Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Duplicate Processes Running... Please Help!!!
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
Page 1 of 2 1 2
 
LinkBack Thread Tools
Old 12-29-2007, 09:39 AM   #1 (permalink)
Custom User Title
 
ssj4Gogeta's Avatar
 
Join Date: Dec 2007
Location: India
Posts: 1,864
OS: Windows XP SP2, Vista, Ubuntu Intrepid Ibex, Leopard (Kalyway)

My System

Cry Duplicate Processes Running... Please Help!!!
Hi
Today when I started my computer, I found that there were some extra processes running. They have the same names as the processes which usually run on my computer except that they have an extra space before ".exe". For instance, there are two googletalk processes now: one is the normal "googletalk.exe" and the other is
"googletalk .exe" (space before ".exe").
Similarly there are other duplicate processes too. Norton didn't detect any viruses. I tried system restore but all my restore points are gone! Except one which is called "Last Known Good Configuration" which also doesn't work.
Please help me.
ssj4Gogeta is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 12-30-2007, 11:47 PM   #2 (permalink)
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
 
Angelfire777's Avatar
 
Join Date: Oct 2006
Posts: 4,581
OS: Vista


Re: Duplicate Processes Running... Please Help!!!
Hi, welcome to TSF!

Please click Here to download HijackThis to your desktop.

Click the Download button. When the Trend Micro HJT install box appears, double click on the HJTInstall.exe. Click on Install.

It will be installed by default here: C:\Program Files\Trend Micro\HijackThis

A shortcut to the application will also be placed on your Desktop.

The program will open automatically after installation.

You can double-click the icon that was placed on the Desktop to run subsequent HijackThis scans or you can use the icon inside the folder. The folder HijackThis is where you will find the HJT logs that you save. When you use the application to remove anything, you will also find the backup copies made by HJT inside this folder.

Click on "Do a system scan and save logfile" When the log pops up in Notepad, copy and paste that file back here.
__________________
UNITE and ASAP since 2006


If we have helped you, please consider donating.

The past won't be able to hurt you unless you keep on looking back at it.
Angelfire777 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-31-2007, 02:30 AM   #3 (permalink)
Custom User Title
 
ssj4Gogeta's Avatar
 
Join Date: Dec 2007
Location: India
Posts: 1,864
OS: Windows XP SP2, Vista, Ubuntu Intrepid Ibex, Leopard (Kalyway)

My System

Re: Duplicate Processes Running... Please Help!!!
Hi
Thanks for replying.
I've installed HijackThis and have scanned my system. But before posting the log, I would like to tell you something that I found out, which might be useful. I observed that all my original processes have been renamed with a space. For example, "xyz.exe" has been renamed to "xyz .exe" and in place of the original process, a new file has been created in the same folder with the original name ("xyz.exe" in this case). The renamed processes ("xyz .exe") do not appear in the startup list of msconfig.exe. Instead, when the startup calls "xyz.exe", the process itself calls "xyz .exe".
So, this means that when I start my computer, xyz.exe (the duplicate process) is called, which calls my renamed original process "xyz .exe".
There's also a new startup item: ddabx.exe
besides, there is also a file called ddabx.dll on my hard disk, which I cannot delete.


Here's the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:43:10 PM, on 12/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ps2.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\igfxpers .exe
C:\WINDOWS\system32\hkcmd .exe
C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
C:\WINDOWS\system32\ps2 .exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD .exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
C:\Program Files\Common Files\Symantec Shared\ccApp .exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched .exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Google Talk\googletalk .exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F3 - REG:win.ini: load=C:\WINDOWS\system32\ddabx.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [fc94ca9b] rundll32.exe "C:\WINDOWS\system32\hlxffkaf.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{10A40F4A-8B17-43C6-995D-D601E4C2DE14}: NameServer = 192.168.1.1,218.248.255.161
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 10766 bytes
ssj4Gogeta is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-31-2007, 03:02 AM   #4 (permalink)
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
 
Angelfire777's Avatar
 
Join Date: Oct 2006
Posts: 4,581
OS: Vista


Re: Duplicate Processes Running... Please Help!!!
Hi,

That's because of a Vundo file infector. No worries..

Download combofix.exe
  • Save it to your desktop.
  • Double click combofix.exe & follow the prompts.
  • When finished, it shall produce a log for you. Post that log in your next reply along with a fresh HijackThis log.
Note:
  • In case you already used Combofix previously, please delete the version you are having and redownload it again, because Combofix is being updated everyday.
  • Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • Do not post the ComboFix-quarantined-files.txt - unless I ask you to.
  • If your Antivirus software is detecting combofix or a part of it as a virus, please choose to ignore it as Antivirus products cannot determine the good/bad use of some softwares embedded in combofix.
__________________
UNITE and ASAP since 2006


If we have helped you, please consider donating.

The past won't be able to hurt you unless you keep on looking back at it.
Angelfire777 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-31-2007, 09:11 AM   #5 (permalink)
Custom User Title
 
ssj4Gogeta's Avatar
 
Join Date: Dec 2007
Location: India
Posts: 1,864
OS: Windows XP SP2, Vista, Ubuntu Intrepid Ibex, Leopard (Kalyway)

My System

Re: Duplicate Processes Running... Please Help!!!
Hi,
Here's my logs:

ComboFix Log

ComboFix 07-12-31.4 - Kai Hiwatari 2007-12-31 20:25:11.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.621 [GMT 5.5:30]
Running from: C:\Documents and Settings\Kai Hiwatari\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\HP\KBD\KBD.EXE
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Norton Internet Security\osCheck.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Sony\SonicStage\SsAAD.exe
C:\WINDOWS\system32\byxvvtu.dll
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\ddabx.dll
C:\WINDOWS\system32\ddabx.exe
C:\WINDOWS\system32\ddcdcya.dll
C:\WINDOWS\system32\eklfwwuq.dll
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\jkklmnn.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\system32\quwwflke.ini
C:\WINDOWS\system32\rednaijs.dll
C:\WINDOWS\system32\winemx32.dll
C:\WINDOWS\system32\xbadd.ini
C:\WINDOWS\system32\xbadd.ini2

.
((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-31 )))))))))))))))))))))))))))))))
.

