\system32\vexg6ame4.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: MiniEYE-MiniREAD Launch.lnk = C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe O4 - Global Startup: Smart Wizard Wireless Settings.lnk = C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1180922990500 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O20 - Winlogon Notify: A3dxq - C:\WINDOWS\system32\a3dx8.dll O20 - Winlogon Notify: botreg - C:\Documents and Settings\All Users\Documents\Settings\bot.dll O20 - Winlogon Notify: khfcbab - khfcbab.dll (file missing) O20 - Winlogon Notify: mllmn - C:\WINDOWS\system32\mllmn.dll O20 - Winlogon Notify: msw - c:\windows\cursors\msw.dll O20 - Winlogon Notify: vtussts - C:\WINDOWS\SYSTEM32\vtussts.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O21 - SSODL: VLLVoWNcM - {F03ACDCF-5A90-6765-2422-71CEC1B369B9} - C:\WINDOWS\system32\ii.dll (file missing) O21 - SSODL: DCOM Server 20509 - {2C1CD3D7-86AC-4068-93BC-A02304B20509} - (no file) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: hpdj00 - Unknown owner - C:\DOCUME~1\Owner\LOCALS~1\Temp\hpdj00.exe (file missing) O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:exe.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
06-05-2007, 08:16 PM
|
#2 (permalink) |
|
Registered User
Join Date: Dec 2006
Posts: 26
OS: WinXP
|
Re: Windows cant run in normal mode
I ran some tests that I saw in the Self Remove procedures that is closed. My computer will now start up into normal mode but I get an error that says Windows has encountered a severe problem. Also my computer wont recognize my network card in normal mode, but it does in safe mode. Here is the latest HJT log (ran in normal mode) and DSS logs (ran in safe mode). Sorry if this changes anything for a person that has been working on my problem.
Logfile of HijackThis v1.99.1 Scan saved at 10:00:50 PM, on 6/5/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\Norton AntiVirus\SAVScan.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\sstray.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Digital Media Reader\shwiconem.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\4030397943.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\dumprep.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\BigFix\BigFix.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\WINDOWS\system32\dwwin.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Owner\Desktop\HijackThis.exe C:\Program Files\Messenger\msmsgs.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://mozilla.com/ R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [{ZN}] C:\Documents and Settings\Owner\Desktop\TISKY002.exe CHD003 O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [4030397943.exe] C:\WINDOWS\system32\4030397943.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\yecqysoj.dll",realset O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [Cbrqnr] "C:\Documents and Settings\Owner\My Documents\F?nts\t?skmgr.exe" O4 - HKCU\..\Run: [Service Pack 1] C:\WINDOWS\system32\vexg6ame4.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: MiniEYE-MiniREAD Launch.lnk = C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe O4 - Global Startup: Smart Wizard Wireless Settings.lnk = C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1180922990500 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O21 - SSODL: VLLVoWNcM - {F03ACDCF-5A90-6765-2422-71CEC1B369B9} - C:\WINDOWS\system32\ii.dll (file missing) O21 - SSODL: DCOM Server 20509 - {2C1CD3D7-86AC-4068-93BC-A02304B20509} - (no file) O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: hpdj00 - Unknown owner - C:\DOCUME~1\Owner\LOCALS~1\Temp\hpdj00.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe ---------------------------------------------------------------------------------- Deckard's System Scanner v20070603.47 Run by Owner on 2007-06-05 at 22:10:58 Computer is in Safe Mode with Networking. -------------------------------------------------------------------------------- -- HijackThis (run as Owner.exe) ----------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 10:11:09 PM, on 6/5/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Owner\Desktop\dss.exe C:\DOCUME~1\Owner\Desktop\Owner.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://mozilla.com/ R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O2 - BHO: H - {040FA520-78C6-41ce-81D0-9E733ABC1A29} - C:\WINDOWS\system32\comi.dll O2 - BHO: (no name) - {3E8EC2D9-806B-4C7F-AE7F-F44AD4ABE8B5} - C:\WINDOWS\system32\vtussts.dll (file missing) O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: PsapiAnalyzer Object - {6D7D5679-4E81-430C-9C18-75FE169F1D07} - c:\windows\cursors\msw.dll O2 - BHO: (no name) - {6F533C2A-D436-4894-B878-33D5F0C55FE1} - C:\WINDOWS\system32\gebyy.dll (file missing) O2 - BHO: (no name) - {8FD9E337-47D6-47F0-B81C-01014FFFD536} - C:\WINDOWS\system32\mllmn.dll O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\imxaefts.dll O2 - BHO: (no name) - {E37FF575-FA89-40E6-B704-3A24555BD3Ec} - C:\WINDOWS\system32\qiqfrdkg.dll (file missing) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [{ZN}] C:\Documents and Settings\Owner\Desktop\TISKY002.exe CHD003 O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [4030397943.exe] C:\WINDOWS\system32\4030397943.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\yecqysoj.dll",realset O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [Cbrqnr] "C:\Documents and Settings\Owner\My Documents\F?nts\t?skmgr.exe" O4 - HKCU\..\Run: [Service Pack 1] C:\WINDOWS\system32\vexg6ame4.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: MiniEYE-MiniREAD Launch.lnk = C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe O4 - Global Startup: Smart Wizard Wireless Settings.lnk = C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1180922990500 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O20 - Winlogon Notify: A3dxq - C:\WINDOWS\system32\a3dx8.dll O20 - Winlogon Notify: botreg - C:\Documents and Settings\All Users\Documents\Settings\bot.dll O20 - Winlogon Notify: khfcbab - khfcbab.dll (file missing) O20 - Winlogon Notify: mllmn - C:\WINDOWS\system32\mllmn.dll O20 - Winlogon Notify: msw - c:\windows\cursors\msw.dll O20 - Winlogon Notify: vtussts - vtussts.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O21 - SSODL: VLLVoWNcM - {F03ACDCF-5A90-6765-2422-71CEC1B369B9} - C:\WINDOWS\system32\ii.dll (file missing) O21 - SSODL: DCOM Server 20509 - {2C1CD3D7-86AC-4068-93BC-A02304B20509} - (no file) O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: hpdj00 - Unknown owner - C:\DOCUME~1\Owner\LOCALS~1\Temp\hpdj00.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- Files created between 2007-05-05 and 2007-06-05 ----------------------------- 2007-06-05 07:57:10 154624 --a------ C:\WINDOWS\system32\Unea29.sys 2007-06-05 07:53:49 3584 --a------ C:\WINDOWS\system32\nso12k.sys 2007-06-05 07:52:49 0 d-------- C:\Documents and Settings\Owner\Application Data\Grisoft 2007-06-04 20:46:41 2580 --a------ C:\WINDOWS\system32\niteeetq.exe 2007-06-04 20:46:36 131124 --a------ C:\WINDOWS\system32\yecqysoj.dll 2007-06-04 20:43:36 76412 --a------ C:\WINDOWS\system32\xvyarupt.dll 2007-06-04 19:50:30 4454 --a------ C:\WINDOWS\system32\tmp.reg 2007-06-04 09:55:27 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-06-04 09:12:36 31363 -rahs---- C:\WINDOWS\system32\spoolsvv.exe 2007-06-04 08:41:47 0 d-------- C:\WINDOWS\LastGood 2007-06-04 03:58:45 8641 --a------ C:\WINDOWS\system32\4030397943.exe 2007-06-03 22:25:31 0 d--h----- C:\Program Files\WindowsUpdate 2007-06-03 21:36:04 0 d-------- C:\Program Files\SpywareGuard 2007-06-03 21:02:03 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-06-03 21:01:43 0 d-------- C:\WINDOWS\LastGood.Tmp 2007-06-03 19:27:38 0 d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft 2007-06-03 19:25:45 0 d-------- C:\Program Files\Lavasoft 2007-06-03 18:53:34 0 d-------- C:\Documents and Settings\Administrator\Application Data\Talkback 2007-06-03 18:51:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla 2007-06-03 18:05:32 2580 --a------ C:\WINDOWS\system32\wridrmyj.exe 2007-06-03 18:02:36 76412 --a------ C:\WINDOWS\system32\nfmsjnas.dll 2007-06-03 17:39:21 1611899 ---hs---- C:\WINDOWS\system32\nmllm.bak2 2007-06-03 16:02:05 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft 2007-06-03 16:02:05 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities 2007-06-03 16:02:05 0 d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink 2007-06-03 16:02:04 0 d--h----- C:\Documents and Settings\Administrator\Templates 2007-06-03 16:02:04 0 dr------- C:\Documents and Settings\Administrator\Start Menu 2007-06-03 16:02:04 0 dr-h----- C:\Documents and Settings\Administrator\SendTo 2007-06-03 16:02:04 0 d--h----- C:\Documents and Settings\Administrator\Recent 2007-06-03 16:02:04 0 d--h----- C:\Documents and Settings\Administrator\PrintHood 2007-06-03 16:02:04 0 d--h----- C:\Documents and Settings\Administrator\NetHood 2007-06-03 16:02:04 0 dr------- C:\Documents and Settings\Administrator\My Documents 2007-06-03 16:02:04 0 d--h----- C:\Documents and Settings\Administrator\Local Settings 2007-06-03 16:02:04 0 dr------- C:\Documents and Settings\Administrator\Favorites 2007-06-03 16:02:04 0 d-------- C:\Documents and Settings\Administrator\Desktop 2007-06-03 16:02:04 0 d---s---- C:\Documents and Settings\Administrator\Cookies 2007-06-03 16:02:04 0 dr-h----- C:\Documents and Settings\Administrator\Application Data 2007-06-03 16:02:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver 2007-06-03 16:02:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec 2007-06-03 16:02:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun 2007-06-03 16:02:03 0 d-------- C:\Documents and Settings\Administrator\WINDOWS 2007-06-03 16:02:03 1835008 --ah----- C:\Documents and Settings\Administrator\ntuser.dat 2007-06-03 15:36:38 263220 ---hs---- C:\WINDOWS\system32\mllmn.dll 2007-06-03 15:31:52 7008 --a------ C:\WINDOWS\system32\spoolsvv.sys 2007-06-03 15:17:43 0 d-------- C:\Program Files\PCPitstop 2007-06-03 15:13:54 1635164 ---hs---- C:\WINDOWS\system32\yybeg.ini2 2007-06-03 10:17:16 1 --a------ C:\WINDOWS\system32\boa.dat 2007-06-03 10:17:13 1 --a------ C:\WINDOWS\system32\ps.dat 2007-06-03 10:15:05 44177 --a------ C:\WINDOWS\system32\comi.dll <Not Verified; ; Helper Module> 2007-06-03 09:34:22 19520 --a------ C:\WINDOWS\system32\W6b2c62p.exe 2007-06-03 09:24:14 50740 --a------ C:\WINDOWS\system32\imxaefts.dll 2007-06-03 09:12:34 131124 --a------ C:\WINDOWS\system32\bvbdhunv.dll 2007-06-03 09:12:33 2580 --a------ C:\WINDOWS\system32\drtvhrcn.exe 2007-06-03 09:09:34 1612017 ---hs---- C:\WINDOWS\system32\yybeg.bak2 2007-06-03 08:08:26 169984 --a------ C:\WINDOWS\system32\xloigsu.dll 2007-06-03 07:21:40 2580 --a------ C:\WINDOWS\system32\mtdwdjjp.exe 2007-06-03 07:21:05 125460 --a------ C:\WINDOWS\system32\jstlantf.dll 2007-06-03 07:15:39 1 --a------ C:\WINDOWS\system32\kr_done1 2007-06-03 07:13:59 61040 --a------ C:\WINDOWS\system32\xpdx.sys 2007-06-03 07:13:56 1632 --a------ C:\WINDOWS\system32\sqvxga7met4.exe 2007-06-03 07:13:31 1632 --a------ C:\WINDOWS\system32\sqvxga6met3.exe 2007-06-03 07:13:20 1632 --a------ C:\WINDOWS\system32\sqvx5gamet2.exe 2007-06-03 07:13:08 40960 --a------ C:\WINDOWS\retadpu27.exe <Not Verified; ; retadpu Application> 2007-06-03 07:11:29 0 d-------- C:\WINDOWS\system32\T5QaSQ 2007-06-03 07:10:55 14390 --a------ C:\sysloxt.exe 2007-06-02 14:52:35 131124 --a------ C:\WINDOWS\system32\engrhrjj.dll 2007-06-02 14:49:35 50740 --a------ C:\WINDOWS\system32\mgewhkcl.dll 2007-06-02 14:46:35 2580 --a------ C:\WINDOWS\system32\pdbrqwhj.exe 2007-06-02 14:44:12 1624076 ---hs---- C:\WINDOWS\system32\sttss.bak1 2007-06-02 07:16:14 2580 --a------ C:\WINDOWS\system32\fuskuomt.exe 2007-06-02 07:13:19 131124 --a------ C:\WINDOWS\system32\meeaseaq.dll 2007-06-01 07:13:31 50740 --a------ C:\WINDOWS\system32\qxjavxac.dll 2007-05-30 21:29:41 0 d-------- C:\Documents and Settings\Owner\Application Data\Gaijin Ent 2007-05-30 21:21:48 0 d-------- C:\Program Files\Stand O Food 2007-05-30 21:20:35 0 d-------- C:\Program Files\ReflexiveArcade 2007-05-27 18:55:13 124436 --a------ C:\WINDOWS\system32\nwjvgqry.dll 2007-05-25 18:52:15 50745 --a------ C:\WINDOWS\system32\fmvctjtg.dll 2007-05-24 19:46:10 0 d-------- C:\Program Files\Ventrilo 2007-05-24 19:16:21 131604 --a------ C:\WINDOWS\system32\jsgiwoxs.dll 2007-05-24 19:16:14 49204 --a------ C:\WINDOWS\system32\vjbagrvb.dll 2007-05-24 19:07:20 209526 --a------ C:\WINDOWS\system32\nlplodtd.exe 2007-05-24 18:49:26 1433215 ---hs---- C:\WINDOWS\system32\stutv.bak1 2007-05-24 06:18:09 0 d---s---- C:\Documents and Settings\Owner\UserData 2007-05-22 22:45:15 42496 --a------ C:\WINDOWS\system32\libusb0.dll <Not Verified; http://libusb-win32.sourceforge.net; LibUSB-Win32 - DLL> 2007-05-22 22:45:15 29184 --a------ C:\WINDOWS\system32\drivers\libusb0.sys <Not Verified; http://libusb-win32.sourceforge.net; LibUSB-Win32 - Kernel Driver> 2007-05-22 21:29:28 49204 --a------ C:\WINDOWS\system32\osptnjfq.dll 2007-05-22 21:29:06 132660 --a------ C:\WINDOWS\system32\fxndqjiv.dll 2007-05-22 21:26:31 1526783 ---hs---- C:\WINDOWS\system32\kjkmp.bak1 2007-05-21 20:25:20 131604 --a------ C:\WINDOWS\system32\padphetg.dll 2007-05-21 20:16:17 132660 --a------ C:\WINDOWS\system32\ltvptyll.dll 2007-05-21 20:14:03 1527191 ---hs---- C:\WINDOWS\system32\jmllm.bak1 2007-05-21 18:58:31 0 d-------- C:\WINDOWS\system32\TQ0 2007-05-21 18:58:31 0 d-------- C:\WINDOWS\system32\T6 2007-05-21 18:58:31 0 d-------- C:\WINDOWS\system32\T4 2007-05-21 18:58:31 0 d-------- C:\WINDOWS\system32\T3 2007-05-21 18:58:31 0 d-------- C:\WINDOWS\system32\T2 2007-05-21 18:58:31 0 d-------- C:\WINDOWS\system32\pog 2007-05-21 18:58:27 0 d-------- C:\WINDOWS\system32\T1QaSQ 2007-05-19 19:42:44 132660 --a------ C:\WINDOWS\system32\kupgabrr.dll 2007-05-19 19:40:46 1526331 ---hs---- C:\WINDOWS\system32\rttss.bak1 2007-05-19 19:40:27 29206 --a------ C:\WINDOWS\system32\hggdccb.dll 2007-05-18 22:46:05 0 d-------- C:\WINDOWS\system32\?ppPatch 2007-05-18 20:42:48 132660 --a------ C:\WINDOWS\system32\eqvewwnd.dll 2007-05-18 20:41:11 1526946 ---hs---- C:\WINDOWS\system32\jlkkj.bak2 2007-05-18 20:28:31 1534915 ---hs---- C:\WINDOWS\system32\jlkkj.ini2 2007-05-18 19:48:49 29206 --a------ C:\WINDOWS\system32\yaywusq.dll 2007-05-18 19:47:33 8464 --a------ C:\WINDOWS\system32\sporder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System> 2007-05-18 19:46:36 34816 --a------ C:\WINDOWS\rau001978.exe 2007-05-18 19:45:35 14390 --a------ C:\sysrrpf.exe 2007-05-18 19:23:19 0 d-------- C:\Program Files\LittleFighter2 2007-05-18 19:18:18 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2007-05-18 19:17:21 0 d-------- C:\Program Files\SUPERAntiSpyware 2007-05-18 19:17:19 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com 2007-05-18 19:16:17 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-05-18 18:48:26 0 d-------- C:\WINDOWS\system32\smpi1 2007-05-18 18:48:09 0 d-------- C:\WINDOWS\system32\SBO 2007-05-18 18:48:09 0 d-------- C:\Temp 2007-05-18 18:44:13 29206 --a------ C:\WINDOWS\system32\ddcdbbb.dll 2007-05-18 14:10:39 132660 -----n--- C:\WINDOWS\system32\fwgradtt.dll 2007-05-18 14:07:40 49204 --a------ C:\WINDOWS\system32\cqjterhd.dll 2007-05-18 14:02:47 1526255 ---hs---- C:\WINDOWS\system32\jlkkj.bak1 2007-05-10 06:50:21 0 d-------- C:\Documents and Settings\Owner\Application Data\Real -- Find3M Report --------------------------------------------------------------- 2007-06-05 19:41:30 0 d-------- C:\Program Files\Messenger 2007-06-04 11:51:18 0 d--h----- C:\Program Files\Movies 2007-06-03 22:08:19 0 d-------- C:\Program Files\AIM6 2007-06-03 22:00:49 0 d-------- C:\Program Files\7-Zip 2007-06-03 21:19:13 0 d-------- C:\Program Files\Common Files\Symantec Shared 2007-06-03 21:19:03 0 d-------- C:\Program Files\Norton AntiVirus 2007-06-03 21:18:57 0 d-------- C:\Program Files\Digital Media Reader 2007-06-03 21:18:55 0 d-------- C:\Program Files\QuickTime 2007-06-03 21:17:53 0 d-------- C:\Program Files\PowerISO 2007-06-03 09:05:21 0 d-------- C:\Program Files\Project64 1.6 2007-06-03 08:13:26 0 d-------- C:\Program Files\Max Registry Cleaner 2007-06-03 07:12:39 13444 --a------ C:\WINDOWS\system32\a3dx8.dll 2007-06-01 20:28:20 0 d-------- C:\Documents and Settings\Owner\Application Data\Azureus 2007-06-01 20:26:09 0 d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM 2007-05-30 20:43:17 0 d-------- C:\Program Files\World of Warcraft 2007-05-24 18:55:09 0 d-------- C:\Program Files\Hewlett-Packard 2007-05-24 18:55:06 0 d-------- C:\Program Files\HP 2007-05-19 19:40:29 0 --ahs---- C:\Program Files\Common Files\Yazzle1281OinAdmin.exe 2007-05-18 21 10 0 d-------- C:\Program Files\MSN Gaming Zone2007-05-18 20:04:12 0 d-------- C:\Program Files\Intel 2007-05-18 19:47:07 16 --a------ C:\Documents and Settings\Owner\Application Data\.rdr.ini 2007-05-05 14:44:20 571 --a------ C:\Documents and Settings\Owner\Application Data\AutoGK.ini 2007-05-02 21:39:07 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-05-02 21:35:10 0 d-------- C:\Program Files\OLYMPUS 2007-05-02 21:33:41 0 d-------- C:\Program Files\PIXELA 2007-05-02 21:33:34 0 d-------- C:\Program Files\Common Files\InstallShield 2007-04-30 07:11:01 0 d-------- C:\Program Files\AutoGK 2007-04-30 07:10:53 43602 --a------ C:\WINDOWS\system32\xvid-uninstall.exe 2007-04-30 07:10:27 0 d-------- C:\Program Files\AviSynth 2.5 2007-04-26 18:31:41 0 d-------- C:\Program Files\Electronic Arts 2007-04-26 08:56:45 0 d-------- C:\Program Files\Xilisoft 2007-04-23 23:34:16 0 d-------- C:\Program Files\DivX 2007-04-23 23:27:51 0 d-------- C:\Program Files\Gabest 2007-04-23 23:04:34 0 d-------- C:\Program Files\DVD Decrypter 2007-04-23 18:40:02 0 d-------- C:\Documents and Settings\Owner\Application Data\DivX 2007-04-20 13:55:34 1019904 --a------ C:\WINDOWS\system32\VchReg.dll <Not Verified; Max Secure Software; Voucher Registration> 2007-04-17 22:07:09 0 d-------- C:\Program Files\iPod 2007-04-17 20:47:47 0 d-------- C:\Documents and Settings\Owner\Application Data\U3 2007-04-17 20:11:19 0 d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer 2007-04-17 20:10:07 0 d-------- C:\Program Files\iTunes 2007-04-16 19:23:35 0 d-------- C:\Documents and Settings\Owner\Application Data\Lionhead Studios 2007-04-16 18:44:56 0 d-------- C:\Program Files\Lionhead Studios Ltd 2007-04-15 22:57:40 0 d-------- C:\Program Files\Alcohol Soft 2007-04-15 22:20:14 0 d-------- C:\Program Files\Infinite Mind LC 2007-04-13 19:29:22 0 d-------- C:\Program Files\WinXMedia 2007-04-11 00:21:03 0 d-------- C:\Documents and Settings\Owner\Application Data\Microsoft Web Folders 2007-04-11 00:20:31 0 d-------- C:\Program Files\microsoft frontpage 2007-04-10 21:19:19 81984 --a------ C:\WINDOWS\system32\bdod.bin 2007-04-10 00 21 0 d-------- C:\Program Files\MTV Networks2007-04-09 11:23:28 0 d-------- C:\Documents and Settings\Owner\Application Data\acccore 2007-04-09 11:17:11 0 d-------- C:\Program Files\Common Files\AOL 2007-04-09 11:14:23 0 d-------- C:\Program Files\AIM 2007-04-09 11:14:16 0 d-------- C:\Documents and Settings\Owner\Application Data\Aim 2007-04-09 10:43:48 0 d-------- C:\Program Files\Windows Media Connect 2 2007-04-08 23:55:34 0 d-------- C:\Program