Recommended Posts

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:08:33 PM, on 10/05/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\D-Link\AirPlus G\AirGCFG.exe

C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Owner\Application Data\nidle\nidle.exe

C:\WINDOWS\system32\rundll32.exe

C:\Documents and Settings\Owner\Application Data\digifast\digifast.exe

C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\vdmwm.exe

C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\DOCUME~1\Owner\LOCALS~1\Temp\1522232968.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,

O2 - BHO: C:\WINDOWS\system32\kjsdiowq8oikf.dll - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\kjsdiowq8oikf.dll

O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions

O4 - HKLM\..\RunOnce: [KB926239] rundll32.exe apphelp.dll,ShimFlushCache

O4 - HKLM\..\RunOnce: [WMC_RebootCheck] C:\WINDOWS\inf\unregmp2.exe /FixUps

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [nidle] "C:\Documents and Settings\Owner\Application Data\nidle\nidle.exe" 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

O4 - HKCU\..\Run: [igfxSys] rundll32.exe "C:\Documents and Settings\Owner\Application Data\Messenger\Drivers\IgfxSys.dll",StartProtector

O4 - HKCU\..\Run: [DigiFast] C:\Documents and Settings\Owner\Application Data\digifast\digifast.exe

O4 - HKCU\..\Run: [sfKg6wIPuSpdc] C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\vdmwm.exe

O4 - HKCU\..\Run: [Diagnostic Manager] C:\DOCUME~1\Owner\LOCALS~1\Temp\1522232968.exe

O4 - HKCU\..\RunOnce: [WMC_WMPDBExport] C:\Program Files\Windows Media Player\wmdbexport.exe

O4 - HKUS\S-1-5-18\..\Run: [] C:\WINDOWS\TEMP\j1icns6s.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [Windows Resurections] C:\WINDOWS\TEMP\j1icns6s.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\3119620228.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [uidenhiufgsduiazghs] C:\WINDOWS\TEMP\mvtmymxi.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [] C:\WINDOWS\TEMP\j1icns6s.exe (User 'Default user')

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\The Hidden Object Show Season 2\Images\stg_drm.ocx

O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatieControl Object) - http://zone.msn.com/bingame/choc/default/C...eb.1.0.0.15.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1213917412731

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1213962550419

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Elizabeth Find, MD - Diagnosis Mystery\Images\armhelper.ocx

O16 - DPF: {E9B80D94-D8BC-43DE-9138-75605A8D9666} (CPlayFirstWeddingDasControl Object) - http://zone.msn.com/bingame/wedd/default/W...sh.1.0.0.50.cab

O20 - AppInit_DLLs: bvqtzn.dll

O22 - SharedTaskScheduler: jso8joigm409gopgmrlgd - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\kjsdiowq8oikf.dll

O22 - SharedTaskScheduler: sdfsefsfdvdubgiungfuyd - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\sdrgfcvbf.dll

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--

End of file - 7561 bytes

Link to post
Share on other sites

Hello and Welcome to the forums. :)

I am MoNsTeReNeRgY22 and I will be assisting you with your computer problem today.

Looking at your system now, one or more of the identified infections is a backdoor application which can allow attackers to access your computer, stealing passwords and personal data.

If this computer is ever used for on-line banking, I suggest you do the following immediately:

1. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

With that said, please do the following.

Step 1

Please download ATF Cleaner by Atribune.

  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.

If you use Firefox browser

  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Step 2

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%

(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.

  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Link to post
Share on other sites

Checking Files :

No Trojan Files Found

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-12 18:45:56

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

C:\WINDOWS\system32\ntos.exe 191488 bytes executable

C:\WINDOWS\system32\wsnpoem

C:\WINDOWS\system32\wsnpoem\audio.dll 0 bytes

C:\WINDOWS\system32\wsnpoem\video.dll 36086 bytes

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 4

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :

Files with Hidden Attributes :

Mon 16 Jun 2008 5,237 A..H. --- "C:\TEMP\t4.bak"

Tue 17 Jun 2008 8,941 A..H. --- "C:\TEMP\t4.bak1"

Tue 17 Jun 2008 9,458 A..H. --- "C:\TEMP\t4.bak2"

Sat 23 Aug 2008 6,464 A..H. --- "C:\TEMP\t4.bak3"

Mon 20 Apr 2009 15,001 ...H. --- "C:\WINDOWS\temp\d4dhv2gu.exe"

Fri 1 May 2009 15,001 ...H. --- "C:\WINDOWS\temp\j1icns6s.exe"