2007-12-31 20:16 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-31 15:47 . 2007-12-31 15:47 348,160 --a------ C:\WINDOWS\system32\RCX41.tmp
2007-12-31 14:42 . 2007-12-31 14:42 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-31 02:02 . 2007-12-31 20:19 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-31 02:01 . 2007-12-31 20:18 114,688 --a------ C:\WINDOWS\system32\igfxpers .exe
2007-12-31 02:01 . 2007-12-31 20:18 77,824 --a------ C:\WINDOWS\system32\hkcmd .exe
2007-12-31 00:56 . 2007-12-31 00:56 <DIR> d-------- C:\Documents and Settings\Kai Hiwatari\Application Data\AntiSpyware
2007-12-30 16:12 . 2007-12-30 16:12 <DIR> d-------- C:\Program Files\ReflexiveArcade
2007-12-30 01:49 . 2007-12-31 14:41 1,031,439 ---hs---- C:\WINDOWS\system32\fakffxlh.ini
2007-12-29 23:12 . 2007-12-29 23:12 <DIR> d-------- C:\HJT
2007-12-29 20:46 . 2007-12-29 20:46 <DIR> d-------- C:\Program Files\Boonty
2007-12-29 20:28 . 2007-12-29 20:28 348,160 --a------ C:\WINDOWS\system32\RCX40.tmp
2007-12-29 17:44 . 2007-12-29 17:44 348,160 --a------ C:\WINDOWS\system32\RCX44.tmp
2007-12-29 17:44 . 2007-12-31 20:19 155,648 --a------ C:\WINDOWS\system32\NeroCheck .exe
2007-12-29 17:44 . 2007-12-31 20:18 94,208 --a------ C:\WINDOWS\system32\igfxtray .exe
2007-12-29 17:44 . 2007-12-31 20:18 90,112 --a------ C:\WINDOWS\system32\ps2 .exe
2007-12-22 15:38 . 2007-12-22 15:38 <DIR> d-------- C:\FPC
2007-12-22 14:41 . 2007-12-22 14:41 <DIR> d-------- C:\DJGPP
2007-12-19 15:43 . 2007-12-19 15:43 <DIR> d-------- C:\Documents and Settings\Kai Hiwatari\Application Data\Dev-Cpp
2007-12-19 15:42 . 2007-12-19 15:42 <DIR> d-------- C:\Dev-Cpp
2007-12-18 22:08 . 2007-12-18 22:09 <DIR> d-------- C:\Program Files\Sonic
2007-12-16 09:28 . 2007-12-16 09:28 <DIR> d-------- C:\Documents and Settings\Kai Hiwatari\Application Data\Sonic
2007-12-16 09:27 . 2007-12-16 09:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2007-12-09 19:09 . 2007-12-09 19:09 <DIR> d-------- C:\Program Files\CrossHair
2007-12-09 18:08 . 2002-02-28 23:45 142,336 --a------ C:\WINDOWS\system32\rjsodcb.ocx
2007-12-09 18:08 . 2005-01-08 13:07 56,832 --a------ C:\WINDOWS\system32\rjseos.ocx
2007-12-09 18:08 . 2002-02-26 18:25 34,816 --a------ C:\WINDOWS\system32\rjsmeta.dll
2007-12-09 18:08 . 2003-01-22 19:37 29,696 --a------ C:\WINDOWS\system32\SSubTmr.dll
2007-12-09 18:08 . 2005-03-23 23:54 21,504 --a------ C:\WINDOWS\system32\rjsfile.dll
2007-12-09 18:08 . 2001-09-30 00:05 16,896 --a------ C:\WINDOWS\system32\RJSSUB.OCX
2007-12-09 18:08 . 2004-07-16 01:01 3,142 --a------ C:\WINDOWS\system32\rjsodcb.DEP
2007-12-09 18:07 . 2007-12-09 18:07 <DIR> d-------- C:\Program Files\RJS Office
2007-12-09 18:07 . 2001-03-21 21:34 244,232 --a------ C:\WINDOWS\system32\Msflxgrd.ocx
2007-12-09 18:07 . 2003-05-11 23:10 220,672 --a------ C:\WINDOWS\system32\VBALTBAR.OCX
2007-12-09 18:07 . 2003-04-01 15:19 111,616 --a------ C:\WINDOWS\system32\CPOPMENU.OCX
2007-12-09 18:07 . 2000-04-03 18:52 94,208 --a------ C:\WINDOWS\system32\MsStkPrp.dll
2007-12-09 18:07 . 2003-04-01 07:33 83,968 --a------ C:\WINDOWS\system32\VBALIML.OCX
2007-12-09 18:07 . 2000-03-18 00:40 55,296 --a------ C:\WINDOWS\system32\VBALTAB.OCX
2007-12-09 18:07 . 2002-03-17 17:56 23,040 --a------ C:\WINDOWS\system32\RJSINET.OCX
2007-12-09 18:06 . 2007-12-09 18:07 9,616 --a------ C:\WINDOWS\SETUP.LST
2007-12-09 17:51 . 2007-12-09 17:51 <DIR> d-------- C:\Program Files\GraphPap
2007-12-05 22:36 . 2007-12-05 22:36 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-12-05 21:39 . 2007-12-05 21:39 <DIR> d-------- C:\Program Files\Real
2007-11-30 23:57 . 2007-11-30 23:57 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys
2007-11-30 23:57 . 2007-11-30 23:57 279,088 --a------ C:\WINDOWS\system32\drivers\srtsp.sys
2007-11-30 23:57 . 2007-11-30 23:57 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys
2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspx.cat
2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspl.cat
2007-11-30 23:57 . 2007-11-30 23:57 10,545 --a------ C:\WINDOWS\system32\drivers\srtsp.cat
2007-11-30 23:57 . 2007-11-30 23:57 1,430 --a------ C:\WINDOWS\system32\drivers\srtspl.inf
2007-11-30 23:57 . 2007-11-30 23:57 1,421 --a------ C:\WINDOWS\system32\drivers\srtspx.inf
2007-11-30 23:57 . 2007-11-30 23:57 1,415 --a------ C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-30 19:24 . 2007-11-30 19:24 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2007-11-27 20:16 . 2007-11-27 20:16 282 --a------ C:\WINDOWS\game.ini
2007-11-25 13:30 . 2007-05-29 13:55 22,112 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-11-25 13:30 . 2007-05-29 13:55 10,592 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2007-11-25 13:30 . 2007-05-29 13:55 705 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2007-11-24 00:22 . 2007-03-08 05:21 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-11-23 20:14 . 2007-11-23 20:14 <DIR> d-------- C:\Documents and Settings\Kai Hiwatari\Application Data\WinBatch
2007-11-23 19:32 . 2007-11-23 19:32 <DIR> d-------- C:\Intel
2007-11-22 19:07 . 2007-11-22 19:07 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-11-22 18:54 . 2007-11-22 18:54 208 --a------ C:\WINDOWS\HpBestModeUpdatePatchLog.ini
2007-11-22 17:52 . 2007-11-22 17:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-11-22 17:51 . 2007-11-22 17:51 <DIR> d-------- C:\Program Files\Yahoo!
2007-11-22 16:49 . 2007-11-22 16:49 <DIR> d-------- C:\Documents and Settings\Kai Hiwatari\Shared
2007-11-22 16:42 . 2007-11-22 16:42 <DIR> d-------- C:\Documents and Settings\Kai Hiwatari\Incomplete
2007-11-22 16:40 . 2007-11-22 16:40 <DIR> d-------- C:\Program Files\Kundli
2007-11-22 16:40 . 1999-04-23 22:22 1,056,768 --a------ C:\WINDOWS\system32\MSJET35.DLL
2007-11-22 16:40 . 1999-04-23 22:22 430,080 --a------ C:\WINDOWS\system32\MSREPL35.DLL
2007-11-22 16:40 . 1998-04-24 00:00 368,912 --a------ C:\WINDOWS\system32\VBAR332.DLL
2007-11-22 16:40 . 1998-10-01 15:22 299,520 --a------ C:\WINDOWS\uninst.exe
2007-11-22 16:40 . 1998-04-24 00:00 252,176 --a------ C:\WINDOWS\system32\MSRD2X35.DLL
2007-11-22 16:40 . 1998-06-24 00:00 200,496 --a------ C:\WINDOWS\system32\DBLIST32.OCX
2007-11-22 16:40 . 1998-04-24 00:00 123,664 --a------ C:\WINDOWS\system32\MSJINT35.DLL
2007-11-22 16:40 . 1998-08-11 00:26 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2007-11-22 16:40 . 1998-04-24 00:00 24,848 --a------ C:\WINDOWS\system32\MSJTER35.DLL
2007-11-22 16:39 . 2007-11-22 16:39 <DIR> d-------- C:\Program Files\LimeWire
2007-11-22 16:39 . 2007-11-22 16:39 <DIR> d-------- C:\Documents and Settings\Kai Hiwatari\Application Data\LimeWire
2007-11-17 15:13 . 2006-07-28 09:30 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-11-17 15:13 . 2006-07-28 09:30 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-11-17 15:11 . 2007-11-17 15:12 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-11-16 22:25 . 2007-11-16 22:25 <DIR> d-------- C:\Documents and Settings\Kai Hiwatari\Application Data\Activision
2007-11-15 01:07 . 2007-11-15 01:07 <DIR> d-------- C:\Program Files\KGB Archiver
2007-11-12 01:04 . 2007-11-12 01:04 <DIR> d-------- C:\Program Files\RichVideoCodec
2007-11-12 00:57 . 2007-11-12 00:57 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-11-12 00:55 . 2007-11-12 00:55 <DIR> d-------- C:\WINDOWS\system32\Adobe
2007-11-12 00:55 . 2004-08-17 06:10 16,384 --a------ C:\WINDOWS\system32\FileOps.exe
2007-11-12 00:43 . 2007-11-12 00:43 <DIR> d-------- C:\Documents and Settings\Kai Hiwatari\Application Data\AntsSoft
2007-11-12 00:42 . 2007-11-12 00:42 <DIR> d-------- C:\Program Files\SWFText
2007-11-07 12:41 . 2007-11-07 12:41 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-11-06 23:30 . 2004-08-18 10:44 442,368 --a------ C:\WINDOWS\system32\vp6vfw.dll
2007-11-06 22:43 . 2007-11-06 22:43 <DIR> dr-h----- C:\Documents and Settings\Kai Hiwatari\Application Data\SecuROM
2007-11-06 22:43 . 2007-11-06 22:43 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-30 14:23 15,360 ----a-w C:\WINDOWS\system32\dllcache\ctfmon.exe
2007-12-30 14:23 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
2007-12-05 10:22 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-05 10:22 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-05 10:22 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-05 10:22 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-11-30 13:54 1,386,496 ----a-w C:\WINDOWS\system32\msvbvm60.dll
2007-11-22 13:24 180,315 ----a-w C:\WINDOWS\system32\hpzsnt12.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 14:25 625,032 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-10-30 14:25 39,856 ----a-w C:\WINDOWS\system32\drivers\symids.sys
2007-10-30 14:25 37,936 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys
2007-10-30 14:25 35,120 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
2007-10-30 14:25 27,696 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
2007-10-30 14:25 242,056 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-10-30 14:25 191,536 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
2007-10-30 14:25 145,968 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
2007-10-30 14:25 12,848 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
2007-10-30 13:54 12,963 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat
2007-10-30 13:54 1,358 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf
2007-10-30 09:47 --------- d-----w C:\Program Files\Microsoft Student
2007-10-30 09:47 --------- d-----w C:\Program Files\Learning Essentials
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-28 21:41 164,352 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2007-10-28 21:39 73,728 ----a-w C:\WINDOWS\ALCFDRTM.EXE
2007-10-26 03:36 8,454,656 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-21 16:09 356,352 ----a-w C:\WINDOWS\eSellerateEngine.dll
2007-10-15 12:50 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-10-10 23:56 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:56 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:56 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:56 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:56 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 23:56 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 23:55 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:55 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:55 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:55 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:55 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:55 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:55 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:55 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:55 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:55 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:55 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:55 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:55 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:55 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:55 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:55 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 10:59 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 10:59 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
.
Code:
----a-w            77,824 2007-12-31 14:48:52  C:\WINDOWS\system32\hkcmd .exe
----a-w            94,208 2007-12-31 14:48:50  C:\WINDOWS\system32\igfxtray .exe
----a-w           114,688 2007-12-31 14:48:52  C:\WINDOWS\system32\igfxpers .exe
----a-w            15,360 2007-12-31 14:49:22  C:\WINDOWS\system32\ctfmon .exe
----a-w            90,112 2007-12-31 14:48:58  C:\WINDOWS\system32\ps2 .exe
----a-w           155,648 2007-12-31 14:49:00  C:\WINDOWS\system32\NeroCheck .exe
----a-w           455,168 2007-12-31 14:48:50  C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP .EXE
----a-w           208,952 2007-12-31 14:48:50  C:\WINDOWS\ime\IMJP8_1\IMJPMIG .EXE
----a-w           158,208 2007-12-30 20:32:08  C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
----a-w           115,816 2007-12-31 14:49:06  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w           583,048 2007-12-29 15:08:52  C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc .exe
----a-w           185,632 2007-12-31 14:49:10  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w         1,694,208 2007-12-31 14:49:22  C:\Program Files\Messenger\msmsgs .exe
----a-w            49,152 2007-12-31 14:48:54  C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
----a-w            81,920 2007-12-31 14:48:58  C:\Program Files\Sony\SonicStage\SsAAD .exe
----a-w            40,048 2007-12-31 14:49:04  C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w         3,739,648 2007-12-31 14:49:20  C:\Program Files\Google\Google Talk\googletalk .exe
----a-w           222,208 2007-12-31 14:49:04  C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication .exe
----a-w           487,424 2007-12-31 14:49:04  C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher .exe
----a-w           771,704 2007-12-29 15:08:40  C:\Program Files\Norton Internet Security\osCheck .exe
----a-w            61,440 2007-12-31 14:48:58  C:\HP\KBD\KBD .EXE

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-12-30 19:53 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 17:02 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 17:02 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 17:02 455168]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [ ]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [ ]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [ ]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 15:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [ ]
"KBD"="C:\HP\KBD\KBD.EXE" [ ]
"PS2"="C:\WINDOWS\system32\ps2.exe" [ ]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [ ]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [ ]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [ ]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [ ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [ ]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [ ]
"SoundMan"="SOUNDMAN.EXE" [2005-05-03 18:43 90112 C:\WINDOWS\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2005-05-04 10:01 2805248 C:\WINDOWS\alcwzrd.exe]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [ ]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [ ]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15 1634304]