Files\AOD 2007-04-08 23:47:47 0 d-------- C:\Program Files\Warcraft III 2007-04-08 23:47:43 0 d-------- C:\Program Files\Common Files\aolshare 2007-04-08 23:47:43 0 d-------- C:\Program Files\America Online 9.0 2007-04-08 23:46:20 0 d-------- C:\Program Files\AOL Toolbar 2007-04-08 17:40:46 60 --a------ C:\WINDOWS\system32\SYSDRV.DAT 2007-04-08 17:38:46 0 d-------- C:\Program Files\Windows NT 2007-04-08 17:38:41 0 d-------- C:\Program Files\Movie Maker 2007-04-06 13:43:50 0 d-------- C:\Program Files\VideoLAN 2007-04-06 11:43:39 0 d-------- C:\Documents and Settings\Owner\Application Data\Ahead 2007-04-06 10 10 0 d-------- C:\Program Files\Common Files\Ahead2007-04-06 10:03:00 0 d-------- C:\Program Files\Nero 2007-04-05 23:24:09 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia 2007-04-05 00:42:33 0 d-------- C:\Program Files\Xvid 2007-04-04 10:17:09 54915 --a------ C:\WINDOWS\War3Unin.dat 2007-04-04 10:16:24 2829 --a------ C:\WINDOWS\War3Unin.pif 2007-04-04 10:16:24 139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller> 2007-03-28 19:32:41 1168 --a------ C:\WINDOWS\mozver.dat -- Registry Dump --------------------------------------------------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {040FA520-78C6-41ce-81D0-9E733ABC1A29} C:\WINDOWS\system32\comi.dll {3E8EC2D9-806B-4C7F-AE7F-F44AD4ABE8B5} C:\WINDOWS\system32\vtussts.dll [x] {4A368E80-174F-4872-96B5-0B27DDD11DB2} C:\Program Files\SpywareGuard\dlprotect.dll {6D7D5679-4E81-430C-9C18-75FE169F1D07} c:\windows\cursors\msw.dll {6F533C2A-D436-4894-B878-33D5F0C55FE1} C:\WINDOWS\system32\gebyy.dll [x] {8FD9E337-47D6-47F0-B81C-01014FFFD536} C:\WINDOWS\system32\mllmn.dll {CD3447D4-CA39-4377-8084-30E86331D74C} C:\WINDOWS\system32\imxaefts.dll {E37FF575-FA89-40E6-B704-3A24555BD3Ec} C:\WINDOWS\system32\qiqfrdkg.dll [x] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "SoundMan"="SOUNDMAN.EXE" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "nForce Tray Options"="sstray.exe /r" "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\"" "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "SunKistEM"="C:\\Program Files\\Digital Media Reader\\shwiconem.exe" "HP Software Update"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe\"" "Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe" "PWRISOVM.EXE"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE" "NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe" "HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe" "iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "{ZN}"="C:\\Documents and Settings\\Owner\\Desktop\\TISKY002.exe CHD003" "HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\"" "4030397943.exe"="C:\\WINDOWS\\system32\\4030397943.exe" "RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" "ApachInc"="rundll32.exe \"C:\\WINDOWS\\system32\\yecqysoj.dll\",realset" "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\"" "Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp" "Cbrqnr"="\"C:\\Documents and Settings\\Owner\\My Documents\\F?nts\\t?skmgr.exe\"" "Service Pack 1"="C:\\WINDOWS\\system32\\vexg6ame4.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{3E8EC2D9-806B-4C7F-AE7F-F44AD4ABE8B5}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "VLLVoWNcM"="{F03ACDCF-5A90-6765-2422-71CEC1B369B9}" "DCOM Server 20509"="{2C1CD3D7-86AC-4068-93BC-A02304B20509}" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\A3dxq HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\botreg HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfcbab HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mllmn HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\msw HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtussts HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E] Shell\AutoRun\command E:\LaunchCD.exe [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24dd31f2-ed46-11db-b9a5-000fb502b53a}] Shell\AutoRun\command J:\LaunchU3.exe -- End of Deckard's System Scanner: finished at 2007-06-05 at 22:12:41 --------- Wouldn't let me attach extra.txt. |
|
|
|
|
06-05-2007, 09:21 PM
|
#3 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,987
OS: WinXP and Vista
|
Re: Windows cant run in normal mode
Hello erb0817,
This system is a mess.  We'll need to go after all these infections in stages, so please stay with me and post the requested logs. Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. It's IMPORTANT to carry out the instructions in the sequence listed below. *************************************************** Download Combofix and save it to your desktop. **Note: It is important that it is saved directly to your desktop** -------------------------------------------------------------------- Close any open browsers. -------------------------------------------------------------------- Double click on combofix.exe & follow the prompts. When finished, it shall produce a log for you. Please post the C:\ComboFix.txt in your next reply. Note: Do not mouseclick combofix's window while it's running. That may cause it to stall |
|
|
|
|
06-06-2007, 05:39 AM
|
#4 (permalink) |
|
Registered User
Join Date: Dec 2006
Posts: 26
OS: WinXP
|
Re: Windows cant run in normal mode
"Owner" - 2007-06-06 7:17:44 Service Pack 2 NTFS [SAFE MODE]
ComboFix 07-06-06 - Running from: "" ADS removed - system32: deleted 66600 bytes in 1 streams. ADS removed - svchost.exe: deleted 58368 bytes in 1 streams. (((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\comi.dll C:\WINDOWS\system32\cqjterhd.dll C:\WINDOWS\system32\eqvewwnd.dll C:\WINDOWS\system32\fmvctjtg.dll C:\WINDOWS\system32\fwgradtt.dll C:\WINDOWS\system32\fxndqjiv.dll C:\WINDOWS\system32\hehxieud.dll C:\WINDOWS\system32\imxaefts.dll C:\WINDOWS\system32\jsgiwoxs.dll C:\WINDOWS\system32\jstlantf.dll C:\WINDOWS\system32\kupgabrr.dll C:\WINDOWS\system32\ltvptyll.dll C:\WINDOWS\system32\mgewhkcl.dll C:\WINDOWS\system32\nfmsjnas.dll C:\WINDOWS\system32\nwjvgqry.dll C:\WINDOWS\system32\osptnjfq.dll C:\WINDOWS\system32\padphetg.dll C:\WINDOWS\system32\qxjavxac.dll C:\WINDOWS\system32\vjbagrvb.dll C:\WINDOWS\system32\xvyarupt.dll C:\WINDOWS\system32\ddcdbbb.dll C:\WINDOWS\system32\hggdccb.dll C:\WINDOWS\system32\yaywusq.dll C:\WINDOWS\system32\nlplodtd.exe C:\WINDOWS\system32\nmllm.bak2 C:\WINDOWS\system32\nmllm.ini C:\WINDOWS\system32\dnwwevqe.ini C:\WINDOWS\system32\ttdargwf.ini C:\WINDOWS\system32\vijqdnxf.ini C:\WINDOWS\system32\rrbagpuk.ini C:\WINDOWS\system32\llytpvtl.ini C:\WINDOWS\system32\jlkkj.bak1 C:\WINDOWS\system32\jlkkj.bak2 C:\WINDOWS\system32\jlkkj.ini2 C:\WINDOWS\system32\jlkkj.tmp C:\WINDOWS\system32\jmllm.bak1 C:\WINDOWS\system32\jmllm.ini C:\WINDOWS\system32\kjkmp.bak1 C:\WINDOWS\system32\kjkmp.ini C:\WINDOWS\system32\kjkmp.tmp C:\WINDOWS\system32\rttss.bak1 C:\WINDOWS\system32\rttss.tmp C:\WINDOWS\system32\sttss.bak1 C:\WINDOWS\system32\sttss.ini C:\WINDOWS\system32\stutv.bak1 C:\WINDOWS\system32\stutv.ini C:\WINDOWS\system32\jlkkj.bak1 C:\WINDOWS\system32\jlkkj.bak2 C:\WINDOWS\system32\jlkkj.ini2 C:\WINDOWS\system32\jlkkj.tmp C:\WINDOWS\system32\yybeg.bak2 C:\WINDOWS\system32\yybeg.ini2 C:\WINDOWS\system32\yybeg.tmp C:\WINDOWS\system32\mllmn.dll C:\WINDOWS\Cursors\msw.dll * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * C:\WINDOWS\system32\mllmn.dll ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\Owner\APPLIC~1.\.rdr.ini C:\DOCUME~1\Owner\MYDOCU~1.\fnts~1 C:\Documents and Settings\All Users.\documents\settings . . . . failed to delete C:\Documents and Settings\All Users.\documents\settings\bot.dll . . . . failed to delete C:\Documents and Settings\All Users.\documents\settings\desktop.ini C:\Temp\0b9 C:\Temp\0b9\tmpTF.log C:\Temp\17O7 C:\Temp\17O7\tmpTF.log C:\Temp\tn3 C:\WINDOWS\cs_cache.ini C:\WINDOWS\csrss.exe C:\WINDOWS\Cursors\ntp2.ini C:\WINDOWS\rau001978.exe C:\WINDOWS\system32\a3dx8.dll . . . . failed to delete C:\WINDOWS\system32\boa.dat C:\WINDOWS\system32\comi.dll C:\WINDOWS\system32\nso12k.sys C:\WINDOWS\system32\pog C:\WINDOWS\system32\pppatc~1 C:\WINDOWS\system32\smpi1 C:\WINDOWS\system32\spoolsvv.exe C:\WINDOWS\system32\spoolsvv.sys C:\WINDOWS\system32\T2 C:\WINDOWS\system32\T2\dlb66.exe C:\WINDOWS\system32\T3 C:\WINDOWS\system32\T3\dlltk67.exe C:\WINDOWS\system32\T4 C:\WINDOWS\System32\Unea29.sys C:\WINDOWS\system32\wmvds32.dll C:\WINDOWS\system32\xpdx.sys C:\WINDOWS\wr.txt ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_CORE -------\LEGACY_DRIVER -------\LEGACY_ICF -------\LEGACY_NET_AGENT -------\LEGACY_UNEA29 -------\Driver -------\RpcApi -------\Unea29 -------\xpdx ((((((((((((((((((((((((( Files Created from 2007-05-06 to 2007-06-06 ))))))))))))))))))))))))))))))) 2007-06-06 07:28 <DIR> d-------- C:\Avenger 2007-06-06 07:12 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-05 22:42 14,868 --a------ C:\WINDOWS\system32\ltmckapk.exe 2007-06-05 22:42 10,752 --a------ C:\WINDOWS\system32\j2261636.dll 2007-06-04 20:46 2,580 --a------ C:\WINDOWS\system32\niteeetq.exe 2007-06-04 20:46 131,124 --a------ C:\WINDOWS\system32\yecqysoj.dll 2007-06-04 20:42 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-06-04 19:50 4,454 --a------ C:\WINDOWS\system32\tmp.reg 2007-06-04 09:55 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-06-04 08:50 <DIR> d-------- C:\Deckard 2007-06-04 08:41 <DIR> d-------- C:\WINDOWS\LastGood 2007-06-04 03:58 8,641 --a------ C:\WINDOWS\system32\4030397943.exe 2007-06-03 22:25 <DIR> d--h----- C:\Program Files\WindowsUpdate 2007-06-03 21:36 <DIR> d-------- C:\Program Files\SpywareGuard 2007-06-03 21:02 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-06-03 21:01 <DIR> d-------- C:\WINDOWS\LastGood.Tmp 2007-06-03 19:27 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Lavasoft 2007-06-03 19:25 <DIR> d-------- C:\Program Files\Lavasoft 2007-06-03 18:53 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Talkback 2007-06-03 18:05 2,580 --a------ C:\WINDOWS\system32\wridrmyj.exe 2007-06-03 16:02 1,835,008 --ah----- C:\DOCUME~1\ADMINI~1\ntuser.dat 2007-06-03 16:02 <DIR> d-------- C:\DOCUME~1\ADMINI~1\WINDOWS 2007-06-03 16:02 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\You've Got Pictures Screensaver 2007-06-03 16:02 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec 2007-06-03 16:02 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\CyberLink 2007-06-03 15:36 263,220 --------- C:\WINDOWS\system32\mllmn.dll 2007-06-03 15:17 <DIR> d-------- C:\Program Files\PCPitstop 2007-06-03 10:17 1 --a------ C:\WINDOWS\system32\ps.dat 2007-06-03 09:34 19,520 --a------ C:\WINDOWS\system32\W6b2c62p.exe 2007-06-03 09:12 2,580 --a------ C:\WINDOWS\system32\drtvhrcn.exe 2007-06-03 09:12 131,124 --a------ C:\WINDOWS\system32\bvbdhunv.dll 2007-06-03 08:08 169,984 --a------ C:\WINDOWS\system32\xloigsu.dll 2007-06-03 07:21 2,580 --a------ C:\WINDOWS\system32\mtdwdjjp.exe 2007-06-03 07:13 40,960 --a------ C:\WINDOWS\retadpu27.exe 2007-06-03 07:13 1,632 --a------ C:\WINDOWS\system32\sqvxga7met4.exe 2007-06-03 07:13 1,632 --a------ C:\WINDOWS\system32\sqvxga6met3.exe 2007-06-03 07:13 1,632 --a------ C:\WINDOWS\system32\sqvx5gamet2.exe 2007-06-03 07:11 <DIR> d-------- C:\WINDOWS\system32\T5QaSQ 2007-06-03 07:11 <DIR> d-------- C:\Temp\x2b 2007-06-03 07:10 14,390 --a------ C:\sysloxt.exe 2007-06-02 14:52 131,124 --a------ C:\WINDOWS\system32\engrhrjj.dll 2007-06-02 14:46 2,580 --a------ C:\WINDOWS\system32\pdbrqwhj.exe 2007-06-02 07:16 2,580 --a------ C:\WINDOWS\system32\fuskuomt.exe 2007-06-02 07:13 131,124 --a------ C:\WINDOWS\system32\meeaseaq.dll 2007-05-30 21:29 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Gaijin Ent 2007-05-30 21:21 <DIR> d-------- C:\Program Files\Stand O Food 2007-05-30 21:20 <DIR> d-------- C:\Program Files\ReflexiveArcade 2007-05-24 19:46 <DIR> d-------- C:\Program Files\Ventrilo 2007-05-24 06:18 <DIR> d---s---- C:\DOCUME~1\Owner\UserData 2007-05-22 22:45 42,496 --a------ C:\WINDOWS\system32\libusb0.dll 2007-05-22 22:45 29,184 --a------ C:\WINDOWS\system32\drivers\libusb0.sys 2007-05-21 18:58 <DIR> d-------- C:\WINDOWS\system32\TQ0 2007-05-21 18:58 <DIR> d-------- C:\WINDOWS\system32\T6 2007-05-21 18:58 <DIR> d-------- C:\WINDOWS\system32\T1QaSQ 2007-05-18 19:47 8,464 --a------ C:\WINDOWS\system32\sporder.dll 2007-05-18 19:45 14,390 --a------ C:\sysrrpf.exe 2007-05-18 19:23 <DIR> d-------- C:\Program Files\LittleFighter2 2007-05-18 19:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com 2007-05-18 19:17 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-05-18 19:17 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\SUPERAntiSpyware.com 2007-05-18 19:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-05-18 18:48 335,565 --a------ C:\Temp\gorPUS.exe 2007-05-18 18:48 <DIR> d-------- C:\WINDOWS\system32\SBO 2007-05-18 18:48 <DIR> d-------- C:\Temp 2007-05-10 06:50 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Real (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-05 23:41:30 -------- d-----w C:\Program Files\Messenger 2007-06-04 15:51:18 -------- d--h--w C:\Program Files\Movies 2007-06-04 02:08:19 -------- d-----w C:\Program Files\AIM6 2007-06-04 02:00:49 -------- d-----w C:\Program Files\7-Zip 2007-06-04 01:19:13 -------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-06-04 01:19:03 -------- d-----w C:\Program Files\Norton AntiVirus 2007-06-04 01:18:57 -------- d-----w C:\Program Files\Digital Media Reader 2007-06-04 01:18:55 -------- d-----w C:\Program Files\QuickTime 2007-06-04 01:17:53 -------- d-----w C:\Program Files\PowerISO 2007-06-03 13:05:21 -------- d-----w C:\Program Files\Project64 1.6 2007-06-03 12:13:26 -------- d-----w C:\Program Files\Max Registry Cleaner 2007-06-03 11:14:22 14,336 ----a-w C:\WINDOWS\system32\svchost.exe 2007-06-03 11:12:39 13,444 ------w C:\WINDOWS\system32\a3dx8.dll 2007-06-02 00:28:20 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Azureus 2007-06-02 00:26:09 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\AdobeUM 2007-05-31 00:43:17 -------- d-----w C:\Program Files\World of Warcraft 2007-05-24 22:55:09 -------- d-----w C:\Program Files\Hewlett-Packard 2007-05-24 22:55:06 -------- d-----w C:\Program Files\HP 2007-05-19 23:40:29 0 --sha-w C:\Program Files\Common Files\Yazzle1281OinAdmin.exe 2007-05-19 01 10 -------- d-----w C:\Program Files\MSN Gaming Zone2007-05-19 00:04:12 -------- d-----w C:\Program Files\Intel 2007-05-03 01:39:07 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-05-03 01:35:10 -------- d-----w C:\Program Files\OLYMPUS 2007-05-03 01:33:41 -------- d-----w C:\Program Files\PIXELA 2007-05-03 01:33:34 -------- d-----w C:\Program Files\Common Files\InstallShield 2007-04-30 11:11:01 -------- d-----w C:\Program Files\AutoGK 2007-04-30 11:10:53 43,602 ----a-w C:\WINDOWS\system32\xvid-uninstall.exe 2007-04-30 11:10:27 -------- d-----w C:\Program Files\AviSynth 2.5 2007-04-26 22:31:41 -------- d-----w C:\Program Files\Electronic Arts 2007-04-26 12:56:45 -------- d-----w C:\Program Files\Xilisoft 2007-04-24 03:34:16 -------- d-----w C:\Program Files\DivX 2007-04-24 03:27:51 -------- d-----w C:\Program Files\Gabest 2007-04-24 03:04:34 -------- d-----w C:\Program Files\DVD Decrypter 2007-04-23 22:40:02 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\DivX 2007-04-20 17:55:34 1,019,904 ----a-w C:\WINDOWS\system32\VchReg.dll 2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-18 02:07:09 -------- d-----w C:\Program Files\iPod 2007-04-18 00:47:47 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\U3 2007-04-18 00:11:19 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Apple Computer 2007-04-18 00:10:07 -------- d-----w C:\Program Files\iTunes 2007-04-16 23:23:35 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Lionhead Studios 2007-04-16 22:53:22 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-04-16 22:44:56 -------- d-----w C:\Program Files\Lionhead Studios Ltd 2007-04-16 02:57:47 223,128 ----a-w C:\WINDOWS\system32\drivers\vaxscsi.sys 2007-04-16 02:57:40 -------- d-----w C:\Program Files\Alcohol Soft 2007-04-16 02:53:09 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd8557.sys 2007-04-16 02:53:09 643,072 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-04-16 02:20:14 -------- d-----w C:\Program Files\Infinite Mind LC 2007-04-13 23:29:22 -------- d-----w C:\Program Files\WinXMedia 2007-04-11 04:21:03 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Microsoft Web Folders 2007-04-11 04:20:31 -------- d-----w C:\Program Files\microsoft frontpage 2007-04-11 01:19:19 81,984 ----a-w C:\WINDOWS\system32\bdod.bin 2007-04-10 04 21 -------- d-----w C:\Program Files\MTV Networks2007-04-09 15:23:28 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\acccore 2007-04-09 15:17:11 -------- d-----w C:\Program Files\Common Files\AOL 2007-04-09 15:14:23 -------- d-----w C:\Program Files\AIM 2007-04-09 15:14:16 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Aim 2007-04-09 14:43:48 -------- d-----w C:\Program Files\Windows Media Connect 2 2007-04-09 03:55:34 -------- d-----w C:\Program Files\AOD 2007-04-09 03:47:47 -------- d-----w C:\Program Files\Warcraft III 2007-04-09 03:47:43 -------- d-----w C:\Program Files\Common Files\aolshare 2007-04-09 03:47:43 -------- d-----w C:\Program Files\America Online 9.0 2007-04-09 03:46:20 -------- d-----w C:\Program Files\AOL Toolbar 2007-04-08 21:40:46 60 ----a-w C:\WINDOWS\system32\SYSDRV.DAT 2007-04-08 21:38:46 -------- d-----w C:\Program Files\Windows NT 2007-04-08 21:38:41 -------- d-----w C:\Program Files\Movie Maker 2007-04-06 17:43:50 -------- d-----w C:\Program Files\VideoLAN 2007-04-06 15:43:39 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Ahead 2007-04-06 14 10 -------- d-----w C:\Program Files\Common Files\Ahead2007-04-06 14:03:00 -------- d-----w C:\Program Files\Nero 2007-04-04 14:17:09 54,915 ----a-w C:\WINDOWS\War3Unin.dat 2007-04-04 14:16:24 2,829 ----a-w C:\WINDOWS\War3Unin.pif 2007-04-04 14:16:24 139,264 ----a-w C:\WINDOWS\War3Unin.exe 2007-03-28 23:32:41 1,168 ----a-w C:\WINDOWS\mozver.dat 2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-14 23:27:58 972,336 ----a-w C:\WINDOWS\UNRecode.exe 2007-03-14 23:19:56 95,864 ----a-w C:\WINDOWS\system32\NeroCo.dll 2007-03-14 23:19:26 972,336 ----a-w C:\WINDOWS\UNNeroBackItUp.exe 2007-03-12 17:51:08 972,336 ----a-w C:\WINDOWS\UNNeroMediaHome.exe 2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {4A368E80-174F-4872-96B5-0B27DDD11DB2}=C:\Program Files\SpywareGuard\dlprotect.dll [2003-08-02 23:24] {5F935EA5-A57D-43F2-8409-BA8CEA508289}=C:\WINDOWS\system32\mllmn.dll [2007-06-03 15:36] {6F533C2A-D436-4894-B878-33D5F0C55FE1}=C:\WINDOWS\system32\gebyy.dll [] {E37FF575-FA89-40E6-B704-3A24555BD3Ec}=C:\WINDOWS\system32\qiqfrdkg.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2004-01-09 13:54 C:\WINDOWS\SOUNDMAN.EXE] "nwiz"="nwiz.exe" [2004-03-03 20:29 C:\WINDOWS\system32\nwiz.exe] "nForce Tray Options"="sstray.exe" [2003-09-03 04:25 C:\WINDOWS\system32\sstray.exe] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 05:42] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-08-15 03:59] "SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-03-12 01:18] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 13:55] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-03-28 19:08] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-01-20 03:09] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-12-18 00:20] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-17 20:10] "{ZN}"="C:\Documents and Settings\Owner\Desktop\TISKY002.exe" [] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38] "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2004-09-23 20:47] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-05-30 08:30] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49] "Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-03-23 17:18] "Cbrqnr"="C:\Documents and Settings\Owner\My Documents\F?nts\t?skmgr.exe" [] "Service Pack 1"="C:\WINDOWS\system32\vexg6ame4.exe" [] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce] "combofix"=C:\WINDOWS\system32\cmd.exe /c C:\ComboFix\Combobatch.bat [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 08:29] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "{F03ACDCF-5A90-6765-2422-71CEC1B369B9}"="C:\WINDOWS\system32\ii.dll" [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\A3dxq] C:\WINDOWS\system32\a3dx8.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\botreg] C:\Documents and Settings\All Users\Documents\Settings\bot.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfcbab] khfcbab.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mllmn] C:\WINDOWS\system32\mllmn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtussts] vtussts.dll HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs* [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] AutoRun\command- E:\LaunchCD.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24dd31f2-ed46-11db-b9a5-000fb502b53a}] AutoRun\command- J:\LaunchU3.exe Contents of the 'Scheduled Tasks' folder 2007-03-28 08:29:03 C:\WINDOWS\tasks\ISP signup reminder 1.job 2007-06-02 00:00:00 C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job 2004-09-24 00:50:53 C:\WINDOWS\tasks\Symantec NetDetect.job ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-06 07:29:58 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-06-06 7:32:58 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-06-06 07:32 --- E O F --- Thank you for replying quickly. My computer again wont allow me to go into normal mode. It gets to the blue screen that say Windows is starting up and then restarts as if I shut off my computer. Anyways here is the combofix.txt (ran in safe mode) |
