|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
08-30-2007, 09:22 AM
|
#1 (permalink) |
|
Registered User
Join Date: Aug 2007
Posts: 13
OS: Windows XP SP2
|
[SOLVED] Computer runs very slow and freezes. More detail inside.
Computer blue screens at times. Runs much slower than it used to. Pop-ups are consistent. Virus seems to redownload itself after I remove it with my virus protection programs. If I remember any other problems I will let you know as fast as possible.
My system runs on Windows XP Home SP2. Pentium 4 CPU 3GHz. 1GB RAM. Deckard's System Scanner v20070826.66 Run by Jon on 2007-08-30 10:56:41 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- -- Last 5 Restore Point(s) -- 94: 2007-08-30 08:17:49 UTC - RP800 - Deckard's System Scanner Restore Point 93: 2007-08-30 06:59:30 UTC - RP799 - Removed Corel Paint Shop Pro X 92: 2007-08-30 06:08:23 UTC - RP798 - Restore Operation 91: 2007-08-30 06:05:25 UTC - RP797 - Restore Operation 90: 2007-08-30 05:55:29 UTC - RP796 - Restore Operation -- First Restore Point -- 1: 2007-06-02 09:23:18 UTC - RP707 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Jon.exe) ------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:57:42 AM, on 8/30/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\security\aol.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\nvsvc32.exe C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\LimeWire\LimeWire.exe C:\Documents and Settings\Jon\Desktop\Deckard's System Scanner.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Jon.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thottbot.com/ R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ssig] C:\WINDOWS\system32\ssig.exe O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe O4 - HKLM\..\Run: [nukg] C:\WINDOWS\system32\nukg.exe O4 - HKLM\..\RunServices: [qcdb] C:\WINDOWS\system32\qcdb.exe O4 - HKLM\..\RunServices: [ppx] C:\WINDOWS\system32\ppx.exe O4 - HKLM\..\RunServices: [qdn] C:\WINDOWS\system32\qdn.exe O4 - HKLM\..\RunServices: [ssig] C:\WINDOWS\system32\ssig.exe O4 - HKLM\..\RunServices: [vaxb] C:\WINDOWS\system32\vaxb.exe O4 - HKLM\..\RunServices: [ecrtrc] C:\WINDOWS\system32\ecrtrc.exe O4 - HKLM\..\RunServices: [nukg] C:\WINDOWS\system32\nukg.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user') O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZNxmk572CWUS O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework...ex/TmHcmsX.CAB O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{3C7B4365-B73E-46DB-9C0B-56AB67054B0D}: NameServer = 68.87.64.146,65.87.75.194 O17 - HKLM\System\CCS\Services\Tcpip\..\{8674926F-58E6-4780-8BF9-9B078E344461}: NameServer = 68.87.64.146,68.87.75.194 O23 - Service: Print Spooler Service (akebaaoia2e0ouu) - Unknown owner - C:\WINDOWS\system32\nukg.exe O23 - Service: AOL Service (AOLSVCv2) - Unknown owner - C:\WINDOWS\security\aol.exe O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: AOL Spy Watch (LD-AOL-Spy_Watchv1) - Unknown owner - C:\WINDOWS\Help\aolsw.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe -- End of file - 8311 bytes -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) ----------- backup-20070731-145758-217 O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) backup-20070731-145800-465 O23 - Service: AOL Spy Watch (LD-AOL-Spy_Watchv1) - Unknown owner - C:\WINDOWS\Help\aolsw.exe backup-20070830-024330-103 O4 - HKLM\..\Run: [rbxje] C:\WINDOWS\system32\rbxje.exe backup-20070830-024330-112 O4 - HKLM\..\Run: [nyxmhjpzbe] C:\WINDOWS\system32\nyxmhjpzbe.exe backup-20070830-024330-128 O4 - HKLM\..\Run: [okiap] C:\WINDOWS\system32\okiap.exe backup-20070830-024330-134 O4 - HKLM\..\Run: [wbkvdnmszxft] C:\WINDOWS\system32\wbkvdnmszxft.exe backup-20070830-024330-138 O4 - HKLM\..\Run: [qcdb] C:\WINDOWS\system32\qcdb.exe backup-20070830-024330-152 O4 - HKLM\..\Run: [qdn] C:\WINDOWS\system32\qdn.exe backup-20070830-024330-216 O4 - HKLM\..\Run: [nsdyuyhhelgi] C:\WINDOWS\system32\nsdyuyhhelgi.exe backup-20070830-024330-236 O4 - HKLM\..\Run: [brrx] C:\WINDOWS\system32\brrx.exe backup-20070830-024330-326 O4 - HKLM\..\Run: [xhzxlnyno] C:\WINDOWS\system32\xhzxlnyno.exe backup-20070830-024330-330 O4 - HKLM\..\Run: [qvcjurnpyo] C:\WINDOWS\system32\qvcjurnpyo.exe backup-20070830-024330-445 O4 - HKLM\..\Run: [tloexcmdxxoi] C:\WINDOWS\system32\tloexcmdxxoi.exe backup-20070830-024330-466 O4 - HKLM\..\Run: [upkehurhtbh] C:\WINDOWS\system32\upkehurhtbh.exe backup-20070830-024330-471 O4 - HKLM\..\Run: [qk] C:\WINDOWS\system32\qk.exe backup-20070830-024330-490 O4 - HKLM\..\Run: [namqmnclnk] C:\WINDOWS\system32\namqmnclnk.exe backup-20070830-024330-601 O4 - HKLM\..\Run: [poofsjmpmx] C:\WINDOWS\system32\poofsjmpmx.exe backup-20070830-024330-617 O4 - HKLM\..\Run: [ppx] C:\WINDOWS\system32\ppx.exe backup-20070830-024330-631 O4 - HKLM\..\Run: [xqowlf] C:\WINDOWS\system32\xqowlf.exe backup-20070830-024330-632 O4 - HKLM\..\Run: [lzxoypcd] C:\WINDOWS\system32\lzxoypcd.exe backup-20070830-024330-641 O4 - HKLM\..\Run: [wbx] C:\WINDOWS\system32\wbx.exe backup-20070830-024330-700 O4 - HKLM\..\Run: [brkq] C:\WINDOWS\system32\brkq.exe backup-20070830-024330-705 O4 - HKLM\..\Run: [enobygmse] C:\WINDOWS\system32\enobygmse.exe backup-20070830-024330-750 O4 - HKLM\..\Run: [fdddduxuym] C:\WINDOWS\system32\fdddduxuym.exe backup-20070830-024330-823 O4 - HKLM\..\Run: [zrfwb] C:\WINDOWS\system32\zrfwb.exe backup-20070830-024330-842 O4 - HKLM\..\Run: [igtj] C:\WINDOWS\system32\igtj.exe backup-20070830-024330-856 O4 - HKLM\..\Run: [khuglxco] C:\WINDOWS\system32\khuglxco.exe backup-20070830-024330-880 O4 - HKLM\..\Run: [lirrmakyh] C:\WINDOWS\system32\lirrmakyh.exe backup-20070830-024330-882 O4 - HKLM\..\Run: [ftsjklttzpe] C:\WINDOWS\system32\ftsjklttzpe.exe backup-20070830-024330-887 O4 - HKLM\..\Run: [mulj] C:\WINDOWS\system32\mulj.exe backup-20070830-024330-930 O4 - HKLM\..\Run: [crgqiznqxfg] C:\WINDOWS\system32\crgqiznqxfg.exe backup-20070830-024330-955 O4 - HKLM\..\Run: [gkyxunrif] C:\WINDOWS\system32\gkyxunrif.exe backup-20070830-024330-995 O4 - HKLM\..\Run: [yzdzcowbsg] C:\WINDOWS\system32\yzdzcowbsg.exe backup-20070830-024331-100 O4 - HKLM\..\RunServices: [ftsjklttzpe] C:\WINDOWS\system32\ftsjklttzpe.exe backup-20070830-024331-109 O4 - HKLM\..\RunServices: [fdddduxuym] C:\WINDOWS\system32\fdddduxuym.exe backup-20070830-024331-123 O4 - HKLM\..\RunServices: [uxsq] C:\WINDOWS\system32\uxsq.exe backup-20070830-024331-133 O4 - HKLM\..\Run: [rqqoihtfdtm] C:\WINDOWS\system32\rqqoihtfdtm.exe backup-20070830-024331-138 O4 - HKLM\..\RunServices: [upkehurhtbh] C:\WINDOWS\system32\upkehurhtbh.exe backup-20070830-024331-140 O4 - HKUS\S-1-5-18\..\Run: [fqfi] C:\PROGRA~1\COMMON~1\fqfi\fqfim.exe (User 'SYSTEM') backup-20070830-024331-159 O4 - HKLM\..\RunServices: [tmofy] C:\WINDOWS\system32\tmofy.exe backup-20070830-024331-189 O4 - HKLM\..\Run: [ecrtrc] C:\WINDOWS\system32\ecrtrc.exe backup-20070830-024331-200 O4 - HKLM\..\RunServices: [igtj] C:\WINDOWS\system32\igtj.exe backup-20070830-024331-201 O4 - HKLM\..\Run: [wop] C:\WINDOWS\system32\wop.exe backup-20070830-024331-210 O4 - HKLM\..\RunServices: [omqrjkizh] C:\WINDOWS\system32\omqrjkizh.exe backup-20070830-024331-216 O4 - HKLM\..\RunServices: [xhzxlnyno] C:\WINDOWS\system32\xhzxlnyno.exe backup-20070830-024331-222 O4 - HKLM\..\Run: [cznkcjjpn] C:\WINDOWS\system32\cznkcjjpn.exe backup-20070830-024331-223 O4 - HKLM\..\RunServices: [rqqoihtfdtm] C:\WINDOWS\system32\rqqoihtfdtm.exe backup-20070830-024331-234 O4 - HKCU\..\Run: [Rzcamqp] "C:\Documents and Settings\Jon\My Documents\?asks\??rss.exe" backup-20070830-024331-236 O4 - HKLM\..\Run: [zdzqeenesgs] C:\WINDOWS\system32\zdzqeenesgs.exe backup-20070830-024331-252 O4 - HKLM\..\RunServices: [grnndfar] C:\WINDOWS\system32\grnndfar.exe backup-20070830-024331-261 O4 - HKLM\..\Run: [uoxubonllttq] C:\WINDOWS\system32\uoxubonllttq.exe backup-20070830-024331-267 O4 - HKLM\..\RunServices: [dpkwbwei] C:\WINDOWS\system32\dpkwbwei.exe backup-20070830-024331-268 O4 - HKLM\..\RunServices: [wop] C:\WINDOWS\system32\wop.exe backup-20070830-024331-271 O4 - HKLM\..\Run: [iudctgs] C:\WINDOWS\system32\iudctgs.exe backup-20070830-024331-286 O4 - HKLM\..\RunServices: [brrx] C:\WINDOWS\system32\brrx.exe backup-20070830-024331-298 O4 - HKLM\..\RunServices: [q] C:\WINDOWS\system32\q.exe backup-20070830-024331-323 O4 - HKLM\..\Run: [vaxb] C:\WINDOWS\system32\vaxb.exe backup-20070830-024331-330 O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe backup-20070830-024331-336 O4 - HKLM\..\Run: [pljvjuhehfod] C:\WINDOWS\system32\pljvjuhehfod.exe backup-20070830-024331-393 O4 - HKLM\..\RunServices: [brkq] C:\WINDOWS\system32\brkq.exe backup-20070830-024331-401 O4 - HKLM\..\Run: [tmofy] C:\WINDOWS\system32\tmofy.exe backup-20070830-024331-409 O4 - HKLM\..\Run: [ph] C:\WINDOWS\system32\ph.exe backup-20070830-024331-413 O4 - HKLM\..\RunServices: [nukg] C:\WINDOWS\system32\nukg.exe backup-20070830-024331-417 O4 - HKLM\..\RunServices: [zrfwb] C:\WINDOWS\system32\zrfwb.exe backup-20070830-024331-420 O4 - HKLM\..\Run: [uxsq] C:\WINDOWS\system32\uxsq.exe backup-20070830-024331-437 O4 - HKLM\..\RunServices: [mwz] C:\WINDOWS\system32\mwz.exe backup-20070830-024331-447 O4 - HKLM\..\RunServices: [okiap] C:\WINDOWS\system32\okiap.exe backup-20070830-024331-497 O4 - HKLM\..\Run: [dpkwbwei] C:\WINDOWS\system32\dpkwbwei.exe backup-20070830-024331-527 O4 - HKCU\..\Run: [Wgu] "C:\Program Files\Common Files\?ystem\??oolsv.exe" backup-20070830-024331-528 O4 - HKLM\..\Run: [omqrjkizh] C:\WINDOWS\system32\omqrjkizh.exe backup-20070830-024331-559 O4 - HKLM\..\Run: [rdsoqy] C:\WINDOWS\system32\rdsoqy.exe backup-20070830-024331-570 O4 - HKLM\..\RunServices: [loqmfxqlxel] C:\WINDOWS\system32\loqmfxqlxel.exe backup-20070830-024331-571 O4 - HKLM\..\Run: [grnndfar] C:\WINDOWS\system32\grnndfar.exe backup-20070830-024331-572 O4 - HKLM\..\Run: [q] C:\WINDOWS\system32\q.exe backup-20070830-024331-596 O4 - HKLM\..\RunServices: [fni] C:\WINDOWS\system32\fni.exe backup-20070830-024331-610 O24 - Desktop Component 0: (no name) - http://webmail.aol.com/25045/aol/en-...hotos&partId=2 backup-20070830-024331-616 O4 - HKLM\..\RunServices: [khuglxco] C:\WINDOWS\system32\khuglxco.exe backup-20070830-024331-642 O4 - HKLM\..\RunServices: [namqmnclnk] C:\WINDOWS\system32\namqmnclnk.exe backup-20070830-024331-643 O4 - HKLM\..\RunServices: [qk] C:\WINDOWS\system32\qk.exe backup-20070830-024331-651 O4 - HKLM\..\RunServices: [rbxje] C:\WINDOWS\system32\rbxje.exe backup-20070830-024331-654 O4 - HKLM\..\RunServices: [feiqasfpj] C:\WINDOWS\system32\feiqasfpj.exe backup-20070830-024331-694 O4 - HKLM\..\Run: [feiqasfpj] C:\WINDOWS\system32\feiqasfpj.exe backup-20070830-024331-695 O4 - HKLM\..\RunServices: [enobygmse] C:\WINDOWS\system32\enobygmse.exe backup-20070830-024331-702 O4 - HKLM\..\RunServices: [mulj] C:\WINDOWS\system32\mulj.exe backup-20070830-024331-728 O4 - HKLM\..\RunServices: [yzdzcowbsg] C:\WINDOWS\system32\yzdzcowbsg.exe backup-20070830-024331-739 O4 - HKLM\..\RunServices: [qvcjurnpyo] C:\WINDOWS\system32\qvcjurnpyo.exe backup-20070830-024331-757 O4 - HKLM\..\RunServices: [uoxubonllttq] C:\WINDOWS\system32\uoxubonllttq.exe backup-20070830-024331-760 O4 - HKLM\..\RunServices: [nsdyuyhhelgi] C:\WINDOWS\system32\nsdyuyhhelgi.exe backup-20070830-024331-766 O4 - HKLM\..\RunServices: [gkyxunrif] C:\WINDOWS\system32\gkyxunrif.exe backup-20070830-024331-767 O4 - HKLM\..\RunServices: [xqowlf] C:\WINDOWS\system32\xqowlf.exe backup-20070830-024331-771 O4 - HKLM\..\RunServices: [pljvjuhehfod] C:\WINDOWS\system32\pljvjuhehfod.exe backup-20070830-024331-775 O4 - HKLM\..\RunServices: [rdsoqy] C:\WINDOWS\system32\rdsoqy.exe backup-20070830-024331-777 O23 - Service: AOL Spy Watch (LD-AOL-Spy_Watchv1) - Unknown owner - C:\WINDOWS\Help\aolsw.exe backup-20070830-024331-794 O4 - HKLM\..\Run: [loqmfxqlxel] C:\WINDOWS\system32\loqmfxqlxel.exe backup-20070830-024331-799 O4 - HKLM\..\RunServices: [wbx] C:\WINDOWS\system32\wbx.exe backup-20070830-024331-806 O4 - HKLM\..\RunServices: [ph] C:\WINDOWS\system32\ph.exe backup-20070830-024331-819 O4 - HKLM\..\RunServices: [wbkvdnmszxft] C:\WINDOWS\system32\wbkvdnmszxft.exe backup-20070830-024331-847 O4 - HKLM\..\RunServices: [nyxmhjpzbe] C:\WINDOWS\system32\nyxmhjpzbe.exe backup-20070830-024331-850 O4 - HKLM\..\RunServices: [lzxoypcd] C:\WINDOWS\system32\lzxoypcd.exe backup-20070830-024331-876 O4 - HKLM\..\Run: [mwz] C:\WINDOWS\system32\mwz.exe backup-20070830-024331-906 O4 - HKLM\..\RunServices: [zdzqeenesgs] C:\WINDOWS\system32\zdzqeenesgs.exe backup-20070830-024331-916 O4 - HKLM\..\RunServices: [tloexcmdxxoi] C:\WINDOWS\system32\tloexcmdxxoi.exe backup-20070830-024331-933 O4 - HKLM\..\Run: [fni] C:\WINDOWS\system32\fni.exe backup-20070830-024331-945 O4 - HKLM\..\Run: [nukg] C:\WINDOWS\system32\nukg.exe backup-20070830-024331-960 O4 - HKLM\..\RunServices: [poofsjmpmx] C:\WINDOWS\system32\poofsjmpmx.exe backup-20070830-024331-968 O4 - HKLM\..\RunServices: [crgqiznqxfg] C:\WINDOWS\system32\crgqiznqxfg.exe backup-20070830-024331-971 O4 - HKLM\..\RunServices: [iudctgs] C:\WINDOWS\system32\iudctgs.exe backup-20070830-024331-982 O4 - HKLM\..\RunServices: [lirrmakyh] C:\WINDOWS\system32\lirrmakyh.exe backup-20070830-024331-996 O4 - HKLM\..\RunServices: [cznkcjjpn] C:\WINDOWS\system32\cznkcjjpn.exe -- File Associations ----------------------------------------------------------- .bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71 .ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69 .txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70 -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver> R2 Devx - c:\windows\system32\drivers\devx.sys R2 VtPr - c:\windows\system32\drivers\vtpr.sys S1 core - c:\windows\system32\drivers\core.sys (file missing) S3 aaudstum - c:\docume~1\jon\locals~1\temp\aaudstum.sys (file missing) S3 PCANDIS5 (PCANDIS5 Protocol Driver) - c:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 AOLSVCv2 (AOL Service) - "c:\windows\security\aol.exe" R2 spkrmon - c:\program files\analog devices\soundmax\spkrmon.exe <Not Verified; ; spkrmon Module> S2 akebaaoia2e0ouu (Print Spooler Service) - c:\windows\system32\nukg.exe /service S2 LD-AOL-Spy_Watchv1 (AOL Spy Watch) - "c:\windows\help\aolsw.exe" (file missing) S3 aspnet_state (ASP.NET State Service) - c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe (file missing) -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318} Description: Device ID: DISPLAY\NVCAP\5&2933BD47&0&CA000002&01&00 Manufacturer: Name: PNP Device ID: DISPLAY\NVCAP\5&2933BD47&0&CA000002&01&00 Service: Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318} Description: Device ID: DISPLAY\NVTVSND\5&2933BD47&0&CA000005&01&00 Manufacturer: Name: PNP Device ID: DISPLAY\NVTVSND\5&2933BD47&0&CA000005&01&00 Service: Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318} Description: Device ID: DISPLAY\NVXBAR\5&2933BD47&0&CA000003&01&00 Manufacturer: Name: PNP Device ID: DISPLAY\NVXBAR\5&2933BD47&0&CA000003&01&00 Service: Class GUID: Description: Device ID: DISPLAY\NVZTUNEP\5&2933BD47&0&CA000004&01&00 Manufacturer: Name: PNP Device ID: DISPLAY\NVZTUNEP\5&2933BD47&0&CA000004&01&00 Service: Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: PCI Modem Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&1C660DD6&0&08F0 Manufacturer: Name: PCI Modem PNP Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&1C660DD6&0&08F0 Service: Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: Ethernet Controller Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_01571028&REV_02\4&1C660DD6&0&40F0 Manufacturer: Name: Ethernet Controller PNP Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_01571028&REV_02\4&1C660DD6&0&40F0 Service: -- Scheduled Tasks ------------------------------------------------------------- 2007-08-27 19:29:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2007-07-30 and 2007-08-30 ----------------------------- 2007-08-30 07:17:56 0 d-------- C:\WINDOWS\LastGood 2007-08-30 04:00:55 0 d-------- C:\Program Files\ZonedOut 2007-08-30 03:58:19 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library> 2007-08-30 03:58:17 0 d-------- C:\Program Files\SpywareBlaster 2007-08-30 02:12:46 0 d-------- C:\Program Files\America's Army Server Manager 2007-08-30 02:11:26 0 d-------- C:\Program Files\SecondLife 2007-08-30 02:11:07 0 d-------- C:\Documents and Settings\Jon\Application Data\Grisoft 2007-08-30 02:11:01 0 d-------- C:\WINDOWS\ShellNew 2007-08-30 02:10:53 0 d-------- C:\Program Files\WordPerfect Office X3 2007-08-30 02:10:53 0 d-------- C:\Program Files\Common Files\Borland Shared 2007-08-30 02:09:52 0 d-------- C:\Program Files\Common Files\Stardock 2007-08-30 02:08:52 0 d-------- C:\Documents and Settings\Dad\Application Data\Sonic 2007-08-30 02:08:52 0 d---s---- C:\Documents and Settings\Dad\Application