Thu 30 Apr 2009 15,001 ...H. --- "C:\WINDOWS\temp\kscs4o5ayb.exe"

Thu 23 Apr 2009 15,001 ...H. --- "C:\WINDOWS\temp\ml2i872r.exe"

Mon 4 May 2009 15,001 ...H. --- "C:\WINDOWS\temp\mvtmymxi.exe"

Sun 3 May 2009 15,001 ...H. --- "C:\WINDOWS\temp\ur40dz.exe"

Fri 11 Jul 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Thu 12 Mar 2009 158,426 ...H. --- "C:\Program Files\Yahoo! Games\Finders Keepers\Uninstall.exe"

Tue 5 May 2009 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Sat 20 Dec 2008 7,478,208 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\351c39c58af1240d8e8a02f54010533a\BIT32.tmp"

Fri 20 Jun 2008 8,723,064 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5addd6f775e0368f244f62c739d66dd4\BIT58.tmp"

Fri 17 Oct 2008 7,281,784 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7ab777f7de3e6e633438f06ba30269aa\BIT46.tmp"

Fri 2 May 2008 3,493,888 A..H. --- "C:\Documents and Settings\Owner\Application Data\U3\temp\Launchpad Removal.exe"

Finished!

Link to post
Share on other sites

Hey,

Download GMER from here:

http://www.gmer.net/gmer.zip

Unzip it to the desktop.

Please close any open programs/windows!

Open the program and click on the Rootkit/Malware tab.

Make sure all the boxes on the right of the screen are checked, EXCEPT for "Show all".

Click on Scan.

When the scan has run click Copy and paste the results (if any) into this thread.

Link to post
Share on other sites

GMER 1.0.15.14972 - http://www.gmer.net

Rootkit scan 2009-05-13 15:04:34

Windows 5.1.2600 Service Pack 2

---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

? C:\WINDOWS\System32\svchost.exe[3896] image checksum mismatch; time/date stamp mismatch; unknown module: urlmon.dllunknown module: OLEAUT32.dll

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\wscntfy.exe[184] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00814416

IAT C:\WINDOWS\system32\wscntfy.exe[184] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 008143A8

IAT C:\WINDOWS\system32\wscntfy.exe[184] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0081436A

IAT C:\WINDOWS\system32\wscntfy.exe[184] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00814337

IAT C:\WINDOWS\system32\wscntfy.exe[184] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00814A7E

IAT C:\WINDOWS\system32\wscntfy.exe[184] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00814A23

IAT C:\WINDOWS\system32\wscntfy.exe[184] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0081471E

IAT C:\WINDOWS\system32\wscntfy.exe[184] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 008149F7

IAT C:\WINDOWS\system32\wscntfy.exe[184] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00814A23

IAT C:\WINDOWS\system32\wscntfy.exe[184] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00814A4F

IAT C:\WINDOWS\system32\wscntfy.exe[184] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00814A7E

IAT C:\WINDOWS\system32\wscntfy.exe[184] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0081471E

IAT C:\WINDOWS\system32\wscntfy.exe[184] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00814A23

IAT C:\WINDOWS\system32\wscntfy.exe[184] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00814A7E

IAT C:\WINDOWS\system32\wscntfy.exe[184] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00814416

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[308] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134416

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[308] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001343A8

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[308] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013436A

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[308] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134337

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[308] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 001349F7

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[308] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[308] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00134A4F

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[308] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[308] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[308] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[308] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0013471E

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[308] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013471E

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[308] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[308] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[308] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134416

IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[316] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134416

IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[316] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001343A8

IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[316] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013436A

IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[316] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134337

IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[316] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013471E

IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[316] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[316] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[316] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[316] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[316] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetClipboardData] 0013471E

IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[316] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 001349F7

IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[316] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[316] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00134A4F

IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[316] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[316] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134416

IAT C:\Program Files\QuickTime\qttask.exe[488] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134416

IAT C:\Program Files\QuickTime\qttask.exe[488] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001343A8

IAT C:\Program Files\QuickTime\qttask.exe[488] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013436A

IAT C:\Program Files\QuickTime\qttask.exe[488] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134337

IAT C:\Program Files\QuickTime\qttask.exe[488] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Program Files\QuickTime\qttask.exe[488] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Program Files\QuickTime\qttask.exe[488] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0013471E

IAT C:\Program Files\QuickTime\qttask.exe[488] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 001349F7

IAT C:\Program Files\QuickTime\qttask.exe[488] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Program Files\QuickTime\qttask.exe[488] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00134A4F

IAT C:\Program Files\QuickTime\qttask.exe[488] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Program Files\QuickTime\qttask.exe[488] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013471E