|
|
|
|
06-06-2007, 10:04 AM
|
#5 (permalink) | |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,987
OS: WinXP and Vista
|
Re: Windows cant run in normal mode
Hiya,
As I mentioned earlier, this system is terribly infected with numerous infections and rootkits and will take a few rounds to knock it out of there.  Open notepad and copy/paste the text in the quotebox below into it: Quote:
 Refering to the picture above, drag ComboFix-Do.txt into ComboFix.exe Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall -------------------------------------------------------------------------- Run ComboFix a second time: Double click on combofix.exe & follow the prompts. -------------------------------------------------------------------------- Please include both ComboFix reports in your next reply in the following order: C:\ComboFix2.txt C:\ComboFix.txt Last edited by Ried; 06-06-2007 at 10:08 AM. |
|
|
|
|
|
06-06-2007, 01:52 PM
|
#6 (permalink) |
|
Registered User
Join Date: Dec 2006
Posts: 26
OS: WinXP
|
Re: Windows cant run in normal mode
My computer now starts up into normal mode without a problem.
ComboFix.txt "Owner" - 2007-06-06 12:46:35 Service Pack 2 NTFS Command switches used :: C:\Documents and Settings\Owner\Desktop\ComboFix-Do.txt (((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\nmllm.bak1 C:\WINDOWS\system32\nmllm.ini C:\WINDOWS\system32\nmllm.bak1 C:\WINDOWS\system32\nmllm.ini C:\WINDOWS\system32\mllmn.dll * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Documents and Settings\All Users.\documents\settings C:\Documents and Settings\All Users.\documents\settings\bot.dll C:\Documents and Settings\All Users.\documents\settings\desktop.ini C:\WINDOWS\system32\a3dx8.dll C:\WINDOWS\system32\mllmn.dll ((((((((((((((((((((((((( Files Created from 2007-05-06 to 2007-06-06 ))))))))))))))))))))))))))))))) 2007-06-06 14:08 131,124 --a------ C:\WINDOWS\system32\heqmptxt.dll 2007-06-06 13:25 131,124 --a------ C:\WINDOWS\system32\gpckcqdc.dll 2007-06-06 13:22 55,316 --a------ C:\WINDOWS\system32\pbietmdi.dll 2007-06-06 07:32 131,124 --a------ C:\WINDOWS\system32\cmtaexfb.dll 2007-06-06 07:28 <DIR> d-------- C:\Avenger 2007-06-06 07:12 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-04 20:42 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-06-04 19:50 4,454 --a------ C:\WINDOWS\system32\tmp.reg 2007-06-04 08:50 <DIR> d-------- C:\Deckard 2007-06-03 22:25 <DIR> d--h----- C:\Program Files\WindowsUpdate 2007-06-03 21:36 <DIR> d-------- C:\Program Files\SpywareGuard 2007-06-03 21:02 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-06-03 19:27 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Lavasoft 2007-06-03 19:25 <DIR> d-------- C:\Program Files\Lavasoft 2007-06-03 18:53 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Talkback 2007-06-03 16:02 1,835,008 --ah----- C:\DOCUME~1\ADMINI~1\ntuser.dat 2007-06-03 16:02 <DIR> d-------- C:\DOCUME~1\ADMINI~1\WINDOWS 2007-06-03 16:02 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\You've Got Pictures Screensaver 2007-06-03 16:02 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec 2007-06-03 16:02 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\CyberLink 2007-06-03 15:17 <DIR> d-------- C:\Program Files\PCPitstop 2007-06-03 10:17 1 --a------ C:\WINDOWS\system32\ps.dat 2007-05-30 21:29 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Gaijin Ent 2007-05-30 21:21 <DIR> d-------- C:\Program Files\Stand O Food 2007-05-30 21:20 <DIR> d-------- C:\Program Files\ReflexiveArcade 2007-05-24 19:46 <DIR> d-------- C:\Program Files\Ventrilo 2007-05-24 06:18 <DIR> d---s---- C:\DOCUME~1\Owner\UserData 2007-05-22 22:45 42,496 --a------ C:\WINDOWS\system32\libusb0.dll 2007-05-22 22:45 29,184 --a------ C:\WINDOWS\system32\drivers\libusb0.sys 2007-05-21 18:58 <DIR> d-------- C:\WINDOWS\system32\TQ0 2007-05-21 18:58 <DIR> d-------- C:\WINDOWS\system32\T6 2007-05-18 19:47 8,464 --a------ C:\WINDOWS\system32\sporder.dll 2007-05-18 19:23 <DIR> d-------- C:\Program Files\LittleFighter2 2007-05-18 19:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com 2007-05-18 19:17 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-05-18 19:17 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\SUPERAntiSpyware.com 2007-05-18 19:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-05-10 06:50 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Real (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-06 17:10:47 -------- d-----w C:\Program Files\MSN Gaming Zone 2007-06-05 23:41:30 -------- d-----w C:\Program Files\Messenger 2007-06-04 15:51:18 -------- d--h--w C:\Program Files\Movies 2007-06-04 02:08:19 -------- d-----w C:\Program Files\AIM6 2007-06-04 02:00:49 -------- d-----w C:\Program Files\7-Zip 2007-06-04 01:19:13 -------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-06-04 01:19:03 -------- d-----w C:\Program Files\Norton AntiVirus 2007-06-04 01:18:57 -------- d-----w C:\Program Files\Digital Media Reader 2007-06-04 01:18:55 -------- d-----w C:\Program Files\QuickTime 2007-06-04 01:17:53 -------- d-----w C:\Program Files\PowerISO 2007-06-03 13:05:21 -------- d-----w C:\Program Files\Project64 1.6 2007-06-03 12:13:26 -------- d-----w C:\Program Files\Max Registry Cleaner 2007-06-03 11:14:22 14,336 ----a-w C:\WINDOWS\system32\svchost.exe 2007-06-02 00:28:20 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Azureus 2007-06-02 00:26:09 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\AdobeUM 2007-05-31 00:43:17 -------- d-----w C:\Program Files\World of Warcraft 2007-05-24 22:55:09 -------- d-----w C:\Program Files\Hewlett-Packard 2007-05-24 22:55:06 -------- d-----w C:\Program Files\HP 2007-05-19 00:04:12 -------- d-----w C:\Program Files\Intel 2007-05-03 01:39:07 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-05-03 01:35:10 -------- d-----w C:\Program Files\OLYMPUS 2007-05-03 01:33:41 -------- d-----w C:\Program Files\PIXELA 2007-05-03 01:33:34 -------- d-----w C:\Program Files\Common Files\InstallShield 2007-04-30 11:11:01 -------- d-----w C:\Program Files\AutoGK 2007-04-30 11:10:53 43,602 ----a-w C:\WINDOWS\system32\xvid-uninstall.exe 2007-04-30 11:10:27 -------- d-----w C:\Program Files\AviSynth 2.5 2007-04-26 22:31:41 -------- d-----w C:\Program Files\Electronic Arts 2007-04-26 12:56:45 -------- d-----w C:\Program Files\Xilisoft 2007-04-24 03:34:16 -------- d-----w C:\Program Files\DivX 2007-04-24 03:27:51 -------- d-----w C:\Program Files\Gabest 2007-04-24 03:04:34 -------- d-----w C:\Program Files\DVD Decrypter 2007-04-23 22:40:02 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\DivX 2007-04-20 17:55:34 1,019,904 ----a-w C:\WINDOWS\system32\VchReg.dll 2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-18 02:07:09 -------- d-----w C:\Program Files\iPod 2007-04-18 00:47:47 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\U3 2007-04-18 00:11:19 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Apple Computer 2007-04-18 00:10:07 -------- d-----w C:\Program Files\iTunes 2007-04-16 23:23:35 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Lionhead Studios 2007-04-16 22:53:22 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-04-16 22:44:56 -------- d-----w C:\Program Files\Lionhead Studios Ltd 2007-04-16 02:57:47 223,128 ----a-w C:\WINDOWS\system32\drivers\vaxscsi.sys 2007-04-16 02:57:40 -------- d-----w C:\Program Files\Alcohol Soft 2007-04-16 02:53:09 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd8557.sys 2007-04-16 02:53:09 643,072 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-04-16 02:20:14 -------- d-----w C:\Program Files\Infinite Mind LC 2007-04-13 23:29:22 -------- d-----w C:\Program Files\WinXMedia 2007-04-11 04:21:03 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Microsoft Web Folders 2007-04-11 04:20:31 -------- d-----w C:\Program Files\microsoft frontpage 2007-04-11 01:19:19 81,984 ----a-w C:\WINDOWS\system32\bdod.bin 2007-04-10 04 21 -------- d-----w C:\Program Files\MTV Networks2007-04-09 15:23:28 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\acccore 2007-04-09 15:17:11 -------- d-----w C:\Program Files\Common Files\AOL 2007-04-09 15:14:23 -------- d-----w C:\Program Files\AIM 2007-04-09 15:14:16 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Aim 2007-04-09 14:43:48 -------- d-----w C:\Program Files\Windows Media Connect 2 2007-04-09 03:55:34 -------- d-----w C:\Program Files\AOD 2007-04-09 03:47:47 -------- d-----w C:\Program Files\Warcraft III 2007-04-09 03:47:43 -------- d-----w C:\Program Files\Common Files\aolshare 2007-04-09 03:47:43 -------- d-----w C:\Program Files\America Online 9.0 2007-04-09 03:46:20 -------- d-----w C:\Program Files\AOL Toolbar 2007-04-08 21:40:46 60 ----a-w C:\WINDOWS\system32\SYSDRV.DAT 2007-04-08 21:38:46 -------- d-----w C:\Program Files\Windows NT 2007-04-08 21:38:41 -------- d-----w C:\Program Files\Movie Maker 2007-04-06 17:43:50 -------- d-----w C:\Program Files\VideoLAN 2007-04-06 15:43:39 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Ahead 2007-04-06 14 10 -------- d-----w C:\Program Files\Common Files\Ahead2007-04-06 14:03:00 -------- d-----w C:\Program Files\Nero 2007-04-04 14:17:09 54,915 ----a-w C:\WINDOWS\War3Unin.dat 2007-04-04 14:16:24 2,829 ----a-w C:\WINDOWS\War3Unin.pif 2007-04-04 14:16:24 139,264 ----a-w C:\WINDOWS\War3Unin.exe 2007-03-28 23:32:41 1,168 ----a-w C:\WINDOWS\mozver.dat 2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-14 23:27:58 972,336 ----a-w C:\WINDOWS\UNRecode.exe 2007-03-14 23:19:56 95,864 ----a-w C:\WINDOWS\system32\NeroCo.dll 2007-03-14 23:19:26 972,336 ----a-w C:\WINDOWS\UNNeroBackItUp.exe 2007-03-12 17:51:08 972,336 ----a-w C:\WINDOWS\UNNeroMediaHome.exe 2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {4A368E80-174F-4872-96B5-0B27DDD11DB2}=C:\Program Files\SpywareGuard\dlprotect.dll [2003-08-02 23:24] {6F533C2A-D436-4894-B878-33D5F0C55FE1}=C:\WINDOWS\system32\gebyy.dll [] {92A444D2-F945-4dd9-89A1-896A6C2D8D22}=C:\WINDOWS\system32\pbietmdi.dll [2007-06-06 13:22] {E37FF575-FA89-40E6-B704-3A24555BD3Ec}=C:\WINDOWS\system32\qiqfrdkg.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-05-30 08:30] "SoundMan"="SOUNDMAN.EXE" [2004-01-09 13:54 C:\WINDOWS\SOUNDMAN.EXE] "nwiz"="nwiz.exe" [2004-03-03 20:29 C:\WINDOWS\system32\nwiz.exe] "nForce Tray Options"="sstray.exe" [2003-09-03 04:25 C:\WINDOWS\system32\sstray.exe] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 05:42] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-08-15 03:59] "SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-03-12 01:18] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 13:55] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-03-28 19:08] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-01-20 03:09] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-12-18 00:20] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-17 20:10] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38] "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2004-09-23 20:47] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49] "Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-03-23 17:18] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 08:29] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "{F03ACDCF-5A90-6765-2422-71CEC1B369B9}"="C:\WINDOWS\system32\ii.dll" [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtussts] vtussts.dll HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs* [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] AutoRun\command- E:\LaunchCD.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24dd31f2-ed46-11db-b9a5-000fb502b53a}] AutoRun\command- J:\LaunchU3.exe *Newly Created Service* - PCANDIS5 Contents of the 'Scheduled Tasks' folder 2007-03-28 08:29:03 C:\WINDOWS\tasks\ISP signup reminder 1.job 2007-06-02 00:00:00 C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job 2004-09-24 00:50:53 C:\WINDOWS\tasks\Symantec NetDetect.job ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-06 14:33:43 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-06-06 14:43:44 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-06-06 14:43 C:\ComboFix2.txt ... 2007-06-06 13:35 --- E O F --- ComboFix2.txt "Owner" - 2007-06-06 15:07:31 Service Pack 2 NTFS [SAFE MODE] Command switches used :: C:\Documents and Settings\Owner\Desktop\ComboFix-Do.txt (((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\nmllm.ini C:\WINDOWS\system32\mllmn.dll * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * C:\WINDOWS\system32\mllmn.dll ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\Owner\APPLIC~1\Microsoft\20509.dat C:\Documents and Settings\All Users.\documents\settings . . . . failed to delete C:\Documents and Settings\All Users.\documents\settings\bot.dll . . . . failed to delete C:\Documents and Settings\All Users.\documents\settings\desktop.ini C:\Program Files\Common Files\Yazzle1281OinAdmin.exe C:\Program Files\MSN Gaming Zone\lawun.dll C:\sysloxt.exe C:\sysrrpf.exe C:\Temp C:\Temp\debug.txt C:\Temp\gorPUS.exe C:\Temp\x2b\tmpZTF.log C:\WINDOWS\retadpu27.exe C:\WINDOWS\system32\4030397943.exe C:\WINDOWS\system32\a3dx8.dll . . . . failed to delete C:\WINDOWS\system32\bvbdhunv.dll C:\WINDOWS\system32\d3d9caps.dat C:\WINDOWS\system32\dlh9jkd1q1.exe C:\WINDOWS\system32\dlh9jkd1q2.exe C:\WINDOWS\system32\dlh9jkd1q6.exe C:\WINDOWS\system32\dlh9jkd1q7.exe C:\WINDOWS\system32\drtvhrcn.exe C:\WINDOWS\system32\engrhrjj.dll C:\WINDOWS\system32\fuskuomt.exe C:\WINDOWS\system32\j2261636.dll C:\WINDOWS\system32\ltmckapk.exe C:\WINDOWS\system32\max1d164v.exe C:\WINDOWS\system32\meeaseaq.dll C:\WINDOWS\system32\mllmn.dll . . . . failed to delete C:\WINDOWS\system32\mtdwdjjp.exe C:\WINDOWS\system32\niteeetq.exe C:\WINDOWS\system32\pdbrqwhj.exe C:\WINDOWS\system32\SBO C:\WINDOWS\system32\sqvx5gamet2.exe C:\WINDOWS\system32\sqvxga6met3.exe C:\WINDOWS\system32\sqvxga7met4.exe C:\WINDOWS\system32\T1QaSQ C:\WINDOWS\system32\T5QaSQ C:\WINDOWS\system32\vexg4am1et2.exe C:\WINDOWS\system32\vexga3me2.exe C:\WINDOWS\system32\vexga4m1et4.exe C:\WINDOWS\system32\vexga4me1.exe C:\WINDOWS\system32\vexga5me3.exe C:\WINDOWS\system32\W6b2c62p.exe C:\WINDOWS\system32\wridrmyj.exe C:\WINDOWS\system32\xloigsu.dll C:\WINDOWS\system32\yecqysoj.dll ((((((((((((((((((((((((( Files Created from 2007-05-06 to 2007-06-06 ))))))))))))))))))))))))))))))) 2007-06-06 13:22 55,316 --a------ C:\WINDOWS\system32\pbietmdi.dll 2007-06-06 13:17 1,808,809 ---hs---- C:\WINDOWS\system32\nmllm.bak1 2007-06-06 07:32 131,124 --a------ C:\WINDOWS\system32\cmtaexfb.dll 2007-06-06 07:28 <DIR> d-------- C:\Avenger 2007-06-06 07:12 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-04 20:42 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-06-04 19:50 4,454 --a------ C:\WINDOWS\system32\tmp.reg 2007-06-04 08:50 <DIR> d-------- C:\Deckard 2007-06-04 08:41 <DIR> d-------- C:\WINDOWS\LastGood 2007-06-03 22:25 <DIR> d--h----- C:\Program Files\WindowsUpdate 2007-06-03 21:36 <DIR> d-------- C:\Program Files\SpywareGuard 2007-06-03 21:02 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-06-03 19:27 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Lavasoft 2007-06-03 19:25 <DIR> d-------- C:\Program Files\Lavasoft 2007-06-03 18:53 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Talkback 2007-06-03 16:02 1,835,008 --ah----- C:\DOCUME~1\ADMINI~1\ntuser.dat 2007-06-03 16:02 <DIR> d-------- C:\DOCUME~1\ADMINI~1\WINDOWS 2007-06-03 16:02 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\You've Got Pictures Screensaver 2007-06-03 16:02 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec 2007-06-03 16:02 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\CyberLink 2007-06-03 15:36 263,220 --------- C:\WINDOWS\system32\mllmn.dll 2007-06-03 15:17 <DIR> d-------- C:\Program Files\PCPitstop 2007-06-03 10:17 1 --a------ C:\WINDOWS\system32\ps.dat 2007-05-30 21:29 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Gaijin Ent 2007-05-30 21:21 <DIR> d-------- C:\Program Files\Stand O Food 2007-05-30 21:20 <DIR> d-------- C:\Program Files\ReflexiveArcade 2007-05-24 19:46 <DIR> d-------- C:\Program Files\Ventrilo 2007-05-24 06:18 <DIR> d---s---- C:\DOCUME~1\Owner\UserData 2007-05-22 22:45 42,496 --a------ C:\WINDOWS\system32\libusb0.dll 2007-05-22 22:45 29,184 --a------ C:\WINDOWS\system32\drivers\libusb0.sys 2007-05-21 18:58 <DIR> d-------- C:\WINDOWS\system32\TQ0 2007-05-21 18:58 <DIR> d-------- C:\WINDOWS\system32\T6 2007-05-18 19:47 8,464 --a------ C:\WINDOWS\system32\sporder.dll 2007-05-18 19:23 <DIR> d-------- C:\Program Files\LittleFighter2 2007-05-18 19:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com 2007-05-18 19:17 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-05-18 19:17 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\SUPERAntiSpyware.com 2007-05-18 19:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-05-10 06:50 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Real (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-06 17:25:45 