Data\Microsoft 2007-08-30 02:08:52 0 d-------- C:\Documents and Settings\Dad\Application Data\Macromedia 2007-08-30 02:08:52 0 d-------- C:\Documents and Settings\Dad\Application Data\Identities 2007-08-30 02:08:51 0 dr-h----- C:\Documents and Settings\Dad\Recent 2007-08-30 02:08:51 0 d--h----- C:\Documents and Settings\Dad\PrintHood 2007-08-30 02:08:51 0 d--h----- C:\Documents and Settings\Dad\Local Settings 2007-08-30 02:08:51 0 d-------- C:\Documents and Settings\Dad\Desktop 2007-08-30 02:08:51 0 dr-h----- C:\Documents and Settings\Dad\Application Data 2007-08-30 02:08:51 0 d-------- C:\Documents and Settings\Dad\Application Data\Sun 2007-08-30 02:08:50 0 dr-h----- C:\Documents and Settings\Dad\SendTo 2007-08-30 02:08:48 0 d--h----- C:\Documents and Settings\Dad\Templates 2007-08-30 02:08:48 0 dr------- C:\Documents and Settings\Dad\Start Menu 2007-08-25 11:42:13 0 d-------- C:\Documents and Settings\Jon\Bouncing Souls 2007-08-21 02:15:00 0 d-------- C:\Program Files\Xfire 2007-08-18 18:40:37 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-08-18 12:48:21 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia 2007-08-18 12:25:13 0 d-------- C:\Documents and Settings\Jon\Application Data\LimeWire 2007-08-16 03:04:54 0 d-------- C:\Program Files\MSXML 6.0 2007-08-12 17:41:24 123904 --a------ C:\updates9456.exe 2007-08-12 03:39:21 95232 --a------ C:\updates9453.exe 2007-08-12 01:04:32 82944 --a------ C:\WINDOWS\system32\fyus.exe 2007-08-11 07:35:54 90112 --a------ C:\U.exe 2007-08-11 03:42:17 0 d-------- C:\Program Files\Enigma Software Group 2007-08-11 03:25:54 82944 --a------ C:\WINDOWS\system32\grnndfar.exe 2007-08-11 03:24:02 0 d-------- C:\Program Files\Spyware Doctor 2007-08-11 03:24:02 0 d-------- C:\Documents and Settings\Jon\Application Data\PC Tools 2007-08-10 23:12:44 140288 --a------ C:\WINDOWS\system32\yrvneyd.exe 2007-08-10 23:12:44 140288 --a------ C:\WINDOWS\system32\uoxubonllttq.exe 2007-08-09 03:15:05 78848 --a------ C:\WINDOWS\system32\loqmfxqlxel.exe 2007-08-09 03:14:04 119808 --a------ C:\WINDOWS\system32\bn.exe 2007-08-06 15:11:25 156672 --a------ C:\WINDOWS\system32\jy.exe 2007-08-05 19:56:03 107520 --a------ C:\WINDOWS\system32\dtbua.exe 2007-08-04 19:39:47 78848 --a------ C:\WINDOWS\system32\nukg.exe 2007-08-04 03:08:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-07-31 14:38:10 0 d-------- C:\Documents and Settings\LocalService\Start Menu 2007-07-30 23:16:30 70656 --a------ C:\aol.exe 2007-07-30 23:01:07 123904 --a------ C:\WINDOWS\system32\syx.exe 2007-07-30 21:25:00 0 d-------- C:\Documents and Settings\Jon\Application Data\s?curity 2007-07-30 16:58:15 205 --a------ C:\updatewin.exe 2007-07-30 14:02:31 123904 --a------ C:\WINDOWS\system32\xiosscgh.exe 2007-07-30 11:45:19 0 d-------- C:\Documents and Settings\LocalService\Desktop 2007-07-30 11:38:14 128000 --a------ C:\WINDOWS\system32\feiqasfpj.exe -- Find3M Report --------------------------------------------------------------- 2007-08-30 03:02:37 0 d-------- C:\Program Files\Corel 2007-08-30 03:02:37 0 d-------- C:\Program Files\Common Files\Corel 2007-08-30 02:59:52 0 d-------- C:\Documents and Settings\Jon\Application Data\Corel 2007-08-30 02:12:46 0 d-------- C:\Program Files\America's Army 2007-08-30 02:10:05 0 d-------- C:\Program Files\Common Files\Real 2007-08-30 02:10:02 0 d-------- C:\Program Files\Common Files\AOL 2007-08-29 16:29:22 0 d-------- C:\Program Files\Warcraft III 2007-08-23 18:49:23 0 d-------- C:\Program Files\Call of Duty Game of the Year Edition 2007-08-22 18:27:04 0 d-------- C:\Program Files\Common Files 2007-08-04 03:20:32 0 d-------- C:\Program Files\EA GAMES 2007-08-04 03:20:21 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-08-02 15  07 0 d-------- C:\Program Files\World of Warcraft2007-08-02 13:21:12 0 d-------- C:\Program Files\S?mantec 2007-07-31 15:53:35 0 d-------- C:\Program Files\AIM Gadgets 2007-07-31 15:49:48 0 d-------- C:\Program Files\Skype 2007-07-31 15:48:56 0 d-------- C:\Documents and Settings\Jon\Application Data\s?curity 2007-07-29 21:24:18 0 d-------- C:\Documents and Settings\Jon\Application Data\Skype 2007-07-29 20:03:36 0 d-------- C:\Documents and Settings\Jon\Application Data\teamspeak2 2007-07-29 17:52:29 0 d-------- C:\Program Files\s?stem 2007-07-29 17:50:15 0 d-------- C:\Program Files\Common Files\?ystem 2007-07-29 15:50:11 0 d-------- C:\Program Files\Common Files\fqfi 2007-07-29 14:47:23 0 d-------- C:\Program Files\Trend Micro 2007-07-29 02:09:26 152576 --a------ C:\WINDOWS\system32\dpkwbwei.exe 2007-07-28 21:08:32 152576 --a------ C:\WINDOWS\system32\kpzw.exe 2007-07-28 21:08:24 152576 --a------ C:\WINDOWS\system32\srqhjhdxip.exe 2007-07-28 19:42:49 152576 --a------ C:\WINDOWS\system32\hgpndxx.exe 2007-07-28 18:25:52 152576 --a------ C:\WINDOWS\system32\xkqeqhxbv.exe 2007-07-27 00:15:51 168960 --a------ C:\WINDOWS\system32\zu.exe 2007-07-27 00:15:33 168960 --a------ C:\WINDOWS\system32\tmofy.exe 2007-07-26 18:17:40 177152 --a------ C:\WINDOWS\system32\uxsq.exe 2007-07-25 22:24:38 197632 --a------ C:\WINDOWS\system32\otxvhkw.exe 2007-07-25 22:24:31 197632 --a------ C:\WINDOWS\system32\quvwfzild.exe 2007-07-25 21:21:50 197632 --a------ C:\WINDOWS\system32\jzvlnqcfkj.exe 2007-07-25 21:21:39 197632 --a------ C:\WINDOWS\system32\dlkysro.exe 2007-07-25 21:15:50 197632 --a------ C:\WINDOWS\system32\avmejz.exe 2007-07-25 21:15:42 197632 --a------ C:\WINDOWS\system32\evrydsinl.exe 2007-07-25 21:12:30 197632 --a------ C:\WINDOWS\system32\ph.exe 2007-07-25 18:27:08 9806 --a------ C:\winupdate.exe <Not Verified; ; installer> 2007-07-24 22:58:10 0 d-------- C:\Program Files\AIM 2007-07-24 22:58:06 0 d-------- C:\Documents and Settings\Jon\Application Data\Aim 2007-07-24 22:30:11 0 d-------- C:\Program Files\AOD 2007-07-24 22:27:42 0 d-------- C:\Documents and Settings\Jon\Application Data\JAMS 2007-07-22 13:50:11 181248 --a------ C:\WINDOWS\system32\er.exe 2007-07-21 04:28:12 111616 --a------ C:\WINDOWS\system32\zdzqeenesgs.exe 2007-07-18 11:27:19 0 d-------- C:\Documents and Settings\Jon\Application Data\Viewpoint 2007-07-17 01:28:03 0 --a------ C:\Program Files\WoW-1.9.4.5086-to-0.10.0.5140-enUS-patch.exe 2007-07-17 01:17:53 5852 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2007-07-17 01:17:50 104 -r-hs---- C:\WINDOWS\system32\1895EC90FF.sys 2007-07-15 15:24:16 164864 --a------ C:\WINDOWS\system32\mwz.exe 2007-07-15 15:16:37 164864 --a------ C:\WINDOWS\system32\kusinqdnarzr.exe 2007-07-15 01:28:38 164864 --a------ C:\WINDOWS\system32\wctdkb.exe 2007-07-15 01:28:38 164864 --a------ C:\WINDOWS\system32\e.exe 2007-07-15 01:13:10 164864 --a------ C:\WINDOWS\system32\onufoztrdwx.exe 2007-07-15 01:12:19 164864 --a------ C:\WINDOWS\system32\fdxio.exe 2007-07-12 22:51:47 164864 --a------ C:\WINDOWS\system32\hev.exe 2007-07-12 10:02:38 168960 --a------ C:\WINDOWS\system32\mjopgqpjdor.exe 2007-07-12 03:40:22 168960 --a------ C:\WINDOWS\system32\zugozyin.exe 2007-07-12 03:40:16 168960 --a------ C:\WINDOWS\system32\ecrtrc.exe 2007-07-11 09:20:49 111616 --a------ C:\WINDOWS\system32\pljvjuhehfod.exe 2007-07-11 01:40:36 111616 --a------ C:\WINDOWS\system32\fni.exe 2007-07-11 00:33:23 193536 --a------ C:\WINDOWS\system32\q.exe 2007-07-11 00:28:33 193536 --a------ C:\WINDOWS\system32\sdz.exe 2007-07-09 11:09:38 168960 --a------ C:\WINDOWS\system32\lyl.exe 2007-07-08 21:50:24 128000 --a------ C:\WINDOWS\system32\qwc.exe 2007-07-08 19:12:12 91136 --a------ C:\WINDOWS\system32\nfounnsnpum.exe 2007-07-06 17:59:39 144384 --a------ C:\WINDOWS\system32\mefgcvtn.exe 2007-07-06 00:07:12 148480 --a------ C:\WINDOWS\system32\wlszknvfpzu.exe 2007-07-03 22:41:39 78848 --a------ C:\WINDOWS\system32\tp.exe 2007-07-01 17:24:47 123904 --a------ C:\WINDOWS\system32\oxmkntxxdwq.exe 2007-07-01 07:49:52 123904 --a------ C:\WINDOWS\system32\qeuzyom.exe 2007-06-29 13:39:39 95232 --a------ C:\WINDOWS\system32\wjjbywttug.exe 2007-06-29 11:31:20 95232 --a------ C:\WINDOWS\system32\iudctgs.exe 2007-06-28 10:25:48 78848 --a------ C:\WINDOWS\system32\xepjhq.exe 2007-06-27 12:18:03 185344 --a------ C:\WINDOWS\system32\cznkcjjpn.exe 2007-06-26 22:58:48 99328 --a------ C:\WINDOWS\system32\qgukbfbly.exe 2007-06-26 22:41:24 99328 --a------ C:\WINDOWS\system32\ygjbpkgiikkx.exe 2007-06-26 22:17:13 99328 --a------ C:\WINDOWS\system32\uoxvbncjo.exe 2007-06-26 12:01:12 99328 --a------ C:\WINDOWS\system32\shoazgdu.exe 2007-06-26 12:01:07 99328 --a------ C:\WINDOWS\system32\vaxb.exe 2007-06-23 22:20:26 107520 --a------ C:\WINDOWS\system32\rqqoihtfdtm.exe 2007-06-22 07:14:17 82944 --a------ C:\WINDOWS\system32\wop.exe 2007-06-22 03:24:55 82944 --a------ C:\WINDOWS\system32\quwdwah.exe 2007-06-20 00:18:00 173056 --a------ C:\WINDOWS\system32\yqkuib.exe 2007-06-19 00:26:58 144384 --a------ C:\WINDOWS\system32\nyxmhjpzbe.exe 2007-06-16 21:12:23 103424 --a------ C:\WINDOWS\system32\brkq.exe 2007-06-16 17:49:53 123904 --a------ C:\WINDOWS\system32\crgqiznqxfg.exe 2007-06-16 17:40:57 119808 --a------ C:\WINDOWS\system32\khuglxco.exe 2007-06-16 14:14:48 144384 --a------ C:\WINDOWS\system32\lirrmakyh.exe 2007-06-16 14:14:24 144384 --a------ C:\WINDOWS\system32\ghhvusojsg.exe 2007-06-16 04:10:16 144384 --a------ C:\WINDOWS\system32\hhv.exe 2007-06-16 04:10:08 144384 --a------ C:\WINDOWS\system32\hyxaqcxq.exe 2007-06-16 04:09:51 144384 --a------ C:\WINDOWS\system32\inscgrbatnm.exe 2007-06-16 04:09:37 144384 --a------ C:\WINDOWS\system32\wjlh.exe 2007-06-16 04:01:38 144384 --a------ C:\WINDOWS\system32\oalv.exe 2007-06-16 03 46 144384 --a------ C:\WINDOWS\system32\nzpbxp.exe2007-06-15 22:41:21 123904 --a------ C:\WINDOWS\system32\gkyxunrif.exe 2007-06-14 02:52:22 148480 --a------ C:\WINDOWS\system32\tqqgvkqzoqr.exe 2007-06-14 01:43:47 148480 --a------ C:\WINDOWS\system32\erc.exe 2007-06-07 21:10:39 95232 --a------ C:\WINDOWS\system32\igtj.exe 2007-06-07 21:10:30 95232 --a------ C:\WINDOWS\system32\cyzwrynbvxs.exe 2007-06-07 20:29:06 95232 --a------ C:\WINDOWS\system32\rahezvf.exe 2007-06-07 20:28:49 95232 --a------ C:\WINDOWS\system32\eiosxrnd.exe 2007-06-07 20:25:55 95232 --a------ C:\WINDOWS\system32\pihu.exe 2007-06-07 20:25:46 95232 --a------ C:\WINDOWS\system32\yqa.exe 2007-06-07 18:18:06 95232 --a------ C:\WINDOWS\system32\osm.exe 2007-06-07 18:17:39 95232 --a------ C:\WINDOWS\system32\tu.exe 2007-06-07 17:09:56 95232 --a------ C:\WINDOWS\system32\barufvjf.exe 2007-06-07 17:09:37 95232 --a------ C:\WINDOWS\system32\kj.exe 2007-06-07 17:04:00 95232 --a------ C:\WINDOWS\system32\cbowbxdqkm.exe 2007-06-07 17:03:41 95232 --a------ C:\WINDOWS\system32\smjnfiryp.exe 2007-06-07 17:01:24 95232 --a------ C:\WINDOWS\system32\dde.exe 2007-06-07 17:01:05 95232 --a------ C:\WINDOWS\system32\ub.exe 2007-06-07 13:50:00 95232 --a------ C:\WINDOWS\system32\n.exe 2007-06-07 13:49:44 95232 --a------ C:\WINDOWS\system32\bxqochma.exe 2007-06-07 13:48:18 91136 --a------ C:\WINDOWS\system32\bhmta.exe 2007-06-06 23:27:40 66560 --a------ C:\WINDOWS\system32\cwdnvkamdc.exe 2007-06-06 23:15:49 66560 --a------ C:\WINDOWS\system32\y.exe 2007-06-06 23:13:51 66560 --a------ C:\WINDOWS\system32\pl.exe 2007-06-06 23:13:51 66560 --a------ C:\installer.exe 2007-06-06 23:13:36 66560 --a------ C:\WINDOWS\system32\yueki.exe 2007-06-06 22:35:05 66560 --a------ C:\WINDOWS\system32\b.exe 2007-06-06 22:35:05 66560 --a------ C:\installOSi.exe 2007-06-06 22:34:51 66560 --a------ C:\WINDOWS\system32\ufgcrrychhwq.exe 2007-06-06 21:21:05 66560 --a------ C:\WINDOWS\system32\uqu.exe 2007-06-06 17:01:26 66560 --a------ C:\WINDOWS\system32\wypevcntptw.exe 2007-06-06 17:01:10 66560 --a------ C:\WINDOWS\system32\yjpxcisjg.exe 2007-06-06 16:49:56 66560 --a------ C:\WINDOWS\system32\qqvppfznnv.exe 2007-06-06 16:32:26 66560 --a------ C:\WINDOWS\system32\xbunef.exe 2007-06-06 16:32:11 66560 --a------ C:\WINDOWS\system32\sqnqqdxvl.exe 2007-06-06 15:33:13 66560 --a------ C:\WINDOWS\system32\uwkgwjyf.exe 2007-06-06 15:32:26 66560 --a------ C:\WINDOWS\system32\xb.exe 2007-06-06 15:05:59 66560 --a------ C:\WINDOWS\system32\llnmzyqhb.exe 2007-06-06 15:01:44 66560 --a------ C:\WINDOWS\system32\smpujzq.exe 2007-06-06 15:00:11 66560 --a------ C:\WINDOWS\system32\xmvk.exe 2007-06-06 14:55:18 66560 --a------ C:\WINDOWS\system32\ieo.exe 2007-06-06 14:55:14 66560 --a------ C:\WINDOWS\system32\vstquasgbap.exe 2007-06-06 14:46:57 66560 --a------ C:\WINDOWS\system32\gtxhrbr.exe 2007-06-06 14:46:49 66560 --a------ C:\WINDOWS\system32\ekogvewyaow.exe 2007-06-06 14:46:31 66560 --a------ C:\WINDOWS\system32\dkygbpkx.exe 2007-06-04 17:34:51 66560 --a------ C:\WINDOWS\system32\ewsg.exe 2007-06-04 17:34:09 66560 --a------ C:\WINDOWS\system32\odbt.exe 2007-06-04 17:31:11 66560 --a------ C:\WINDOWS\system32\uvelpfxncemd.exe 2007-06-04 17:25:12 66560 --a------ C:\WINDOWS\system32\c.exe 2007-06-04 17:22:47 66560 --a------ C:\WINDOWS\system32\pztqb.exe 2007-06-04 17:22:30 66560 --a------ C:\WINDOWS\system32\jcpw.exe 2007-06-04 17:19:09 66560 --a------ C:\WINDOWS\system32\wqobvljbcxj.exe 2007-06-04 17:13:15 66560 --a------ C:\WINDOWS\system32\ajkanlrvgow.exe 2007-06-04 17:13:02 66560 --a------ C:\WINDOWS\system32\kyktgeketjlt.exe 2007-06-04 17:02:09 66560 --a------ C:\WINDOWS\system32\ssrqg.exe 2007-06-04 17:01:56 66560 --a------ C:\WINDOWS\system32\jifqfjxhny.exe 2007-06-04 13:50:08 66560 --a------ C:\WINDOWS\system32\fzpv.exe 2007-06-04 13:33:44 66560 --a------ C:\WINDOWS\system32\fyckcmfudmig.exe 2007-06-04 12:34:50 66560 --a------ C:\WINDOWS\system32\teueuue.exe 2007-06-04 04:13:58 66560 --a------ C:\WINDOWS\system32\i.exe 2007-06-04 03:38:10 66560 --a------ C:\WINDOWS\system32\berxhvd.exe 2007-06-03 14:10:30 62464 --a------ C:\WINDOWS\system32\gozqxcjhhdk.exe 2007-06-02 15:31:25 66560 --a------ C:\WINDOWS\system32\djemizwufqox.exe 2007-06-02 15:31:09 66560 --a------ C:\WINDOWS\system32\vb.exe 2007-06-02 15:25:38 66560 --a------ C:\WINDOWS\system32\kcqrm.exe 2007-06-02 15:25:18 66560 --a------ C:\WINDOWS\system32\xust.exe 2007-06-02 15:19:32 66560 --a------ C:\WINDOWS\system32\utezvpvjwkib.exe 2007-06-02 15:19:25 66560 --a------ C:\WINDOWS\system32\lgz.exe 2007-06-02 13:18:00 66560 --a------ C:\WINDOWS\system32\mulj.exe 2007-06-02 05:26:39 66560 --a------ C:\WINDOWS\system32\upkehurhtbh.exe 2007-06-02 00:19:52 66560 --a------ C:\WINDOWS\system32\ssig.exe 2007-06-01 18:23:29 66560 --a------ C:\WINDOWS\system32\zrfwb.exe -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [08/11/2005 05:30 PM] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [08/11/2005 05:30 PM] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [08/11/2006 09:43 PM] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/25/2006 07:58 PM] "ssig"="C:\WINDOWS\system32\ssig.exe" [06/02/2007 12:19 AM] "pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [04/12/2007 06:58 AM] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 AM] "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [06/27/2007 01:54 PM] "SpyHunter"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe" [04/26/2007 07:03 PM] "nukg"="C:\WINDOWS\system32\nukg.exe" [08/04/2007 07:39 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Aim6"="C:\Program Files\AIM6\aim6.exe" [04/27/2007 05:17 PM] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [06/06/2006 12:38 PM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] "qcdb"=C:\WINDOWS\system32\qcdb.exe "ppx"=C:\WINDOWS\system32\ppx.exe "qdn"=C:\WINDOWS\system32\qdn.exe "ssig"=C:\WINDOWS\system32\ssig.exe "vaxb"=C:\WINDOWS\system32\vaxb.exe "ecrtrc"=C:\WINDOWS\system32\ecrtrc.exe "nukg"=C:\WINDOWS\system32\nukg.exe [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll 12/20/2001 11:34 PM 24576 C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=wbsys.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jon^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=C:\Documents and Settings\Jon\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jon^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk] path=C:\Documents and Settings\Jon\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jon^Start Menu^Programs^Startup^Xfire.lnk] path=C:\Documents and Settings\Jon\Start Menu\Programs\Startup\Xfire.lnk backup=C:\WINDOWS\pss\Xfire.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] C:\Program Files\Common Files\AOL\1144111071\ee\AOLSoftware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\3.bin\MWSBAR.DLL,S [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zango] "c:\program files\zango\zango.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Usnsvc usnsvc -- End of Deckard's System Scanner: finished at 2007-08-30 10:59:55 ------------ |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
08-30-2007, 08:02 PM
|
#2 (permalink) | |
|
Analyst, Security Team
Join Date: Jun 2006
Posts: 247
OS: Vista Ultimate/Windows 7 RC
|
Re: Computer runs very slow and freezes. More detail inside.