IAT C:\Program Files\QuickTime\qttask.exe[488] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Program Files\QuickTime\qttask.exe[488] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Program Files\QuickTime\qttask.exe[488] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134416

IAT C:\WINDOWS\System32\alg.exe[588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 007B4416

IAT C:\WINDOWS\System32\alg.exe[588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 007B43A8

IAT C:\WINDOWS\System32\alg.exe[588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 007B436A

IAT C:\WINDOWS\System32\alg.exe[588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 007B4337

IAT C:\WINDOWS\System32\alg.exe[588] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 007B471E

IAT C:\WINDOWS\System32\alg.exe[588] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 007B4A23

IAT C:\WINDOWS\System32\alg.exe[588] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 007B4A7E

IAT C:\WINDOWS\System32\alg.exe[588] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 007B4416

IAT C:\WINDOWS\System32\alg.exe[588] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 007B4A7E

IAT C:\WINDOWS\System32\alg.exe[588] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 007B4A23

IAT C:\WINDOWS\System32\alg.exe[588] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 007B471E

IAT C:\WINDOWS\System32\alg.exe[588] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 007B49F7

IAT C:\WINDOWS\System32\alg.exe[588] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 007B4A23

IAT C:\WINDOWS\System32\alg.exe[588] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 007B4A4F

IAT C:\WINDOWS\System32\alg.exe[588] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 007B4A7E

IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtQueryDirectoryFile] 00F14416

IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00F14416

IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00F143A8

IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00F1436A

IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00F14337

IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 00F1471E

IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00F14A23

IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00F14A7E

IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00F14A7E

IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00F14A23

IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 00F1471E

IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 00F149F7

IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00F14A23

IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00F14A4F

IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00F14A7E

IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00F14416

IAT C:\WINDOWS\system32\lsass.exe[700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00C24416

IAT C:\WINDOWS\system32\lsass.exe[700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00C243A8

IAT C:\WINDOWS\system32\lsass.exe[700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00C2436A

IAT C:\WINDOWS\system32\lsass.exe[700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00C24337

IAT C:\WINDOWS\system32\lsass.exe[700] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!LdrLoadDll] 00C243A8

IAT C:\WINDOWS\system32\lsass.exe[700] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00C24416

IAT C:\WINDOWS\system32\lsass.exe[700] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrLoadDll] 00C243A8

IAT C:\WINDOWS\system32\lsass.exe[700] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrGetProcedureAddress] 00C2436A

IAT C:\WINDOWS\system32\lsass.exe[700] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 00C2471E

IAT C:\WINDOWS\system32\lsass.exe[700] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00C24A23

IAT C:\WINDOWS\system32\lsass.exe[700] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00C24A7E

IAT C:\WINDOWS\system32\lsass.exe[700] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00C24A7E

IAT C:\WINDOWS\system32\lsass.exe[700] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00C24A23

IAT C:\WINDOWS\system32\lsass.exe[700] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 00C2471E

IAT C:\WINDOWS\system32\lsass.exe[700] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 00C249F7

IAT C:\WINDOWS\system32\lsass.exe[700] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00C24A23

IAT C:\WINDOWS\system32\lsass.exe[700] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00C24A4F

IAT C:\WINDOWS\system32\lsass.exe[700] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00C24A7E

IAT C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[704] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134416

IAT C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[704] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001343A8

IAT C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[704] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013436A

IAT C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[704] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134337

IAT C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[704] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[704] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[704] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetClipboardData] 0013471E

IAT C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[704] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 001349F7

IAT C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[704] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[704] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00134A4F

IAT C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[704] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[704] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013471E

IAT C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[704] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[704] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[704] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134416

IAT C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[840] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134416

IAT C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[840] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001343A8

IAT C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[840] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013436A

IAT C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[840] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134337

IAT C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[840] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 001349F7

IAT C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[840] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[840] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00134A4F

IAT C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[840] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[840] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013471E

IAT C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[840] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[840] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[840] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[840] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[840] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0013471E

IAT C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[840] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134416

IAT C:\WINDOWS\system32\svchost.exe[848] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00B94337

IAT C:\WINDOWS\system32\svchost.exe[904] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00764416

IAT C:\WINDOWS\system32\svchost.exe[904] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 007643A8

IAT C:\WINDOWS\system32\svchost.exe[904] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0076436A

IAT C:\WINDOWS\system32\svchost.exe[904] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00764337

IAT C:\WINDOWS\system32\svchost.exe[904] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0076471E

IAT C:\WINDOWS\system32\svchost.exe[904] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00764A23