131,124 ----a-w C:\WINDOWS\system32\gpckcqdc.dll 2007-06-06 17:10:47 -------- d-----w C:\Program Files\MSN Gaming Zone 2007-06-05 23:41:30 -------- d-----w C:\Program Files\Messenger 2007-06-04 15:51:18 -------- d--h--w C:\Program Files\Movies 2007-06-04 02:08:19 -------- d-----w C:\Program Files\AIM6 2007-06-04 02:00:49 -------- d-----w C:\Program Files\7-Zip 2007-06-04 01:19:13 -------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-06-04 01:19:03 -------- d-----w C:\Program Files\Norton AntiVirus 2007-06-04 01:18:57 -------- d-----w C:\Program Files\Digital Media Reader 2007-06-04 01:18:55 -------- d-----w C:\Program Files\QuickTime 2007-06-04 01:17:53 -------- d-----w C:\Program Files\PowerISO 2007-06-03 13:05:21 -------- d-----w C:\Program Files\Project64 1.6 2007-06-03 12:13:26 -------- d-----w C:\Program Files\Max Registry Cleaner 2007-06-03 11:14:22 14,336 ----a-w C:\WINDOWS\system32\svchost.exe 2007-06-03 11:12:39 13,444 ------w C:\WINDOWS\system32\a3dx8.dll 2007-06-02 00:28:20 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Azureus 2007-06-02 00:26:09 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\AdobeUM 2007-05-31 00:43:17 -------- d-----w C:\Program Files\World of Warcraft 2007-05-24 22:55:09 -------- d-----w C:\Program Files\Hewlett-Packard 2007-05-24 22:55:06 -------- d-----w C:\Program Files\HP 2007-05-19 00:04:12 -------- d-----w C:\Program Files\Intel 2007-05-03 01:39:07 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-05-03 01:35:10 -------- d-----w C:\Program Files\OLYMPUS 2007-05-03 01:33:41 -------- d-----w C:\Program Files\PIXELA 2007-05-03 01:33:34 -------- d-----w C:\Program Files\Common Files\InstallShield 2007-04-30 11:11:01 -------- d-----w C:\Program Files\AutoGK 2007-04-30 11:10:53 43,602 ----a-w C:\WINDOWS\system32\xvid-uninstall.exe 2007-04-30 11:10:27 -------- d-----w C:\Program Files\AviSynth 2.5 2007-04-26 22:31:41 -------- d-----w C:\Program Files\Electronic Arts 2007-04-26 12:56:45 -------- d-----w C:\Program Files\Xilisoft 2007-04-24 03:34:16 -------- d-----w C:\Program Files\DivX 2007-04-24 03:27:51 -------- d-----w C:\Program Files\Gabest 2007-04-24 03:04:34 -------- d-----w C:\Program Files\DVD Decrypter 2007-04-23 22:40:02 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\DivX 2007-04-20 17:55:34 1,019,904 ----a-w C:\WINDOWS\system32\VchReg.dll 2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-18 02:07:09 -------- d-----w C:\Program Files\iPod 2007-04-18 00:47:47 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\U3 2007-04-18 00:11:19 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Apple Computer 2007-04-18 00:10:07 -------- d-----w C:\Program Files\iTunes 2007-04-16 23:23:35 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Lionhead Studios 2007-04-16 22:53:22 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-04-16 22:44:56 -------- d-----w C:\Program Files\Lionhead Studios Ltd 2007-04-16 02:57:47 223,128 ----a-w C:\WINDOWS\system32\drivers\vaxscsi.sys 2007-04-16 02:57:40 -------- d-----w C:\Program Files\Alcohol Soft 2007-04-16 02:53:09 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd8557.sys 2007-04-16 02:53:09 643,072 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-04-16 02:20:14 -------- d-----w C:\Program Files\Infinite Mind LC 2007-04-13 23:29:22 -------- d-----w C:\Program Files\WinXMedia 2007-04-11 04:21:03 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Microsoft Web Folders 2007-04-11 04:20:31 -------- d-----w C:\Program Files\microsoft frontpage 2007-04-11 01:19:19 81,984 ----a-w C:\WINDOWS\system32\bdod.bin 2007-04-10 04 21 -------- d-----w C:\Program Files\MTV Networks2007-04-09 15:23:28 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\acccore 2007-04-09 15:17:11 -------- d-----w C:\Program Files\Common Files\AOL 2007-04-09 15:14:23 -------- d-----w C:\Program Files\AIM 2007-04-09 15:14:16 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Aim 2007-04-09 14:43:48 -------- d-----w C:\Program Files\Windows Media Connect 2 2007-04-09 03:55:34 -------- d-----w C:\Program Files\AOD 2007-04-09 03:47:47 -------- d-----w C:\Program Files\Warcraft III 2007-04-09 03:47:43 -------- d-----w C:\Program Files\Common Files\aolshare 2007-04-09 03:47:43 -------- d-----w C:\Program Files\America Online 9.0 2007-04-09 03:46:20 -------- d-----w C:\Program Files\AOL Toolbar 2007-04-08 21:40:46 60 ----a-w C:\WINDOWS\system32\SYSDRV.DAT 2007-04-08 21:38:46 -------- d-----w C:\Program Files\Windows NT 2007-04-08 21:38:41 -------- d-----w C:\Program Files\Movie Maker 2007-04-06 17:43:50 -------- d-----w C:\Program Files\VideoLAN 2007-04-06 15:43:39 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Ahead 2007-04-06 14 10 -------- d-----w C:\Program Files\Common Files\Ahead2007-04-06 14:03:00 -------- d-----w C:\Program Files\Nero 2007-04-04 14:17:09 54,915 ----a-w C:\WINDOWS\War3Unin.dat 2007-04-04 14:16:24 2,829 ----a-w C:\WINDOWS\War3Unin.pif 2007-04-04 14:16:24 139,264 ----a-w C:\WINDOWS\War3Unin.exe 2007-03-28 23:32:41 1,168 ----a-w C:\WINDOWS\mozver.dat 2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-14 23:27:58 972,336 ----a-w C:\WINDOWS\UNRecode.exe 2007-03-14 23:19:56 95,864 ----a-w C:\WINDOWS\system32\NeroCo.dll 2007-03-14 23:19:26 972,336 ----a-w C:\WINDOWS\UNNeroBackItUp.exe 2007-03-12 17:51:08 972,336 ----a-w C:\WINDOWS\UNNeroMediaHome.exe 2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {4A368E80-174F-4872-96B5-0B27DDD11DB2}=C:\Program Files\SpywareGuard\dlprotect.dll [2003-08-02 23:24] {6F533C2A-D436-4894-B878-33D5F0C55FE1}=C:\WINDOWS\system32\gebyy.dll [] {743FBF26-A2D9-4DB6-AD0D-AEF5D2F4648C}=C:\WINDOWS\system32\mllmn.dll [2007-06-03 15:36] {92A444D2-F945-4dd9-89A1-896A6C2D8D22}=C:\WINDOWS\system32\pbietmdi.dll [2007-06-06 13:22] {E37FF575-FA89-40E6-B704-3A24555BD3Ec}=C:\WINDOWS\system32\qiqfrdkg.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2004-01-09 13:54 C:\WINDOWS\SOUNDMAN.EXE] "nwiz"="nwiz.exe" [2004-03-03 20:29 C:\WINDOWS\system32\nwiz.exe] "nForce Tray Options"="sstray.exe" [2003-09-03 04:25 C:\WINDOWS\system32\sstray.exe] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 05:42] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-08-15 03:59] "SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-03-12 01:18] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 13:55] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-03-28 19:08] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-01-20 03:09] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-12-18 00:20] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-17 20:10] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38] "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2004-09-23 20:47] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-05-30 08:30] "ApachInc"="C:\WINDOWS\system32\gpckcqdc.dll" [2007-06-06 13:25] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49] "Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-03-23 17:18] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 08:29] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "{F03ACDCF-5A90-6765-2422-71CEC1B369B9}"="C:\WINDOWS\system32\ii.dll" [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\A3dxq] C:\WINDOWS\system32\a3dx8.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\botreg] C:\Documents and Settings\All Users\Documents\Settings\bot.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mllmn] C:\WINDOWS\system32\mllmn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtussts] vtussts.dll HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs* [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] AutoRun\command- E:\LaunchCD.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24dd31f2-ed46-11db-b9a5-000fb502b53a}] AutoRun\command- J:\LaunchU3.exe *Newly Created Service* - PCANDIS5 Contents of the 'Scheduled Tasks' folder 2007-03-28 08:29:03 C:\WINDOWS\tasks\ISP signup reminder 1.job 2007-06-02 00:00:00 C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job 2004-09-24 00:50:53 C:\WINDOWS\tasks\Symantec NetDetect.job ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-06 15:20:42 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\WINDOWS\system32\pbietmdi.dll scan completed successfully hidden files: 1 ************************************************************************** Completion time: 2007-06-06 15:35:23 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-06-06 15:34 |
|
|
|
|
06-06-2007, 05:47 PM
|
#7 (permalink) | |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,987
OS: WinXP and Vista
|
Re: Windows cant run in normal mode
Hi erb0817,
Don't get too excited yet--we still have some serious work to do. Open notepad and copy/paste the text in the quotebox below into it: Quote:
Refering to the picture above, drag ComboFix-Do.txt into ComboFix.exe Follow the prompts. When finished, it shall produce a log for you. Post the C:\ComboFix.txt in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall ----------------------------------------------------------------------- While you're waiting for me to review the log, please download the Suspicious File Packer --> http://www.safer-networking.org/files/sfp.zip Unzip it to the desktop and run it. Run sfp.exe and paste the following filepath into the Suspicious File Packer window: C:\ QooBox\Quarantine\catchme_date_time.zip Allow SFP to pack the file. This will generate a CAB archive on your desktop. Please submit it to this site --> http://www.bleepingcomputer.com/subm....php?channel=4 Please include a link to this topic in the message. |
|
|
|
|
|
06-07-2007, 05:55 AM
|
#8 (permalink) |
|
Registered User
Join Date: Dec 2006
Posts: 26
OS: WinXP
|
Re: Windows cant run in normal mode
"Owner" - 2007-06-06 23:26:00 Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\Owner\Desktop\ComboFix-Do.txt ((((((((((((((((((((((((( Files Created from 2007-05-07 to 2007-06-07 ))))))))))))))))))))))))))))))) 2007-06-06 07:28 <DIR> d-------- C:\Avenger 2007-06-06 07:12 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-04 20:42 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-06-04 19:50 4,454 --a------ C:\WINDOWS\system32\tmp.reg 2007-06-04 08:50 <DIR> d-------- C:\Deckard 2007-06-03 22:25 <DIR> d--h----- C:\Program Files\WindowsUpdate 2007-06-03 21:36 <DIR> d-------- C:\Program Files\SpywareGuard 2007-06-03 21:02 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-06-03 19:27 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Lavasoft 2007-06-03 19:25 <DIR> d-------- C:\Program Files\Lavasoft 2007-06-03 18:53 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Talkback 2007-06-03 16:02 1,835,008 --ah----- C:\DOCUME~1\ADMINI~1\ntuser.dat 2007-06-03 16:02 <DIR> d-------- C:\DOCUME~1\ADMINI~1\WINDOWS 2007-06-03 16:02 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\You've Got Pictures Screensaver 2007-06-03 16:02 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec 2007-06-03 16:02 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\CyberLink 2007-06-03 15:17 <DIR> d-------- C:\Program Files\PCPitstop 2007-06-03 10:17 1 --a------ C:\WINDOWS\system32\ps.dat 2007-05-30 21:29 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Gaijin Ent 2007-05-30 21:21 <DIR> d-------- C:\Program Files\Stand O Food 2007-05-30 21:20 <DIR> d-------- C:\Program Files\ReflexiveArcade 2007-05-24 19:46 <DIR> d-------- C:\Program Files\Ventrilo 2007-05-24 06:18 <DIR> d---s---- C:\DOCUME~1\Owner\UserData 2007-05-22 22:45 42,496 --a------ C:\WINDOWS\system32\libusb0.dll 2007-05-22 22:45 29,184 --a------ C:\WINDOWS\system32\drivers\libusb0.sys 2007-05-18 19:47 8,464 --a------ C:\WINDOWS\system32\sporder.dll 2007-05-18 19:23 <DIR> d-------- C:\Program Files\LittleFighter2 2007-05-18 19:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com 2007-05-18 19:17 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-05-18 19:17 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\SUPERAntiSpyware.com 2007-05-18 19:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-05-10 06:50 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Real (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-06 20:05:14 -------- d-----w C:\Program Files\World of Warcraft 2007-06-06 17:10:47 -------- d-----w C:\Program Files\MSN Gaming Zone 2007-06-05 23:41:30 -------- d-----w C:\Program Files\Messenger 2007-06-04 15:51:18 -------- d--h--w C:\Program Files\Movies 2007-06-04 02:08:19 -------- d-----w C:\Program Files\AIM6 2007-06-04 02:00:49 -------- d-----w C:\Program Files\7-Zip 2007-06-04 01:19:13 -------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-06-04 01:19:03 -------- d-----w C:\Program Files\Norton AntiVirus 2007-06-04 01:18:57 -------- d-----w C:\Program Files\Digital Media Reader 2007-06-04 01:18:55 -------- d-----w C:\Program Files\QuickTime 2007-06-04 01:17:53 -------- d-----w C:\Program Files\PowerISO 2007-06-03 13:05:21 -------- d-----w C:\Program Files\Project64 1.6 2007-06-03 12:13:26 -------- d-----w C:\Program Files\Max Registry Cleaner 2007-06-03 11:14:22 14,336 ----a-w C:\WINDOWS\system32\svchost.exe 2007-06-02 00:28:20 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Azureus 2007-06-02 00:26:09 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\AdobeUM 2007-05-24 22:55:09 -------- d-----w C:\Program Files\Hewlett-Packard 2007-05-24 22:55:06 -------- d-----w C:\Program Files\HP 2007-05-19 00:04:12 -------- d-----w C:\Program Files\Intel 2007-05-03 01:39:07 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-05-03 01:35:10 -------- d-----w C:\Program Files\OLYMPUS 2007-05-03 01:33:41 -------- d-----w C:\Program Files\PIXELA 2007-05-03 01:33:34 -------- d-----w C:\Program Files\Common Files\InstallShield 2007-04-30 11:11:01 -------- d-----w C:\Program Files\AutoGK 2007-04-30 11:10:53 43,602 ----a-w C:\WINDOWS\system32\xvid-uninstall.exe 2007-04-30 11:10:27 -------- d-----w C:\Program Files\AviSynth 2.5 2007-04-26 22:31:41 -------- d-----w C:\Program Files\Electronic Arts 2007-04-26 12:56:45 -------- d-----w C:\Program Files\Xilisoft 2007-04-24 03:34:16 -------- d-----w C:\Program Files\DivX 2007-04-24 03:27:51 -------- d-----w C:\Program Files\Gabest 2007-04-24 03:04:34 -------- d-----w C:\Program Files\DVD Decrypter 2007-04-23 22:40:02 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\DivX 2007-04-20 17:55:34 1,019,904 ----a-w C:\WINDOWS\system32\VchReg.dll 2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-18 02:07:09 -------- d-----w C:\Program Files\iPod 2007-04-18 00:47:47 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\U3 2007-04-18 00:11:19 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Apple Computer 2007-04-18 00:10:07 -------- d-----w C:\Program Files\iTunes 2007-04-16 23:23:35 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Lionhead Studios 2007-04-16 22:53:22 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-04-16 22:44:56 -------- d-----w C:\Program Files\Lionhead Studios Ltd 2007-04-16 02:57:47 223,128 ----a-w C:\WINDOWS\system32\drivers\vaxscsi.sys 2007-04-16 02:57:40 -------- d-----w C:\Program Files\Alcohol Soft 2007-04-16 02:53:09 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd8557.sys 2007-04-16 02:53:09 643,072 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-04-16 02:20:14 -------- d-----w C:\Program Files\Infinite Mind LC 2007-04-13 23:29:22 -------- d-----w C:\Program Files\WinXMedia 2007-04-11 04:21:03 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Microsoft Web Folders 2007-04-11 04:20:31 -------- d-----w C:\Program Files\microsoft frontpage 2007-04-11 01:19:19 81,984 ----a-w C:\WINDOWS\system32\bdod.bin 2007-04-10 04 21 -------- d-----w C:\Program Files\MTV Networks2007-04-09 15:23:28 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\acccore 2007-04-09 15:17:11 -------- d-----w C:\Program Files\Common Files\AOL 2007-04-09 15:14:23 -------- d-----w C:\Program Files\AIM 2007-04-09 15:14:16 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Aim 2007-04-09 14:43:48 -------- d-----w C:\Program Files\Windows Media Connect 2 2007-04-09 03:55:34 -------- d-----w C:\Program Files\AOD 2007-04-09 03:47:47 -------- d-----w C:\Program Files\Warcraft III 2007-04-09 03:47:43 -------- d-----w C:\Program Files\Common Files\aolshare 2007-04-09 03:47:43 -------- d-----w C:\Program Files\America Online 9.0 2007-04-09 03:46:20 -------- d-----w C:\Program Files\AOL Toolbar 2007-04-08 21:40:46 60 ----a-w C:\WINDOWS\system32\SYSDRV.DAT 2007-04-08 21:38:46 -------- d-----w C:\Program Files\Windows NT 2007-04-08 21:38:41 -------- d-----w C:\Program Files\Movie Maker 2007-04-04 14:17:09 54,915 ----a-w C:\WINDOWS\War3Unin.dat 2007-04-04 14:16:24 2,829 ----a-w C:\WINDOWS\War3Unin.pif 2007-04-04 14:16:24 139,264 ----a-w C:\WINDOWS\War3Unin.exe 2007-03-28 23:32:41 1,168 ----a-w C:\WINDOWS\mozver.dat 2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-14 23:27:58 972,336 ----a-w C:\WINDOWS\UNRecode.exe 2007-03-14 23:19:56 95,864 ----a-w C:\WINDOWS\system32\NeroCo.dll 2007-03-14 23:19:26 972,336 ----a-w C:\WINDOWS\UNNeroBackItUp.exe 2007-03-12 17:51:08 972,336 ----a-w C:\WINDOWS\UNNeroMediaHome.exe 2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {4A368E80-174F-4872-96B5-0B27DDD11DB2}=C:\Program Files\SpywareGuard\dlprotect.dll [2003-08-02 23:24] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-05-30 08:30] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49] "Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-03-23 17:18] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 08:29] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "{F03ACDCF-5A90-6765-2422-71CEC1B369B9}"="C:\WINDOWS\system32\ii.dll" [] HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs* [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] AutoRun\command- E:\LaunchCD.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24dd31f2-ed46-11db-b9a5-000fb502b53a}] AutoRun\command- J:\LaunchU3.exe *Newly Created Service* - PCANDIS5 Contents of the 'Scheduled Tasks' folder 2007-03-28 08:29:03 C:\WINDOWS\tasks\ISP signup reminder 1.job 2007-06-02 00:00:00 C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job 2004-09-24 00:50:53 C:\WINDOWS\tasks\Symantec NetDetect.job ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-07 00:28:11 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-06-07 0:37:25 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-06-07 00:36 --- E O F --- Archive also sent to Bleeping Computer. |
|
|
|
|
06-07-2007, 06:28 AM
|
#9 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,987
OS: WinXP and Vista
|
Re: Windows cant run in normal mode
Looking much better.
Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course: Perform an online scan with Internet Explorer at Kaspersky Online Scanner Answer Yes, when prompted to install an ActiveX component.
How is the system behaving now? Last edited by Ried; 06-07-2007 at 06:29 AM. Reason: typo |
|
|
|
|
06-08-2007, 06:15 AM
|
#10 (permalink) |
|
Registered User
Join Date: Dec 2006
Posts: 26
OS: WinXP
|
Re: Windows cant run in normal mode
Logfile of HijackThis v1.99.1