Hi comp_problems and welcome to the TechSupportForums
My name is Trevuren and I will be helping you with your problem. A. I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player’s components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto-updating for the Viewpoint Manager -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision. Quote:
I STRONGLY recommend that you remove the Viewpoint products; however, decide for yourself. To uninstall the Viewpoint components (Viewpoint, Viewpoint Manager, Viewpoint Media Player): 1. Click Start, then Settings, then click Control Panel. 2. In Control Panel, double-click Add or Remove Programs. 3. In Add or Remove Programs, Remove the Viewpoint component 4. Do the same for each Viewpoint component. B. While you are at it, please also UNINSTALL the following program which is malware: OIN C. Download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) Please then reboot your computer in Safe Mode by doing the following :
D. Please download this file - combofix.exe by sUBs
Note: Do not mouse-click combofix's window while it is running. That may cause it to stall. E. Reports/logs to Post:
Regards, Trevuren
__________________
Paul Microsoft MVP - Consumer Security 2008 - 2009 My help is voluntary. It requires no payment but this site needs donations to operate - http://www.techsupportforum.com/donate.php |
|
|
|
|
|
08-30-2007, 10:13 PM
|
#3 (permalink) |
|
Registered User
Join Date: Aug 2007
Posts: 13
OS: Windows XP SP2
|
Re: Computer runs very slow and freezes. More detail inside.
First I would like to thank you for your time and effort in helping me with this. I could not find where to remove OIN. It was not listed on the add/remove programs list and did not show up when I did a windows search. Here are the three logs you requested.
SDFix: Version 1.101 Run by Jon on Thu 08/30/2007 at 11:25 PM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix\SDFix Safe Mode: Checking Services: Name: akebaaoia2e0ouu ImagePath: C:\WINDOWS\system32\nukg.exe /service akebaaoia2e0ouu - Deleted Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: Trojan Files Found: C:\WINDOWS\SYSTEM32\GOZQXC~1.EXE - Deleted C:\WINDOWS\SYSTEM32\AJKANL~1.EXE - Deleted C:\WINDOWS\SYSTEM32\B.EXE - Deleted C:\WINDOWS\SYSTEM32\BERXHVD.EXE - Deleted C:\WINDOWS\SYSTEM32\C.EXE - Deleted C:\WINDOWS\SYSTEM32\CWDNVK~1.EXE - Deleted C:\WINDOWS\SYSTEM32\DJEMIZ~1.EXE - Deleted C:\WINDOWS\SYSTEM32\DKYGBPKX.EXE - Deleted C:\WINDOWS\SYSTEM32\EKOGVE~1.EXE - Deleted C:\WINDOWS\SYSTEM32\EWSG.EXE - Deleted C:\WINDOWS\SYSTEM32\FYCKCM~1.EXE - Deleted C:\WINDOWS\SYSTEM32\FZPV.EXE - Deleted C:\WINDOWS\SYSTEM32\GTXHRBR.EXE - Deleted C:\WINDOWS\SYSTEM32\I.EXE - Deleted C:\WINDOWS\SYSTEM32\IEO.EXE - Deleted C:\WINDOWS\SYSTEM32\JCPW.EXE - Deleted C:\WINDOWS\SYSTEM32\JIFQFJ~1.EXE - Deleted C:\WINDOWS\SYSTEM32\KCQRM.EXE - Deleted C:\WINDOWS\SYSTEM32\KYKTGE~1.EXE - Deleted C:\WINDOWS\SYSTEM32\LGZ.EXE - Deleted C:\WINDOWS\SYSTEM32\LLNMZY~1.EXE - Deleted C:\WINDOWS\SYSTEM32\MULJ.EXE - Deleted C:\WINDOWS\SYSTEM32\ODBT.EXE - Deleted C:\WINDOWS\SYSTEM32\PL.EXE - Deleted C:\WINDOWS\SYSTEM32\PZTQB.EXE - Deleted C:\WINDOWS\SYSTEM32\QQVPPF~1.EXE - Deleted C:\WINDOWS\SYSTEM32\SMPUJZQ.EXE - Deleted C:\WINDOWS\SYSTEM32\SQNQQD~1.EXE - Deleted C:\WINDOWS\SYSTEM32\SSIG.EXE - Deleted C:\WINDOWS\SYSTEM32\SSRQG.EXE - Deleted C:\WINDOWS\SYSTEM32\TEUEUUE.EXE - Deleted C:\WINDOWS\SYSTEM32\UFGCRR~1.EXE - Deleted C:\WINDOWS\SYSTEM32\UPKEHU~1.EXE - Deleted C:\WINDOWS\SYSTEM32\UQU.EXE - Deleted C:\WINDOWS\SYSTEM32\UTEZVP~1.EXE - Deleted C:\WINDOWS\SYSTEM32\UVELPF~1.EXE - Deleted C:\WINDOWS\SYSTEM32\UWKGWJYF.EXE - Deleted C:\WINDOWS\SYSTEM32\VB.EXE - Deleted C:\WINDOWS\SYSTEM32\VSTQUA~1.EXE - Deleted C:\WINDOWS\SYSTEM32\WQOBVL~1.EXE - Deleted C:\WINDOWS\SYSTEM32\WYPEVC~1.EXE - Deleted C:\WINDOWS\SYSTEM32\XB.EXE - Deleted C:\WINDOWS\SYSTEM32\XBUNEF.EXE - Deleted C:\WINDOWS\SYSTEM32\XMVK.EXE - Deleted C:\WINDOWS\SYSTEM32\XQOWLF.EXE - Deleted C:\WINDOWS\SYSTEM32\XUST.EXE - Deleted C:\WINDOWS\SYSTEM32\Y.EXE - Deleted C:\WINDOWS\SYSTEM32\YJPXCI~1.EXE - Deleted C:\WINDOWS\SYSTEM32\YUEKI.EXE - Deleted C:\WINDOWS\SYSTEM32\ZRFWB.EXE - Deleted C:\WINDOWS\SYSTEM32\LOQMFX~1.EXE - Deleted C:\WINDOWS\SYSTEM32\NUKG.EXE - Deleted C:\WINDOWS\SYSTEM32\TP.EXE - Deleted C:\WINDOWS\SYSTEM32\XEPJHQ.EXE - Deleted C:\WINDOWS\SYSTEM32\FYUS.EXE - Deleted C:\WINDOWS\SYSTEM32\GRNNDFAR.EXE - Deleted C:\WINDOWS\SYSTEM32\QUWDWAH.EXE - Deleted C:\WINDOWS\SYSTEM32\WOP.EXE - Deleted C:\WINDOWS\SYSTEM32\BHMTA.EXE - Deleted C:\WINDOWS\SYSTEM32\NFOUNN~1.EXE - Deleted C:\WINDOWS\SYSTEM32\BARUFVJF.EXE - Deleted C:\WINDOWS\SYSTEM32\BXQOCHMA.EXE - Deleted C:\WINDOWS\SYSTEM32\CBOWBX~1.EXE - Deleted C:\WINDOWS\SYSTEM32\CYZWRY~1.EXE - Deleted C:\WINDOWS\SYSTEM32\DDE.EXE - Deleted C:\WINDOWS\SYSTEM32\EIOSXRND.EXE - Deleted C:\WINDOWS\SYSTEM32\IGTJ.EXE - Deleted C:\WINDOWS\SYSTEM32\IUDCTGS.EXE - Deleted C:\WINDOWS\SYSTEM32\KJ.EXE - Deleted C:\WINDOWS\SYSTEM32\N.EXE - Deleted C:\WINDOWS\SYSTEM32\OSM.EXE - Deleted C:\WINDOWS\SYSTEM32\PIHU.EXE - Deleted C:\WINDOWS\SYSTEM32\RAHEZVF.EXE - Deleted C:\WINDOWS\SYSTEM32\SMJNFI~1.EXE - Deleted C:\WINDOWS\SYSTEM32\TU.EXE - Deleted C:\WINDOWS\SYSTEM32\UB.EXE - Deleted C:\WINDOWS\SYSTEM32\WJJBYW~1.EXE - Deleted C:\WINDOWS\SYSTEM32\YQA.EXE - Deleted C:\WINDOWS\SYSTEM32\QGUKBF~1.EXE - Deleted C:\WINDOWS\SYSTEM32\SHOAZGDU.EXE - Deleted C:\WINDOWS\SYSTEM32\UOXVBN~1.EXE - Deleted C:\WINDOWS\SYSTEM32\VAXB.EXE - Deleted C:\WINDOWS\SYSTEM32\YGJBPK~1.EXE - Deleted C:\WINDOWS\SYSTEM32\BRKQ.EXE - Deleted C:\WINDOWS\SYSTEM32\DTBUA.EXE - Deleted C:\WINDOWS\SYSTEM32\RQQOIH~1.EXE - Deleted C:\WINDOWS\SYSTEM32\FNI.EXE - Deleted C:\WINDOWS\SYSTEM32\PLJVJU~1.EXE - Deleted C:\WINDOWS\SYSTEM32\ZDZQEE~1.EXE - Deleted C:\WINDOWS\SYSTEM32\BN.EXE - Deleted C:\WINDOWS\SYSTEM32\KHUGLXCO.EXE - Deleted C:\WINDOWS\SYSTEM32\CRGQIZ~1.EXE - Deleted C:\WINDOWS\SYSTEM32\GKYXUN~1.EXE - Deleted C:\WINDOWS\SYSTEM32\OXMKNT~1.EXE - Deleted C:\WINDOWS\SYSTEM32\QEUZYOM.EXE - Deleted C:\WINDOWS\SYSTEM32\SYX.EXE - Deleted C:\WINDOWS\SYSTEM32\XIOSSCGH.EXE - Deleted C:\WINDOWS\SYSTEM32\FEIQAS~1.EXE - Deleted C:\WINDOWS\SYSTEM32\QWC.EXE - Deleted C:\WINDOWS\SYSTEM32\UOXUBO~1.EXE - Deleted C:\WINDOWS\SYSTEM32\YRVNEYD.EXE - Deleted C:\WINDOWS\SYSTEM32\GHHVUS~1.EXE - Deleted C:\WINDOWS\SYSTEM32\HHV.EXE - Deleted C:\WINDOWS\SYSTEM32\HYXAQCXQ.EXE - Deleted C:\WINDOWS\SYSTEM32\INSCGR~1.EXE - Deleted C:\WINDOWS\SYSTEM32\LIRRMA~1.EXE - Deleted C:\WINDOWS\SYSTEM32\MEFGCVTN.EXE - Deleted C:\WINDOWS\SYSTEM32\NYXMHJ~1.EXE - Deleted C:\WINDOWS\SYSTEM32\NZPBXP.EXE - Deleted C:\WINDOWS\SYSTEM32\OALV.EXE - Deleted C:\WINDOWS\SYSTEM32\WJLH.EXE - Deleted C:\WINDOWS\SYSTEM32\ERC.EXE - Deleted C:\WINDOWS\SYSTEM32\TQQGVK~1.EXE - Deleted C:\WINDOWS\SYSTEM32\WLSZKN~1.EXE - Deleted C:\WINDOWS\SYSTEM32\DPKWBWEI.EXE - Deleted C:\WINDOWS\SYSTEM32\HGPNDXX.EXE - Deleted C:\WINDOWS\SYSTEM32\KPZW.EXE - Deleted C:\WINDOWS\SYSTEM32\SRQHJH~1.EXE - Deleted C:\WINDOWS\SYSTEM32\XKQEQH~1.EXE - Deleted C:\WINDOWS\SYSTEM32\JY.EXE - Deleted C:\WINDOWS\SYSTEM32\E.EXE - Deleted C:\WINDOWS\SYSTEM32\FDXIO.EXE - Deleted C:\WINDOWS\SYSTEM32\HEV.EXE - Deleted C:\WINDOWS\SYSTEM32\KUSINQ~1.EXE - Deleted C:\WINDOWS\SYSTEM32\MWZ.EXE - Deleted C:\WINDOWS\SYSTEM32\ONUFOZ~1.EXE - Deleted C:\WINDOWS\SYSTEM32\WCTDKB.EXE - Deleted C:\WINDOWS\SYSTEM32\ECRTRC.EXE - Deleted C:\WINDOWS\SYSTEM32\LYL.EXE - Deleted C:\WINDOWS\SYSTEM32\MJOPGQ~1.EXE - Deleted C:\WINDOWS\SYSTEM32\TMOFY.EXE - Deleted C:\WINDOWS\SYSTEM32\ZU.EXE - Deleted C:\WINDOWS\SYSTEM32\ZUGOZYIN.EXE - Deleted C:\WINDOWS\SYSTEM32\YQKUIB.EXE - Deleted C:\WINDOWS\SYSTEM32\UXSQ.EXE - Deleted C:\WINDOWS\SYSTEM32\ER.EXE - Deleted C:\WINDOWS\SYSTEM32\CZNKCJ~1.EXE - Deleted C:\WINDOWS\SYSTEM32\Q.EXE - Deleted C:\WINDOWS\SYSTEM32\SDZ.EXE - Deleted C:\WINDOWS\SYSTEM32\AVMEJZ.EXE - Deleted C:\WINDOWS\SYSTEM32\DLKYSRO.EXE - Deleted C:\WINDOWS\SYSTEM32\EVRYDS~1.EXE - Deleted C:\WINDOWS\SYSTEM32\JZVLNQ~1.EXE - Deleted C:\WINDOWS\SYSTEM32\OTXVHKW.EXE - Deleted C:\WINDOWS\SYSTEM32\PH.EXE - Deleted C:\WINDOWS\SYSTEM32\QUVWFZ~1.EXE - Deleted C:\Deckard\System Scanner\backup\WINDOWS\temp\stdrun4.exe - Deleted C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun6.exe - Deleted C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun10.exe - Deleted C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun11.exe - Deleted C:\WINDOWS\system32\msg.exe.tmp - Deleted C:\aol.exe - Deleted C:\t.rar - Deleted C:\U.exe - Deleted C:\WINDOWS\system32\i.exe - Deleted C:\WINDOWS\system32\ldinfo.ldr - Deleted C:\WINDOWS\system32\vb.exe - Deleted C:\WINDOWS\wr.txt - Deleted Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Sony\\Station\\Launchpad\\LaunchPad.exe"="C:\\Program Files\\Sony\\Station\\Launchpad\\LaunchPad.exe:*:Enabled:LaunchPad" "C:\\Program Files\\Sony\\Station\\Launchpad\\_aunchPad.exe"="C:\\Program Files\\Sony\\Station\\Launchpad\\_aunchPad.exe:*:Enabled:_aunchPad" "C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger" "C:\\Program Files\\World of Warcraft\\WoW-1.2.3-patch-enUS-Downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.2.3-patch-enUS-Downloader.exe:*:Enabled:Blizzard Downloader" "C:\\Program Files\\Call of Duty Game of the Year Edition\\CoDUOMP.exe"="C:\\Program Files\\Call of Duty Game of the Year Edition\\CoDUOMP.exe:*:Enabled:CoDUOMP" "C:\\Program Files\\Call of Duty Game of the Year Edition\\CoDMP.exe"="C:\\Program Files\\Call of Duty Game of the Year Edition\\CoDMP.exe:*:Enabled:CoDMP" "C:\\Program Files\\World of Warcraft\\WoW-1.2.4-to-1.3.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.2.4-to-1.3.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader" "C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\World of Warcraft\\WoW-1.3.1.4297-to-1.4.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.3.1.4297-to-1.4.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader" "C:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"="C:\\Program Files\\Teamspeak2_RC2\\server_windows.exe:*:Enabled:Server" "C:\\Documents and Settings\\Jon\\Local Settings\\Temporary Internet Files\\Content.IE5\\XV2CG8IV\\WOW_Rouge-downloader[1].exe"="C:\\Documents and Settings\\Jon\\Local Settings\\Temporary Internet Files\\Content.IE5\\XV2CG8IV\\WOW_Rouge-downloader[1].exe:*:Enabled:Blizzard Downloader" "C:\\Documents and Settings\\Jon\\Local Settings\\Temporary Internet Files\\Content.IE5\\UY2RQELM\\WoW-Onyxia-downloader[1].exe"="C:\\Documents and Settings\\Jon\\Local Settings\\Temporary Internet Files\\Content.IE5\\UY2RQELM\\WoW-Onyxia-downloader[1].exe:*:Enabled:Blizzard Downloader" "C:\\Program Files\\World of Warcraft\\WoW-1.4.2-to-0.5.0-Test-enUS.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.4.2-to-0.5.0-Test-enUS.exe:*:Enabled:Blizzard Downloader" "C:\\Program Files\\World of Warcraft\\WoW-1.4.2.4375-to-1.5.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.4.2.4375-to-1.5.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader" "C:\\Program Files\\Yahoo! Games\\Blasterball 2 Remix\\bb2remix.exe"="C:\\Program Files\\Yahoo! Games\\Blasterball 2 Remix\\bb2remix.exe:*:Enabled:bb2remix" "C:\\Program Files\\TeamSpeak Server (Jon)\\Teamspeak2_RC2\\server_windows.exe"="C:\\Program Files\\TeamSpeak Server (Jon)\\Teamspeak2_RC2\\server_windows.exe:*:Enabled:Server" "C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade" "C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer" "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer" "C:\\Program Files\\Xfire\\Xfire.exe"="C:\\Program Files\\Xfire\\Xfire.exe:*:Enabled:Xfire" "C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"="C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe:*:Enabled:ET" "C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"="C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s" "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App" "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader" "C:\\Program Files\\Common Files\\AOL\\1144111071\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1144111071\\ee\\aolsoftware.exe:*:Enabled:AOL Services" "C:\\Program Files\\Common Files\\AOL\\1144111071\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1144111071\\ee\\aim6.exe:*:Enabled:AIM" "C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger" "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice" "C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" Remaining Files: --------------- File Backups: - C:\SDFix\SDFix\backups\backups.zip Files with Hidden Attributes: C:\Documents and Settings\Jon\Shared\Microsoft Office XP PRO (word, excel, powerpoint, outlook, access, frontpage, Publisher 2004\MSDE2000\SQLRESLD.DLL C:\WINDOWS\security\aol.exe C:\WINDOWS\system32\1895EC90FF.sys C:\WINDOWS\system32\FF90EC9518.sys C:\WINDOWS\system32\KGyGaAvL.sys C:\Deckard\System Scanner\backup\WINDOWS\temp\vcj5qma6.TMP C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp C:\WINDOWS\SoftwareDistribution\Download\a877011d990fb4875b54ce0706b47f90\BIT20.tmp Finished _________________________________________________________________________________ ComboFix 07-08-30.2 - "Jon" 2007-08-30 23:50:01.