C:\Documents and Settings\Kai Hiwatari\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-11 00:10:05]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-11 00:10:05]

R1 sdcplh;sdcplh;C:\WINDOWS\system32\drivers\sdcplh.sys [2005-11-09 20:37]
S3 2bf53d6f-a04a-476c-b19a-ac023665fadd;2bf53d6f-a04a-476c-b19a-ac023665fadd;G:\Player\cds300.dll []
S3 c221440b-26a7-40b8-bbb9-a67f47043425;c221440b-26a7-40b8-bbb9-a67f47043425;F:\Player\cds300.dll []
S3 USB_RNDIS_51;USB Remote NDIS Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-03 17:34]
S3 UTS2pl;Motorola Serial port driver;C:\WINDOWS\system32\DRIVERS\UTS2pl.sys [2004-05-25 14:18]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5a5e816-490f-11dc-9f8a-0013d390e04f}]
\Shell\AutoRun\command - G:\AUTORUN.EXE

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-12-24 15:24:10 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Kai Hiwatari.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
"2007-12-30 16:46:02 C:\WINDOWS\Tasks\WebReg psc 1400 series.job"
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe
"2007-12-30 19:26:34 C:\WINDOWS\Tasks\AntiSpyware Scheduled Scan.job"
- C:\Program Files\AntiSpywareApp\AntiSpyware.ex
- C:\Program Files\AntiSpywareApp
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-31 20:34:41
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-31 20:36:07 - machine was rebooted
C:\qoobox\ComboFix-quarantined-files.txt 2007-12-31 1506
.
2007-12-31 10:12:20 --- E O F ---

HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:37:28 PM, on 12/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{10A40F4A-8B17-43C6-995D-D601E4C2DE14}: NameServer = 192.168.1.1,218.248.255.161
O17 - HKLM\System\CCS\Services\Tcpip\..\{F905C99E-3F93-4FB4-B808-DBD1B4D5377A}: NameServer = 218.248.240.46 218.248.255.146
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 10309 bytes


ComboFix deleted all the infected files. But now some apps (including Norton) are not working (because of that space...). Is there a way to automatically rename those files?

Thank you and wish you a very happy new year.
ssj4Gogeta is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-31-2007, 09:16 AM   #6 (permalink)
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
 
Angelfire777's Avatar
 
Join Date: Oct 2006
Posts: 4,581
OS: Vista


Re: Duplicate Processes Running... Please Help!!!
Yup. There's a way to rename those back. But wait for my instructions before doing anything.

We're currently celebrating the new year with some fireworks so I'll have to get back to you tomorrow morning.

Happy new year too
__________________
UNITE and ASAP since 2006


If we have helped you, please consider donating.

The past won't be able to hurt you unless you keep on looking back at it.
Angelfire777 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-31-2007, 09:44 AM   #7 (permalink)
Custom User Title
 
ssj4Gogeta's Avatar
 
Join Date: Dec 2007
Location: India
Posts: 1,864
OS: Windows XP SP2, Vista, Ubuntu Intrepid Ibex, Leopard (Kalyway)

My System

Re: Duplicate Processes Running... Please Help!!!
Fine.
There's still a coupla hours for the new year in my part of the world...
Anyway, enjoy!
ssj4Gogeta is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-31-2007, 07:00 PM   #8 (permalink)
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
 
Angelfire777's Avatar
 
Join Date: Oct 2006
Posts: 4,581
OS: Vista


Re: Duplicate Processes Running... Please Help!!!
Hi,

Can you please attach C:\Combofix.txt to your next post?

The forum software strips some spaces in the logs so it will be more accurate if I take a look at the original log.
__________________
UNITE and ASAP since 2006


If we have helped you, please consider donating.

The past won't be able to hurt you unless you keep on looking back at it.
Angelfire777 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-31-2007, 09:52 PM   #9 (permalink)
Custom User Title
 
ssj4Gogeta's Avatar
 
Join Date: Dec 2007
Location: India
Posts: 1,864
OS: Windows XP SP2, Vista, Ubuntu Intrepid Ibex, Leopard (Kalyway)

My System

Re: Duplicate Processes Running... Please Help!!!
Hi,
I've attached the log.
Attached Files
File Type: txt ComboFix.txt (20.8 KB, 2 views)
ssj4Gogeta is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-01-2008, 03:37 AM   #10 (permalink)
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
 
Angelfire777's Avatar
 
Join Date: Oct 2006
Posts: 4,581
OS: Vista


Re: Duplicate Processes Running... Please Help!!!
Hi,

Open HijackThis > choose Scan Only > Place a checkmark in the boxes beside these entries in bold.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

Close your browsers and all open windows except for HijackThis, then click "Fix checked". Exit HijackThis.
______

*Click Start > Control Panel > Add or Remove Programs and uninstall the items I listed in bold if found.

AntispywareApp
Please uninstall that program since it is considered as a Rogue Antispyware application as listed HERE.

*An optional that I would recommend be uninstalled.

LimeWire
This program is very likely the reason your system is infested with malware. Even when a program like this is not infected itself, it will still bring malware into your system because more than half of all files available for download from peer-to-peer networks have been deliberately infected with some form of malware. I recommend that you remove this program from your system.

*Delete the following folders if you uninstalled LimeWire:

C:\Program Files\LimeWire
C:\Documents and Settings\Kai Hiwatari\Application Data\LimeWire
C:\Documents and Settings\Kai Hiwatari\Shared
C:\Documents and Settings\Kai Hiwatari\Incomplete


*If you noticed, I listed the Boonty folder for deletion. Please read this:

http://www.castlecops.com/o23list-1744.html
_______

Open NOTEPAD and copy/paste the text in the codebox below into it:

Code:
C:\WINDOWS\system32\hkcmd .exe
C:\WINDOWS\system32\igfxtray .exe
C:\WINDOWS\system32\igfxpers .exe
C:\WINDOWS\system32\ps2 .exe
C:\WINDOWS\system32\NeroCheck .exe
C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
C:\Program Files\Common Files\Symantec Shared\ccApp .exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc .exe
C:\Program Files\Common Files\Real\Update_OB\realsched .exe
C:\Program Files\Messenger\msmsgs .exe
C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
C:\Program Files\Sony\SonicStage\SsAAD .exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
C:\Program Files\Google\Google Talk\googletalk .exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication .exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher .exe
C:\Program Files\Norton Internet Security\osCheck .exe
C:\HP\KBD\KBD .EXE
Save this as Log.txt



Refering to the picture above, drag Log.txt into RenV.exe

When finished, it shall produce a new log for you. Post that log in your next reply.
_______

Combofix Deletions
  • Open notepad.
  • Copy and paste the text inside the code box below to notepad
Code:
File::
C:\WINDOWS\system32\RCX41.tmp
C:\WINDOWS\system32\fakffxlh.ini
C:\WINDOWS\system32\RCX44.tmp
C:\WINDOWS\system32\RCX40.tmp
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\ime\IMJP8_1\IMJPMIG .EXE
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP .EXE
C:\WINDOWS\Tasks\AntiSpyware Scheduled Scan.job

Folder::
C:\Program Files\Boonty
C:\Program Files\RichVideoCodec
C:\Documents and Settings\Kai Hiwatari\Application Data\AntiSpyware
C:\Program Files\AntiSpywareApp

Filelook::
C:\WINDOWS\system32\SpoonUninstall.exe
  • Save and Name it as "CFScript"
  • Drag and drop CFScript.txt to your copy of combofix.
  • You can take a look at the image below if you're unsure on how to do it.
  • Combofix wil restart your machine then it will produce a log afterwards.
  • Please post the contents of that log along with a fresh HijackThis log.
_______

Please do an online scan with Kaspersky WebScanner

Warning: If you had kaspersky online scanner installed before 10-5-2007, please uninstall it as kaspersky released a new version. Previous version had a serious flaw which could result in a buffer overflow.

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    • Extended (if available otherwise Standard)
    • Scan Options:
    • Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
    • Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
_______

Your Java is out of date....
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components.
  • Click Start > Control Panel
  • Click Add/Remove Programs
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove button.
  • Repeat as many times as necessary to remove all versions of Java.
  • Reboot your computer once all Java components are removed.
Then download Java Runtime Environment 6u3, and install it to your computer.


On your next reply, please include a
  • Fresh HijackThis log.
  • kaspersky scan log
  • combofix log
  • RenV log
__________________
UNITE and ASAP since 2006


If we have helped you, please consider donating.

The past won't be able to hurt you unless you keep on looking back at it.
Angelfire777 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-01-2008, 06:27 AM   #11 (permalink)
Custom User Title
 
ssj4Gogeta's Avatar
 
Join Date: Dec 2007
Location: India
Posts: 1,864
OS: Windows XP SP2, Vista, Ubuntu Intrepid Ibex, Leopard (Kalyway)

My System

Re: Duplicate Processes Running... Please Help!!!
Hi,
Sorry for the delay.
You asked me to:
1-Fix an entry using HijackThis:
I did this.
2-uninstall AntispywareApp:
I had already uninstalled this some days ago.
3-uninstall Limewire
Done.
4-Drag a log.txt file to RenV.exe
you didnt tell me where to get RenV.exe. So I searched the forum for the name and downloaded it from a link I found. I followed the procedure as described by you.
5-Combofix Deletions
Done.
6-Update Java
Done.
7-Kaspersky Online Scan
I could not do this because of some internet problem (it was really slooooooow today...)