Scan saved at 8:11:57 AM, on 6/8/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\Norton AntiVirus\SAVScan.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Documents and Settings\Owner\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://mozilla.com/ R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {5F935EA5-A57D-43F2-8409-BA8CEA508289 - (no file) O2 - BHO: (no name) - {5F935EA5-A57D-43F2-8409-BA8CEA508289} - (no file) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: MiniEYE-MiniREAD Launch.lnk = C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe O4 - Global Startup: Smart Wizard Wireless Settings.lnk = C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1180922990500 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O21 - SSODL: VLLVoWNcM - {F03ACDCF-5A90-6765-2422-71CEC1B369B9} - C:\WINDOWS\system32\ii.dll (file missing) O21 - SSODL: DCOM Server 20509 - {2C1CD3D7-86AC-4068-93BC-A02304B20509} - (no file) O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: hpdj00 - Unknown owner - C:\DOCUME~1\Owner\LOCALS~1\Temp\hpdj00.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Friday, June 08, 2007 7:41:56 AM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 8/06/2007 Kaspersky Anti-Virus database records: 341522 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ K:\ Scan Statistics: Total number of scanned objects: 64063 Number of viruses found: 78 Number of infected objects: 322 / 0 Number of suspicious objects: 4 Duration of the scan process: 01:46:41 Infected Object Name / Virus Name / Last Action C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\10.tmp Infected: Trojan-Proxy.Win32.Agent.mv skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\12.tmp Infected: Trojan-Proxy.Win32.Agent.mv skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\14.tmp Infected: Trojan-Downloader.Win32.Agent.bsm skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\17.tmp Infected: Trojan-Proxy.Win32.Agent.mv skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\18.tmp Infected: Trojan-Downloader.Win32.Agent.bsm skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\1B.tmp Infected: Trojan-Clicker.Win32.Costrat.e skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\3D.tmp Infected: Trojan.Win32.Qhost.it skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\4.tmp Infected: Trojan-Proxy.Win32.Agent.mv skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\5.tmp Infected: Trojan-Proxy.Win32.Agent.mv skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\56.tmp Infected: Trojan-Clicker.Win32.Costrat.e skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\6.tmp Infected: Trojan-Clicker.Win32.Costrat.e skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\7.tmp Infected: Trojan-Clicker.Win32.Costrat.e skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\8.tmp Infected: Trojan-Proxy.Win32.Agent.mv skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\9.tmp Infected: Trojan-Proxy.Win32.Agent.mv skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\94.tmp Infected: Trojan.Win32.Qhost.it skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\96.tmp Infected: Trojan-Clicker.Win32.Costrat.e skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\9A.tmp Infected: Trojan.Win32.Qhost.it skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\A.tmp Infected: Trojan-Clicker.Win32.Costrat.e skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\aqv3xt3.game Infected: Trojan-Downloader.Win32.Small.cxx skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\aqvxt34.game Infected: Trojan-Downloader.Win32.Small.cxx skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\aqvxt42.game Infected: Trojan-Downloader.Win32.Small.cxx skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\CmarP1065.exe/data0005 Infected: Trojan-Downloader.Win32.VB.fn skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\CmarP1065.exe NSIS: infected - 1 skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\GLB52.tmp/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\GLB52.tmp ZIP: infected - 1 skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\ma1x1ddv.game Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.j skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\mst2C.tmp Infected: Trojan.Win32.Agent.qt skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\Nero12550\Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\rqxyohyk.exe Infected: Trojan.Win32.Agent.alt skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\Tam01065.exe/data0005 Infected: Trojan-Downloader.Win32.VB.fn skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\Tam01065.exe NSIS: infected - 1 skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\TICHD003.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\v4x3.ga2me Infected: Trojan-Downloader.Win32.Agent.brf skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\v6xt4.game Infected: Email-Worm.Win32.Zhelatin.eo skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\win32.tmp.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.bq skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\win38.tmp.exe Infected: Trojan.Win32.Agent.qt skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\YazzleBundle-1281.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\YazzleBundle-1281.exe NSIS: infected - 1 skipped C:\Deckard\System Scanner\20070605221056\backup\WINDOWS\temp\hd5.tmp Infected: Packed.Win32.Tibs.af skipped C:\Deckard\System Scanner\20070605221056\backup\WINDOWS\temp\hd91.tmp Infected: Trojan-Downloader.Win32.Tibs.ld skipped C:\Deckard\System Scanner\20070605221056\backup\WINDOWS\temp\hdFE.tmp Infected: Packed.Win32.Tibs.af skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Owner\Desktop\13740_RemotejoySDLGUI\RemotejoySDLGUI\PC\cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{9F3F1FB5-9CCB-44C4-8345-B1DFB7F0F848}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{9F3F1FB5-9CCB-44C4-8345-B1DFB7F0F848}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Temp\~DF6998.tmp Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Temp\~DFFEDB.tmp Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Owner\My Documents\Azureus Downloads\Nero 7.8.5.0\Nero 7.8.5.0.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped C:\Documents and Settings\Owner\My Documents\Azureus Downloads\Nero 7.8.5.0\Nero 7.8.5.0.exe RAR: infected - 1 skipped C:\Documents and Settings\Owner\My Documents\Azureus Downloads\Warcraft III Reign of Chaos and The Frozen Throne + Crack +Patch War3TFT_121a_English\warcraft3keygen.exe/EXE-file Infected: Backdoor.Win32.Hupigon.eqa skipped C:\Documents and Settings\Owner\My Documents\Azureus Downloads\Warcraft III Reign of Chaos and The Frozen Throne + Crack +Patch War3TFT_121a_English\warcraft3keygen.exe Embedded EXE: infected - 1 skipped C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Owner\UserData\index.dat Object is locked skipped C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2007-06-07.00-21-36.log Object is locked skipped C:\Program Files\Intel\SVCH0ST.DLL Infected: Backdoor.Win32.Hupigon.eqa skipped C:\Program Files\Intel\SVCH0STKEY.DLL Infected: Backdoor.Win32.Hupigon.eqa skipped C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped C:\Program Files\Norton AntiVirus\Quarantine\6CD8787C Infected: not-a-virus:AdWare.Win32.180Solutions.ax skipped C:\QooBox\Quarantine\C\Documents and Settings\All Users\Documents\Settings\bot.dll.vir Infected: Trojan-Proxy.Win32.Xorpix.ar skipped C:\QooBox\Quarantine\C\Program Files\MSN Gaming Zone\lawun.dll.vir Infected: Trojan.Win32.BHO.ab skipped C:\QooBox\Quarantine\C\sysloxt.exe.vir Infected: Trojan-Downloader.Win32.Agent.bnn skipped C:\QooBox\Quarantine\C\sysrrpf.exe.vir Infected: Trojan-Downloader.Win32.Agent.bnn skipped C:\QooBox\Quarantine\C\Temp\gorPUS.exe.vir/data0002 Infected: not-a-virus:AdWare.Win32.Agent.co skipped C:\QooBox\Quarantine\C\Temp\gorPUS.exe.vir/data0003 Infected: Trojan.Win32.BHO.ab skipped C:\QooBox\Quarantine\C\Temp\gorPUS.exe.vir/data0004 Infected: Trojan-Dropper.Win32.Agent.bfr skipped C:\QooBox\Quarantine\C\Temp\gorPUS.exe.vir/data0005 Infected: Trojan-Downloader.Win32.Agent.bls skipped C:\QooBox\Quarantine\C\Temp\gorPUS.exe.vir NSIS: infected - 4 skipped C:\QooBox\Quarantine\C\WINDOWS\Cursors\msw.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped C:\QooBox\Quarantine\C\WINDOWS\retadpu27.exe.vir Infected: Trojan-Downloader.Win32.Agent.bls skipped C:\QooBox\Quarantine\C\WINDOWS\system32\4030397943.exe.vir Infected: Trojan-Downloader.Win32.Agent.bsm skipped C:\QooBox\Quarantine\C\WINDOWS\system32\a3dx8.dll.vir Infected: Trojan-Downloader.Win32.Tibs.ld skipped C:\QooBox\Quarantine\C\WINDOWS\system32\bvbdhunv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.kg skipped C:\QooBox\Quarantine\C\WINDOWS\system32\cmtaexfb.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\QooBox\Quarantine\C\WINDOWS\system32\cqjterhd.dll.vir Infected: Trojan.Win32.BHO.g skipped C:\QooBox\Quarantine\C\WINDOWS\system32\ddcdbbb.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped C:\QooBox\Quarantine\C\WINDOWS\system32\dlh9jkd1q1.exe.vir Infected: Trojan-Downloader.Win32.Small.cxx skipped C:\QooBox\Quarantine\C\WINDOWS\system32\drtvhrcn.exe.vir Infected: Trojan.Win32.Agent.anr skipped C:\QooBox\Quarantine\C\WINDOWS\system32\engrhrjj.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.kg skipped C:\QooBox\Quarantine\C\WINDOWS\system32\eqvewwnd.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\QooBox\Quarantine\C\WINDOWS\system32\fmvctjtg.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.kb skipped C:\QooBox\Quarantine\C\WINDOWS\system32\fuskuomt.exe.vir Infected: Trojan.Win32.Agent.anr skipped C:\QooBox\Quarantine\C\WINDOWS\system32\fwgradtt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\QooBox\Quarantine\C\WINDOWS\system32\fxndqjiv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\QooBox\Quarantine\C\WINDOWS\system32\gpckcqdc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\QooBox\Quarantine\C\WINDOWS\system32\hehxieud.dll.vir Infected: Trojan.Win32.BHO.bd skipped C:\QooBox\Quarantine\C\WINDOWS\system32\heqmptxt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\QooBox\Quarantine\C\WINDOWS\system32\hggdccb.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped C:\QooBox\Quarantine\C\WINDOWS\system32\imxaefts.dll.vir Infected: Trojan.Win32.BHO.bd skipped C:\QooBox\Quarantine\C\WINDOWS\system32\j2261636.dll.vir Infected: Trojan-Clicker.Win32.Small.mw skipped C:\QooBox\Quarantine\C\WINDOWS\system32\jsgiwoxs.dll.vir Infected: Packed.Win32.Klone.j skipped C:\QooBox\Quarantine\C\WINDOWS\system32\jstlantf.dll.vir Suspicious: Packed.Win32.Morphine.a skipped C:\QooBox\Quarantine\C\WINDOWS\system32\kupgabrr.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\QooBox\Quarantine\C\WINDOWS\system32\ltvptyll.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\QooBox\Quarantine\C\WINDOWS\system32\max1d164v.exe.vir Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.j skipped C:\QooBox\Quarantine\C\WINDOWS\system32\meeaseaq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.kg skipped C:\QooBox\Quarantine\C\WINDOWS\system32\mgewhkcl.dll.vir Infected: Trojan.Win32.BHO.bd skipped C:\QooBox\Quarantine\C\WINDOWS\system32\mllmn.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped C:\QooBox\Quarantine\C\WINDOWS\system32\mtdwdjjp.exe.vir Infected: Trojan.Win32.Agent.anr skipped C:\QooBox\Quarantine\C\WINDOWS\system32\nfmsjnas.dll.vir Infected: Trojan-Spy.Win32.VBStat.h skipped C:\QooBox\Quarantine\C\WINDOWS\system32\niteeetq.exe.vir Infected: Trojan.Win32.Agent.anr skipped C:\QooBox\Quarantine\C\WINDOWS\system32\nlplodtd.exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped C:\QooBox\Quarantine\C\WINDOWS\system32\nso12k.sys.vir Infected: Trojan-Downloader.Win32.Agent.bnz skipped C:\QooBox\Quarantine\C\WINDOWS\system32\nwjvgqry.dll.vir Infected: not-a-virus:AdWare.Win32.BHO.v skipped C:\QooBox\Quarantine\C\WINDOWS\system32\osptnjfq.dll.vir Infected: Trojan.Win32.BHO.g skipped C:\QooBox\Quarantine\C\WINDOWS\system32\padphetg.dll.vir Infected: Packed.Win32.Klone.j skipped C:\QooBox\Quarantine\C\WINDOWS\system32\pdbrqwhj.exe.vir Infected: Trojan.Win32.Agent.anr skipped C:\QooBox\Quarantine\C\WINDOWS\system32\qxjavxac.dll.vir Infected: Trojan.Win32.BHO.bd skipped C:\QooBox\Quarantine\C\WINDOWS\system32\spoolsvv.exe.vir Infected: Packed.Win32.Tibs.af skipped C:\QooBox\Quarantine\C\WINDOWS\system32\spoolsvv.sys.vir Infected: Trojan-Proxy.Win32.Agent.ji skipped C:\QooBox\Quarantine\C\WINDOWS\system32\sqvx5gamet2.exe.vir Infected: Trojan-Downloader.Win32.Small.cxx skipped C:\QooBox\Quarantine\C\WINDOWS\system32\sqvxga6met3.exe.vir Infected: Trojan-Downloader.Win32.Small.cxx skipped C:\QooBox\Quarantine\C\WINDOWS\system32\sqvxga7met4.exe.vir Infected: Trojan-Downloader.Win32.Small.cxx skipped C:\QooBox\Quarantine\C\WINDOWS\system32\T1QaSQ.vir\T1QaSQ1065.exe Infected: Trojan-Downloader.Win32.VB.fn skipped C:\QooBox\Quarantine\C\WINDOWS\system32\T2\dlb66.exe.vir/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped C:\QooBox\Quarantine\C\WINDOWS\system32\T2\dlb66.exe.vir/UCMTSAIE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped C:\QooBox\Quarantine\C\WINDOWS\system32\T2\dlb66.exe.vir/IUCMORE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore skipped C:\QooBox\Quarantine\C\WINDOWS\system32\T2\dlb66.exe.vir ZIP: infected - 3 skipped C:\QooBox\Quarantine\C\WINDOWS\system32\T2\dlb66.exe.vir WiseSFX Dropper: infected - 3 skipped C:\QooBox\Quarantine\C\WINDOWS\system32\T3\dlltk67.exe.vir Infected: Trojan.Win32.BHO.ab skipped C:\QooBox\Quarantine\C\WINDOWS\system32\Unea29.sys.vir Infected: Rootkit.Win32.Agent.ea skipped C:\QooBox\Quarantine\C\WINDOWS\system32\vexg4am1et2.exe.vir Infected: Packed.Win32.Tibs.y skipped C:\QooBox\Quarantine\C\WINDOWS\system32\vexga3me2.exe.vir Infected: Trojan-Downloader.Win32.Small.cxx skipped C:\QooBox\Quarantine\C\WINDOWS\system32\vexga4m1et4.exe.vir Infected: Email-Worm.Win32.Zhelatin.eo skipped C:\QooBox\Quarantine\C\WINDOWS\system32\vexga4me1.exe.vir Infected: Trojan-Proxy.Win32.Xorpix.ar skipped C:\QooBox\Quarantine\C\WINDOWS\system32\vexga5me3.exe.vir Infected: Trojan-Downloader.Win32.Agent.brf skipped C:\QooBox\Quarantine\C\WINDOWS\system32\vjbagrvb.dll.vir Infected: Trojan.Win32.BHO.g skipped C:\QooBox\Quarantine\C\WINDOWS\system32\wmvds32.dll.vir Infected: Trojan-Downloader.Win32.VB.asx skipped C:\QooBox\Quarantine\C\WINDOWS\system32\wridrmyj.exe.vir Infected: Trojan.Win32.Agent.anr skipped C:\QooBox\Quarantine\C\WINDOWS\system32\xloigsu.dll.vir Infected: Trojan.Win32.Qhost.it skipped C:\QooBox\Quarantine\C\WINDOWS\system32\xvyarupt.dll.vir Infected: Trojan-Spy.Win32.VBStat.h skipped C:\QooBox\Quarantine\C\WINDOWS\system32\yaywusq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped C:\QooBox\Quarantine\C\WINDOWS\system32\yecqysoj.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\QooBox\Quarantine\catchme2007-06-06_ 72955.43.zip/xpdx.sys Infected: Trojan-Clicker.Win32.Costrat.e skipped C:\QooBox\Quarantine\catchme2007-06-06_ 72955.43.zip ZIP: infected - 1 skipped C:\QooBox\Quarantine\catchme2007-06-06_224445.76.zip/pbietmdi.dll Infected: Trojan.Win32.BHO.o skipped C:\QooBox\Quarantine\catchme2007-06-06_224445.76.zip ZIP: infected - 1 skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP101\A0026825.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP101\A0026826.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP109\A0027054.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP111\A0027826.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP111\A0027829.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP112\A0028827.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP112\A0028830.exe Infected: Trojan-Proxy.Win32.Dlena.ad skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP112\A0028833.dll Infected: Trojan.Win32.Qhost.it skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP112\A0028838.exe Infected: Trojan-Downloader.Win32.VB.axs skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP112\A0028864.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP112\A0028904.dll Infected: Trojan-Spy.Win32.VBStat.h skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP112\A0028905.dll Infected: Trojan-Spy.Win32.VBStat.h skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP114\A0029049.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP114\A0029058.exe Infected: Email-Worm.Win32.Zhelatin.eo skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP114\A0029060.exe Infected: Trojan-Proxy.Win32.Dlena.ad skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP114\A0030055.exe Infected: Trojan-Proxy.Win32.Dlena.ad skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP114\A0030057.sys Infected: Trojan-Proxy.Win32.Agent.ji skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP114\A0031055.exe Infected: Trojan-Proxy.Win32.Dlena.ad skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP114\A0031057.sys Infected: Trojan-Proxy.Win32.Agent.ji skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP114\A0032054.sys Infected: Rootkit.Win32.Agent.eq skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP114\A0032055.dll Infected: Trojan-Spy.Win32.VBStat.h skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP114\A0032066.exe Infected: Trojan-Proxy.Win32.Dlena.ad skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP114\A0033061.exe Infected: Trojan-Proxy.Win32.Dlena.ad skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP114\A0033062.sys Infected: Trojan-Downloader.Win32.Agent.bnz skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP114\A0034067.exe Infected: Trojan-Proxy.Win32.Dlena.ad skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP114\A0034068.sys Infected: Trojan-Downloader.Win32.Agent.bnz skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP115\A0035068.sys Infected: Trojan-Downloader.Win32.Agent.bnz skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP115\A0035069.exe Infected: Trojan-Proxy.Win32.Dlena.ad skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP115\A0035071.dll Infected: Trojan-Proxy.Win32.Agent.df skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP115\A0035259.exe Infected: Trojan-Proxy.Win32.Agent.ji skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP116\A0036063.exe Infected: Trojan-Proxy.Win32.Dlena.ad skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP116\A0036111.sys Infected: Trojan-Downloader.Win32.Agent.bnz skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP116\A0037067.sys Infected: Trojan-Downloader.Win32.Agent.bnz skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP116\A0038067.sys Infected: Trojan-Downloader.Win32.Agent.bnz skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP116\A0038068.exe Infected: Trojan-Proxy.Win32.Dlena.ad skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP116\A0039067.sys Infected: Trojan-Downloader.Win32.Agent.bnz skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP116\A0039068.exe Infected: Trojan-Proxy.Win32.Dlena.ad skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP116\A0048067.sys Infected: Trojan-Downloader.Win32.Agent.bnz skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP116\A0048068.exe Infected: Trojan-Proxy.Win32.Dlena.ad skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP117\A0048072.sys Infected: Trojan-Clicker.Win32.Costrat.e skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP117\A0052075.exe Infected: Trojan-Proxy.Win32.Dlena.ad skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP117\A0052076.exe Infected: Packed.Win32.Tibs.af skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP117\A0052077.