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.415 [GMT -4:00] * Created a new restore point ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\Dad\Desktop\internet.lnk C:\DOCUME~1\Guest\Desktop\internet explorer.lnk C:\DOCUME~1\Jon\APPLIC~1\macromedia\Flash Player\#SharedObjects\FA7FLKQ7\www.broadcaster.com C:\DOCUME~1\Jon\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com C:\DOCUME~1\Jon\APPLIC~1\scurit~1 C:\DOCUME~1\Jon\Desktop\internet.lnk C:\DOCUME~1\Jon\MYDOCU~1\asks~1 C:\Program Files\Common Files\ystem~1 C:\Program Files\smante~1 C:\Program Files\sstem~1 C:\Program Files\winupdates C:\WINDOWS\system32\clk.dll C:\WINDOWS\system32\smbols~1 ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_NPF ((((((((((((((((((((((((( Files Created from 2007-07-28 to 2007-08-31 ))))))))))))))))))))))))))))))) 2007-08-31 00:00 99,328 --a------ C:\WINDOWS\system32\vidnoayibkth.exe 2007-08-30 23:24 <DIR> d-------- C:\WINDOWS\ERUNT 2007-08-30 04:17 <DIR> d-------- C:\Deckard 2007-08-30 04:00 <DIR> d-------- C:\Program Files\ZonedOut 2007-08-30 03:58 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL 2007-08-30 03:58 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-08-30 03:03 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-30 02:12 <DIR> d-------- C:\Program Files\America's Army Server Manager 2007-08-30 02:11 <DIR> d-------- C:\WINDOWS\ShellNew 2007-08-30 02:11 <DIR> d-------- C:\Program Files\SecondLife 2007-08-30 02:10 <DIR> d-------- C:\Program Files\WordPerfect Office X3 2007-08-30 02:10 <DIR> d-------- C:\Program Files\Common Files\Borland Shared 2007-08-30 02:09 <DIR> d-------- C:\Program Files\Common Files\Stardock 2007-08-30 02:08 <DIR> d-------- C:\DOCUME~1\Dad\APPLIC~1\Sonic 2007-08-25 11:42 <DIR> d-------- C:\DOCUME~1\Jon\Bouncing Souls 2007-08-21 02:15 <DIR> d-------- C:\Program Files\Xfire 2007-08-18 18:40 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-08-18 12:25 <DIR> d-------- C:\DOCUME~1\Jon\APPLIC~1\LimeWire 2007-08-16 03:04 <DIR> d-------- C:\Program Files\MSXML 6.0 2007-08-12 17:41 123,904 --a------ C:\updates9456.exe 2007-08-12 03:39 95,232 --a------ C:\updates9453.exe 2007-08-11 03:42 <DIR> d-------- C:\Program Files\Enigma Software Group 2007-08-11 03:24 83,024 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-08-11 03:24 57,424 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-08-11 03:24 53,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-08-11 03:24 39,376 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys 2007-08-11 03:24 29,264 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-08-11 03:24 <DIR> d-------- C:\Program Files\Spyware Doctor 2007-08-11 03:24 <DIR> d-------- C:\DOCUME~1\Jon\APPLIC~1\PC Tools 2007-08-11 03:22 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-08-05 14:19 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-08-04 03:08 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-07-30 16:58 205 --a------ C:\updatewin.exe 2007-07-30 11:36 75,792 --a------ C:\WINDOWS\system32\drivers\tmtdi.sys 2007-07-30 11:36 36,112 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys 2007-07-30 11:36 300,816 --a------ C:\WINDOWS\system32\drivers\TM_CFW.sys 2007-07-30 11:36 203,024 --a------ C:\WINDOWS\system32\drivers\tmxpflt.sys 2007-07-30 11:36 112,400 --a------ C:\WINDOWS\system32\drivers\tm_mbd_c.sys 2007-07-30 11:36 1,126,328 --a------ C:\WINDOWS\system32\drivers\vsapint.sys 2007-07-25 18:27 9,806 --a------ C:\winupdate.exe 2007-07-25 18:27 <DIR> d-------- C:\WINDOWS\fqfi 2007-07-25 18:27 <DIR> d-------- C:\Program Files\Common Files\fqfi 2007-07-24 22:30 <DIR> d-------- C:\Program Files\AOD 2007-07-24 22:30 <DIR> d-------- C:\DOCUME~1\Jon\APPLIC~1\Aim 2007-07-24 18:32 <DIR> d--hs---- C:\WINDOWS\Sm9uYXRoYW4gU3ByYXR0 2007-07-17 01:28 0 --a------ C:\Program Files\WoW-1.9.4.5086-to-0.10.0.5140-enUS-patch.exe (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-30 23:07 --------- d-------- C:\Program Files\Viewpoint 2007-08-30 23:07 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint 2007-08-30 03:02 --------- d-------- C:\Program Files\Corel 2007-08-30 03:02 --------- d-------- C:\Program Files\Common Files\Corel 2007-08-30 02:59 --------- d-------- C:\DOCUME~1\Jon\APPLIC~1\Corel 2007-08-30 02:12 --------- d-------- C:\Program Files\America's Army 2007-08-30 02:11 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Borland 2007-08-30 02:10 --------- d-------- C:\Program Files\Common Files\Real 2007-08-30 02:10 --------- d-------- C:\Program Files\Common Files\AOL 2007-08-29 16:29 --------- d-------- C:\Program Files\Warcraft III 2007-08-23 18:49 --------- d-------- C:\Program Files\Call of Duty Game of the Year Edition 2007-08-05 14:19 66872 --a------ C:\WINDOWS\system32\PnkBstrA.exe 2007-08-05 14:19 103736 --a------ C:\WINDOWS\system32\PnkBstrB.exe 2007-08-04 03:20 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-08-04 03:20 --------- d-------- C:\Program Files\EA GAMES 2007-08-02 15:06 --------- d-------- C:\Program Files\World of Warcraft 2007-07-31 15:53 --------- d-------- C:\Program Files\AIM Gadgets 2007-07-31 15:49 --------- d-------- C:\Program Files\Skype 2007-07-31 15:49 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-30 11:42 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trend Micro 2007-07-29 21:24 --------- d-------- C:\DOCUME~1\Jon\APPLIC~1\Skype 2007-07-29 20:03 --------- d-------- C:\DOCUME~1\Jon\APPLIC~1\teamspeak2 2007-07-29 14:47 --------- d-------- C:\Program Files\Trend Micro 2007-07-24 22:58 --------- d-------- C:\Program Files\AIM 2007-07-24 22:27 --------- d-------- C:\DOCUME~1\Jon\APPLIC~1\JAMS 2007-07-18 11:27 --------- d-------- C:\DOCUME~1\Jon\APPLIC~1\Viewpoint 2007-07-17 01:17 5852 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2007-07-17 01:17 104 -r-hs---- C:\WINDOWS\system32\1895EC90FF.sys 2007-06-28 21:42 --------- d-------- C:\Program Files\AIM6 2007-06-28 21:41 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads 2007-06-26 02:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-19 09:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2007-06-13 06:23 1033216 --a------ C:\WINDOWS\explorer.exe 2007-06-06 23:13 66560 --a------ C:\installer.exe 2007-06-06 22:35 66560 --a------ C:\installOSi.exe 2007-05-14 00:10 0 --a------ C:\DOCUME~1\Jon\WoW-1.9.2.4996-to-1.9.3.5059-enUS-patch.exe 2007-05-13 00:05 774144 --a------ C:\Program Files\RngInterstitial.dll 2007-02-15 20:52 2661956 --a------ C:\Program Files\Install_LaunchPad.exe 2007-01-18 15:34 5707766 --a------ C:\Program Files\SnoodSetup.exe 2007-01-18 00:06 10796608 --a------ C:\Program Files\psreserves.zip 2006-10-09 15:02 70864113 --a------ C:\Program Files\TIS2007-SMALL-1329.EXE 2006-08-18 23:52 288 --a------ C:\Program Files\prepatch.log 2006-04-06 06:41 1945304505 --a------ C:\Program Files\DAoC_14-Day_Trial_Setup.exe 2006-03-20 22:02 1014477 --a------ C:\Program Files\wrar351.exe 2006-03-12 17:09 752284 --a------ C:\Program Files\WoW-1.9.4.5086-to-0.10.0.5140-enUS-downloader.exe 2005-12-31 14:04 2203013 --a------ C:\Program Files\WC3Banlist_2.82.exe 2005-12-23 23:39 752180 --a------ C:\Program Files\WoW-1.8.3.4807-to-0.9.0-enUS-downloader.exe 2005-12-17 04:21 270305943 --a------ C:\Program Files\wolfet.exe 2005-12-12 17:44 35113704 --a------ C:\Program Files\directx_9c_redist.exe 2005-12-10 18:11 89863576 --a------ C:\Program Files\molo.wmv 2004-07-22 11:51 3432656 --a------ C:\Program Files\ManagedDX.CAB 2004-07-19 23:58 1156363 --a------ C:\Program Files\BDANT.cab 2004-07-19 23:53 976020 --a------ C:\Program Files\BDAXP.cab 2004-07-09 10:13 703080 --a------ C:\Program Files\BDA.cab 2004-07-09 10:13 15493481 --a------ C:\Program Files\DirectX.cab 2004-07-09 05:08 472576 --a------ C:\Program Files\dxsetup.exe 2004-07-09 05:08 2242560 --a------ C:\Program Files\dsetup32.dll 2004-07-09 04:03 62976 --a------ C:\Program Files\DSETUP.dll 2007-05-13 21 09 89,088 --sh--r C:\WINDOWS\security\aol.exe2007-03-16 22:45:36 88 --sh--r C:\WINDOWS\system32\FF90EC9518.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 17:30] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 17:30] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 21:43] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58] "pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2007-04-12 06:58] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25] "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-06-27 13:54] "SpyHunter"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe" [2007-04-26 19:03] "vidnoayibkth"="C:\WINDOWS\system32\vidnoayibkth.exe" [2007-08-31 00:00] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2006-06-06 12:38] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] "qcdb"=C:\WINDOWS\system32\qcdb.exe "ppx"=C:\WINDOWS\system32\ppx.exe "qdn"=C:\WINDOWS\system32\qdn.exe "vaxb"=C:\WINDOWS\system32\vaxb.exe "ecrtrc"=C:\WINDOWS\system32\ecrtrc.exe "vidnoayibkth"=C:\WINDOWS\system32\vidnoayibkth.exe [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=wbsys.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jon^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=C:\Documents and Settings\Jon\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jon^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk] path=C:\Documents and Settings\Jon\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jon^Start Menu^Programs^Startup^Xfire.lnk] path=C:\Documents and Settings\Jon\Start Menu\Programs\Startup\Xfire.lnk backup=C:\WINDOWS\pss\Xfire.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] C:\Program Files\Common Files\AOL\1144111071\ee\AOLSoftware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\3.bin\MWSBAR.DLL,S [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zango] "c:\program files\zango\zango.exe" R2 AOLSVCv2;AOL Service;"C:\WINDOWS\security\aol.exe" R2 Devx;Devx;C:\WINDOWS\system32\drivers\Devx.sys R2 tmxpflt;tmxpflt;C:\WINDOWS\system32\DRIVERS\tmxpflt.sys R2 VtPr;VtPr;C:\WINDOWS\system32\drivers\VtPr.sys R3 FVNETusbXP;Belkin 11Mbps Wireless USB Network Adapter(R);C:\WINDOWS\system32\DRIVERS\bkusbxp.sys R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys S2 akebaaoia2e0ouu;Print Spooler Service;C:\WINDOWS\system32\vidnoayibkth.exe /service S2 LD-AOL-Spy_Watchv1;AOL Spy Watch;"C:\WINDOWS\Help\aolsw.exe" S3 aaudstum;aaudstum;\??\C:\DOCUME~1\Jon\LOCALS~1\Temp\aaudstum.sys S3 RIOUNIV;Rio universal USB driver;C:\WINDOWS\system32\Drivers\RIOUNIV.sys S3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-31 00:02:44 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-31 0:04:36 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-08-31 00:04 --- E O F --- ____________________________________________________________________________________ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:08:03 AM, on 8/31/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\security\aol.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\nvsvc32.exe C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe C:\WINDOWS\system32\vidnoayibkth.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thottbot.com/ R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe O4 - HKLM\..\Run: [vidnoayibkth] C:\WINDOWS\system32\vidnoayibkth.exe O4 - HKLM\..\RunServices: [qcdb] C:\WINDOWS\system32\qcdb.exe O4 - HKLM\..\RunServices: [ppx] C:\WINDOWS\system32\ppx.exe O4 - HKLM\..\RunServices: [qdn] C:\WINDOWS\system32\qdn.exe O4 - HKLM\..\RunServices: [vaxb] C:\WINDOWS\system32\vaxb.exe O4 - HKLM\..\RunServices: [ecrtrc] C:\WINDOWS\system32\ecrtrc.exe O4 - HKLM\..\RunServices: [vidnoayibkth] C:\WINDOWS\system32\vidnoayibkth.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user') O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZNxmk572CWUS O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework...ex/TmHcmsX.CAB O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{3C7B4365-B73E-46DB-9C0B-56AB67054B0D}: NameServer = 68.87.64.146,65.87.75.194 O17 - HKLM\System\CCS\Services\Tcpip\..\{8674926F-58E6-4780-8BF9-9B078E344461}: NameServer = 68.87.64.146,68.87.75.194 O23 - Service: Print Spooler Service (akebaaoia2e0ouu) - Unknown owner - C:\WINDOWS\system32\vidnoayibkth.exe O23 - Service: AOL Service (AOLSVCv2) - Unknown owner - C:\WINDOWS\security\aol.exe O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: AOL Spy Watch (LD-AOL-Spy_Watchv1) - Unknown owner - C:\WINDOWS\Help\aolsw.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe -- End of file - 8147 bytes Last edited by comp_problems; 08-30-2007 at 10:16 PM. Reason: To divide the 3 logs with lines. |
|
|
|
|
08-31-2007, 09:21 AM
|
#4 (permalink) |
|
Analyst, Security Team
Join Date: Jun 2006
Posts: 247
OS: Vista Ultimate/Windows 7 RC
|
Re: Computer runs very slow and freezes. More detail inside.
Before we can continue with the cleanup which is going very well, I would like to make sure that we are not dealing with some really bad "hidden" elements:
Download Gmer
__________________
Paul Microsoft MVP - Consumer Security 2008 - 2009 My help is voluntary. It requires no payment but this site needs donations to operate - http://www.techsupportforum.com/donate.php |
|
|
|
|
08-31-2007, 10:13 AM
|
#5 (permalink) |
|
Registered User
Join Date: Aug 2007
Posts: 13
OS: Windows XP SP2
|
Re: Computer runs very slow and freezes. More detail inside.
Here is the log you asked for.