Here are the logs:

HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:41:13 PM, on 1/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Common Files\Symantec Shared\ccApp .exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://www.yougamers.com/systeminfo/MSC3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{10A40F4A-8B17-43C6-995D-D601E4C2DE14}: NameServer = 192.168.1.1,218.248.255.161
O17 - HKLM\System\CCS\Services\Tcpip\..\{F905C99E-3F93-4FB4-B808-DBD1B4D5377A}: NameServer = 218.248.240.46 218.248.255.146
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 10321 bytes

Combofix Log:

ComboFix 07-12-31.4 - Kai Hiwatari 2008-01-01 17:36:18.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.590 [GMT 5.5:30]
Running from: C:\Documents and Settings\Kai Hiwatari\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Kai Hiwatari\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\ime\IMJP8_1\IMJPMIG .EXE
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\fakffxlh.ini
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP .EXE
C:\WINDOWS\system32\RCX40.tmp
C:\WINDOWS\system32\RCX41.tmp
C:\WINDOWS\system32\RCX44.tmp
C:\WINDOWS\Tasks\AntiSpyware Scheduled Scan.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Kai Hiwatari\Application Data\AntiSpyware
C:\Documents and Settings\Kai Hiwatari\Application Data\AntiSpyware\Log\2007 Dec 31 - 12_56_28 AM_234.log
C:\Documents and Settings\Kai Hiwatari\Application Data\AntiSpyware\Log\2007 Dec 31 - 12_56_31 AM_828.log
C:\Documents and Settings\Kai Hiwatari\Application Data\AntiSpyware\rs.dat
C:\Documents and Settings\Kai Hiwatari\Application Data\AntiSpyware\Settings\CustomScan.stg
C:\Documents and Settings\Kai Hiwatari\Application Data\AntiSpyware\Settings\IgnoreList.stg
C:\Documents and Settings\Kai Hiwatari\Application Data\AntiSpyware\Settings\ScanInfo.stg
C:\Documents and Settings\Kai Hiwatari\Application Data\AntiSpyware\Settings\ScanResults.stg
C:\Documents and Settings\Kai Hiwatari\Application Data\AntiSpyware\Settings\SelectedFolders.stg
C:\Documents and Settings\Kai Hiwatari\Application Data\AntiSpyware\Settings\Settings.stg
C:\Program Files\Boonty
C:\Program Files\RichVideoCodec
C:\Program Files\RichVideoCodec\install.ico
C:\WINDOWS\ime\IMJP8_1\IMJPMIG .EXE
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\fakffxlh.ini
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP .EXE
C:\WINDOWS\system32\RCX40.tmp
C:\WINDOWS\system32\RCX41.tmp
C:\WINDOWS\system32\RCX44.tmp
C:\WINDOWS\Tasks\AntiSpyware Scheduled Scan.job

.
((((((((((((((((((((((((( Files Created from 2007-12-01 to 2008-01-01 )))))))))))))))))))))))))))))))
.

2008-01-01 15:46 . 2008-01-01 15:46 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2008-01-01 15:46 . 2008-01-01 15:46 <DIR> d-------- C:\WINDOWS\LastGood
2007-12-31 20:16 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-31 14:42 . 2007-12-31 14:42 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-31 02:01 . 2007-12-31 20:18 114,688 --a------ C:\WINDOWS\system32\igfxpers .exe
2007-12-31 02:01 . 2007-12-31 20:18 77,824 --a------ C:\WINDOWS\system32\hkcmd .exe
2007-12-30 16:12 . 2007-12-30 16:12 <DIR> d-------- C:\Program Files\ReflexiveArcade
2007-12-29 23:12 . 2007-12-29 23:12 <DIR> d-------- C:\HJT
2007-12-29 17:44 . 2007-12-31 20:19 155,648 --a------ C:\WINDOWS\system32\NeroCheck .exe
2007-12-29 17:44 . 2007-12-31 20:18 94,208 --a------ C:\WINDOWS\system32\igfxtray .exe
2007-12-29 17:44 . 2007-12-31 20:18 90,112 --a------ C:\WINDOWS\system32\ps2 .exe
2007-12-22 15:38 . 2007-12-22 15:38 <DIR> d-------- C:\FPC
2007-12-22 14:41 . 2007-12-22 14:41 <DIR> d-------- C:\DJGPP
2007-12-19 15:43 . 2007-12-19 15:43 <DIR> d-------- C:\Documents and Settings\Kai Hiwatari\Application Data\Dev-Cpp
2007-12-19 15:42 . 2007-12-19 15:42 <DIR> d-------- C:\Dev-Cpp
2007-12-18 22:08 . 2007-12-18 22:09 <DIR> d-------- C:\Program Files\Sonic
2007-12-16 09:28 . 2007-12-16 09:28 <DIR> d-------- C:\Documents and Settings\Kai Hiwatari\Application Data\Sonic
2007-12-16 09:27 . 2007-12-16 09:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2007-12-09 19:09 . 2007-12-09 19:09 <DIR> d-------- C:\Program Files\CrossHair
2007-12-09 18:08 . 2002-02-28 23:45 142,336 --a------ C:\WINDOWS\system32\rjsodcb.ocx
2007-12-09 18:08 . 2005-01-08 13:07 56,832 --a------ C:\WINDOWS\system32\rjseos.ocx
2007-12-09 18:08 . 2002-02-26 18:25 34,816 --a------ C:\WINDOWS\system32\rjsmeta.dll
2007-12-09 18:08 . 2003-01-22 19:37 29,696 --a------ C:\WINDOWS\system32\SSubTmr.dll
2007-12-09 18:08 . 2005-03-23 23:54 21,504 --a------ C:\WINDOWS\system32\rjsfile.dll
2007-12-09 18:08 . 2001-09-30 00:05 16,896 --a------ C:\WINDOWS\system32\RJSSUB.OCX
2007-12-09 18:08 . 2004-07-16 01:01 3,142 --a------ C:\WINDOWS\system32\rjsodcb.DEP
2007-12-09 18:07 . 2007-12-09 18:07 <DIR> d-------- C:\Program Files\RJS Office
2007-12-09 18:07 . 2001-03-21 21:34 244,232 --a------ C:\WINDOWS\system32\Msflxgrd.ocx
2007-12-09 18:07 . 2003-05-11 23:10 220,672 --a------ C:\WINDOWS\system32\VBALTBAR.OCX
2007-12-09 18:07 . 2003-04-01 15:19 111,616 --a------ C:\WINDOWS\system32\CPOPMENU.OCX
2007-12-09 18:07 . 2000-04-03 18:52 94,208 --a------ C:\WINDOWS\system32\MsStkPrp.dll
2007-12-09 18:07 . 2003-04-01 07:33 83,968 --a------ C:\WINDOWS\system32\VBALIML.OCX
2007-12-09 18:07 . 2000-03-18 00:40 55,296 --a------ C:\WINDOWS\system32\VBALTAB.OCX
2007-12-09 18:07 . 2002-03-17 17:56 23,040 --a------ C:\WINDOWS\system32\RJSINET.OCX
2007-12-09 18:06 . 2007-12-09 18:07 9,616 --a------ C:\WINDOWS\SETUP.LST
2007-12-09 17:51 . 2007-12-09 17:51 <DIR> d-------- C:\Program Files\GraphPap
2007-12-05 22:36 . 2007-12-05 22:36 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-12-05 21:39 . 2007-12-05 21:39 <DIR> d-------- C:\Program Files\Real

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-30 20:32 158,208 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
2007-12-30 14:23 15,360 ----a-w C:\WINDOWS\system32\dllcache\ctfmon.exe
2007-12-30 14:23 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
2007-12-05 10:22 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-05 10:22 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-05 10:22 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-05 10:22 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-11-30 18:27 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-11-30 18:27 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-11-30 18:27 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-11-30 18:27 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-11-30 18:27 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-11-30 18:27 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-11-30 18:27 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-11-30 18:27 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-11-30 18:27 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-30 13:54 1,386,496 ----a-w C:\WINDOWS\system32\msvbvm60.dll
2007-11-30 13:54 --------- d-----w C:\Program Files\Common Files\SWF Studio
2007-11-23 14:44 --------- d-----w C:\Documents and Settings\Kai Hiwatari\Application Data\WinBatch
2007-11-22 13:37 --------- d-----w C:\Program Files\MSXML 6.0
2007-11-22 13:24 180,315 ----a-w C:\WINDOWS\system32\hpzsnt12.dll
2007-11-22 12:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-11-22 12:21 --------- d-----w C:\Program Files\Yahoo!
2007-11-22 11:10 --------- d-----w C:\Program Files\Kundli
2007-11-16 16:55 --------- d-----w C:\Documents and Settings\Kai Hiwatari\Application Data\Activision
2007-11-14 19:37 --------- d-----w C:\Program Files\KGB Archiver
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 19:27 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2007-11-11 19:13 --------- d-----w C:\Documents and Settings\Kai Hiwatari\Application Data\AntsSoft
2007-11-11 19:12 --------- d-----w C:\Program Files\SWFText
2007-11-06 17:13 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-11-06 17:13 --------- d--h--r C:\Documents and Settings\Kai Hiwatari\Application Data\SecuROM
2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 14:25 625,032 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-10-30 14:25 242,056 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-28 21:41 164,352 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2007-10-28 21:39 73,728 ----a-w C:\WINDOWS\ALCFDRTM.EXE
2007-10-26 03:36 8,454,656 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-21 16:09 356,352 ----a-w C:\WINDOWS\eSellerateEngine.dll
2007-10-15 12:50 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-10-10 23:56 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:56 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:56 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:56 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:56 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 23:56 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 23:55 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:55 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:55 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:55 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:55 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:55 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:55 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:55 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:55 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:55 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:55 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:55 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:55 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:55 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:55 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:55 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 10:59 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 10:59 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
.
Code:
----a-w            77,824 2007-12-31 14:48:52  C:\WINDOWS\system32\hkcmd .exe
----a-w            94,208 2007-12-31 14:48:50  C:\WINDOWS\system32\igfxtray .exe
----a-w           114,688 2007-12-31 14:48:52  C:\WINDOWS\system32\igfxpers .exe
----a-w            90,112 2007-12-31 14:48:58  C:\WINDOWS\system32\ps2 .exe
----a-w           155,648 2007-12-31 14:49:00  C:\WINDOWS\system32\NeroCheck .exe
----a-w           158,208 2007-12-30 20:32:08  C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
----a-w           115,816 2007-12-31 14:49:06  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w           583,048 2007-12-29 15:08:52  C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc .exe
----a-w           185,632 2007-12-31 14:49:10  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w         1,694,208 2007-12-31 14:49:22  C:\Program Files\Messenger\msmsgs .exe
----a-w            49,152 2007-12-31 14:48:54  C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
----a-w            81,920 2007-12-31 14:48:58  C:\Program Files\Sony\SonicStage\SsAAD .exe
----a-w            40,048 2007-12-31 14:49:04  C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w         3,739,648 2007-12-31 14:49:20  C:\Program Files\Google\Google Talk\googletalk .exe
----a-w           222,208 2007-12-31 14:49:04  C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication .exe
----a-w           487,424 2007-12-31 14:49:04  C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher .exe
----a-w           771,704 2007-12-29 15:08:40  C:\Program Files\Norton Internet Security\osCheck .exe
----a-w            61,440 2007-12-31 14:48:58  C:\HP\KBD\KBD .EXE