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP117\A0052078.sys Infected: Trojan-Downloader.Win32.Agent.bnz skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP117\A0052079.exe Infected: Trojan.Win32.Agent.amk skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP117\A0052080.exe Infected: Trojan-Downloader.Win32.VB.fn skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP117\A0052081.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP117\A0052082.exe Infected: Email-Worm.Win32.Zhelatin.ee skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP117\A0066177.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP117\A0075181.sys Infected: Trojan-Downloader.Win32.Agent.bnz skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP118\A0076181.sys Infected: Trojan-Downloader.Win32.Agent.bnz skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP118\A0077181.sys Infected: Trojan-Downloader.Win32.Agent.bnz skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP118\A0077184.exe Infected: Trojan-Proxy.Win32.Dlena.ad skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP118\A0077185.exe Infected: Trojan-Proxy.Win32.Agent.mv skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP119\A0080776.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP119\A0080776.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP119\A0080776.exe RarSFX: infected - 2 skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP119\A0080784.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP119\A0080794.exe Infected: Email-Worm.Win32.Zhelatin.eo skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0081765.dll Suspicious: Packed.Win32.Morphine.a skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089840.exe:exe.exe:$DATA Infected: Trojan.Win32.Agent.alt skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089844.sys Infected: Rootkit.Win32.Agent.ea skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089845.exe Infected: Trojan.Win32.BHO.ab skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089846.exe/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089846.exe/UCMTSAIE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089846.exe/IUCMORE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089846.exe ZIP: infected - 3 skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089846.exe WiseSFX Dropper: infected - 3 skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089847.exe Infected: Packed.Win32.Tibs.af skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089849.sys Infected: Trojan-Proxy.Win32.Agent.ji skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089853.dll Infected: Trojan-Downloader.Win32.VB.asx skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089855.sys Infected: Trojan-Downloader.Win32.Agent.bnz skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089857.dll Infected: Trojan.Win32.BHO.g skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089858.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089859.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kb skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089860.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089861.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089862.dll Infected: Trojan.Win32.BHO.bd skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089863.dll Infected: Packed.Win32.Klone.j skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089864.dll Suspicious: Packed.Win32.Morphine.a skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089865.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089866.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089867.dll Infected: Trojan.Win32.BHO.bd skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089868.dll Infected: Trojan-Spy.Win32.VBStat.h skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089869.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089870.dll Infected: Trojan.Win32.BHO.g skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089871.dll Infected: Packed.Win32.Klone.j skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089872.dll Infected: Trojan.Win32.BHO.bd skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089873.dll Infected: Trojan.Win32.BHO.g skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089874.dll Infected: Trojan-Spy.Win32.VBStat.h skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089875.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089876.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089877.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089878.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089889.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0090957.exe Infected: Trojan-Downloader.Win32.Small.cxx skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0090961.exe Infected: Packed.Win32.Tibs.y skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0090962.exe Infected: Trojan-Downloader.Win32.Small.cxx skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0090963.exe Infected: Email-Worm.Win32.Zhelatin.eo skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0090964.exe Infected: Trojan-Proxy.Win32.Xorpix.ar skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0090965.exe Infected: Trojan-Downloader.Win32.Agent.brf skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0090966.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0090967.exe Infected: Trojan-Downloader.Win32.Small.cxx skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0090968.exe Infected: Trojan-Downloader.Win32.Small.cxx skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0090969.exe Infected: Trojan-Downloader.Win32.Small.cxx skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0090970.exe Infected: Trojan-Downloader.Win32.Agent.bsm skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0090971.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.j skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0090972.dll Infected: Trojan.Win32.BHO.ab skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0090973.dll Infected: Trojan.Win32.Qhost.it skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0090975.dll Infected: Trojan-Clicker.Win32.Small.mw skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0090976.exe Infected: Trojan.Win32.Agent.anr skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0090977.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0090978.exe Infected: Trojan.Win32.Agent.anr skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0090980.exe Infected: Trojan.Win32.Agent.anr skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0090981.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kg skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0090982.exe Infected: Trojan.Win32.Agent.anr skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0090983.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kg skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0090984.exe Infected: Trojan.Win32.Agent.anr skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0090985.exe Infected: Trojan.Win32.Agent.anr skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0090986.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kg skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0090987.exe Infected: Trojan-Downloader.Win32.Agent.bnn skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0090988.exe Infected: Trojan-Downloader.Win32.Agent.bnn skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\snapshot\MFEX-1.DAT Suspicious: Packed.Win32.Morphine.a skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP121\A0091260.dll Infected: Trojan-Downloader.Win32.Tibs.ld skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP121\A0091261.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP121\A0092235.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP121\A0092236.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP121\A0092237.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP121\change.log Object is locked skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0020624.DLL Infected: Backdoor.Win32.Hupigon.eqa skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021622.dll Infected: not-a-virus:AdWare.Win32.NewDotNet skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021627.DLL Infected: Backdoor.Win32.Hupigon.eqa skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021631.dll Infected: not-a-virus:AdWare.Win32.Agent.cv skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021635.exe/data0005 Infected: Trojan-Downloader.Win32.VB.awj skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021635.exe NSIS: infected - 1 skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021636.exe Infected: Trojan-Dropper.Win32.Agent.mu skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021638.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021641.exe Infected: Trojan-Clicker.Win32.Small.cf skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021642.exe/data0002 Infected: Trojan-Dropper.Win32.Agent.bfr skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021642.exe/data0003 Infected: not-a-virus:AdWare.Win32.BookedSpace.h skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021642.exe NSIS: infected - 2 skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021643.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021644.exe/data0002 Infected: Trojan.Win32.BHO.ab skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021644.exe/data0004 Infected: not-a-virus:AdWare.Win32.BookedSpace.h skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021644.exe NSIS: infected - 2 skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021645.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021646.exe Infected: Trojan-Clicker.Win32.Delf.hj skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021647.exe Infected: Trojan.Win32.Agent.qt skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021655.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021656.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021658.exe Infected: not-a-virus:AdWare.Win32.BookedSpace.h skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021659.exe Infected: not-a-virus:AdWare.Win32.BookedSpace.h skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021662.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021663.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021666.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021668.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021669.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021670.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021671.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021673.exe Infected: Trojan-Proxy.Win32.Agent.ji skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021676.exe Infected: Trojan-Downloader.Win32.Agent.bnr skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021677.exe Infected: Trojan-Downloader.Win32.Small.cxx skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021680.exe Infected: Trojan-Downloader.Win32.Agent.bil skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021681.exe Infected: Virus.Win32.KME skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021682.exe Infected: Packed.Win32.Tibs.y skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021683.exe Infected: Email-Worm.Win32.Zhelatin.ee skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021684.exe Infected: Trojan-Downloader.Win32.Small.eip skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021685.exe Infected: Trojan-Proxy.Win32.Agent.ji skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021686.exe Infected: Trojan-Proxy.Win32.Xorpix.ba skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021687.exe Infected: Virus.Win32.KME skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021688.exe Infected: not-a-virus:FraudTool.Win32.BraveSentry.b skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021696.exe Infected: Trojan-Downloader.Win32.Zlob.bqw skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021697.exe Infected: Backdoor.Win32.Hupigon.eqa skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021698.exe Infected: Trojan-Dropper.Win32.Agent.mu skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021699.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021705.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021706.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021709.exe Infected: Trojan-Dropper.Win32.Agent.bfr skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021711.exe Infected: Trojan-Spy.Win32.Agent.or skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021712.dll Infected: Trojan-Spy.Win32.VBStat.h skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021713.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.i skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021714.exe Infected: Trojan.Win32.BHO.ab skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021716.exe Infected: Trojan.Win32.VB.tg skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021717.exe Infected: Trojan.Win32.VB.tg skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0024721.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0024722.dll Infected: Trojan.Win32.Agent.qt skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0024723.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0024724.dll Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0024726.dll Infected: Trojan.Win32.BHO.ab skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0024728.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0024732.dll Infected: not-a-virus:AdWare.Win32.Agent.cv skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0024733.dll Infected: Trojan-Clicker.Win32.Small.cf skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0024734.dll Infected: Trojan-Proxy.Win32.Xorpix.m skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0024737.exe Infected: Trojan-Spy.Win32.Agent.or skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0024764.exe Infected: Trojan-Downloader.Win32.PurityScan.eg skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP97\A0025754.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP97\A0025757.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP99\A0026766.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP99\A0026768.dll Infected: Trojan.Win32.BHO.g skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\Default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\Sam Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\Security Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\Software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\System Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped C:\WINDOWS\system32\drivers\sptd8557.sys Object is locked skipped C:\WINDOWS\system32\drivers\vaxscsi.sys Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\msorcl32.exe Infected: not-virus:Hoax.Win32.Renos.fn skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. The computer is running much better. I can get into normal mode and I am no longer getting pop-ups. |
|
|
|
|
06-08-2007, 07:59 PM
|
#11 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,987
OS: WinXP and Vista
|
Re: Windows cant run in normal mode
Hi,
Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. *************************************************** From Normal Mode... Open HijackThis and click on 'Do a System Scan Only'. 'Check' the following entries: O2 - BHO: (no name) - {5F935EA5-A57D-43F2-8409-BA8CEA508289 - (no file) O2 - BHO: (no name) - {5F935EA5-A57D-43F2-8409-BA8CEA508289} - (no file) O21 - SSODL: VLLVoWNcM - {F03ACDCF-5A90-6765-2422-71CEC1B369B9} - C:\WINDOWS\system32\ii.dll (file missing) O21 - SSODL: DCOM Server 20509 - {2C1CD3D7-86AC-4068-93BC-A02304B20509} - (no file) O23 - Service: hpdj00 - Unknown owner - C:\DOCUME~1\Owner\LOCALS~1\Temp\hpdj00.exe (file missing) Click 'Fix Checked' and close HijackThis. -------------------------------------------------------------------- Please ensure Hidden files and folders are viewable: Go to My Computer->Tools->Folder Options->View tab: * Under the Hidden files and folders heading: * select Show hidden files and folders. * Uncheck Hide protected operating system files (recommended) option. *Also, make sure there is no checkmark beside Hide file extensions for known file types. * Click OK. -------------------------------------------------------------------- Using 'My Computer', navigate to and delete the following File C:\Documents and Settings\Owner\My Documents\Azureus Downloads\Warcraft III Reign of Chaos and The Frozen Throne + Crack +Patch War3TFT_121a_English\ warcraft3keygen.exe -------------------------------------------------------------------- Upload this file C:\Program Files\Intel\SVCH0ST.DLL to http://virusscan.jotti.org and report back what it found. At the top of the window you should see "File to Upload & scan" and a blank box. Copy and paste the blue text from above into the box. Then click "submit". When it is finished, please copy and paste the information listed under "Service" and "Scanner Results" and include it in your next reply. If the site is too busy, upload it here http://www.virustotal.com/en/indexf.html |
|
|
|
|
06-09-2007, 06:21 AM
|
#12 (permalink) |
|
Registered User
Join Date: Dec 2006
Posts: 26
OS: WinXP
|
Re: Windows cant run in normal mode
Service load:
0% 100% File: SVCH0ST.DLL Status: INFECTED/MALWARE MD5 f5a690b7ecce81767e48df50a1854082 Packers detected: - Scanner results Scan taken on 09 Jun 2007 12:16:05 (GMT) A-Squared Found nothing AntiVir Found BDS/Hupigon.eqa ArcaVir Found Trojan.Hupigon.Eqa Avast Found nothing AVG Antivirus Found BackDoor.Generic6.BIA BitDefender Found nothing ClamAV Found nothing Dr.Web Found nothing F-Prot Antivirus Found W32/Hupigon.COB F-Secure Anti-Virus Found Backdoor.Win32.Hupigon.eqa Fortinet Found W32/Hupigon.EQA!tr.bdr Kaspersky Anti-Virus Found Backdoor.Win32.Hupigon.eqa NOD32 Found nothing Norman Virus Control Found W32/Hupigon.AOHU Panda Antivirus Found nothing Rising Antivirus Found nothing VirusBuster Found Backdoor.Hupigon.ESM VBA32 Found Backdoor.Win32.Hupigon.eqa |
|
|
|
|
06-09-2007, 07:59 PM
|
#13 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,987
OS: WinXP and Vista
|
Re: Windows cant run in normal mode
Hi,
Navigate to, and delete that file: C:\Program Files\Intel\ SVCH0ST.DLL Please run another online scan at Kaspersky and post the results here. |
|
|
|
|
06-10-2007, 06:20 AM
|
#14 (permalink) |
|
Registered User
Join Date: Dec 2006
Posts: 26
OS: WinXP
|
Re: Windows cant run in normal mode