GMER 1.0.13.12551 - http://www.gmer.net Rootkit scan 2007-08-31 12:08:53 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.13 ---- SSDT \SystemRoot\system32\DRIVERS\tm_mbd_c.sys ZwClose SSDT \SystemRoot\system32\DRIVERS\tm_mbd_c.sys ZwConnectPort SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwCreateKey SSDT \SystemRoot\system32\DRIVERS\tm_mbd_c.sys ZwCreateProcess SSDT \SystemRoot\system32\DRIVERS\tm_mbd_c.sys ZwCreateProcessEx SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwDeleteKey SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwDeleteValueKey SSDT \SystemRoot\system32\DRIVERS\tm_mbd_c.sys ZwOpenProcess SSDT \SystemRoot\system32\DRIVERS\tm_mbd_c.sys ZwRequestWaitReplyPort SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwSetValueKey SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess SSDT \SystemRoot\system32\DRIVERS\tm_mbd_c.sys ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.13 ---- .text ntoskrnl.exe!ZwYieldExecution + 132 804E496C 6 Bytes [ 10, 03, 58, B9, E0, 05 ] .text ntoskrnl.exe!ZwYieldExecution + 4CA 804E4D04 2 Bytes [ 80, 0E ] ? C:\WINDOWS\system32\Drivers\mchInjDrv.sys The system cannot find the file specified. ? C:\DOCUME~1\Jon\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. ---- User code sections - GMER 1.0.13 ---- .text C:\WINDOWS\system32\spoolsv.exe[244] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\spoolsv.exe[244] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\spoolsv.exe[244] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\security\aol.exe[336] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\security\aol.exe[336] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\security\aol.exe[336] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe[352] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe[352] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe[352] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe[352] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe[520] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe[520] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe[520] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\nvsvc32.exe[548] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\nvsvc32.exe[548] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\nvsvc32.exe[548] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\PnkBstrA.exe[576] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\PnkBstrA.exe[576] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\PnkBstrA.exe[576] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Program Files\Spyware Doctor\svcntaux.exe[848] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Spyware Doctor\svcntaux.exe[848] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Spyware Doctor\svcntaux.exe[848] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\DOCUME~1\Jon\LOCALS~1\Temp\Rar$EX05.219\gmer.exe[864] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\DOCUME~1\Jon\LOCALS~1\Temp\Rar$EX05.219\gmer.exe[864] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\DOCUME~1\Jon\LOCALS~1\Temp\Rar$EX05.219\gmer.exe[864] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\DOCUME~1\Jon\LOCALS~1\Temp\Rar$EX05.219\gmer.exe[864] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Program Files\Spyware Doctor\swdsvc.exe[1088] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ CF, 9E, C5, 83 ] .text C:\WINDOWS\system32\csrss.exe[1104] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\csrss.exe[1104] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\csrss.exe[1104] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\winlogon.exe[1128] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\winlogon.exe[1128] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\winlogon.exe[1128] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\services.exe[1172] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\services.exe[1172] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\services.exe[1172] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\lsass.exe[1184] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\lsass.exe[1184] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\lsass.exe[1184] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[1392] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[1392] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[1436] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[1436] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe[1480] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe[1480] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe[1480] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\System32\svchost.exe[1560] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\System32\svchost.exe[1560] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\System32\svchost.exe[1560] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe[1584] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe[1584] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe[1584] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1588] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1588] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1588] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ 23, 92, C3, 83 ] .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1588] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1588] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe[1640] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe[1640] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe[1640] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[1668] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[1668] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[1668] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[1808] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[1808] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe[1876] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe[1876] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe[1876] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\System32\alg.exe[2224] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\System32\alg.exe[2224] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\WINDOWS\System32\alg.exe[2224] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\System32\alg.exe[2224] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\WINDOWS\Explorer.EXE[2292] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\Explorer.EXE[2292] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\Explorer.EXE[2292] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2500] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2500] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2500] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2500] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A .text C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe[2720] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe[2720] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe[2720] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe[2720] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F7693BC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F7693BC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F7693BC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F7693BC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F7693BC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F7693BC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F7693BC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F7693BC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F7693BC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F7693BC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F7693BC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F7693BC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F7693BC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F7693BC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F7693BC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F7693BC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F7693BC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F7693BC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F7693BC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F7693BC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F7693BC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F7693BC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F7693BC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F7693BC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F7693BC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F7693BC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F7693BC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F781A6C0] tmpreflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F7814B8A] tmpreflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F781A02E] tmpreflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F7814B8A] tmpreflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F781A5EE] tmpreflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F7814B8A] tmpreflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F7814B8A] tmpreflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F7814B8A] tmpreflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F7814B8A] tmpreflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F7814B8A] tmpreflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F7814B8A] tmpreflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F7814B8A] tmpreflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F7814B8A] tmpreflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F781AF84] tmpreflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F7814B8A] tmpreflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F7814B8A] tmpreflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F7814B8A] tmpreflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F7814B8A] tmpreflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F781A006] tmpreflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F7814B8A] tmpreflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F7814B8A] tmpreflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F7814B8A] tmpreflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F7814B8A] tmpreflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F7814B8A] tmpreflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F7814B8A] tmpreflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F7814B8A] tmpreflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F7814B8A] tmpreflt.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F47FE3A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F47FE3A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F480183E] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F480183E] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F47FE3A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F47FE3A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F47FE3A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F480183E] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F480183E] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F47FE3A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F47FE3A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F47FE3A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F480183E] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F480183E] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F47FE3A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F47FE3A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F47FE3A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F480183E] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F480183E] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F47FE3A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [F47FC4A6] tmtdi.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [F47FC4A6] tmtdi.sys Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE AA59CC8A Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE AA5997C8 Device \FileSystem\Fastfat \Fat IRP_MJ_READ AA59560A Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE AA595AED Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION AA5A0958 Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION AA5A3821 Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA AA5AC38A Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA AA5ABD49 Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS AA5A5BBE Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION AA5A6331 Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION AA5B44F4 Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL AA59CB37 Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL AA598948 Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL AA5A246B Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN AA5B379D Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL AA5B2C4A Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP AA5992FD Device \FileSystem\Fastfat \Fat IRP_MJ_PNP AA5B31DB Device \FileSystem\Fastfat \Fat FastIoCheckIfPossible AA5AE1F9 AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F7693BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [F7693BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [F7693BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [F7693BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [F7693BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [F7693BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [F7693BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [F7693BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [F7693BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [F7693BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F7693BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [F7693BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [F7693BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F7693BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [F7693BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [F7693BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [F7693BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [F7693BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [F7693BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [F7693BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [F7693BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [F7693BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [F7693BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [F7693BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [F7693BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [F7693BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [F7693BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F781A6C0] tmpreflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [F7814B8A] tmpreflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [F781A02E] tmpreflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [F7814B8A] tmpreflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [F781A5EE] tmpreflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [F7814B8A] tmpreflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [F7814B8A] tmpreflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [F7814B8A] tmpreflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [F7814B8A] tmpreflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [F7814B8A] tmpreflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F7814B8A] tmpreflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [F7814B8A] tmpreflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [F7814B8A] tmpreflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F781AF84] tmpreflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [F7814B8A] tmpreflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [F7814B8A] tmpreflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [F7814B8A] tmpreflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [F7814B8A] tmpreflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [F781A006] tmpreflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [F7814B8A] tmpreflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [F7814B8A] tmpreflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [F7814B8A] tmpreflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [F7814B8A] tmpreflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [F7814B8A] tmpreflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [F7814B8A] tmpreflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [F7814B8A] tmpreflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [F7814B8A] tmpreflt.sys ---- EOF - GMER 1.0.13 ---- |
|
|
|
|
08-31-2007, 03:17 PM
|
#6 (permalink) |
|
Analyst, Security Team
Join Date: Jun 2006
Posts: 247
OS: Vista Ultimate/Windows 7 RC
|
Re: Computer runs very slow and freezes. More detail inside.
A. Please RUN HijackThis
B. 1. Please open Notepad
2. Now copy/paste the entire content of the codebox below into the Notepad window: Code:
File:: C:\WINDOWS\system32\vidnoayibkth.exe C:\updates9456.exe C:\updates9453.exe C:\updatewin.exe C:\winupdate.exe C:\WINDOWS\system32\1895EC90FF.sys C:\installer.exe C:\installOSi.exe C:\WINDOWS\system32\FF90EC9518.sys C:\WINDOWS\system32\vidnoayibkth.exe C:\DOCUME~1\Jon\LOCALS~1\Temp\aaudstum.sys C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup Folder:: C:\WINDOWS\fqfi C:\Program Files\Common Files\fqfi C:\WINDOWS\Sm9uYXRoYW4gU3ByYXR0 C:\Program Files\Viewpoint C:\DOCUME~1\ALLUSE~1\Applic~1\Viewpoint C:\PROGRA~1\MYWEBS~1 c:\program files\zango C:\WINDOWS\security Driver:: AOLSVCv2 aaudstum LD-AOL-Spy_Watchv1 Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jon^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zango] 3. Save the above as CFScript.txt 4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.  5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
__________________
Paul Microsoft MVP - Consumer Security 2008 - 2009 My help is voluntary. It requires no payment but this site needs donations to operate - http://www.techsupportforum.com/donate.php |
|
|
|
|
08-31-2007, 09:37 PM
|
#7 (permalink) |
|
Registered User
Join Date: Aug 2007
Posts: 13
OS: Windows XP SP2
|
Re: Computer runs very slow and freezes. More detail inside.
The logs you requested.
ComboFix 07-08-30.2 - "Jon" 2007-08-31 23:15:01.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.259 [GMT -4:00] Command switches used :: C:\Documents and Settings\Jon\Desktop\CFScript.txt * Created a new restore point FILE:: C:\WINDOWS\system32\vidnoayibkth.exe C:\updates9456.exe C:\updates9453.exe C:\updatewin.exe C:\winupdate.exe C:\WINDOWS\system32\1895EC90FF.sys C:\installer.exe C:\installOSi.exe C:\WINDOWS\system32\FF90EC9518.sys C:\DOCUME~1\Jon\LOCALS~1\Temp\aaudstum.sys C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\ALLUSE~1\Applic~1\Viewpoint C:\installer.exe C:\installOSi.exe C:\Program Files\Common Files\fqfi C:\Program Files\Common Files\fqfi\fqfia.lck C:\Program Files\Common Files\fqfi\fqfil.lck C:\Program Files\Common Files\fqfi\fqfim.lck C:\Program Files\Viewpoint C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream_0305000D.dll C:\Program Files\Viewpoint\Viewpoint Media Player\ClassIDs.ini C:\Program Files\Viewpoint\Viewpoint Media Player\ComponentMgr_0305000D.dll C:\Program Files\Viewpoint\Viewpoint Media Player\ComponentRegistry.ini C:\Program Files\Viewpoint\Viewpoint Media Player\Components\AOLUserShell.dll C:\Program Files\Viewpoint\Viewpoint Media Player\Components\Cursors.dll C:\Program Files\Viewpoint\Viewpoint Media Player\Components\JpegReader.dll C:\Program Files\Viewpoint\Viewpoint Media Player\Components\Mts3Reader.dll C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SceneComponent.dll C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SreeDMMX.dll C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SWFView.dll C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMgr.dll C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMPSpeech.dll C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMPVideo.dll C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMPVideo2.dll C:\Program Files\Viewpoint\Viewpoint Media Player\Components\WaveletReader.dll C:\Program Files\Viewpoint\Viewpoint Media Player\DownLoadHist.ini C:\Program Files\Viewpoint\Viewpoint Media Player\HostRegistry.ini C:\Program Files\Viewpoint\Viewpoint Media Player\MetaStreamConfig.ini C:\Program Files\Viewpoint\Viewpoint Media Player\MetaStreamID.ini C:\Program Files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe C:\Program Files\Viewpoint\Viewpoint Media Player\MTSDownloadSites.txt C:\updates9453.exe C:\updates9456.exe C:\updatewin.exe C:\WINDOWS\fqfi C:\WINDOWS\fqfi\fqfi.dat C:\WINDOWS\fqfi\wu C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup C:\WINDOWS\security C:\WINDOWS\security\aol.exe C:\WINDOWS\security\Database\secedit.sdb C:\WINDOWS\security\logs\backup.log C:\WINDOWS\security\logs\scecomp.old C:\WINDOWS\security\logs\SceRoot.log C:\WINDOWS\security\logs\scesetup.log C:\WINDOWS\security\templates\hisecdc.inf C:\WINDOWS\security\templates\hisecws.inf C:\WINDOWS\security\templates\setup security.inf C:\WINDOWS\Sm9uYXRoYW4gU3ByYXR0 C:\WINDOWS\system32\1895EC90FF.sys C:\WINDOWS\system32\FF90EC9518.sys C:\WINDOWS\system32\vidnoayibkth.exe C:\winupdate.exe ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_AAUDSTUM -------\LEGACY_AOLSVCV2 -------\LEGACY_LD-AOL-SPY_WATCHV1 -------\aaudstum -------\AOLSVCv2 -------\LD-AOL-Spy_Watchv1 ((((((((((((((((((((((((( Files Created from 2007-08-01 to 2007-09-01 ))))))))))))))))))))))))))))))) 2007-08-31 21:06 97,581 --a------ C:\sfgdg436.exe 2007-08-30 23:24 <DIR> d-------- C:\WINDOWS\ERUNT 2007-08-30 04:17 <DIR> d-------- C:\Deckard 2007-08-30 04:00 <DIR> d-------- C:\Program Files\ZonedOut 2007-08-30 03:58 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL 2007-08-30 03:58 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-08-30 03:03 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-30 02:12 <DIR> d-------- C:\Program Files\America's Army Server Manager 2007-08-30 02:11 <DIR> d-------- C:\WINDOWS\ShellNew 2007-08-30 02:11 <DIR> d-------- C:\Program Files\SecondLife 2007-08-30 02:10 <DIR> d-------- C:\Program Files\WordPerfect Office X3 2007-08-30 02:10 <DIR> d-------- C:\Program Files\Common Files\Borland Shared 2007-08-30 02:09 <DIR> d-------- C:\Program Files\Common Files\Stardock 2007-08-30 02:08 <DIR> d-------- C:\DOCUME~1\Dad\APPLIC~1\Sonic 2007-08-25 11:42 <DIR> d-------- C:\DOCUME~1\Jon\Bouncing Souls 2007-08-21 02:15 <DIR> d-------- C:\Program Files\Xfire 2007-08-18 18:40 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-08-18 12:25 <DIR> d-------- C:\DOCUME~1\Jon\APPLIC~1\LimeWire 2007-08-16 03:04 <DIR> d-------- C:\Program Files\MSXML 6.0 2007-08-11 03:42 <DIR> d-------- C:\Program Files\Enigma Software Group 2007-08-11 03:24 83,024 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-08-11 03:24 57,424 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-08-11 03:24 53,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-08-11 03:24 39,376 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys 2007-08-11 03:24 29,264 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-08-11 03:24 <DIR> d-------- C:\Program Files\Spyware Doctor 2007-08-11 03:24 <DIR> d-------- C:\DOCUME~1\Jon\APPLIC~1\PC Tools 2007-08-11 03:22 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-08-05 14:19 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-08-04 03:08 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-30 03:02 --------- d-------- C:\Program Files\Corel 2007-08-30 03:02 --------- d-------- C:\Program Files\Common Files\Corel 2007-08-30 02:59 --------- d-------- C:\DOCUME~1\Jon\APPLIC~1\Corel 2007-08-30 02:12 --------- d-------- C:\Program Files\America's Army 2007-08-30 02:11 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Borland 2007-08-30 02:10 --------- d-------- C:\Program Files\Common Files\Real 2007-08-30 02:10 --------- d-------- C:\Program Files\Common Files\AOL 2007-08-29 16:29 --------- d-------- C:\Program Files\Warcraft III 2007-08-23 18:49 --------- d-------- C:\Program Files\Call of Duty Game of the Year Edition 2007-08-05 14:19 66872 --a------ C:\WINDOWS\system32\PnkBstrA.exe 2007-08-05 14:19 103736 --a------ C:\WINDOWS\system32\PnkBstrB.exe 2007-08-04 03:20 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-08-04 03:20 --------- d-------- C:\Program Files\EA GAMES 2007-08-02 15:06 --------- d-------- C:\Program Files\World of Warcraft 2007-07-31 15:53 --------- d-------- C:\Program Files\AIM Gadgets 2007-07-31 15:49 --------- d-------- C:\Program Files\Skype 2007-07-31 15:49 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-30 11:42 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trend Micro 2007-07-29 21:24 --------- d-------- C:\DOCUME~1\Jon\APPLIC~1\Skype 2007-07-29 20:03 --------- d-------- C:\DOCUME~1\Jon\APPLIC~1\teamspeak2 2007-07-29 14:47 --------- d-------- C:\Program Files\Trend Micro 2007-07-24 22:58 --------- d-------- C:\Program Files\AIM 2007-07-24 22:58 --------- d-------- C:\DOCUME~1\Jon\APPLIC~1\Aim 2007-07-24 22:30 --------- d-------- C:\Program Files\AOD 2007-07-24 22:27 --------- d-------- C:\DOCUME~1\Jon\APPLIC~1\JAMS 2007-07-18 11:27 --------- d-------- C:\DOCUME~1\Jon\APPLIC~1\Viewpoint 2007-07-17 01:28 0 --a------ C:\Program Files\WoW-1.9.4.5086-to-0.10.0.5140-enUS-patch.exe 2007-07-17 01:17 5852 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2007-06-26 02:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-19 09:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2007-06-13 06:23 1033216 --a------ C:\WINDOWS\explorer.exe 2007-05-14 00:10 0 --a------ C:\DOCUME~1\Jon\WoW-1.9.2.4996-to-1.9.3.5059-enUS-patch.exe 2007-05-13 00:05 774144 --a------ C:\Program Files\RngInterstitial.dll 2007-02-15 20:52 2661956 --a------ C:\Program Files\Install_LaunchPad.exe 2007-01-18 15:34 5707766 --a------ C:\Program Files\SnoodSetup.exe 2007-01-18 00:06 10796608 --a------ C:\Program Files\psreserves.zip 2006-10-09 15:02 70864113 --a------ C:\Program Files\TIS2007-SMALL-1329.EXE 2006-08-18 23:52 288 --a------ C:\Program Files\prepatch.log 2006-04-06 06:41 1945304505 --a------ C:\Program Files\DAoC_14-Day_Trial_Setup.exe 2006-03-20 22:02 1014477 --a------ C:\Program Files\wrar351.exe 2006-03-12 17:09 752284 --a------ C:\Program Files\WoW-1.9.4.5086-to-0.10.0.5140-enUS-downloader.exe 2005-12-31 14:04 2203013 --a------ C:\Program Files\WC3Banlist_2.82.exe 2005-12-23 23:39 752180 --a------ C:\Program Files\WoW-1.8.3.4807-to-0.9.0-enUS-downloader.exe 2005-12-17 04:21 270305943 --a------ C:\Program Files\wolfet.exe 2005-12-12 17:44 35113704 --a------ C:\Program Files\directx_9c_redist.exe 2005-12-10 18:11 89863576 --a------ C:\Program Files\molo.wmv 2004-07-22 11:51 3432656 --a------ C:\Program Files\ManagedDX.CAB 2004-07-19 23:58 1156363 --a------ C:\Program Files\BDANT.cab 2004-07-19 23:53 976020 --a------ C:\Program Files\BDAXP.cab 2004-07-09 10:13 703080 --a------ C:\Program Files\BDA.cab 2004-07-09 10:13 15493481 --a------ C:\Program Files\DirectX.cab 2004-07-09 05:08 472576 --a------ C:\Program Files\dxsetup.exe 2004-07-09 05:08 2242560 --a------ C:\Program Files\dsetup32.dll 2004-07-09 04:03 62976 --a------ C:\Program Files\DSETUP.dll ((((((((((((((((((((((((((((( snapshot_2007-08-31_ 00412.25 ))))))))))))))))))))))))))))))))))))))))) ----a-w 585,791 2007-08-31 15:57:27 C:\WINDOWS\gmer.dll ----a-w 581,632 2007-06-29 13:38:18 C:\WINDOWS\gmer.exe ----a-w 70,001 2007-08-31 15:57:27 C:\WINDOWS\system32\drivers\gmer.sys ----a-w 32,768 2007-08-31 04:05:10 C:\WINDOWS\Temporary Internet Files\Content.IE5\index.dat ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 17:30] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 17:30] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 21:43] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58] "pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2007-04-12 06:58] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25] "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-06-27 13:54] "SpyHunter"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe" [2007-04-26 19:03] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2006-06-06 12:38] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=wbsys.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jon^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=C:\Documents and Settings\Jon\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jon^Start Menu^Programs^Startup^Xfire.lnk] path=C:\Documents and Settings\Jon\Start Menu\Programs\Startup\Xfire.lnk backup=C:\WINDOWS\pss\Xfire.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] C:\Program Files\Common Files\AOL\1144111071\ee\AOLSoftware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet R2 Devx;Devx;C:\WINDOWS\system32\drivers\Devx.sys R2 tmxpflt;tmxpflt;C:\WINDOWS\system32\DRIVERS\tmxpflt.sys R2 VtPr;VtPr;C:\WINDOWS\system32\drivers\VtPr.sys R3 FVNETusbXP;Belkin 11Mbps Wireless USB Network Adapter(R);C:\WINDOWS\system32\DRIVERS\bkusbxp.sys R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys S2 akebaaoia2e0ouu;Print Spooler Service;C:\WINDOWS\system32\vidnoayibkth.exe /service S3 RIOUNIV;Rio universal USB driver;C:\WINDOWS\system32\Drivers\RIOUNIV.sys S3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys *Newly Created Service* - AKEBAAOIA2E0OUU ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-31 23:28:47 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-31 23:30:53 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-08-31 23:30 C:\ComboFix2.txt ... 2007-08-31 00:04 --- E O F --- _______________________________________________________________ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:34:55 PM, on 8/31/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\nvsvc32.exe C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe C:\PROGRA~1\TRENDM~1\INTERN~2\PccGuide.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\AIM6\aolsoftware.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\LimeWire\LimeWire.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thottbot.com/ R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user') O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZNxmk572CWUS O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework...ex/TmHcmsX.CAB O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{3C7B4365-B73E-46DB-9C0B-56AB67054B0D}: NameServer = 68.87.64.146,65.87.75.194 O17 - HKLM\System\CCS\Services\Tcpip\..\{8674926F-58E6-4780-8BF9-9B078E344461}: NameServer = 68.87.64.146,68.87.75.194 O23 - Service: Print Spooler Service (akebaaoia2e0ouu) - Unknown owner - C:\WINDOWS\system32\vidnoayibkth.exe (file missing) O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe -- End of file - 7479 bytes |
|
|
|
|
08-31-2007, 11:11 PM
|
#8 (permalink) |
|
Analyst, Security Team
Join Date: Jun 2006
Posts: 247
OS: Vista Ultimate/Windows 7 RC
|
Re: Computer runs very slow and freezes. More detail inside.