((((((((((((((((((((((((((((( snapshot@2007-12-31_20.35.47.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2000-08-31 02:30:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE
+ 2007-09-07 09:25:04 27,672 ----a-w C:\WINDOWS\system32\drivers\Entech.sys
+ 2007-09-07 09:25:06 12,744 ----a-w C:\WINDOWS\system32\drivers\Entech64.sys
+ 2001-11-19 14:35:18 3,972 ----a-w C:\WINDOWS\system32\drivers\PciBus.sys
+ 2005-08-03 10:46:40 40,960 ----a-w C:\WINDOWS\system32\Futuremark\MSC\atimgpud.dll
+ 2007-09-07 09:25:04 65,536 ----a-w C:\WINDOWS\system32\Futuremark\MSC\Direcpll.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-12-30 19:53 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 17:02 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 17:02 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 17:02 455168]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [ ]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [ ]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [ ]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 15:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [ ]
"KBD"="C:\HP\KBD\KBD.EXE" [ ]
"PS2"="C:\WINDOWS\system32\ps2.exe" [ ]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [ ]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [ ]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [ ]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [ ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [ ]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [ ]
"SoundMan"="SOUNDMAN.EXE" [2005-05-03 18:43 90112 C:\WINDOWS\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2005-05-04 10:01 2805248 C:\WINDOWS\alcwzrd.exe]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [ ]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [ ]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15 1634304]

C:\Documents and Settings\Kai Hiwatari\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-11 00:10:05]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-11 00:10:05]

R1 sdcplh;sdcplh;C:\WINDOWS\system32\drivers\sdcplh.sys [2005-11-09 20:37]
S3 2bf53d6f-a04a-476c-b19a-ac023665fadd;2bf53d6f-a04a-476c-b19a-ac023665fadd;G:\Player\cds300.dll []
S3 c221440b-26a7-40b8-bbb9-a67f47043425;c221440b-26a7-40b8-bbb9-a67f47043425;F:\Player\cds300.dll []
S3 USB_RNDIS_51;USB Remote NDIS Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-03 17:34]
S3 UTS2pl;Motorola Serial port driver;C:\WINDOWS\system32\DRIVERS\UTS2pl.sys [2004-05-25 14:18]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b07a8b30-4a37-11dc-9f91-0013d390e04f}]
\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5a5e816-490f-11dc-9f8a-0013d390e04f}]
\Shell\AutoRun\command - G:\AUTORUN.EXE

*Newly Created Service* - COMHOST
*Newly Created Service* - ENTECH
.
Contents of the 'Scheduled Tasks' folder
"2007-12-24 15:24:10 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Kai Hiwatari.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
"2007-12-30 16:46:02 C:\WINDOWS\Tasks\WebReg psc 1400 series.job"
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-01 17:37:38
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-01 17:38:07
C:\qoobox\ComboFix-quarantined-files.txt 2008-01-01 12:08:06
C:\qoobox\ComboFix2.txt 2007-12-31 15:06:08
.
2007-12-31 10:12:20 --- E O F ---

RenV Log:

Code:
Ran on Tue 01/01/2008 - 17:32:20.43

----a-w            77,824 2007-12-31 14:48:52  C:\WINDOWS\system32\hkcmd .exe
----a-w            94,208 2007-12-31 14:48:50  C:\WINDOWS\system32\igfxtray .exe
----a-w           114,688 2007-12-31 14:48:52  C:\WINDOWS\system32\igfxpers .exe
----a-w            15,360 2007-12-31 14:49:22  C:\WINDOWS\system32\ctfmon .exe
----a-w            90,112 2007-12-31 14:48:58  C:\WINDOWS\system32\ps2 .exe
----a-w           155,648 2007-12-31 14:49:00  C:\WINDOWS\system32\NeroCheck .exe
----a-w           455,168 2007-12-31 14:48:50  C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP .EXE
----a-w           208,952 2007-12-31 14:48:50  C:\WINDOWS\ime\IMJP8_1\IMJPMIG .EXE
----a-w           158,208 2007-12-30 20:32:08  C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
----a-w           115,816 2007-12-31 14:49:06  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w           583,048 2007-12-29 15:08:52  C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc .exe
----a-w           185,632 2007-12-31 14:49:10  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w         1,694,208 2007-12-31 14:49:22  C:\Program Files\Messenger\msmsgs .exe
----a-w            49,152 2007-12-31 14:48:54  C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
----a-w            81,920 2007-12-31 14:48:58  C:\Program Files\Sony\SonicStage\SsAAD .exe
----a-w            40,048 2007-12-31 14:49:04  C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w         3,739,648 2007-12-31 14:49:20  C:\Program Files\Google\Google Talk\googletalk .exe
----a-w           222,208 2007-12-31 14:49:04  C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication .exe
----a-w           487,424 2007-12-31 14:49:04  C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher .exe
----a-w           771,704 2007-12-29 15:08:40  C:\Program Files\Norton Internet Security\osCheck .exe
----a-w            61,440 2007-12-31 14:48:58  C:\HP\KBD\KBD .EXE

 Entries:               21  (21)
 Directories:            0  Files:            21
 Bytes:          9,402,416  Blocks:       18,368
I've also attached the log files in case you wanted to see the original files.
Thanks.
Will do the Kaspersky Scan tomorrow...
Attached Files
File Type: txt ComboFixLog.txt (17.6 KB, 0 views)
File Type: txt HijackThisLog.txt (10.1 KB, 0 views)
File Type: txt RenVlog.txt (2.2 KB, 1 views)
ssj4Gogeta is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-01-2008, 06:32 AM   #12 (permalink)
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
 
Angelfire777's Avatar
 
Join Date: Oct 2006
Posts: 4,581
OS: Vista


Re: Duplicate Processes Running... Please Help!!!
Did you manage to drag and drop log.txt to renv.exe?
__________________
UNITE and ASAP since 2006


If we have helped you, please consider donating.

The past won't be able to hurt you unless you keep on looking back at it.
Angelfire777 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-01-2008, 07:41 AM   #13 (permalink)
Custom User Title
 
ssj4Gogeta's Avatar
 
Join Date: Dec 2007
Location: India
Posts: 1,864
OS: Windows XP SP2, Vista, Ubuntu Intrepid Ibex, Leopard (Kalyway)

My System

Re: Duplicate Processes Running... Please Help!!!
Yeah. I did.
And then RenV produced a log which I pasted here.
ssj4Gogeta is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-01-2008, 07:59 AM   #14 (permalink)
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
 
Angelfire777's Avatar
 
Join Date: Oct 2006
Posts: 4,581
OS: Vista


Re: Duplicate Processes Running... Please Help!!!
You may want to print these instructions here or save them in notepad since you'll work offline.

Reboot into Safe Mode.

To enter Safe Mode..

Click Start > Turn Off Computer > Restart > Tap F8 key just before Windows starts to load, > This will bring up a Menu > Use your keyboard to scroll to Safe Mode> Hit enter.

While in safe mode, please drag and drop log.txt once more to RenV.exe

Reboot to normal mode then re-run combofix.

Post the logs created by combofix and renv.exe along with the kaspersky scan log.
__________________
UNITE and ASAP since 2006


If we have helped you, please consider donating.

The past won't be able to hurt you unless you keep on looking back at it.
Angelfire777 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-01-2008, 08:45 AM   #15 (permalink)
Custom User Title
 
ssj4Gogeta's Avatar
 
Join Date: Dec 2007
Location: India
Posts: 1,864
OS: Windows XP SP2, Vista, Ubuntu Intrepid Ibex, Leopard (Kalyway)

My System

Re: Duplicate Processes Running... Please Help!!!
here are the logs:
RenV Log:

Code:
Ran on Tue 01/01/2008 - 20:43:20.71

 Entries:                0  (0)
 Directories:            0  Files:             0
 Bytes:                  0  Blocks:            0
ComboFix Log:

ComboFix 07-12-31.4 - Kai Hiwatari 2008-01-01 20:48:33.3 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.585 [GMT 5.5:30]
Running from: C:\Documents and Settings\Kai Hiwatari\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-12-01 to 2008-01-01 )))))))))))))))))))))))))))))))
.