IAT C:\WINDOWS\system32\svchost.exe[904] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00764A7E

IAT C:\WINDOWS\system32\svchost.exe[904] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00764A7E

IAT C:\WINDOWS\system32\svchost.exe[904] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00764A23

IAT C:\WINDOWS\system32\svchost.exe[904] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0076471E

IAT C:\WINDOWS\system32\svchost.exe[904] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 007649F7

IAT C:\WINDOWS\system32\svchost.exe[904] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00764A23

IAT C:\WINDOWS\system32\svchost.exe[904] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00764A4F

IAT C:\WINDOWS\system32\svchost.exe[904] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00764A7E

IAT C:\WINDOWS\system32\svchost.exe[904] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00764416

IAT C:\WINDOWS\System32\svchost.exe[944] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 012D4416

IAT C:\WINDOWS\System32\svchost.exe[944] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 012D43A8

IAT C:\WINDOWS\System32\svchost.exe[944] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 012D436A

IAT C:\WINDOWS\System32\svchost.exe[944] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 012D4337

IAT C:\WINDOWS\System32\svchost.exe[944] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 012D471E

IAT C:\WINDOWS\System32\svchost.exe[944] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 012D4A23

IAT C:\WINDOWS\System32\svchost.exe[944] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 012D4A7E

IAT C:\WINDOWS\System32\svchost.exe[944] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 012D4A7E

IAT C:\WINDOWS\System32\svchost.exe[944] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 012D4A23

IAT C:\WINDOWS\System32\svchost.exe[944] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 012D471E

IAT C:\WINDOWS\System32\svchost.exe[944] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 012D49F7

IAT C:\WINDOWS\System32\svchost.exe[944] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 012D4A23

IAT C:\WINDOWS\System32\svchost.exe[944] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 012D4A4F

IAT C:\WINDOWS\System32\svchost.exe[944] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 012D4A7E

IAT C:\WINDOWS\System32\svchost.exe[944] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 012D4416

IAT C:\WINDOWS\system32\svchost.exe[980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 009E4416

IAT C:\WINDOWS\system32\svchost.exe[980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 009E43A8

IAT C:\WINDOWS\system32\svchost.exe[980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 009E436A

IAT C:\WINDOWS\system32\svchost.exe[980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 009E4337

IAT C:\WINDOWS\system32\svchost.exe[980] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 009E471E

IAT C:\WINDOWS\system32\svchost.exe[980] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 009E4A23

IAT C:\WINDOWS\system32\svchost.exe[980] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 009E4A7E

IAT C:\WINDOWS\system32\svchost.exe[980] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 009E4A7E

IAT C:\WINDOWS\system32\svchost.exe[980] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 009E4A23

IAT C:\WINDOWS\system32\svchost.exe[980] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 009E471E

IAT C:\WINDOWS\system32\svchost.exe[980] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 009E49F7

IAT C:\WINDOWS\system32\svchost.exe[980] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 009E4A23

IAT C:\WINDOWS\system32\svchost.exe[980] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 009E4A4F

IAT C:\WINDOWS\system32\svchost.exe[980] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 009E4A7E

IAT C:\WINDOWS\system32\svchost.exe[980] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 009E4416

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe[1012] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134416

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe[1012] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001343A8

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe[1012] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013436A

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe[1012] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134337

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe[1012] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 001349F7

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe[1012] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe[1012] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00134A4F

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe[1012] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe[1012] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe[1012] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe[1012] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0013471E

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe[1012] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013471E

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe[1012] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe[1012] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe[1012] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134416

IAT C:\WINDOWS\System32\svchost.exe[1104] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00624416

IAT C:\WINDOWS\System32\svchost.exe[1104] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 006243A8

IAT C:\WINDOWS\System32\svchost.exe[1104] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0062436A

IAT C:\WINDOWS\System32\svchost.exe[1104] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00624337

IAT C:\WINDOWS\System32\svchost.exe[1104] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0062471E

IAT C:\WINDOWS\System32\svchost.exe[1104] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00624A23

IAT C:\WINDOWS\System32\svchost.exe[1104] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00624A7E

IAT C:\WINDOWS\System32\svchost.exe[1104] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00624A7E

IAT C:\WINDOWS\System32\svchost.exe[1104] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00624A23

IAT C:\WINDOWS\System32\svchost.exe[1104] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0062471E

IAT C:\WINDOWS\System32\svchost.exe[1104] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 006249F7

IAT C:\WINDOWS\System32\svchost.exe[1104] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00624A23

IAT C:\WINDOWS\System32\svchost.exe[1104] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00624A4F