Please run SDFix again (Instructions in Post #2) and post the report after the tool has finished its work.
Regards, Trevuren
__________________
Paul Microsoft MVP - Consumer Security 2008 - 2009 My help is voluntary. It requires no payment but this site needs donations to operate - http://www.techsupportforum.com/donate.php |
|
|
|
|
09-01-2007, 01:18 AM
|
#9 (permalink) |
|
Registered User
Join Date: Aug 2007
Posts: 13
OS: Windows XP SP2
|
Re: Computer runs very slow and freezes. More detail inside.
SDFix: Version 1.101
Run by Jon on Sat 09/01/2007 at 03:06 AM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix\SDFix Safe Mode: Checking Services: Name: akebaaoia2e0ouu ImagePath: C:\WINDOWS\system32\vidnoayibkth.exe /service akebaaoia2e0ouu - Deleted Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: No Trojan Files Found Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] Remaining Files: --------------- Files with Hidden Attributes: C:\Documents and Settings\Jon\Shared\Microsoft Office XP PRO (word, excel, powerpoint, outlook, access, frontpage, Publisher 2004\MSDE2000\SQLRESLD.DLL C:\WINDOWS\system32\KGyGaAvL.sys C:\Deckard\System Scanner\backup\WINDOWS\temp\vcj5qma6.TMP C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp C:\WINDOWS\SoftwareDistribution\Download\a877011d990fb4875b54ce0706b47f90\BIT20.tmp C:\WINDOWS\system32\config\SAM.tmp.LOG C:\WINDOWS\system32\config\SECURITY.tmp.LOG Finished |
|
|
|
|
09-01-2007, 10:21 AM
|
#10 (permalink) |
|
Analyst, Security Team
Join Date: Jun 2006
Posts: 247
OS: Vista Ultimate/Windows 7 RC
|
Re: Computer runs very slow and freezes. More detail inside.
A. Please run Deckard's System Scanner again, this time using these instructions:
1. Click the Windows 'Start' button > Select 'Run' 2. Copy/paste the following into the run box & click OK "%userprofile%\desktop\dss.exe" /DAFT3. When finished, it shall produce a log for you. Please post that log in your next reply. B. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
Now to Clean out the Java cache: Go into the Control Panel and double-click the Java Icon.
C. 1. Please open Notepad
2. Now copy/paste the entire content of the codebox below into the Notepad window: Code:
File:: C:\sfgdg436.exe Folder:: C:\DOCUME~1\Jon\APPLIC~1\Viewpoint 3. Save the above as CFScript.txt 4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again. 5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
D. Reports/logs to Post:
__________________
Paul Microsoft MVP - Consumer Security 2008 - 2009 My help is voluntary. It requires no payment but this site needs donations to operate - http://www.techsupportforum.com/donate.php |
|
|
|
|
09-01-2007, 10:39 AM
|
#11 (permalink) |
|
Registered User
Join Date: Aug 2007
Posts: 13
OS: Windows XP SP2
|
Re: Computer runs very slow and freezes. More detail inside.
Everytime I try to run that line for deckard's system scanner a box pops up and tells me the file cannot be found. I went to the file it was supposed to be in and it is there. I don't know why it isn't working.
|
|
|
|
|
09-01-2007, 11:06 AM
|
#12 (permalink) |
|
Analyst, Security Team
Join Date: Jun 2006
Posts: 247
OS: Vista Ultimate/Windows 7 RC
|
Re: Computer runs very slow and freezes. More detail inside.
Please continue with the other steps and remind me in your reply about this problem. In the meantime, I will attempt to find a workaround
__________________
Paul Microsoft MVP - Consumer Security 2008 - 2009 My help is voluntary. It requires no payment but this site needs donations to operate - http://www.techsupportforum.com/donate.php |
|
|
|
|
09-01-2007, 11:37 AM
|
#13 (permalink) |
|
Analyst, Security Team
Join Date: Jun 2006
Posts: 247
OS: Vista Ultimate/Windows 7 RC
|
Re: Computer runs very slow and freezes. More detail inside.
Told you that I would get back to you.
Is it possible that you renamed DSS.exe to Deckard System Scanner? If you did, the /DAFT switch probably will not work. Please change the name back to DSS.exe for Deckard's tool and hopefully this will fix your problem. Trevuren
__________________
Paul Microsoft MVP - Consumer Security 2008 - 2009 My help is voluntary. It requires no payment but this site needs donations to operate - http://www.techsupportforum.com/donate.php |
|
|
|
|
09-01-2007, 01:51 PM
|
#15 (permalink) |
|
Registered User
Join Date: Aug 2007
Posts: 13
OS: Windows XP SP2
|
Re: Computer runs very slow and freezes. More detail inside.
Here are the three logs.
DAFT Log saved on 2007-09-01 15:40:59 ----------------------------------------------------------------------- .bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71 .ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69 .txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70 _____________________________________________________________ ComboFix 07-08-30.2 - "Jon" 2007-09-01 15:43:17.4 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.364 [GMT -4:00] Command switches used :: C:\Documents and Settings\Jon\Desktop\CFScript.txt * Created a new restore point FILE:: C:\sfgdg436.exe ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\Jon\APPLIC~1\Viewpoint C:\DOCUME~1\Jon\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\URLCache.ini C:\DOCUME~1\Jon\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\URLCache.ini C:\DOCUME~1\Jon\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\URLCache.ini C:\DOCUME~1\Jon\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\URLCache.ini C:\DOCUME~1\Jon\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\UpdateVersionList_v2.mtx C:\DOCUME~1\Jon\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\456817750.swf C:\DOCUME~1\Jon\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\617478198.swf C:\DOCUME~1\Jon\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\URLCache.ini C:\DOCUME~1\Jon\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-299397824.swf C:\DOCUME~1\Jon\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-916845981.swf C:\DOCUME~1\Jon\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1054459834.swf C:\DOCUME~1\Jon\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1224228534.swf C:\DOCUME~1\Jon\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1300140075.mtz C:\DOCUME~1\Jon\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1624992797.swf C:\DOCUME~1\Jon\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1991437604.swf C:\DOCUME~1\Jon\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\URLCache.ini C:\DOCUME~1\Jon\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\1859761695.swf C:\DOCUME~1\Jon\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\407034558.ini C:\DOCUME~1\Jon\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\733375164.mtj&p2=1&p3=16201431303834513453318622421919&p4=50335505 C:\DOCUME~1\Jon\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\URLCache.ini C:\DOCUME~1\Jon\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-1054858782.gif C:\DOCUME~1\Jon\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-1850579979.swf C:\DOCUME~1\Jon\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-192973655.mts C:\DOCUME~1\Jon\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\1586664009.swf C:\DOCUME~1\Jon\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\URLCache.ini C:\DOCUME~1\Jon\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\UpdateVersionList_v2.mtx C:\sfgdg436.exe ((((((((((((((((((((((((( Files Created from 2007-08-01 to 2007-09-01 ))))))))))))))))))))))))))))))) 2007-09-01 15:19 <DIR> d-------- C:\DOCUME~1\Jon\.SunDownloadManager 2007-08-30 23:24 <DIR> d-------- C:\WINDOWS\ERUNT 2007-08-30 04:17 <DIR> d-------- C:\Deckard 2007-08-30 04:00 <DIR> d-------- C:\Program Files\ZonedOut 2007-08-30 03:58 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL 2007-08-30 03:58 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-08-30 03:03 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-30 02:12 <DIR> d-------- C:\Program Files\America's Army Server Manager 2007-08-30 02:11 <DIR> d-------- C:\WINDOWS\ShellNew 2007-08-30 02:11 <DIR> d-------- C:\Program Files\SecondLife 2007-08-30 02:10 <DIR> d-------- C:\Program Files\WordPerfect Office X3 2007-08-30 02:10 <DIR> d-------- C:\Program Files\Common Files\Borland Shared 2007-08-30 02:09 <DIR> d-------- C:\Program Files\Common Files\Stardock 2007-08-30 02:08 <DIR> d-------- C:\DOCUME~1\Dad\APPLIC~1\Sonic 2007-08-25 11:42 <DIR> d-------- C:\DOCUME~1\Jon\Bouncing Souls 2007-08-21 02:15 <DIR> d-------- C:\Program Files\Xfire 2007-08-18 18:40 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-08-18 12:25 <DIR> d-------- C:\DOCUME~1\Jon\APPLIC~1\LimeWire 2007-08-16 03:04 <DIR> d-------- C:\Program Files\MSXML 6.0 2007-08-11 03:42 <DIR> d-------- C:\Program Files\Enigma Software Group 2007-08-11 03:24 83,024 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-08-11 03:24 57,424 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-08-11 03:24 53,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-08-11 03:24 39,376 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys 2007-08-11 03:24 29,264 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-08-11 03:24 <DIR> d-------- C:\Program Files\Spyware Doctor 2007-08-11 03:24 <DIR> d-------- C:\DOCUME~1\Jon\APPLIC~1\PC Tools 2007-08-11 03:22 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-08-05 14:19 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-08-04 03:08 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-30 03:02 --------- d-------- C:\Program Files\Corel 2007-08-30 03:02 --------- d-------- C:\Program Files\Common Files\Corel 2007-08-30 02:59 --------- d-------- C:\DOCUME~1\Jon\APPLIC~1\Corel 2007-08-30 02:12 --------- d-------- C:\Program Files\America's Army 2007-08-30 02:11 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Borland 2007-08-30 02:10 --------- d-------- C:\Program Files\Common Files\Real 2007-08-30 02:10 --------- d-------- C:\Program Files\Common Files\AOL 2007-08-29 16:29 --------- d-------- C:\Program Files\Warcraft III 2007-08-23 18:49 --------- d-------- C:\Program Files\Call of Duty Game of the Year Edition 2007-08-05 14:19 66872 --a------ C:\WINDOWS\system32\PnkBstrA.exe 2007-08-05 14:19 103736 --a------ C:\WINDOWS\system32\PnkBstrB.exe 2007-08-04 03:20 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-08-04 03:20 --------- d-------- C:\Program Files\EA GAMES 2007-08-02 15:06 --------- d-------- C:\Program Files\World of Warcraft 2007-07-31 15:53 --------- d-------- C:\Program Files\AIM Gadgets 2007-07-31 15:49 --------- d-------- C:\Program Files\Skype 2007-07-31 15:49 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-30 11:42 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trend Micro 2007-07-29 21:24 --------- d-------- C:\DOCUME~1\Jon\APPLIC~1\Skype 2007-07-29 20:03 --------- d-------- C:\DOCUME~1\Jon\APPLIC~1\teamspeak2 2007-07-29 14:47 --------- d-------- C:\Program Files\Trend Micro 2007-07-24 22:58 --------- d-------- C:\Program Files\AIM 2007-07-24 22:58 --------- d-------- C:\DOCUME~1\Jon\APPLIC~1\Aim 2007-07-24 22:30 --------- d-------- C:\Program Files\AOD 2007-07-24 22:27 --------- d-------- C:\DOCUME~1\Jon\APPLIC~1\JAMS 2007-07-17 01:28 0 --a------ C:\Program Files\WoW-1.9.4.5086-to-0.10.0.5140-enUS-patch.exe 2007-07-17 01:17 5852 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2007-06-26 02:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-19 09:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2007-06-13 06:23 1033216 --a------ C:\WINDOWS\explorer.exe 2007-05-14 00:10 0 --a------ C:\DOCUME~1\Jon\WoW-1.9.2.4996-to-1.9.3.5059-enUS-patch.exe 2007-05-13 00:05 774144 --a------ C:\Program Files\RngInterstitial.dll 2007-02-15 20:52 2661956 --a------ C:\Program Files\Install_LaunchPad.exe 2007-01-18 15:34 5707766 --a------ C:\Program Files\SnoodSetup.exe 2007-01-18 00:06 10796608 --a------ C:\Program Files\psreserves.zip 2006-10-09 15:02 70864113 --a------ C:\Program Files\TIS2007-SMALL-1329.EXE 2006-08-18 23:52 288 --a------ C:\Program Files\prepatch.log 2006-04-06 06:41 1945304505 --a------ C:\Program Files\DAoC_14-Day_Trial_Setup.exe 2006-03-20 22:02 1014477 --a------ C:\Program Files\wrar351.exe 2006-03-12 17:09 752284 --a------ C:\Program Files\WoW-1.9.4.5086-to-0.10.0.5140-enUS-downloader.exe 2005-12-31 14:04 2203013 --a------ C:\Program Files\WC3Banlist_2.82.exe 2005-12-23 23:39 752180 --a------ C:\Program Files\WoW-1.8.3.4807-to-0.9.0-enUS-downloader.exe 2005-12-17 04:21 270305943 --a------ C:\Program Files\wolfet.exe 2005-12-12 17:44 35113704 --a------ C:\Program Files\directx_9c_redist.exe 2005-12-10 18:11 89863576 --a------ C:\Program Files\molo.wmv 2004-07-22 11:51 3432656 --a------ C:\Program Files\ManagedDX.CAB 2004-07-19 23:58 1156363 --a------ C:\Program Files\BDANT.cab 2004-07-19 23:53 976020 --a------ C:\Program Files\BDAXP.cab 2004-07-09 10:13 703080 --a------ C:\Program Files\BDA.cab 2004-07-09 10:13 15493481 --a------ C:\Program Files\DirectX.cab 2004-07-09 05:08 472576 --a------ C:\Program Files\dxsetup.exe 2004-07-09 05:08 2242560 --a------ C:\Program Files\dsetup32.dll 2004-07-09 04:03 62976 --a------ C:\Program Files\DSETUP.dll ((((((((((((((((((((((((((((( snapshot_2007-08-31_ 00412.25 ))))))))))))))))))))))))))))))))))))))))) ----a-w 585,791 2007-08-31 15:57:27 C:\WINDOWS\gmer.dll ----a-w 581,632 2007-06-29 13:38:18 C:\WINDOWS\gmer.exe ----a-w 5,439,488 2007-09-01 07:05:43 C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat ----a-w 356,352 2007-09-01 07:05:43 C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat ----a-w 135,168 2007-07-12 05:22:00 C:\WINDOWS\system32\java.exe ----a-w 135,168 2007-07-12 05:22:04 C:\WINDOWS\system32\javaw.exe ----a-w 139,264 2007-07-12 06:22:38 C:\WINDOWS\system32\javaws.exe ----a-w 70,001 2007-08-31 15:57:27 C:\WINDOWS\system32\drivers\gmer.sys ----a-w 32,768 2007-09-01 03:27:30 C:\WINDOWS\Temporary Internet Files\Content.IE5\index.dat ----a-w 5,455,872 2007-08-31 03:24:25 C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat ----a-w 356,352 2007-08-31 03:24:26 C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat ----a-w 49,248 2005-11-10 16:27:06 C:\WINDOWS\system32\java.exe ----a-w 49,250 2005-11-10 16:27:16 C:\WINDOWS\system32\javaw.exe ----a-w 127,078 2005-11-10 18:03:54 C:\WINDOWS\system32\javaws.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 17:30] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 17:30] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 21:43] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58] "pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2007-04-12 06:58] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25] "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-06-27 13:54] "SpyHunter"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe" [2007-04-26 19:03] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2006-06-06 12:38] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=wbsys.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jon^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=C:\Documents and Settings\Jon\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jon^Start Menu^Programs^Startup^Xfire.lnk] path=C:\Documents and Settings\Jon\Start Menu\Programs\Startup\Xfire.lnk backup=C:\WINDOWS\pss\Xfire.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] C:\Program Files\Common Files\AOL\1144111071\ee\AOLSoftware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet R2 Devx;Devx;C:\WINDOWS\system32\drivers\Devx.sys R2 tmxpflt;tmxpflt;C:\WINDOWS\system32\DRIVERS\tmxpflt.sys R2 VtPr;VtPr;C:\WINDOWS\system32\drivers\VtPr.sys R3 FVNETusbXP;Belkin 11Mbps Wireless USB Network Adapter(R);C:\WINDOWS\system32\DRIVERS\bkusbxp.sys R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys S3 RIOUNIV;Rio universal USB driver;C:\WINDOWS\system32\Drivers\RIOUNIV.sys S3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-01 15:46:36 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-09-01 15:47:47 C:\ComboFix-quarantined-files.txt ... 2007-09-01 15:47 C:\ComboFix2.txt ... 2007-08-31 23:30 C:\ComboFix3.txt ... 2007-08-31 00:04 --- E O F --- _______________________________________________________________ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:49:32 PM, on 9/1/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\nvsvc32.exe C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe C:\PROGRA~1\TRENDM~1\INTERN~2\PccGuide.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\LimeWire\LimeWire.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thottbot.com/ R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user') O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZNxmk572CWUS O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework...ex/TmHcmsX.CAB O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{3C7B4365-B73E-46DB-9C0B-56AB67054B0D}: NameServer = 68.87.64.146,65.87.75.194 O17 - HKLM\System\CCS\Services\Tcpip\..\{8674926F-58E6-4780-8BF9-9B078E344461}: NameServer = 68.87.64.146,68.87.75.194 O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe -- End of file - 7430 bytes |
|
|
|
|
09-01-2007, 02:06 PM
|
#16 (permalink) |
|
Analyst, Security Team
Join Date: Jun 2006
Posts: 247
OS: Vista Ultimate/Windows 7 RC
|
Re: Computer runs very slow and freezes. More detail inside.