2008-01-01 20:43 . 2007-12-31 20:19 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-01-01 20:43 . 2007-12-31 20:18 114,688 --a------ C:\WINDOWS\system32\igfxpers.exe
2008-01-01 20:43 . 2007-12-31 20:18 94,208 --a------ C:\WINDOWS\system32\igfxtray.exe
2008-01-01 20:43 . 2007-12-31 20:18 90,112 --a------ C:\WINDOWS\system32\ps2.exe
2008-01-01 20:43 . 2007-12-31 20:18 77,824 --a------ C:\WINDOWS\system32\hkcmd.exe
2008-01-01 18:42 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-01 18:11 . 2008-01-01 18:11 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-01 18:11 . 2008-01-01 18:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-01 15:46 . 2008-01-01 15:46 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2007-12-31 20:16 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-31 14:42 . 2007-12-31 14:42 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-30 16:12 . 2007-12-30 16:12 <DIR> d-------- C:\Program Files\ReflexiveArcade
2007-12-29 23:12 . 2007-12-29 23:12 <DIR> d-------- C:\HJT
2007-12-22 15:38 . 2007-12-22 15:38 <DIR> d-------- C:\FPC
2007-12-22 14:41 . 2007-12-22 14:41 <DIR> d-------- C:\DJGPP
2007-12-19 15:43 . 2007-12-19 15:43 <DIR> d-------- C:\Documents and Settings\Kai Hiwatari\Application Data\Dev-Cpp
2007-12-19 15:42 . 2007-12-19 15:42 <DIR> d-------- C:\Dev-Cpp
2007-12-18 22:08 . 2007-12-18 22:09 <DIR> d-------- C:\Program Files\Sonic
2007-12-16 09:28 . 2007-12-16 09:28 <DIR> d-------- C:\Documents and Settings\Kai Hiwatari\Application Data\Sonic
2007-12-16 09:27 . 2007-12-16 09:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2007-12-09 19:09 . 2007-12-09 19:09 <DIR> d-------- C:\Program Files\CrossHair
2007-12-09 18:08 . 2002-02-28 23:45 142,336 --a------ C:\WINDOWS\system32\rjsodcb.ocx
2007-12-09 18:08 . 2005-01-08 13:07 56,832 --a------ C:\WINDOWS\system32\rjseos.ocx
2007-12-09 18:08 . 2002-02-26 18:25 34,816 --a------ C:\WINDOWS\system32\rjsmeta.dll
2007-12-09 18:08 . 2003-01-22 19:37 29,696 --a------ C:\WINDOWS\system32\SSubTmr.dll
2007-12-09 18:08 . 2005-03-23 23:54 21,504 --a------ C:\WINDOWS\system32\rjsfile.dll
2007-12-09 18:08 . 2001-09-30 00:05 16,896 --a------ C:\WINDOWS\system32\RJSSUB.OCX
2007-12-09 18:08 . 2004-07-16 01:01 3,142 --a------ C:\WINDOWS\system32\rjsodcb.DEP
2007-12-09 18:07 . 2007-12-09 18:07 <DIR> d-------- C:\Program Files\RJS Office
2007-12-09 18:07 . 2001-03-21 21:34 244,232 --a------ C:\WINDOWS\system32\Msflxgrd.ocx
2007-12-09 18:07 . 2003-05-11 23:10 220,672 --a------ C:\WINDOWS\system32\VBALTBAR.OCX
2007-12-09 18:07 . 2003-04-01 15:19 111,616 --a------ C:\WINDOWS\system32\CPOPMENU.OCX
2007-12-09 18:07 . 2000-04-03 18:52 94,208 --a------ C:\WINDOWS\system32\MsStkPrp.dll
2007-12-09 18:07 . 2003-04-01 07:33 83,968 --a------ C:\WINDOWS\system32\VBALIML.OCX
2007-12-09 18:07 . 2000-03-18 00:40 55,296 --a------ C:\WINDOWS\system32\VBALTAB.OCX
2007-12-09 18:07 . 2002-03-17 17:56 23,040 --a------ C:\WINDOWS\system32\RJSINET.OCX
2007-12-09 18:06 . 2007-12-09 18:07 9,616 --a------ C:\WINDOWS\SETUP.LST
2007-12-09 17:51 . 2007-12-09 17:51 <DIR> d-------- C:\Program Files\GraphPap
2007-12-05 22:36 . 2007-12-05 22:36 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-12-05 21:39 . 2007-12-05 21:39 <DIR> d-------- C:\Program Files\Real

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-30 20:32 158,208 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\MSConfig.exe
2007-12-30 14:23 15,360 ----a-w C:\WINDOWS\system32\dllcache\ctfmon.exe
2007-12-30 14:23 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
2007-12-05 10:22 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-05 10:22 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-05 10:22 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-05 10:22 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-11-30 18:27 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-11-30 18:27 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-11-30 18:27 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-11-30 18:27 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-11-30 18:27 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-11-30 18:27 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-11-30 18:27 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-11-30 18:27 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-11-30 18:27 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-30 13:54 1,386,496 ----a-w C:\WINDOWS\system32\msvbvm60.dll
2007-11-30 13:54 --------- d-----w C:\Program Files\Common Files\SWF Studio
2007-11-23 14:44 --------- d-----w C:\Documents and Settings\Kai Hiwatari\Application Data\WinBatch
2007-11-22 13:37 --------- d-----w C:\Program Files\MSXML 6.0
2007-11-22 13:24 180,315 ----a-w C:\WINDOWS\system32\hpzsnt12.dll
2007-11-22 12:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-11-22 12:21 --------- d-----w C:\Program Files\Yahoo!
2007-11-22 11:10 --------- d-----w C:\Program Files\Kundli
2007-11-16 16:55 --------- d-----w C:\Documents and Settings\Kai Hiwatari\Application Data\Activision
2007-11-14 19:37 --------- d-----w C:\Program Files\KGB Archiver
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 19:27 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2007-11-11 19:13 --------- d-----w C:\Documents and Settings\Kai Hiwatari\Application Data\AntsSoft
2007-11-11 19:12 --------- d-----w C:\Program Files\SWFText
2007-11-06 17:13 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-11-06 17:13 --------- d--h--r C:\Documents and Settings\Kai Hiwatari\Application Data\SecuROM
2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 14:25 625,032 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-10-30 14:25 242,056 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-28 21:41 164,352 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2007-10-28 21:39 73,728 ----a-w C:\WINDOWS\ALCFDRTM.EXE
2007-10-26 03:36 8,454,656 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-21 16:09 356,352 ----a-w C:\WINDOWS\eSellerateEngine.dll
2007-10-15 12:50 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-10-10 23:56 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:56 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:56 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:56 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:56 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 23:56 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 23:55 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:55 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:55 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:55 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:55 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:55 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:55 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:55 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:55 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:55 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:55 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:55 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:55 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:55 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:55 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:55 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 10:59 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 10:59 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
.

((((((((((((((((((((((((((((( snapshot@2007-12-31_20.35.47.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2000-08-31 02:30:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE
+ 2007-09-07 09:25:04 27,672 ----a-w C:\WINDOWS\system32\drivers\Entech.sys
+ 2007-09-07 09:25:06 12,744 ----a-w C:\WINDOWS\system32\drivers\Entech64.sys
+ 2001-11-19 14:35:18 3,972 ----a-w C:\WINDOWS\system32\drivers\PciBus.sys
+ 2005-08-03 10:46:40 40,960 ----a-w C:\WINDOWS\system32\Futuremark\MSC\atimgpud.dll
+ 2007-09-07 09:25:04 65,536 ----a-w C:\WINDOWS\system32\Futuremark\MSC\Direcpll.dll
- 2007-08-12 20:03:34 49,245 ----a-w C:\WINDOWS\system32\java.exe
+ 2007-09-24 17:00:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2007-08-12 20:03:34 49,247 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2007-09-24 17:00:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2007-08-12 20:03:34 127,075 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2007-09-24 18:01:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2005-05-24 06:57:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 10:17:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 10:19:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2008-01-01 15:16:20 16,384 ----a-w C:\WINDOWS\TEMP\Perflib_Perfdata_680.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2007-12-31 20:19 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-12-30 19:53 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 17:02 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 17:02 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 17:02 455168]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2007-12-31 20:18 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2007-12-31 20:18 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2007-12-31 20:18 114688]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 15:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-12-31 20:18 49152]
"KBD"="C:\HP\KBD\KBD.EXE" [2007-12-31 20:18 61440]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2007-12-31 20:18 90112]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2007-12-31 20:18 81920]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2007-12-31 20:19 155648]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-12-31 20:19 222208]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-12-31 20:19 487424]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-12-31 20:19 40048]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-12-31 20:19 115816]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-12-29 20:38 771704]
"SoundMan"="SOUNDMAN.EXE" [2005-05-03 18:43 90112 C:\WINDOWS\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2005-05-04 10:01 2805248 C:\WINDOWS\alcwzrd.exe]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-12-29 20:38 583048]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-31 20:19 185632]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [ ]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [ ]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-12-31 20:19 3739648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15 1634304]

C:\Documents and Settings\Kai Hiwatari\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-11 00:10:05]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-11 00:10:05]

R1 sdcplh;sdcplh;C:\WINDOWS\system32\drivers\sdcplh.sys [2005-11-09 20:37]
S3 2bf53d6f-a04a-476c-b19a-ac023665fadd;2bf53d6f-a04a-476c-b19a-ac023665fadd;G:\Player\cds300.dll []
S3 c221440b-26a7-40b8-bbb9-a67f47043425;c221440b-26a7-40b8-bbb9-a67f47043425;F:\Player\cds300.dll []
S3 USB_RNDIS_51;USB Remote NDIS Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-03 17:34]
S3 UTS2pl;Motorola Serial port driver;C:\WINDOWS\system32\DRIVERS\UTS2pl.sys [2004-05-25 14:18]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5a5e816-490f-11dc-9f8a-0013d390e04f}]
\Shell\AutoRun\command - G:\AUTORUN.EXE

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-12-24 15:24:10 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Kai Hiwatari.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
"2007-12-30 16:46:02 C:\WINDOWS\Tasks\WebReg psc 1400 series.job"
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-01 20:50:40
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-01 20:51:15
C:\qoobox\ComboFix-quarantined-files.txt 2008-01-01 15:21:14
C:\qoobox\ComboFix3.txt 2007-12-31 15:06:08
C:\qoobox\ComboFix2.txt 2008-01-01 12:08:10
.
2007-12-31 10:12:20 --- E O F ---

I still cannot access KasperSky online scan.
When I click on the 'KasperSky Online Scanner' button, after a few minutes the explorer says it is unable to display the web page.
The site also loads very slowly. I can still access all other sites at normal speeds.
ssj4Gogeta is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-01-2008, 09:14 AM   #16 (permalink)
Custom User Title
 
ssj4Gogeta's Avatar
 
Join Date: Dec 2007
Location: India
Posts: 1,864
OS: Windows XP SP2, Vista, Ubuntu Intrepid Ibex, Leopard (Kalyway)

My System

Re: Duplicate Processes Running... Please Help!!!
Now all my programs(Norton and all) are starting normally at the startup.
Thankssssssss!!!!!!111111111
I will retry the KasperSky scan tomorrow.
ssj4Gogeta is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-01-2008, 06:09 PM   #17 (permalink)
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
 
Angelfire777's Avatar
 
Join Date: Oct 2006
Posts: 4,581
OS: Vista


Re: Duplicate Processes Running... Please Help!!!
Hi,

Good job!

No need to retry kaspersky. We'll use another scanner..

I would like you to scan a file for me.

Please go HERE. Copy and paste the following file path in to the box.

C:\WINDOWS\system32\SpoonUninstall.exe

Then click submit.

Please post the results to your next reply.

If Jotti is too busy, you can go HERE and do the same as above.
________

Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic, along with a new HijackThis log and a description of any remaining problems
__________________
UNITE and ASAP since 2006


If we have helped you, please consider donating.