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT Sunday, June 10, 2007 8:13:15 AM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 10/06/2007 Kaspersky Anti-Virus database records: 341841 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ K:\ Scan Statistics: Total number of scanned objects: 64687 Number of viruses found: 79 Number of infected objects: 327 / 0 Number of suspicious objects: 4 Duration of the scan process: 05:00:18 Infected Object Name / Virus Name / Last Action C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\10.tmp Infected: Trojan-Proxy.Win32.Agent.mv skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\12.tmp Infected: Trojan-Proxy.Win32.Agent.mv skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\14.tmp Infected: Trojan-Downloader.Win32.Agent.bsm skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\17.tmp Infected: Trojan-Proxy.Win32.Agent.mv skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\18.tmp Infected: Trojan-Downloader.Win32.Agent.bsm skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\1B.tmp Infected: Trojan-Clicker.Win32.Costrat.e skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\3D.tmp Infected: Trojan.Win32.Qhost.it skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\4.tmp Infected: Trojan-Proxy.Win32.Agent.mv skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\5.tmp Infected: Trojan-Proxy.Win32.Agent.mv skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\56.tmp Infected: Trojan-Clicker.Win32.Costrat.e skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\6.tmp Infected: Trojan-Clicker.Win32.Costrat.e skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\7.tmp Infected: Trojan-Clicker.Win32.Costrat.e skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\8.tmp Infected: Trojan-Proxy.Win32.Agent.mv skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\9.tmp Infected: Trojan-Proxy.Win32.Agent.mv skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\94.tmp Infected: Trojan.Win32.Qhost.it skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\96.tmp Infected: Trojan-Clicker.Win32.Costrat.e skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\9A.tmp Infected: Trojan.Win32.Qhost.it skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\A.tmp Infected: Trojan-Clicker.Win32.Costrat.e skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\aqv3xt3.game Infected: Trojan-Downloader.Win32.Small.cxx skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\aqvxt34.game Infected: Trojan-Downloader.Win32.Small.cxx skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\aqvxt42.game Infected: Trojan-Downloader.Win32.Small.cxx skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\CmarP1065.exe/data0005 Infected: Trojan-Downloader.Win32.VB.fn skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\CmarP1065.exe NSIS: infected - 1 skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\GLB52.tmp/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\GLB52.tmp ZIP: infected - 1 skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\ma1x1ddv.game Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.j skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\mst2C.tmp Infected: Trojan.Win32.Agent.qt skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\Nero12550\Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\rqxyohyk.exe Infected: Trojan.Win32.Agent.alt skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\Tam01065.exe/data0005 Infected: Trojan-Downloader.Win32.VB.fn skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\Tam01065.exe NSIS: infected - 1 skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\TICHD003.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\v4x3.ga2me Infected: Trojan-Downloader.Win32.Agent.brf skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\v6xt4.game Infected: Email-Worm.Win32.Zhelatin.eo skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\win32.tmp.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.bq skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\win38.tmp.exe Infected: Trojan.Win32.Agent.qt skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\YazzleBundle-1281.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped C:\Deckard\System Scanner\20070605221056\backup\DOCUME~1\Owner\LOCALS~1\Temp\YazzleBundle-1281.exe NSIS: infected - 1 skipped C:\Deckard\System Scanner\20070605221056\backup\WINDOWS\temp\hd5.tmp Infected: Packed.Win32.Tibs.af skipped C:\Deckard\System Scanner\20070605221056\backup\WINDOWS\temp\hd91.tmp Infected: Trojan-Downloader.Win32.Tibs.ld skipped C:\Deckard\System Scanner\20070605221056\backup\WINDOWS\temp\hdFE.tmp Infected: Packed.Win32.Tibs.af skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Owner\Desktop\13740_RemotejoySDLGUI\RemotejoySDLGUI\PC\cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{9F3F1FB5-9CCB-44C4-8345-B1DFB7F0F848}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{9F3F1FB5-9CCB-44C4-8345-B1DFB7F0F848}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Temp\~DF4314.tmp Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Temp\~DFC580.tmp Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Owner\My Documents\Azureus Downloads\Nero 7.8.5.0\Nero 7.8.5.0.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped C:\Documents and Settings\Owner\My Documents\Azureus Downloads\Nero 7.8.5.0\Nero 7.8.5.0.exe RAR: infected - 1 skipped C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Owner\UserData\index.dat Object is locked skipped C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2007-06-09.08-32-28.log Object is locked skipped C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\eMachine_Specific.dat Object is locked skipped C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\Security.dat Object is locked skipped C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\Security_UK.dat Object is locked skipped C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\UK_Specific.dat Object is locked skipped C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\Urgent.dat Object is locked skipped C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\Virus.dat Object is locked skipped C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\Welcome.dat Object is locked skipped C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\WinXP.dat Object is locked skipped C:\Program Files\BigFix\__Data\__Global\Logs\20070609.log Object is locked skipped C:\Program Files\Intel\SVCH0STKEY.DLL Infected: Backdoor.Win32.Hupigon.eqa skipped C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped C:\Program Files\Norton AntiVirus\Quarantine\6CD8787C Infected: not-a-virus:AdWare.Win32.180Solutions.ax skipped C:\QooBox\Quarantine\C\Documents and Settings\All Users\Documents\Settings\bot.dll.vir Infected: Trojan-Proxy.Win32.Xorpix.ar skipped C:\QooBox\Quarantine\C\Program Files\MSN Gaming Zone\lawun.dll.vir Infected: Trojan.Win32.BHO.ab skipped C:\QooBox\Quarantine\C\sysloxt.exe.vir Infected: Trojan-Downloader.Win32.Agent.bnn skipped C:\QooBox\Quarantine\C\sysrrpf.exe.vir Infected: Trojan-Downloader.Win32.Agent.bnn skipped C:\QooBox\Quarantine\C\Temp\gorPUS.exe.vir/data0002 Infected: not-a-virus:AdWare.Win32.Agent.co skipped C:\QooBox\Quarantine\C\Temp\gorPUS.exe.vir/data0003 Infected: Trojan.Win32.BHO.ab skipped C:\QooBox\Quarantine\C\Temp\gorPUS.exe.vir/data0004 Infected: Trojan-Dropper.Win32.Agent.bfr skipped C:\QooBox\Quarantine\C\Temp\gorPUS.exe.vir/data0005 Infected: Trojan-Downloader.Win32.Agent.bls skipped C:\QooBox\Quarantine\C\Temp\gorPUS.exe.vir NSIS: infected - 4 skipped C:\QooBox\Quarantine\C\WINDOWS\Cursors\msw.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped C:\QooBox\Quarantine\C\WINDOWS\retadpu27.exe.vir Infected: Trojan-Downloader.Win32.Agent.bls skipped C:\QooBox\Quarantine\C\WINDOWS\system32\4030397943.exe.vir Infected: Trojan-Downloader.Win32.Agent.bsm skipped C:\QooBox\Quarantine\C\WINDOWS\system32\a3dx8.dll.vir Infected: Trojan-Downloader.Win32.Tibs.ld skipped C:\QooBox\Quarantine\C\WINDOWS\system32\bvbdhunv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.kg skipped C:\QooBox\Quarantine\C\WINDOWS\system32\cmtaexfb.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\QooBox\Quarantine\C\WINDOWS\system32\cqjterhd.dll.vir Infected: Trojan.Win32.BHO.g skipped C:\QooBox\Quarantine\C\WINDOWS\system32\ddcdbbb.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped C:\QooBox\Quarantine\C\WINDOWS\system32\dlh9jkd1q1.exe.vir Infected: Trojan-Downloader.Win32.Small.cxx skipped C:\QooBox\Quarantine\C\WINDOWS\system32\drtvhrcn.exe.vir Infected: Trojan.Win32.Agent.anr skipped C:\QooBox\Quarantine\C\WINDOWS\system32\engrhrjj.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.kg skipped C:\QooBox\Quarantine\C\WINDOWS\system32\eqvewwnd.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\QooBox\Quarantine\C\WINDOWS\system32\fmvctjtg.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.kb skipped C:\QooBox\Quarantine\C\WINDOWS\system32\fuskuomt.exe.vir Infected: Trojan.Win32.Agent.anr skipped C:\QooBox\Quarantine\C\WINDOWS\system32\fwgradtt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\QooBox\Quarantine\C\WINDOWS\system32\fxndqjiv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\QooBox\Quarantine\C\WINDOWS\system32\gpckcqdc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\QooBox\Quarantine\C\WINDOWS\system32\hehxieud.dll.vir Infected: Trojan.Win32.BHO.bd skipped C:\QooBox\Quarantine\C\WINDOWS\system32\heqmptxt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\QooBox\Quarantine\C\WINDOWS\system32\hggdccb.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped C:\QooBox\Quarantine\C\WINDOWS\system32\imxaefts.dll.vir Infected: Trojan.Win32.BHO.bd skipped C:\QooBox\Quarantine\C\WINDOWS\system32\j2261636.dll.vir Infected: Trojan-Clicker.Win32.Small.mw skipped C:\QooBox\Quarantine\C\WINDOWS\system32\jsgiwoxs.dll.vir Infected: Packed.Win32.Klone.j skipped C:\QooBox\Quarantine\C\WINDOWS\system32\jstlantf.dll.vir Suspicious: Packed.Win32.Morphine.a skipped C:\QooBox\Quarantine\C\WINDOWS\system32\kupgabrr.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\QooBox\Quarantine\C\WINDOWS\system32\ltvptyll.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\QooBox\Quarantine\C\WINDOWS\system32\max1d164v.exe.vir Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.j skipped C:\QooBox\Quarantine\C\WINDOWS\system32\meeaseaq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.kg skipped C:\QooBox\Quarantine\C\WINDOWS\system32\mgewhkcl.dll.vir Infected: Trojan.Win32.BHO.bd skipped C:\QooBox\Quarantine\C\WINDOWS\system32\mllmn.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped C:\QooBox\Quarantine\C\WINDOWS\system32\mtdwdjjp.exe.vir Infected: Trojan.Win32.Agent.anr skipped C:\QooBox\Quarantine\C\WINDOWS\system32\nfmsjnas.dll.vir Infected: Trojan-Spy.Win32.VBStat.h skipped C:\QooBox\Quarantine\C\WINDOWS\system32\niteeetq.exe.vir Infected: Trojan.Win32.Agent.anr skipped C:\QooBox\Quarantine\C\WINDOWS\system32\nlplodtd.exe.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped C:\QooBox\Quarantine\C\WINDOWS\system32\nso12k.sys.vir Infected: Trojan-Downloader.Win32.Agent.bnz skipped C:\QooBox\Quarantine\C\WINDOWS\system32\nwjvgqry.dll.vir Infected: not-a-virus:AdWare.Win32.BHO.v skipped C:\QooBox\Quarantine\C\WINDOWS\system32\osptnjfq.dll.vir Infected: Trojan.Win32.BHO.g skipped C:\QooBox\Quarantine\C\WINDOWS\system32\padphetg.dll.vir Infected: Packed.Win32.Klone.j skipped C:\QooBox\Quarantine\C\WINDOWS\system32\pdbrqwhj.exe.vir Infected: Trojan.Win32.Agent.anr skipped C:\QooBox\Quarantine\C\WINDOWS\system32\qxjavxac.dll.vir Infected: Trojan.Win32.BHO.bd skipped C:\QooBox\Quarantine\C\WINDOWS\system32\spoolsvv.exe.vir Infected: Packed.Win32.Tibs.af skipped C:\QooBox\Quarantine\C\WINDOWS\system32\spoolsvv.sys.vir Infected: Trojan-Proxy.Win32.Agent.ji skipped C:\QooBox\Quarantine\C\WINDOWS\system32\sqvx5gamet2.exe.vir Infected: Trojan-Downloader.Win32.Small.cxx skipped C:\QooBox\Quarantine\C\WINDOWS\system32\sqvxga6met3.exe.vir Infected: Trojan-Downloader.Win32.Small.cxx skipped C:\QooBox\Quarantine\C\WINDOWS\system32\sqvxga7met4.exe.vir Infected: Trojan-Downloader.Win32.Small.cxx skipped C:\QooBox\Quarantine\C\WINDOWS\system32\T1QaSQ.vir\T1QaSQ1065.exe Infected: Trojan-Downloader.Win32.VB.fn skipped C:\QooBox\Quarantine\C\WINDOWS\system32\T2\dlb66.exe.vir/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped C:\QooBox\Quarantine\C\WINDOWS\system32\T2\dlb66.exe.vir/UCMTSAIE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped C:\QooBox\Quarantine\C\WINDOWS\system32\T2\dlb66.exe.vir/IUCMORE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore skipped C:\QooBox\Quarantine\C\WINDOWS\system32\T2\dlb66.exe.vir ZIP: infected - 3 skipped C:\QooBox\Quarantine\C\WINDOWS\system32\T2\dlb66.exe.vir WiseSFX Dropper: infected - 3 skipped C:\QooBox\Quarantine\C\WINDOWS\system32\T3\dlltk67.exe.vir Infected: Trojan.Win32.BHO.ab skipped C:\QooBox\Quarantine\C\WINDOWS\system32\T5QaSQ.vir\T5QaSQ1083.exe Infected: Trojan-Downloader.Win32.VB.awj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\Unea29.sys.vir Infected: Rootkit.Win32.Agent.ea skipped C:\QooBox\Quarantine\C\WINDOWS\system32\vexg4am1et2.exe.vir Infected: Packed.Win32.Tibs.y skipped C:\QooBox\Quarantine\C\WINDOWS\system32\vexga3me2.exe.vir Infected: Trojan-Downloader.Win32.Small.cxx skipped C:\QooBox\Quarantine\C\WINDOWS\system32\vexga4m1et4.exe.vir Infected: Email-Worm.Win32.Zhelatin.eo skipped C:\QooBox\Quarantine\C\WINDOWS\system32\vexga4me1.exe.vir Infected: Trojan-Proxy.Win32.Xorpix.ar skipped C:\QooBox\Quarantine\C\WINDOWS\system32\vexga5me3.exe.vir Infected: Trojan-Downloader.Win32.Agent.brf skipped C:\QooBox\Quarantine\C\WINDOWS\system32\vjbagrvb.dll.vir Infected: Trojan.Win32.BHO.g skipped C:\QooBox\Quarantine\C\WINDOWS\system32\wmvds32.dll.vir Infected: Trojan-Downloader.Win32.VB.asx skipped C:\QooBox\Quarantine\C\WINDOWS\system32\wridrmyj.exe.vir Infected: Trojan.Win32.Agent.anr skipped C:\QooBox\Quarantine\C\WINDOWS\system32\xloigsu.dll.vir Infected: Trojan.Win32.Qhost.it skipped C:\QooBox\Quarantine\C\WINDOWS\system32\xvyarupt.dll.vir Infected: Trojan-Spy.Win32.VBStat.h skipped C:\QooBox\Quarantine\C\WINDOWS\system32\yaywusq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped C:\QooBox\Quarantine\C\WINDOWS\system32\yecqysoj.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\QooBox\Quarantine\catchme2007-06-06_ 72955.43.zip/xpdx.sys Infected: Trojan-Clicker.Win32.Costrat.e skipped C:\QooBox\Quarantine\catchme2007-06-06_ 72955.43.zip ZIP: infected - 1 skipped C:\QooBox\Quarantine\catchme2007-06-06_224445.76.zip/pbietmdi.dll Infected: Trojan.Win32.BHO.o skipped C:\QooBox\Quarantine\catchme2007-06-06_224445.76.zip ZIP: infected - 1 skipped C:\RECYCLER\S-1-5-21-1342195572-1263528172-100515519-1003\Dc2.exe/EXE-file Infected: Backdoor.Win32.Hupigon.eqa skipped C:\RECYCLER\S-1-5-21-1342195572-1263528172-100515519-1003\Dc2.exe Embedded EXE: infected - 1 skipped C:\RECYCLER\S-1-5-21-1342195572-1263528172-100515519-1003\Dc3.DLL Infected: Backdoor.Win32.Hupigon.eqa skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP101\A0026825.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP101\A0026826.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP109\A0027054.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP111\A0027826.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP111\A0027829.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP112\A0028827.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP112\A0028830.exe Infected: Trojan-Proxy.Win32.Dlena.ad skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP112\A0028833.dll Infected: Trojan.Win32.Qhost.it skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP112\A0028836.exe/data0005 Infected: Trojan-Downloader.Win32.VB.awj skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP112\A0028836.exe NSIS: infected - 1 skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP112\A0028838.exe Infected: Trojan-Downloader.Win32.VB.axs skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP112\A0028864.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP112\A0028904.dll Infected: Trojan-Spy.Win32.VBStat.h skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP112\A0028905.dll Infected: Trojan-Spy.Win32.VBStat.h skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP114\A0029049.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP114\A0029058.exe Infected: Email-Worm.Win32.Zhelatin.eo skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP114\A0029060.exe Infected: Trojan-Proxy.Win32.Dlena.ad skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP114\A0030055.exe Infected: Trojan-Proxy.Win32.Dlena.ad skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP114\A0030057.sys Infected: Trojan-Proxy.Win32.Agent.ji skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP114\A0031055.exe Infected: Trojan-Proxy.Win32.Dlena.ad skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP114\A0031057.sys Infected: Trojan-Proxy.Win32.Agent.ji skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP114\A0032054.sys Infected: Rootkit.Win32.Agent.eq skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP114\A0032055.dll Infected: Trojan-Spy.Win32.VBStat.h skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP114\A0032066.exe Infected: Trojan-Proxy.Win32.Dlena.ad skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP114\A0033061.exe Infected: Trojan-Proxy.Win32.Dlena.ad skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP114\A0033062.sys Infected: Trojan-Downloader.Win32.Agent.bnz skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP114\A0034067.exe Infected: Trojan-Proxy.Win32.Dlena.ad skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP114\A0034068.sys Infected: Trojan-Downloader.Win32.Agent.bnz skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP115\A0035068.sys Infected: Trojan-Downloader.Win32.Agent.bnz skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP115\A0035069.exe Infected: Trojan-Proxy.Win32.Dlena.ad skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP115\A0035071.dll Infected: Trojan-Proxy.Win32.Agent.df skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP115\A0035259.exe Infected: Trojan-Proxy.Win32.Agent.ji skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP116\A0036063.exe Infected: Trojan-Proxy.Win32.Dlena.ad skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP116\A0036111.sys Infected: Trojan-Downloader.Win32.Agent.bnz skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP116\A0037067.sys Infected: Trojan-Downloader.Win32.Agent.bnz skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP116\A0038067.sys Infected: Trojan-Downloader.Win32.Agent.bnz skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP116\A0038068.exe Infected: Trojan-Proxy.Win32.Dlena.ad skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP116\A0039067.sys Infected: Trojan-Downloader.Win32.Agent.bnz skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP116\A0039068.exe Infected: Trojan-Proxy.Win32.Dlena.ad skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP116\A0048067.sys Infected: Trojan-Downloader.Win32.Agent.bnz skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP116\A0048068.exe Infected: Trojan-Proxy.Win32.Dlena.ad skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP117\A0048072.sys Infected: Trojan-Clicker.Win32.Costrat.e skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP117\A0052075.exe Infected: Trojan-Proxy.Win32.Dlena.ad skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP117\A0052076.exe Infected: Packed.Win32.Tibs.af skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP117\A0052077.