Your logs are looking much better. It is time to check the rest of your system to ensure that no "baddies" are lurking:
Please use the Internet Explorer browser, and do an online scan with Kaspersky Online Scanner Click Yes, when prompted to install its ActiveX component. (Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.) The program launches and downloads the latest definition files.
There is no option to clean/disinfect, however, we need to analyze the information on the report.   To obtain the report: Click on: Save Report As (above - red blinking arrow) Next, in the Save as prompt, Save in area, select: Desktop In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select: Text file [*.txt] Then, click: Save Please post the Kaspersky Online Scanner Report in your reply, along with a fresh HijackThis log
__________________
Paul Microsoft MVP - Consumer Security 2008 - 2009 My help is voluntary. It requires no payment but this site needs donations to operate - http://www.techsupportforum.com/donate.php |
|
|
|
|
09-02-2007, 10:30 AM
|
#17 (permalink) |
|
Registered User
Join Date: Aug 2007
Posts: 13
OS: Windows XP SP2
|
Re: Computer runs very slow and freezes. More detail inside.
Here you are.
------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Sunday, September 02, 2007 12:28:40 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.93.0 Kaspersky Anti-Virus database last update: 2/09/2007 Kaspersky Anti-Virus database records: 402407 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ Scan Statistics: Total number of scanned objects: 69706 Number of viruses found: 28 Number of infected objects: 635 Number of suspicious objects: 2 Duration of the scan process: 01:39:53 Infected Object Name / Virus Name / Last Action C:\7.tmp/stream/data0003 Infected: not-a-virus:AdWare.Win32.Agent.ay skipped C:\7.tmp/stream Infected: not-a-virus:AdWare.Win32.Agent.ay skipped C:\7.tmp NSIS: infected - 2 skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\Jim!\Local Settings\Temp\hsperfdata_Jim!\2276 Object is locked skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\1005_110.exe.bac_a07660 Infected: Trojan-Downloader.Win32.Zlob.avo skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\35_bn2b.exe.bac_a04016 Infected: Trojan-Clicker.Win32.Small.ja skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\35_bn2b.exe.bac_a07660 Infected: Trojan-Clicker.Win32.Small.ja skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\ab_01[1].exe.bac_a07660 Infected: Trojan-Downloader.Win32.Agent.bai skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\cr52.exe.bac_a04016 Infected: Trojan-Clicker.Win32.Small.ja skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\cr52.exe.bac_a07660 Infected: Trojan-Clicker.Win32.Small.ja skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\DXC8.x.exe.bac_a04016 Infected: Trojan.Win32.Kolweb.b skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\DXC8.x.exe.bac_a07660 Infected: Trojan.Win32.Kolweb.b skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\eltfuntarg.exe.bac_a04016 Infected: Trojan.Win32.Kolweb.b skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\eltfuntarg.exe.bac_a07660 Infected: Trojan.Win32.Kolweb.b skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\fred.exe.bac_a07660 Infected: Trojan-Downloader.Win32.Small.cyq skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\ig-24725-mut17.exe.bac_a04016 Infected: Trojan-Downloader.Win32.Agent.aox skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\ig-24725-mut17.exe.bac_a07660 Infected: Trojan-Downloader.Win32.Agent.aox skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\loadadv628.exe.bac_a07660 Infected: Trojan-Downloader.Win32.Harnig.cu skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\mmxp2passion.exe.bac_a04016 Infected: Trojan.Win32.Kolweb.b skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\mmxp2passion.exe.bac_a07660 Infected: Trojan.Win32.Kolweb.b skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\new_440.exe.bac_a07660 Infected: Trojan-Spy.Win32.Small.ez skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\rsi.exe.bac_a07660 Infected: Trojan-Clicker.Win32.Small.ja skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\Setup.exe.bac_a07660 Infected: Backdoor.Win32.IRCBot.tk skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\stampede0011.exe.bac_a04016 Infected: Trojan-Clicker.Win32.Small.ja skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\stampede0011.exe.bac_a07660 Infected: Trojan-Clicker.Win32.Small.ja skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\stdrun1.exe.bac_a04016 Infected: Trojan-Dropper.Win32.Agent.atm skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\stdrun1.exe.bac_a07660 Infected: Trojan-Dropper.Win32.Agent.atm skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\stdrun10.exe.bac_a07660 Infected: Trojan-Dropper.Win32.Agent.atm skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\stdrun11.exe.bac_a07660 Infected: Trojan-Dropper.Win32.Agent.atm skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\stdrun12.exe.bac_a07660 Infected: Trojan-Dropper.Win32.Agent.ata skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\stdrun13.exe.bac_a04016 Infected: Trojan-Clicker.Win32.Small.ja skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\stdrun13.exe.bac_a07660 Infected: Trojan-Dropper.Win32.Agent.ata skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\stdrun14.exe.bac_a04016 Infected: Trojan-Dropper.Win32.Agent.atm skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\stdrun14.exe.bac_a07660 Infected: Trojan-Clicker.Win32.Small.ja skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\stdrun15.exe.bac_a04016 Infected: Trojan-Dropper.Win32.Agent.mu skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\stdrun16.exe.bac_a04016 Infected: Trojan-Dropper.Win32.Agent.ata skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\stdrun16.exe.bac_a07660 Infected: Trojan-Clicker.Win32.Small.ja skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\stdrun17.exe.bac_a07660 Infected: Trojan-Dropper.Win32.Agent.atm skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\stdrun18.exe.bac_a07660 Infected: Trojan-Dropper.Win32.Agent.mu skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\stdrun19.exe.bac_a07660 Infected: Trojan-Dropper.Win32.Agent.ata skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\stdrun2.exe.bac_a07660 Infected: Trojan-Dropper.Win32.Agent.atm skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\stdrun20.exe.bac_a04016 Infected: Trojan-Downloader.Win32.Adload.hm skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\stdrun20.exe.bac_a07660 Infected: Trojan-Dropper.Win32.Agent.atm skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\stdrun21.exe.bac_a07660 Infected: Trojan-Dropper.Win32.Agent.atm skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\stdrun23.exe.bac_a07660 Infected: Trojan-Downloader.Win32.Adload.hm skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\stdrun24.exe.bac_a07660 Infected: Trojan-Clicker.Win32.Small.ja skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\stdrun25.exe.bac_a07660 Infected: Trojan-Clicker.Win32.Small.ja skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\stdrun26.exe.bac_a07660 Infected: Trojan-Dropper.Win32.Agent.atm skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\stdrun27.exe.bac_a07660 Infected: Trojan-Dropper.Win32.Agent.atm skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\stdrun28.exe.bac_a07660 Infected: Trojan-Dropper.Win32.Agent.mu skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\stdrun29.exe.bac_a07660 Infected: Trojan-Dropper.Win32.Agent.mu skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\stdrun3.exe.bac_a04016 Infected: Trojan.Win32.Obfuscated.ev skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\stdrun30.exe.bac_a07660 Infected: Trojan-Dropper.Win32.Agent.ata skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\stdrun31.exe.bac_a07660 Infected: Trojan-Dropper.Win32.Agent.ata skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\stdrun32.exe.bac_a07660 Infected: Trojan-Spy.Win32.Agent.io skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\stdrun33.exe.bac_a07660 Infected: Trojan-Spy.Win32.Agent.io skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\stdrun34.exe.bac_a07660 Infected: Trojan-Dropper.Win32.MultiJoiner.13.h skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\stdrun35.exe.bac_a07660 Infected: Trojan-Dropper.Win32.MultiJoiner.13.h skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\stdrun37.exe.bac_a07660 Infected: Trojan-Downloader.Win32.Adload.hm skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\stdrun38.exe.bac_a07660 Infected: Trojan-Downloader.Win32.Adload.hm skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\stdrun5.exe.bac_a04016 Infected: Trojan-Dropper.Win32.Agent.ata skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\stdrun5.exe.bac_a07660 Infected: Trojan.Win32.Spabot.ag skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\stdrun7.exe.bac_a07660 Infected: Trojan.Win32.Spabot.ag skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\stdrun8.exe.bac_a07660 Infected: Trojan.Win32.Obfuscated.ev skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\stdrun9.exe.bac_a04016 Infected: Trojan-Dropper.Win32.Agent.atm skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\stdrun9.exe.bac_a07660 Infected: Trojan.Win32.Obfuscated.ev skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\t.rar.bac_a04016/Setup.exe Infected: Backdoor.Win32.IRCBot.tk skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\t.rar.bac_a04016 ZIP: infected - 1 skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\t.rar.bac_a04016 CryptFF.b: infected - 1 skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\TISED001.exe.bac_a04016 Infected: Trojan.Win32.Kolweb.b skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\TISED001.exe.bac_a07660 Infected: Trojan.Win32.Kolweb.b skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\xm_ab.exe.bac_a04016 Infected: Trojan-Downloader.Win32.Agent.bac skipped C:\Documents and Settings\Jon\.housecall6.6\Quarantine\ZbHostIE.dll.bac_a04016 Infected: not-a-virus:AdWare.Win32.HotBar.ca skipped C:\Documents and Settings\Jon\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Jon\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped C:\Documents and Settings\Jon\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Jon\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Jon\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Jon\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Jon\ntuser.dat Object is locked skipped C:\Documents and Settings\Jon\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\109.tmp Infected: Trojan.Win32.Obfuscated.gy skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\10A.tmp Infected: Trojan.Win32.Obfuscated.gy skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\18.tmp Infected: Trojan.Win32.Obfuscated.gy skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2.tmp Infected: Trojan.Win32.Obfuscated.gy skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\24.tmp Suspicious: Exploit.Win32.IMG-WMF skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3.tmp Infected: Trojan.Win32.Obfuscated.gy skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\4.tmp Infected: Trojan.Win32.Obfuscated.gy skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\48E.tmp Infected: Trojan.Win32.Obfuscated.gy skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5.tmp Infected: Trojan.Win32.Obfuscated.gy skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6.tmp Infected: Trojan.Win32.Obfuscated.gy skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\7.tmp Infected: Trojan.Win32.Obfuscated.gy skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\8.tmp Infected: Trojan.Win32.Obfuscated.gy skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\three[1].exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\Program Files\Trend Micro\Internet Security 2007\VSSOHVFF.2SF Suspicious: Type_Win32 skipped C:\QooBox\Quarantine\C\installer.exe.vir Infected: Trojan.Win32.Obfuscated.gy skipped C:\QooBox\Quarantine\C\installOSi.exe.vir Infected: Trojan.Win32.Obfuscated.gy skipped C:\QooBox\Quarantine\C\sfgdg436.exe.vir Infected: Trojan.Win32.Obfuscated.gy skipped C:\QooBox\Quarantine\C\updates9453.exe.vir Infected: Trojan.Win32.Obfuscated.gy skipped C:\QooBox\Quarantine\C\updates9456.exe.vir Infected: Trojan.Win32.Obfuscated.gy skipped C:\QooBox\Quarantine\C\WINDOWS\security\aol.exe.vir Infected: Backdoor.Win32.SdBot.aad skipped C:\QooBox\Quarantine\C\WINDOWS\system32\vidnoayibkth.exe.vir Infected: Trojan.Win32.Obfuscated.gy skipped C:\QooBox\Quarantine\C\winupdate.exe.vir Infected: Trojan-Downloader.Win32.Small.eqn skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/ajkanlrvgow.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/aol.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/avmejz.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/b.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/barufvjf.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/berxhvd.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/bhmta.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/bn.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/brkq.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/bxqochma.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/c.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/cbowbxdqkm.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/crgqiznqxfg.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/cwdnvkamdc.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/cyzwrynbvxs.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/cznkcjjpn.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/dde.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/djemizwufqox.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/dkygbpkx.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/dlkysro.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/dpkwbwei.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/dtbua.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/e.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/ecrtrc.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/eiosxrnd.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/ekogvewyaow.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/er.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/erc.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/evrydsinl.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/ewsg.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/fdxio.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/feiqasfpj.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/fni.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/fyckcmfudmig.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/fyus.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/fzpv.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/ghhvusojsg.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/gkyxunrif.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/gozqxcjhhdk.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/grnndfar.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/gtxhrbr.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/hev.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/hgpndxx.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/hhv.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/hyxaqcxq.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/i.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/ieo.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/igtj.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/inscgrbatnm.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/iudctgs.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/jcpw.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/jifqfjxhny.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/jy.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/jzvlnqcfkj.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/kcqrm.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/khuglxco.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/kj.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/kpzw.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/kusinqdnarzr.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/kyktgeketjlt.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/lgz.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/lirrmakyh.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/llnmzyqhb.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/loqmfxqlxel.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/lyl.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/mefgcvtn.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/mjopgqpjdor.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/msg.exe.tmp Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/mulj.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/mwz.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/n.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/nfounnsnpum.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/nukg.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/nyxmhjpzbe.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/nzpbxp.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/oalv.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/odbt.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/onufoztrdwx.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/osm.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/otxvhkw.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/oxmkntxxdwq.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/ph.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/pihu.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/pl.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/pljvjuhehfod.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/pztqb.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/q.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/qeuzyom.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/qgukbfbly.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/qqvppfznnv.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/quvwfzild.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/quwdwah.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/qwc.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/rahezvf.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/rqqoihtfdtm.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/sdz.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/shoazgdu.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/smjnfiryp.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/smpujzq.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/sqnqqdxvl.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/srqhjhdxip.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/ssig.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/ssrqg.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/syx.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/teueuue.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/tmofy.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/tp.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/tqqgvkqzoqr.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/tu.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/ub.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/ufgcrrychhwq.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/uoxubonllttq.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/uoxvbncjo.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/upkehurhtbh.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/uqu.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/utezvpvjwkib.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/uvelpfxncemd.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/uwkgwjyf.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/uxsq.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/vaxb.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/vb.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/vstquasgbap.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/wctdkb.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/wjjbywttug.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/wjlh.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/wlszknvfpzu.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/wop.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/wqobvljbcxj.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/wypevcntptw.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/xb.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/xbunef.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/xepjhq.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/xiosscgh.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/xkqeqhxbv.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/xmvk.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/xqowlf.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/xust.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/y.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/ygjbpkgiikkx.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/yjpxcisjg.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/yqa.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/yqkuib.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/yrvneyd.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/yueki.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/zdzqeenesgs.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/zrfwb.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/zu.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip/backups/zugozyin.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\SDFix\SDFix\backups_old1\backups.zip ZIP: infected - 148 skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP711\A0449251.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP711\A0449252.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP712\A0449253.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP712\A0449254.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP720\A0453321.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP742\A0458555.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP744\A0458567.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP746\A0460456.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP747\A0460460.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP763\A0468523.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP764\A0468533.exe Infected: Trojan-Downloader.Win32.PurityScan.eg skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP771\A0474830.exe Infected: not-a-virus:AdWare.Win32.Agent.br skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP774\A0477890.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP790\A0492081.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP791\A0492090.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP793\A0493138.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP794\A0493159.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP795\A0493231.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP795\A0493238.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP795\A0493275.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP795\A0493276.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP795\A0493411.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP795\A0493412.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP795\A0493413.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP795\A0493414.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP795\A0493415.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP795\A0493431.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP795\A0493432.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP795\A0493433.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP795\A0493648.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP796\A0493669.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP796\A0493706.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP796\A0493707.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP796\A0493842.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP796\A0493843.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP796\A0493844.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP796\A0493845.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP796\A0493846.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP796\A0493862.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP796\A0493863.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP796\A0493864.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP797\A0494098.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP797\A0494135.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP797\A0494136.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP797\A0494271.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP797\A0494272.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP797\A0494273.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP797\A0494274.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP797\A0494275.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP797\A0494291.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP797\A0494292.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP797\A0494293.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP798\A0494513.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP798\A0494528.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP798\A0494565.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP798\A0494566.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP798\A0494701.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP798\A0494702.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP798\A0494703.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP798\A0494704.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP798\A0494705.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP798\A0494721.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP798\A0494722.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP798\A0494723.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP798\A0494934.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP798\A0494951.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP798\A0494966.dll Infected: not-a-virus:AdWare.Win32.Agent.ay skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP799\A0495425.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP799\A0495426.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP799\A0496934.exe Infected: Backdoor.Win32.SdBot.aad skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP800\A0496965.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP800\A0496966.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP800\A0496967.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP800\A0496968.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP800\A0496969.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP800\A0496970.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP800\A0496971.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP800\A0496972.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP800\A0496973.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP800\A0496974.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP800\A0496975.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP800\A0496976.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP800\A0496977.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP800\A0496978.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP800\A0496979.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP800\A0496980.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP800\A0496981.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP800\A0496982.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP800\A0496983.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP800\A0496984.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP801\A0497055.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497178.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497179.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497180.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497181.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497182.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497183.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497184.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497185.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497186.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497187.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497188.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497189.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497190.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497191.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497192.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497193.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497194.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497195.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497196.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497197.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497198.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497199.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497200.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497201.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497202.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497203.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497204.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497205.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497206.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497207.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497208.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497209.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497210.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497211.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497212.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497213.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497214.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497215.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497216.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497217.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497218.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497219.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497220.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497221.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497222.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497223.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497224.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497225.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497226.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497227.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497228.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497229.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497230.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497231.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497232.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497233.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497234.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497235.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497236.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497237.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497238.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497239.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497240.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497241.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497242.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497243.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497244.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497245.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497246.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497247.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497248.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497249.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497250.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497251.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497252.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497253.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497254.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497255.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497256.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497257.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497258.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497259.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497260.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497261.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497262.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497263.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497264.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497265.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497266.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497267.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497268.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497269.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497270.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497271.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497272.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497273.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497274.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497275.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497276.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497277.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497278.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497279.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497280.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497281.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497282.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497283.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497284.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497285.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497286.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497287.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497288.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497289.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497290.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497291.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497292.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497293.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497294.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497295.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497296.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497297.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497298.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497299.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497300.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497301.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497302.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497303.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497304.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497305.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497306.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497307.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497308.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497309.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497310.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497311.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497312.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497313.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497314.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497315.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497316.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497317.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497318.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497319.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497320.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497321.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497322.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497323.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497325.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497352.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497353.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497354.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497355.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497356.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497357.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497358.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497359.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497360.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497361.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497362.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497363.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497364.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497365.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497366.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497367.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497368.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497369.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497370.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497371.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497372.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497373.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497374.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497375.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497376.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497377.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497378.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497379.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497380.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497381.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497382.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497383.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497384.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497385.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497386.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497387.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497388.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497389.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497390.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497391.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497392.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497393.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497394.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497395.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497396.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497397.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497398.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497399.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497400.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497401.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497402.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497403.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497404.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497405.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497406.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497407.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497408.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497409.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497410.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497411.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497412.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497413.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497414.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497415.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497416.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497417.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497418.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497419.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497420.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497421.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497422.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497423.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497424.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497425.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497426.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497427.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497428.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497429.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497430.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497431.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497432.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497433.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497434.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497435.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497436.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497437.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497438.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497439.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497440.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497441.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497442.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497443.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497444.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497445.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497446.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497447.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497448.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497449.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497450.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497451.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497452.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497453.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497458.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497459.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497460.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497461.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497462.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497463.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497465.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497466.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497467.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497468.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497469.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497470.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497471.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497472.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497473.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497474.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497475.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497476.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497477.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497478.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497479.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497480.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497481.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497482.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497483.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497484.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497485.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497486.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497487.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497488.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497489.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497490.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497491.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497492.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497493.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497494.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497495.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497496.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497497.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497498.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497499.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497500.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497501.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497502.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP802\A0497503.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP805\A0497887.exe Infected: Backdoor.Win32.SdBot.aad skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP805\A0497892.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP805\A0497893.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP805\A0497894.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP805\A0497896.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP805\A0497898.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP805\A0497899.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP808\A0499114.exe Infected: Trojan.Win32.Obfuscated.gy skipped C:\System Volume Information\_restore{19C3BF69-0F4E-4BD4-8B85-B0C80203F894}\RP808\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{48EC3CED-6F85-4598-9B60-7ED571C0D369}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. _______________________________________________________________ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:29:36 PM, on 9/2/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\nvsvc32.exe C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe C:\Program Files\AIM6\aolsoftware.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE c:\program files\common files\installshield\updateservice\isuspm.exe C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thottbot.com/ R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user') O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZNxmk572CWUS O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework...ex/TmHcmsX.CAB O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{3C7B4365-B73E-46DB-9C0B-56AB67054B0D}: NameServer = 68.87.64.146,65.87.75.194 O17 - HKLM\System\CCS\Services\Tcpip\..\{8674926F-58E6-4780-8BF9-9B078E344461}: NameServer = 68.87.64.146,68.87.75.194 O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe -- End of file - 7717 bytes |
|
|
|
|
09-02-2007, 11:28 AM
|
#18 (permalink) |
|
Analyst, Security Team
Join Date: Jun 2006
Posts: 247
OS: Vista Ultimate/Windows 7 RC
|
Re: Computer runs very slow and freezes. More detail inside.