The past won't be able to hurt you unless you keep on looking back at it.
Angelfire777 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-02-2008, 01:35 AM   #18 (permalink)
Custom User Title
 
ssj4Gogeta's Avatar
 
Join Date: Dec 2007
Location: India
Posts: 1,864
OS: Windows XP SP2, Vista, Ubuntu Intrepid Ibex, Leopard (Kalyway)

My System

Re: Duplicate Processes Running... Please Help!!!
Hi,
File Analysis Report:
Jotti was busy so I used virustotal.
It said that the file has already been analysed:

File has already been analysed:
MD5: 9182f30bc806e652d35946f24f8f8c44
Date: 12.26.2007 15:54:38 (CET) [>6D]
Results: 0/32
Permalink: analisis/bacdf49235c2b562acde779effb7289b

I clicked on reanalyse. Here's the report:

File SpoonUninstall.exe received on 01.02.2008 09:12:36 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/32 (0%)

Additional information
File size: 164352 bytes
MD5: 9182f30bc806e652d35946f24f8f8c44
SHA1: 4289f3098e41b276c10a2996bc218ba1a05f5517
PEiD: Armadillo v1.71

KasperSky Report:

I managed to do the KasperSky scan before I read your last post.
It detected over 400 infected files!
Do I need to do the other scan too?

here's the report, anyway:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, January 02, 2008 1:30:48 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 2/01/2008
Kaspersky Anti-Virus database records: 501277
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 138078
Number of viruses found: 16
Number of infected objects: 451
Number of suspicious objects: 0
Duration of the scan process: 03:00:24

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{D2FD1861-294E-4B65-8025-478213B31EA6}.bin Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-01-02_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\index.qbs Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\71F1FF72.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\E99B32D8.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Kai Hiwatari\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Kai Hiwatari\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Kai Hiwatari\Local Settings\Temp\~DF1879.tmp Object is locked skipped
C:\Documents and Settings\Kai Hiwatari\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Kai Hiwatari\Local Settings\History\History.IE5\MSHist012008010220080103\index.dat Object is locked skipped
C:\Documents and Settings\Kai Hiwatari\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Kai Hiwatari\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Kai Hiwatari\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Kai Hiwatari\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini.inuse Object is locked skipped
C:\Documents and Settings\Kai Hiwatari\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\Kai Hiwatari\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\Kai Hiwatari\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\Kai Hiwatari\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\Kai Hiwatari\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\Kai Hiwatari\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\Kai Hiwatari\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\Kai Hiwatari\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\Kai Hiwatari\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Kai Hiwatari\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Kai Hiwatari\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\Kai Hiwatari\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\Kai Hiwatari\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Kai Hiwatari\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Kai Hiwatari\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\Kai Hiwatari\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\Kai Hiwatari\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\Kai Hiwatari\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\Kai Hiwatari\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\Kai Hiwatari\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Kai Hiwatari\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Kai Hiwatari\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\Kai Hiwatari\Local Settings\Application Data\Mozilla\Firefox\Profiles\zfpx7jww.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Kai Hiwatari\Local Settings\Application Data\Mozilla\Firefox\Profiles\zfpx7jww.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Kai Hiwatari\Local Settings\Application Data\Mozilla\Firefox\Profiles\zfpx7jww.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Kai Hiwatari\Local Settings\Application Data\Mozilla\Firefox\Profiles\zfpx7jww.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Kai Hiwatari\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Kai Hiwatari\Application Data\Mozilla\Firefox\Profiles\zfpx7jww.default\history.dat Object is locked skipped
C:\Documents and Settings\Kai Hiwatari\Application Data\Mozilla\Firefox\Profiles\zfpx7jww.default\cert8.db Object is locked skipped
C:\Documents and Settings\Kai Hiwatari\Application Data\Mozilla\Firefox\Profiles\zfpx7jww.default\key3.db Object is locked skipped
C:\Documents and Settings\Kai Hiwatari\Application Data\Mozilla\Firefox\Profiles\zfpx7jww.default\parent.lock Object is locked skipped
C:\Documents and Settings\Kai Hiwatari\Application Data\Mozilla\Firefox\Profiles\zfpx7jww.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Kai Hiwatari\Application Data\Mozilla\Firefox\Profiles\zfpx7jww.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Kai Hiwatari\Application Data\Mozilla\Firefox\Profiles\zfpx7jww.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Kai Hiwatari\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP145\A0045154.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP145\A0045155.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP145\A0045156.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP145\A0045159.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP145\A0045160.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP145\A0045161.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP145\A0045163.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP145\A0045164.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP145\A0045165.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP145\A0045166.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP145\A0045167.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP145\A0045168.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP145\A0045169.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP145\A0045170.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP145\A0045195.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP145\A0045196.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP145\A0045197.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP145\A0045198.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP145\A0045199.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP145\A0045200.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP145\A0045201.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP145\A0045202.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP145\A0045203.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP145\A0045204.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP145\A0045205.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP145\A0045206.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP145\A0045207.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP145\A0045210.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP145\A0045230.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP145\A0045235.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP145\A0045236.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP145\A0045237.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP145\A0045238.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP145\A0045239.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP145\A0045240.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP145\A0045241.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP145\A0045242.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP145\A0045243.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP145\A0045244.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP145\A0045245.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP145\A0045247.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP145\A0045248.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP145\A0045249.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP146\A0046230.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP146\A0046235.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP146\A0046236.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP146\A0046237.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP146\A0046238.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP146\A0046239.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP146\A0046240.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP146\A0046241.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP146\A0046242.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP146\A0046243.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP146\A0046244.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP146\A0046245.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP146\A0046249.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP146\A0046250.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP146\A0046251.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP146\A0046277.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP146\A0046281.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP146\A0046282.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP146\A0046283.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP146\A0046284.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP146\A0046285.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP146\A0046286.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP146\A0046287.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP146\A0046288.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP146\A0046289.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP146\A0046290.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP146\A0046291.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP146\A0046292.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP146\A0046293.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP146\A0046295.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP146\A0046301.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP147\A0046349.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP147\A0046350.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP147\A0046351.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP147\A0046352.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP147\A0046353.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP147\A0046354.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP147\A0046355.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP147\A0046356.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP147\A0046357.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP147\A0046358.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP147\A0046359.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP147\A0046360.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP147\A0046361.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP147\A0046362.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP147\A0046363.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP147\A0046407.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP147\A0046412.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP147\A0046413.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP147\A0046414.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP147\A0046415.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP147\A0046416.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP147\A0046417.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP147\A0046418.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP147\A0046419.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP147\A0046420.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP147\A0046421.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP147\A0046422.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP147\A0046423.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP147\A0046424.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP147\A0046426.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP147\A0046428.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP148\A0046454.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP148\A0046459.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP148\A0046460.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP148\A0046461.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP148\A0046462.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP148\A0046463.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP148\A0046464.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP148\A0046465.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP148\A0046466.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP148\A0046467.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP148\A0046468.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP148\A0046469.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP148\A0046470.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP148\A0046471.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP148\A0046473.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046498.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046503.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046504.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046505.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046506.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046507.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046508.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046509.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046510.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046511.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046512.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046513.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046514.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046515.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046517.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046569.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046574.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046575.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046576.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046577.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046578.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046579.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046580.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046581.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046582.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046583.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046584.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046585.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046586.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046588.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046608.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046635.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046640.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046641.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046642.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046643.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046644.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046645.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046646.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046647.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046648.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046649.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046650.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046651.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046652.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046654.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046676.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046677.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046703.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046708.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046709.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046710.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046711.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046712.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046713.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046714.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046715.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046716.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046717.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046718.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046719.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046720.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046724.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046743.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046744.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046783.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046788.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046789.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046790.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046791.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046792.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046793.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046794.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046795.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046796.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046797.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046798.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046799.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046801.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046822.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046823.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046841.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046846.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046847.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046848.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046850.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046851.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046852.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046853.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046854.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046855.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046856.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046857.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046858.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP149\A0046860.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0046906.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0046911.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0046912.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0046913.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0046914.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0046915.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0046916.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0046917.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0046918.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0046919.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0046920.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0046921.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0046922.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0046923.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0046925.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0046978.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0046983.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0046987.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0046988.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0046990.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0046991.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0046992.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0046993.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0046994.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0046995.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0046996.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0046997.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0047006.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0047008.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0047009.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0047010.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0047011.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0047012.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0047013.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0047014.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0047015.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0047016.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0047017.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0047018.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0047020.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0047022.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0047023.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0047025.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0047026.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0047027.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0047028.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0047041.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0047042.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0047060.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0047065.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0047066.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0047067.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0047068.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0047069.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0047070.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0047071.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0047072.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0047073.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0047074.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0047075.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0047076.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0047077.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0047079.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0047182.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0047187.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0047188.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0047189.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0047190.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0047191.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0047192.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0047193.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0047194.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0047195.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0047196.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0047197.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0047198.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0047199.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP150\A0047200.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047323.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047328.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047329.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047330.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047333.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047334.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047335.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047336.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047337.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047338.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047339.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047340.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047341.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047342.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047377.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047386.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047391.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047392.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047393.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047394.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047395.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047396.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047397.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047398.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047399.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047400.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047401.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047402.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047403.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047404.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047437.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047442.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047443.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047444.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047445.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047446.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047447.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047448.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047449.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047450.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047451.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047452.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047453.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047454.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047490.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047495.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047496.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047497.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047498.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047499.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047500.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047501.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047502.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047503.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047504.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047505.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047506.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047507.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP151\A0047508.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP152\A0047530.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP152\A0047531.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP152\A0047532.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP152\A0047533.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP153\A0047571.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP153\A0047572.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dhs skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP153\A0047573.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dhs skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP153\A0047576.DLL Infected: Trojan.Win32.Dialer.yz skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP153\A0047578.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP153\A0047579.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP153\A0047580.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP153\A0047581.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP153\A0047582.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP153\A0047583.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP153\A0047584.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP153\A0047585.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP153\A0047586.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP153\A0047587.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP153\A0047588.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP153\A0047589.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP153\A0047590.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP153\A0047591.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP155\change.log Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\byxvvtu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dhs skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ddcdcya.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dhs skipped
C:\QooBox\Quarantine\catchme2007-12-31_203435.67.zip/ddabx.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dih skipped
C:\QooBox\Quarantine\catchme2007-12-31_203435.67.zip/jkklmnn.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dhs skipped
C:\QooBox\Quarantine\catchme2007-12-31_203435.67.zip/ccApp.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\catchme2007-12-31_203435.67.zip/osCheck.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\catchme2007-12-31_203435.67.zip/PIFSvc.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\catchme2007-12-31_203435.67.zip ZIP: infected - 5 skipped
D:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP155\change.log Object is locked skipped
E:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP136\A0042910.exe/crack.exe/stream/Script Infected: Trojan-Downloader.Win32.Zlob.fjh skipped
E:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP136\A0042910.exe/crack.exe/stream/data0004 Infected: Trojan-Downloader.Win32.Zlob.ego skipped
E:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP136\A0042910.exe/crack.exe/stream Infected: Trojan-Downloader.Win32.Zlob.ego skipped
E:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP136\A0042910.exe/crack.exe Infected: Trojan-Downloader.Win32.Zlob.ego skipped
E:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP136\A0042910.exe ZIP: infected - 4 skipped
E:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP153\A0047660.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
E:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP153\A0047661.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
E:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP153\A0047662.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
E:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP153\A0047663.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
E:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP153\A0047665.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
E:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP155\A0047815.exe/file1 Infected: not-a-virus:FraudTool.Win32.AntiSpyware.a skipped
E:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP155\A0047815.exe/file3 Infected: not-a-virus:FraudTool.Win32.AntiSpyware.a skipped
E:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP155\A0047815.exe Inno: infected - 2 skipped
E:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP155\A0047901.exe/data.rar/file2.exe Infected: Trojan.Win32.Agent.kk skipped
E:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP155\A0047901.exe/data.rar Infected: Trojan.Win32.Agent.kk skipped
E:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP155\A0047901.exe RarSFX: infected - 2 skipped
E:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP155\A0047905.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
E:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP155\A0047905.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
E:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP155\A0047905.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
E:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP155\A0047905.exe RarSFX: infected - 3 skipped
E:\System Volume Information\_restore{89367AE6-D0FC-4450-B03E-840ADE6C7F67}\RP155\change.log Object is locked skipped
E:\Setups\Internet\Messengers\Rediff Bol 7.0\BolSetup.exe/stream/data0171/stream/data0007 Infected: not-a-virus:AdWare.Win32.MyTool.f skipped
E:\Setups\Internet\Messengers\Rediff Bol 7.0\BolSetup.exe/stream/data0171/stream Infected: not-a-virus:AdWare.Win32.MyTool.f skipped
E:\Setups\Internet\Messengers\Rediff Bol 7.0\BolSetup.exe/stream/data0171 Infected: not-a-virus:AdWare.Win32.MyTool.f skipped
E:\Setups\Internet\Messengers\Rediff Bol 7.0\BolSetup.exe/stream Infected: not-a-virus:AdWare.Win32.MyTool.f skipped
E:\Setups\Internet\Messengers\Rediff Bol 7.0\BolSetup.exe NSIS: infected - 4 skipped
E:\Setups\Multimedia\Multimedia Players\Artisan Player\artisanplayer.exe/data0011 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
E:\Setups\Multimedia\Multimedia Players\Artisan Player\artisanplayer.exe Inno: infected - 1 skipped
E:\Setups\Multimedia\Multimedia Players\Glory Player\setup.exe/data0009 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
E:\Setups\Multimedia\Multimedia Players\Glory Player\setup.exe Inno: infected - 1 skipped
E:\Setups\PC Styling\StyleXP\forever_blue.exe/WISE0018.BIN Infected: not-a-virus:AdWare.Win32.Gator.3103 skipped
E:\Setups\PC Styling\StyleXP\forever_blue.exe WiseSFX: infected - 1 skipped
E:\Setups\PC Styling\StyleXP\XBox Extreme.exe/WISE0018.BIN Infected: not-a-virus:AdWare.Win32.EZula.z skipped
E:\Setups\PC Styling\StyleXP\XBox Extreme.exe WiseSFX: infected - 1 skipped
E:\Setups\PC Styling\StyleXP\visualStyles\macintoshos.exe/WISE0019.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
E:\Setups\PC Styling\StyleXP\visualStyles\macintoshos.exe/WISE0020.BIN Infected: not-a-virus:AdWare.Win32.Gator.3103 skipped
E:\Setups\PC Styling\StyleXP\visualStyles\macintoshos.exe/WISE0021.BIN Infected: not-a-virus:AdWare.Win32.EZula.z skipped
E:\Setups\PC Styling\StyleXP\visualStyles\macintoshos.exe/WISE0022.BIN Infected: Trojan-Dropper.Win32.Agent.pd skipped
E:\Setups\PC Styling\StyleXP\visualStyles\macintoshos.exe WiseSFX: infected - 4 skipped
E:\Setups\PC Styling\StyleXP\visualStyles\psyu2theme.exe/WISE0019.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
E:\Setups\PC Styling\StyleXP\visualStyles\psyu2theme.exe/WISE0020.BIN Infected: not-a-virus:AdWare.Win32.Gator.3103 skipped
E:\Setups\PC Styling\StyleXP\visualStyles\psyu2theme.exe/WISE0021.BIN Infected: not-a-virus:AdWare.Win32.EZula.z skipped
E:\Setups\PC Styling\StyleXP\visualStyles\psyu2theme.exe/WISE0022.BIN Infected: Trojan-Dropper.Win32.Agent.pd skipped
E:\Setups\PC Styling\StyleXP\visualStyles\psyu2theme.exe WiseSFX: infected - 4 skipped
E:\Setups\PC Styling\StyleXP\visualStyles\solarsystems.exe/WISE0019.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
E:\Setups\PC Styling\StyleXP\visualStyles\solarsystems.exe/WISE0020.BIN Infected: not-a-virus:AdWare.Win32.Gator.3103 skipped
E:\Setups\PC Styling\StyleXP\visualStyles\solarsystems.exe/WISE0021.BIN Infected: not-a-virus:AdWare.Win32.EZula.z skipped
E:\Setups\PC Styling\StyleXP\visualStyles\solarsystems.exe/WISE0022.BIN Infected: Trojan-Downloader.Win32.Agent.er skipped
E:\Setups\PC Styling\StyleXP\visualStyles\solarsystems.exe WiseSFX: infected - 4 skipped
E:\Setups\PC Styling\StyleXP\Chinmaya\XBox Extreme.exe/WISE0018.BIN Infected: not-a-virus:AdWare.Win32.EZula.z skipped
E:\Setups\PC Styling\StyleXP\Chinmaya\XBox Extreme.exe WiseSFX: infected - 1 skipped
E:\Setups\PC Styling\StyleXP\Chinmaya\forever_blue.exe/WISE0018.BIN Infected: not-a-virus:AdWare.Win32.Gator.3103 skipped
E:\Setups\PC Styling\StyleXP\Chinmaya\forever_blue.exe WiseSFX: infected - 1 skipped
E:\Setups\PC Styling\StyleXP\Chinmaya\psyu2theme.exe/WISE0019.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
E:\Setups\PC Styling\StyleXP\Chinmaya\psyu2theme.exe/WISE0020.BIN Infected: not-a-virus:AdWare.Win32.Gator.3103 skipped
E:\Setups\PC Styling\StyleXP\Chinmaya\psyu2theme.exe/WISE0021.BIN Infected: not-a-virus:AdWare.Win32.EZula.z skipped
E:\Setups\PC Styling\StyleXP\Chinmaya\psyu2theme.exe/WISE0022.BIN Infected: Trojan-Dropper.Win32.Agent.pd skipped
E:\Setups\PC Styling\StyleXP\Chinmaya\psyu2theme.exe WiseSFX: infected - 4 skipped
E:\Setups\PC Styling\StyleXP\Chinmaya\macintoshos.exe/WISE0019.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
E:\Setups\PC Styling\StyleXP\Chinmaya\macintoshos.exe/WISE0020.BIN Infected: not-a-virus:AdWare.Win32.Gator.3103 skipped
E:\Setups\PC Styling\StyleXP\Chinmaya\macintoshos.exe/WISE0021.BIN Infected: not-a-virus:AdWare.Win32.EZula.z skipped
E:\Setups\PC Styling\StyleXP\Chinmaya\macintoshos.exe/WISE0022.BIN Infected: Trojan-Dropper.Win32.Agent.pd skipped
E:\Setups\PC Styling\StyleXP\Chinmaya\macintoshos.exe WiseSFX: infected - 4 skipped
E:\Setups\PC Styling\StyleXP\Chinmaya\solarsystems.exe/WISE0019.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
E:\Setups\PC Styling\StyleXP\Chinmaya\solarsystems.exe/WISE0020.BIN Infected: not-a-virus:AdWare.Win32.Gator.3103 skipped
E:\Setups\PC Styling\StyleXP\Chinmaya\solarsystems.exe/WISE0021.BIN Infected: not-a-virus:AdWare.Win32.EZula.z skipped
E:\Setups\PC Styling\StyleXP\Chinmaya\solarsystems.exe/WISE0022.BIN Infected: Trojan-Downloader.Win32.Agent.er skipped
E:\Setups\PC Styling\StyleXP\Chinmaya\solarsystems.exe WiseSFX: infected - 4 skipped
E:\Setups\Download Managers\DAP\fdainst.exe/data0002 Infected: Trojan-Downloader.Win32.Wren.d skipped
E:\Setups\Download Managers\DAP\fdainst.exe NSIS: infected - 1 skipped