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP117\A0052078.sys Infected: Trojan-Downloader.Win32.Agent.bnz skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP117\A0052079.exe Infected: Trojan.Win32.Agent.amk skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP117\A0052080.exe Infected: Trojan-Downloader.Win32.VB.fn skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP117\A0052081.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP117\A0052082.exe Infected: Email-Worm.Win32.Zhelatin.ee skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP117\A0066177.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP117\A0075181.sys Infected: Trojan-Downloader.Win32.Agent.bnz skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP118\A0076181.sys Infected: Trojan-Downloader.Win32.Agent.bnz skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP118\A0077181.sys Infected: Trojan-Downloader.Win32.Agent.bnz skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP118\A0077184.exe Infected: Trojan-Proxy.Win32.Dlena.ad skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP118\A0077185.exe Infected: Trojan-Proxy.Win32.Agent.mv skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP119\A0080776.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP119\A0080776.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP119\A0080776.exe RarSFX: infected - 2 skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP119\A0080784.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP119\A0080794.exe Infected: Email-Worm.Win32.Zhelatin.eo skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0081765.dll Suspicious: Packed.Win32.Morphine.a skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089840.exe:exe.exe:$DATA Infected: Trojan.Win32.Agent.alt skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089844.sys Infected: Rootkit.Win32.Agent.ea skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089845.exe Infected: Trojan.Win32.BHO.ab skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089846.exe/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089846.exe/UCMTSAIE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089846.exe/IUCMORE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089846.exe ZIP: infected - 3 skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089846.exe WiseSFX Dropper: infected - 3 skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089847.exe Infected: Packed.Win32.Tibs.af skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089849.sys Infected: Trojan-Proxy.Win32.Agent.ji skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089853.dll Infected: Trojan-Downloader.Win32.VB.asx skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089855.sys Infected: Trojan-Downloader.Win32.Agent.bnz skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089857.dll Infected: Trojan.Win32.BHO.g skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089858.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089859.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kb skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089860.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089861.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089862.dll Infected: Trojan.Win32.BHO.bd skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089863.dll Infected: Packed.Win32.Klone.j skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089864.dll Suspicious: Packed.Win32.Morphine.a skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089865.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089866.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089867.dll Infected: Trojan.Win32.BHO.bd skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089868.dll Infected: Trojan-Spy.Win32.VBStat.h skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089869.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089870.dll Infected: Trojan.Win32.BHO.g skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089871.dll Infected: Packed.Win32.Klone.j skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089872.dll Infected: Trojan.Win32.BHO.bd skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089873.dll Infected: Trojan.Win32.BHO.g skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089874.dll Infected: Trojan-Spy.Win32.VBStat.h skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089875.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089876.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089877.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089878.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0089889.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0090957.exe Infected: Trojan-Downloader.Win32.Small.cxx skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0090961.exe Infected: Packed.Win32.Tibs.y skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0090962.exe Infected: Trojan-Downloader.Win32.Small.cxx skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0090963.exe Infected: Email-Worm.Win32.Zhelatin.eo skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0090964.exe Infected: Trojan-Proxy.Win32.Xorpix.ar skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0090965.exe Infected: Trojan-Downloader.Win32.Agent.brf skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0090966.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0090967.exe Infected: Trojan-Downloader.Win32.Small.cxx skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0090968.exe Infected: Trojan-Downloader.Win32.Small.cxx skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0090969.exe Infected: Trojan-Downloader.Win32.Small.cxx skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0090970.exe Infected: Trojan-Downloader.Win32.Agent.bsm skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0090971.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.j skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0090972.dll Infected: Trojan.Win32.BHO.ab skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0090973.dll Infected: Trojan.Win32.Qhost.it skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0090975.dll Infected: Trojan-Clicker.Win32.Small.mw skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0090976.exe Infected: Trojan.Win32.Agent.anr skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0090977.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0090978.exe Infected: Trojan.Win32.Agent.anr skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0090980.exe Infected: Trojan.Win32.Agent.anr skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0090981.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kg skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0090982.exe Infected: Trojan.Win32.Agent.anr skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0090983.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kg skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0090984.exe Infected: Trojan.Win32.Agent.anr skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0090985.exe Infected: Trojan.Win32.Agent.anr skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0090986.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kg skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0090987.exe Infected: Trojan-Downloader.Win32.Agent.bnn skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\A0090988.exe Infected: Trojan-Downloader.Win32.Agent.bnn skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP120\snapshot\MFEX-1.DAT Suspicious: Packed.Win32.Morphine.a skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP121\A0091260.dll Infected: Trojan-Downloader.Win32.Tibs.ld skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP121\A0091261.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP121\A0092235.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP121\A0092236.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP121\A0092237.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP125\change.log Object is locked skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0020624.DLL Infected: Backdoor.Win32.Hupigon.eqa skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021622.dll Infected: not-a-virus:AdWare.Win32.NewDotNet skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021627.DLL Infected: Backdoor.Win32.Hupigon.eqa skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021631.dll Infected: not-a-virus:AdWare.Win32.Agent.cv skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021635.exe/data0005 Infected: Trojan-Downloader.Win32.VB.awj skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021635.exe NSIS: infected - 1 skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021636.exe Infected: Trojan-Dropper.Win32.Agent.mu skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021638.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021641.exe Infected: Trojan-Clicker.Win32.Small.cf skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021642.exe/data0002 Infected: Trojan-Dropper.Win32.Agent.bfr skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021642.exe/data0003 Infected: not-a-virus:AdWare.Win32.BookedSpace.h skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021642.exe NSIS: infected - 2 skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021643.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021644.exe/data0002 Infected: Trojan.Win32.BHO.ab skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021644.exe/data0004 Infected: not-a-virus:AdWare.Win32.BookedSpace.h skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021644.exe NSIS: infected - 2 skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021645.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021646.exe Infected: Trojan-Clicker.Win32.Delf.hj skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021647.exe Infected: Trojan.Win32.Agent.qt skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021648.exe Infected: Packed.Win32.Tibs.ag skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021655.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021656.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021658.exe Infected: not-a-virus:AdWare.Win32.BookedSpace.h skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021659.exe Infected: not-a-virus:AdWare.Win32.BookedSpace.h skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021662.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021663.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021666.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021668.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021669.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021670.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021671.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021672.exe Infected: Packed.Win32.Tibs.ag skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021673.exe Infected: Trojan-Proxy.Win32.Agent.ji skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021676.exe Infected: Trojan-Downloader.Win32.Agent.bnr skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021677.exe Infected: Trojan-Downloader.Win32.Small.cxx skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021680.exe Infected: Trojan-Downloader.Win32.Agent.bil skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021681.exe Infected: Virus.Win32.KME skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021682.exe Infected: Packed.Win32.Tibs.y skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021683.exe Infected: Email-Worm.Win32.Zhelatin.ee skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021684.exe Infected: Trojan-Downloader.Win32.Small.eip skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021685.exe Infected: Trojan-Proxy.Win32.Agent.ji skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021686.exe Infected: Trojan-Proxy.Win32.Xorpix.ba skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021687.exe Infected: Virus.Win32.KME skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021688.exe Infected: not-a-virus:FraudTool.Win32.BraveSentry.b skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021696.exe Infected: Trojan-Downloader.Win32.Zlob.bqw skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021697.exe Infected: Backdoor.Win32.Hupigon.eqa skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021698.exe Infected: Trojan-Dropper.Win32.Agent.mu skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021699.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021705.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021706.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021709.exe Infected: Trojan-Dropper.Win32.Agent.bfr skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021711.exe Infected: Trojan-Spy.Win32.Agent.or skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021712.dll Infected: Trojan-Spy.Win32.VBStat.h skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021713.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.i skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021714.exe Infected: Trojan.Win32.BHO.ab skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021716.exe Infected: Trojan.Win32.VB.tg skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0021717.exe Infected: Trojan.Win32.VB.tg skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0024721.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0024722.dll Infected: Trojan.Win32.Agent.qt skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0024723.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0024724.dll Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0024726.dll Infected: Trojan.Win32.BHO.ab skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0024728.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0024732.dll Infected: not-a-virus:AdWare.Win32.Agent.cv skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0024733.dll Infected: Trojan-Clicker.Win32.Small.cf skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0024734.dll Infected: Trojan-Proxy.Win32.Xorpix.m skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0024737.exe Infected: Trojan-Spy.Win32.Agent.or skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP96\A0024764.exe Infected: Trojan-Downloader.Win32.PurityScan.eg skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP97\A0025754.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP97\A0025757.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP99\A0026766.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP99\A0026768.dll Infected: Trojan.Win32.BHO.g skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\Default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\Sam Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\Security Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\Software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\System Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped C:\WINDOWS\system32\drivers\sptd8557.sys Object is locked skipped C:\WINDOWS\system32\drivers\vaxscsi.sys Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\msorcl32.exe Infected: not-virus:Hoax.Win32.Renos.fn skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. This is a completely unrelated question but i was hoping you can help me. I play World of Warcraft but I often lag and have long loading times. My computer has 512 RAM and a NVIDIA GeForce4 video card. To fix the lag and load times, would it be better to get a better video card or upgrade to more RAM. thanks |
|
|
|
|
06-10-2007, 08:04 AM
|
#15 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,987
OS: WinXP and Vista
|
Re: Windows cant run in normal mode
Hiya,
I'll confess--I know nothing about gaming. When we're through cleaning your system, talk to the folks in the Online Gaming Support section of this forum. ------------------------------------------------------------ Delete this file: C:\WINDOWS\system32\ msorcl32.exe **If the above file resists deletion, boot into Safe Mode to delete it. ------------------------------------------------------------ Please download SmitfraudFix (by S!Ri) to your Desktop. Double-click smitfraudfix.exe to start the tool.
do so |
|
|
|
|
06-11-2007, 11:59 AM
|
#16 (permalink) |
|
Registered User
Join Date: Dec 2006
Posts: 26
OS: WinXP
|
Re: Windows cant run in normal mode
SmitFraudFix v2.195
Scan done at 13:51:35.45, Mon 06/11/2007 Run from C:\Program Files\Mozilla Firefox\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\Norton AntiVirus\SAVScan.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\BigFix\BigFix.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: NETGEAR WG111 802.11g Wireless USB2.0 Adapter DNS Server Search Order: 192.168.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{81A3DBC0-3338-4CAA-B4BD-3B1D53DCFD7C}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{81A3DBC0-3338-4CAA-B4BD-3B1D53DCFD7C}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{81A3DBC0-3338-4CAA-B4BD-3B1D53DCFD7C}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{81A3DBC0-3338-4CAA-B4BD-3B1D53DCFD7C}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End |
|
|
|
|
06-11-2007, 06:44 PM
|
#17 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,987
OS: WinXP and Vista
|
Re: Windows cant run in normal mode
Hi,
Thanks--your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links: Reset hidden/system files and folders Windows XP =============== Click Start. * Open My Computer. * Select the Tools menu and click Folder Options. * Select the View tab. * Deselect the Show hidden files and folders option. * Select the Hide file extensions for known types option. * Select the Hide protected operating system files option. Click Yes to confirm. Click OK. Ensure Windows Auto Update is Enabled *Go to Start>Run - type wuaucpl.cpl *Tick on the checkbox - "Automatically download the updates, and install them on the schedule that I specify". Click on "OK". Create a new System Restore point Click Start >> Run - type SYSDM.CPL & press Enter * Select the System Restore Tab * Tick on the checkbox - "Turn off System Restore on all drives" Click Apply * Then untick the same checkbox & click OK This will prevent any reinfection from previous restore points. To help protect your computer in the future I recommend that you get the following free programs if you do not already have them: McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad. SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items. Spyware Guard to catch and block spyware before it can execute. IE-SPYAD.EXE to block access to malicious websites so you cannot be redirected to them from an infected site or email. IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. This is a self-extracting .ZIP file, save it to your desktop. Once downloaded, double-click on it to extract the files inside (default dir is C:\IE-SPYAD)
Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released. In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles: PC Safety and Security--What Do I Need? HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein THE ANTI-SPYWARE TUTORIAL MAKING INTERNET EXPLORER SAFER Understanding and Using Firewalls **Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them. ----------------------------------------------------- Follow the list above and the potential for infection will reduce dramatically. 
|
|
|
|
| Thread Tools | |
|
|