It looks as if your system is still very infected but, in fact, nearly all the infected files are in quarantine or in your system restore cache. The ones in quarantine we will deal with now and the ones in your restore cache will be taken care of when we proceed with our final cleanup procedures.
A. Please delete the content of the following folders but not the folders themselves: C:\Documents and Settings\Jon\.housecall6.6\Quarantine C:\Program Files\Trend Micro\Internet Security 2007\Quarantine B. 1. Please open Notepad
2. Now copy/paste the entire content of the codebox below into the Notepad window: Code:
File:: C:\7.tmp C:\1005_110.exe.bac_a07660 Folder:: C:\SDFix Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 3. Save the above as CFScript.txt 4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again. 5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
C. Finally, it is now time to fix some file associations that are not right. We will be using DSS again and please make sure that it is on your desktop.. To repair the faulty file associations, please do the following:
Post the contents of that logfile with your next post. D. Reports/logs to Post:
__________________
Paul Microsoft MVP - Consumer Security 2008 - 2009 My help is voluntary. It requires no payment but this site needs donations to operate - http://www.techsupportforum.com/donate.php |
|
|
|
|
09-02-2007, 09:57 PM
|
#19 (permalink) |
|
Registered User
Join Date: Aug 2007
Posts: 13
OS: Windows XP SP2
|
Re: Computer runs very slow and freezes. More detail inside.
ComboFix 07-08-30.2 - "Jon" 2007-09-02 16:04:09.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.401 [GMT -4:00] Command switches used :: C:\Documents and Settings\Jon\Desktop\CFScript.txt * Created a new restore point FILE:: C:\7.tmp C:\1005_110.exe.bac_a07660 ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\7.tmp C:\SDFix C:\SDFix\SDFix\apps\assosfix.reg C:\SDFix\SDFix\apps\cliptext.exe C:\SDFix\SDFix\apps\download.exe C:\SDFix\SDFix\apps\dummy.sys C:\SDFix\SDFix\apps\Enable_Command_Prompt.reg C:\SDFix\SDFix\apps\ERDNT.E_E C:\SDFix\SDFix\apps\ERDNTDOS.LOC C:\SDFix\SDFix\apps\ERDNTWIN.LOC C:\SDFix\SDFix\apps\ERUNT.EXE C:\SDFix\SDFix\apps\ERUNT.LOC C:\SDFix\SDFix\apps\fix.reg C:\SDFix\SDFix\apps\FixBH.reg C:\SDFix\SDFix\apps\FIXCU.reg C:\SDFix\SDFix\apps\FIXLM.reg C:\SDFix\SDFix\apps\FixPath.exe C:\SDFix\SDFix\apps\FixRedir.reg C:\SDFix\SDFix\apps\FixWebCheck.reg C:\SDFix\SDFix\apps\fixXP.reg C:\SDFix\SDFix\apps\FixXPsp2.reg C:\SDFix\SDFix\apps\HPFix.reg C:\SDFix\SDFix\apps\HPFix2.reg C:\SDFix\SDFix\apps\HPFix3.reg C:\SDFix\SDFix\apps\leg2.txt C:\SDFix\SDFix\apps\legacy.txt C:\SDFix\SDFix\apps\legacybk.txt C:\SDFix\SDFix\apps\locate.com C:\SDFix\SDFix\apps\LS.exe C:\SDFix\SDFix\apps\MD5File.exe C:\SDFix\SDFix\apps\moveex.exe C:\SDFix\SDFix\apps\MyGcpvFix.reg C:\SDFix\SDFix\apps\MyGkFix2.reg C:\SDFix\SDFix\apps\Process.exe C:\SDFix\SDFix\apps\RegDACL.exe C:\SDFix\SDFix\apps\Rem.txt C:\SDFix\SDFix\apps\Rem2.txt C:\SDFix\SDFix\apps\Replace\W2K.exe C:\SDFix\SDFix\apps\Replace\w2k\null.sys C:\SDFix\SDFix\apps\Replace\XP.exe C:\SDFix\SDFix\apps\Replace\xp\null.sys C:\SDFix\SDFix\apps\Reset_AppInit_DLLs.reg C:\SDFix\SDFix\apps\RestartIt!.exe C:\SDFix\SDFix\apps\Restore_SecurityCenter.reg C:\SDFix\SDFix\apps\Restore_SharedAccess.reg C:\SDFix\SDFix\apps\sc.exe C:\SDFix\SDFix\apps\SF.exe C:\SDFix\SDFix\apps\shutdown.exe C:\SDFix\SDFix\apps\srv2.txt C:\SDFix\SDFix\apps\svc.txt C:\SDFix\SDFix\apps\svcbk.txt C:\SDFix\SDFix\apps\swreg.exe C:\SDFix\SDFix\apps\swsc.exe C:\SDFix\SDFix\apps\unzip.exe C:\SDFix\SDFix\apps\zip.exe C:\SDFix\SDFix\backups\attrib.exe C:\SDFix\SDFix\backups\backupreg.zip C:\SDFix\SDFix\backups\find.exe C:\SDFix\SDFix\backups\findstr.exe C:\SDFix\SDFix\backups\HOSTS C:\SDFix\SDFix\backups\regedit.exe C:\SDFix\SDFix\backups_old1\attrib.exe C:\SDFix\SDFix\backups_old1\backupreg.zip C:\SDFix\SDFix\backups_old1\backups.zip C:\SDFix\SDFix\backups_old1\find.exe C:\SDFix\SDFix\backups_old1\findstr.exe C:\SDFix\SDFix\backups_old1\HOSTS C:\SDFix\SDFix\backups_old1\regedit.exe C:\SDFix\SDFix\catchme.exe C:\SDFix\SDFix\dummy.sys C:\SDFix\SDFix\Report.txt C:\SDFix\SDFix\Report_old_1.txt C:\SDFix\SDFix\RunThis.bat C:\SDFix\SDFix\SDFIX_ReadMe_Online.url ((((((((((((((((((((((((( Files Created from 2007-08-02 to 2007-09-02 ))))))))))))))))))))))))))))))) 2007-09-01 22:54 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-09-01 22:54 <DIR> d-------- C:\WINDOWS\LastGood 2007-09-01 22:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab 2007-09-01 15:19 <DIR> d-------- C:\DOCUME~1\Jon\.SunDownloadManager 2007-08-30 23:24 <DIR> d-------- C:\WINDOWS\ERUNT 2007-08-30 04:17 <DIR> d-------- C:\Deckard 2007-08-30 04:00 <DIR> d-------- C:\Program Files\ZonedOut 2007-08-30 03:58 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL 2007-08-30 03:58 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-08-30 03:03 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-30 02:12 <DIR> d-------- C:\Program Files\America's Army Server Manager 2007-08-30 02:11 <DIR> d-------- C:\WINDOWS\ShellNew 2007-08-30 02:11 <DIR> d-------- C:\Program Files\SecondLife 2007-08-30 02:10 <DIR> d-------- C:\Program Files\WordPerfect Office X3 2007-08-30 02:10 <DIR> d-------- C:\Program Files\Common Files\Borland Shared 2007-08-30 02:09 <DIR> d-------- C:\Program Files\Common Files\Stardock 2007-08-30 02:08 <DIR> d-------- C:\DOCUME~1\Dad\APPLIC~1\Sonic 2007-08-25 11:42 <DIR> d-------- C:\DOCUME~1\Jon\Bouncing Souls 2007-08-21 02:15 <DIR> d-------- C:\Program Files\Xfire 2007-08-18 18:40 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-08-18 12:25 <DIR> d-------- C:\DOCUME~1\Jon\APPLIC~1\LimeWire 2007-08-16 03:04 <DIR> d-------- C:\Program Files\MSXML 6.0 2007-08-11 03:42 <DIR> d-------- C:\Program Files\Enigma Software Group 2007-08-11 03:24 83,024 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-08-11 03:24 57,424 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-08-11 03:24 53,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-08-11 03:24 39,376 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys 2007-08-11 03:24 29,264 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-08-11 03:24 <DIR> d-------- C:\Program Files\Spyware Doctor 2007-08-11 03:24 <DIR> d-------- C:\DOCUME~1\Jon\APPLIC~1\PC Tools 2007-08-11 03:22 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-08-05 14:19 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-08-04 03:08 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-30 03:02 --------- d-------- C:\Program Files\Corel 2007-08-30 03:02 --------- d-------- C:\Program Files\Common Files\Corel 2007-08-30 02:59 --------- d-------- C:\DOCUME~1\Jon\APPLIC~1\Corel 2007-08-30 02:12 --------- d-------- C:\Program Files\America's Army 2007-08-30 02:11 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Borland 2007-08-30 02:10 --------- d-------- C:\Program Files\Common Files\Real 2007-08-30 02:10 --------- d-------- C:\Program Files\Common Files\AOL 2007-08-29 16:29 --------- d-------- C:\Program Files\Warcraft III 2007-08-23 18:49 --------- d-------- C:\Program Files\Call of Duty Game of the Year Edition 2007-08-05 14:19 66872 --a------ C:\WINDOWS\system32\PnkBstrA.exe 2007-08-05 14:19 103736 --a------ C:\WINDOWS\system32\PnkBstrB.exe 2007-08-04 03:20 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-08-04 03:20 --------- d-------- C:\Program Files\EA GAMES 2007-08-02 15:06 --------- d-------- C:\Program Files\World of Warcraft 2007-07-31 15:53 --------- d-------- C:\Program Files\AIM Gadgets 2007-07-31 15:49 --------- d-------- C:\Program Files\Skype 2007-07-31 15:49 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-30 11:42 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trend Micro 2007-07-29 21:24 --------- d-------- C:\DOCUME~1\Jon\APPLIC~1\Skype 2007-07-29 20:03 --------- d-------- C:\DOCUME~1\Jon\APPLIC~1\teamspeak2 2007-07-29 14:47 --------- d-------- C:\Program Files\Trend Micro 2007-07-24 22:58 --------- d-------- C:\Program Files\AIM 2007-07-24 22:58 --------- d-------- C:\DOCUME~1\Jon\APPLIC~1\Aim 2007-07-24 22:30 --------- d-------- C:\Program Files\AOD 2007-07-24 22:27 --------- d-------- C:\DOCUME~1\Jon\APPLIC~1\JAMS 2007-07-17 01:28 0 --a------ C:\Program Files\WoW-1.9.4.5086-to-0.10.0.5140-enUS-patch.exe 2007-07-17 01:17 5852 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2007-06-26 02:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-19 09:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2007-06-13 06:23 1033216 --a------ C:\WINDOWS\explorer.exe 2007-05-14 00:10 0 --a------ C:\DOCUME~1\Jon\WoW-1.9.2.4996-to-1.9.3.5059-enUS-patch.exe 2007-05-13 00:05 774144 --a------ C:\Program Files\RngInterstitial.dll 2007-02-15 20:52 2661956 --a------ C:\Program Files\Install_LaunchPad.exe 2007-01-18 15:34 5707766 --a------ C:\Program Files\SnoodSetup.exe 2007-01-18 00:06 10796608 --a------ C:\Program Files\psreserves.zip 2006-10-09 15:02 70864113 --a------ C:\Program Files\TIS2007-SMALL-1329.EXE 2006-08-18 23:52 288 --a------ C:\Program Files\prepatch.log 2006-04-06 06:41 1945304505 --a------ C:\Program Files\DAoC_14-Day_Trial_Setup.exe 2006-03-20 22:02 1014477 --a------ C:\Program Files\wrar351.exe 2006-03-12 17:09 752284 --a------ C:\Program Files\WoW-1.9.4.5086-to-0.10.0.5140-enUS-downloader.exe 2005-12-31 14:04 2203013 --a------ C:\Program Files\WC3Banlist_2.82.exe 2005-12-23 23:39 752180 --a------ C:\Program Files\WoW-1.8.3.4807-to-0.9.0-enUS-downloader.exe 2005-12-17 04:21 270305943 --a------ C:\Program Files\wolfet.exe 2005-12-12 17:44 35113704 --a------ C:\Program Files\directx_9c_redist.exe 2005-12-10 18:11 89863576 --a------ C:\Program Files\molo.wmv 2004-07-22 11:51 3432656 --a------ C:\Program Files\ManagedDX.CAB 2004-07-19 23:58 1156363 --a------ C:\Program Files\BDANT.cab 2004-07-19 23:53 976020 --a------ C:\Program Files\BDAXP.cab 2004-07-09 10:13 703080 --a------ C:\Program Files\BDA.cab 2004-07-09 10:13 15493481 --a------ C:\Program Files\DirectX.cab 2004-07-09 05:08 472576 --a------ C:\Program Files\dxsetup.exe 2004-07-09 05:08 2242560 --a------ C:\Program Files\dsetup32.dll 2004-07-09 04:03 62976 --a------ C:\Program Files\DSETUP.dll ((((((((((((((((((((((((((((( snapshot_2007-08-31_ 00412.25 ))))))))))))))))))))))))))))))))))))))))) ----a-w 585,791 2007-08-31 15:57:27 C:\WINDOWS\gmer.dll ----a-w 581,632 2007-06-29 13:38:18 C:\WINDOWS\gmer.exe ----a-w 5,439,488 2007-09-01 07:05:43 C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat ----a-w 356,352 2007-09-01 07:05:43 C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat ----a-w 135,168 2007-07-12 05:22:00 C:\WINDOWS\system32\java.exe ----a-w 135,168 2007-07-12 05:22:04 C:\WINDOWS\system32\javaw.exe ----a-w 139,264 2007-07-12 06:22:38 C:\WINDOWS\system32\javaws.exe ----a-w 70,001 2007-08-31 15:57:27 C:\WINDOWS\system32\drivers\gmer.sys ----a-w 213,048 2005-05-24 15:27:16 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll ----a-w 94,208 2007-02-21 21:48:18 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe ----a-w 946,176 2007-02-21 21:49:08 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll ----a-w 32,768 2007-09-01 03:27:30 C:\WINDOWS\Temporary Internet Files\Content.IE5\index.dat ----a-w 5,455,872 2007-08-31 03:24:25 C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat ----a-w 356,352 2007-08-31 03:24:26 C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat ----a-w 49,248 2005-11-10 16:27:06 C:\WINDOWS\system32\java.exe ----a-w 49,250 2005-11-10 16:27:16 C:\WINDOWS\system32\javaw.exe ----a-w 127,078 2005-11-10 18:03:54 C:\WINDOWS\system32\javaws.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 17:30] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 17:30] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 21:43] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58] "pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2007-04-12 06:58] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25] "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-06-27 13:54] "SpyHunter"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe" [2007-04-26 19:03] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2006-06-06 12:38] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=wbsys.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jon^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=C:\Documents and Settings\Jon\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jon^Start Menu^Programs^Startup^Xfire.lnk] path=C:\Documents and Settings\Jon\Start Menu\Programs\Startup\Xfire.lnk backup=C:\WINDOWS\pss\Xfire.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] C:\Program Files\Common Files\AOL\1144111071\ee\AOLSoftware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet R2 Devx;Devx;C:\WINDOWS\system32\drivers\Devx.sys R2 tmxpflt;tmxpflt;C:\WINDOWS\system32\DRIVERS\tmxpflt.sys R2 VtPr;VtPr;C:\WINDOWS\system32\drivers\VtPr.sys R3 FVNETusbXP;Belkin 11Mbps Wireless USB Network Adapter(R);C:\WINDOWS\system32\DRIVERS\bkusbxp.sys R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys S3 RIOUNIV;Rio universal USB driver;C:\WINDOWS\system32\Drivers\RIOUNIV.sys S3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-02 16:16:49 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... C:\WINDOWS\system32\cmd.exe [3276] 0x865E77C0 scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-09-02 16:18:00 C:\ComboFix-quarantined-files.txt ... 2007-09-02 16:17 C:\ComboFix2.txt ... 2007-09-01 15:47 C:\ComboFix3.txt ... 2007-08-31 23:30 --- E O F --- _______________________________________________________________ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:54:22 PM, on 9/2/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\nvsvc32.exe C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe C:\Program Files\AIM6\aolsoftware.exe C:\WINDOWS\System32\alg.exe c:\program files\common files\installshield\updateservice\isuspm.exe C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thottbot.com/ R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user') O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZNxmk572CWUS O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework...ex/TmHcmsX.CAB O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{3C7B4365-B73E-46DB-9C0B-56AB67054B0D}: NameServer = 68.87.64.146,65.87.75.194 O17 - HKLM\System\CCS\Services\Tcpip\..\{8674926F-58E6-4780-8BF9-9B078E344461}: NameServer = 68.87.64.146,68.87.75.194 O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe -- End of file - 7750 bytes _______________________________________________________________ DAFT Log saved on 2007-09-02 23:55:40 ----------------------------------------------------------------------- All associations okay! |
|
|
|
|
09-02-2007, 10:16 PM
|
#20 (permalink) |
|
Analyst, Security Team
Join Date: Jun 2006
Posts: 247
OS: Vista Ultimate/Windows 7 RC
|
Re: Computer runs very slow and freezes. More detail inside.
Your logs look clean. If you have no more malware-related problems that you are aware of, just give me the OK and we can start the final but essential cleanup procedures and recommendations.
Trevuren
__________________
Paul Microsoft MVP - Consumer Security 2008 - 2009 My help is voluntary. It requires no payment but this site needs donations to operate - http://www.techsupportforum.com/donate.php |
|
|
|
| Thread Tools | |
|
|