Scan process completed.

HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:59:37 PM, on 1/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://www.yougamers.com/systeminfo/MSC3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{10A40F4A-8B17-43C6-995D-D601E4C2DE14}: NameServer = 192.168.1.1,218.248.255.161
O17 - HKLM\System\CCS\Services\Tcpip\..\{F905C99E-3F93-4FB4-B808-DBD1B4D5377A}: NameServer = 218.248.240.46 218.248.255.146
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 11055 bytes
ssj4Gogeta is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-02-2008, 01:43 AM   #19 (permalink)
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
 
Angelfire777's Avatar
 
Join Date: Oct 2006
Posts: 4,581
OS: Vista


Re: Duplicate Processes Running... Please Help!!!
No need to do the other scan. Is that the whole kaspersky scan log?
__________________
UNITE and ASAP since 2006


If we have helped you, please consider donating.

The past won't be able to hurt you unless you keep on looking back at it.
Angelfire777 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-02-2008, 01:52 AM   #20 (permalink)
Custom User Title
 
ssj4Gogeta's Avatar
 
Join Date: Dec 2007
Location: India
Posts: 1,864
OS: Windows XP SP2, Vista, Ubuntu Intrepid Ibex, Leopard (Kalyway)

My System

Re: Duplicate Processes Running... Please Help!!!
Yeah it is. Why?
Something wrong with that?
ssj4Gogeta is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 06:21 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85