IAT C:\WINDOWS\System32\svchost.exe[1104] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00624A7E

IAT C:\WINDOWS\System32\svchost.exe[1104] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00624416

IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134416

IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001343A8

IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013436A

IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134337

IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1124] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1124] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1124] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetClipboardData] 0013471E

IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1124] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 001349F7

IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1124] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1124] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00134A4F

IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1124] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1124] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013471E

IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1124] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1124] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1124] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134416

IAT C:\WINDOWS\System32\svchost.exe[1140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00404416

IAT C:\WINDOWS\System32\svchost.exe[1140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 004043A8

IAT C:\WINDOWS\System32\svchost.exe[1140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0040436A

IAT C:\WINDOWS\System32\svchost.exe[1140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00404337

IAT C:\WINDOWS\System32\svchost.exe[1140] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0040471E

IAT C:\WINDOWS\System32\svchost.exe[1140] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00404A23

IAT C:\WINDOWS\System32\svchost.exe[1140] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00404A7E

IAT C:\WINDOWS\System32\svchost.exe[1140] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00404A7E

IAT C:\WINDOWS\System32\svchost.exe[1140] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00404A23

IAT C:\WINDOWS\System32\svchost.exe[1140] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0040471E

IAT C:\WINDOWS\System32\svchost.exe[1140] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 004049F7

IAT C:\WINDOWS\System32\svchost.exe[1140] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00404A23

IAT C:\WINDOWS\System32\svchost.exe[1140] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00404A4F

IAT C:\WINDOWS\System32\svchost.exe[1140] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00404A7E

IAT C:\WINDOWS\System32\svchost.exe[1140] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00404416

IAT C:\WINDOWS\system32\svchost.exe[1160] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 006A4416

IAT C:\WINDOWS\system32\svchost.exe[1160] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 006A43A8

IAT C:\WINDOWS\system32\svchost.exe[1160] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 006A436A

IAT C:\WINDOWS\system32\svchost.exe[1160] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 006A4337

IAT C:\WINDOWS\system32\svchost.exe[1160] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 006A471E

IAT C:\WINDOWS\system32\svchost.exe[1160] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 006A4A23

IAT C:\WINDOWS\system32\svchost.exe[1160] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 006A4A7E

IAT C:\WINDOWS\system32\svchost.exe[1160] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 006A4A7E

IAT C:\WINDOWS\system32\svchost.exe[1160] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 006A4A23

IAT C:\WINDOWS\system32\svchost.exe[1160] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 006A471E

IAT C:\WINDOWS\system32\svchost.exe[1160] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 006A49F7

IAT C:\WINDOWS\system32\svchost.exe[1160] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 006A4A23

IAT C:\WINDOWS\system32\svchost.exe[1160] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 006A4A4F

IAT C:\WINDOWS\system32\svchost.exe[1160] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 006A4A7E

IAT C:\WINDOWS\system32\svchost.exe[1160] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 006A4416

IAT C:\Program Files\Java\jre6\bin\jusched.exe[1256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134416

IAT C:\Program Files\Java\jre6\bin\jusched.exe[1256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001343A8

IAT C:\Program Files\Java\jre6\bin\jusched.exe[1256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013436A

IAT C:\Program Files\Java\jre6\bin\jusched.exe[1256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134337

IAT C:\Program Files\Java\jre6\bin\jusched.exe[1256] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013471E

IAT C:\Program Files\Java\jre6\bin\jusched.exe[1256] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Program Files\Java\jre6\bin\jusched.exe[1256] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Program Files\Java\jre6\bin\jusched.exe[1256] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 001349F7

IAT C:\Program Files\Java\jre6\bin\jusched.exe[1256] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Program Files\Java\jre6\bin\jusched.exe[1256] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00134A4F

IAT C:\Program Files\Java\jre6\bin\jusched.exe[1256] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Program Files\Java\jre6\bin\jusched.exe[1256] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Program Files\Java\jre6\bin\jusched.exe[1256] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Program Files\Java\jre6\bin\jusched.exe[1256] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0013471E

IAT C:\Program Files\Java\jre6\bin\jusched.exe[1256] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134416

IAT C:\WINDOWS\system32\wuauclt.exe[1292] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00084416

IAT C:\WINDOWS\system32\wuauclt.exe[1292] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 000843A8

IAT C:\WINDOWS\system32\wuauclt.exe[1292] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0008436A

IAT C:\WINDOWS\system32\wuauclt.exe[1292] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00084337

IAT C:\WINDOWS\system32\wuauclt.exe[1292] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0008471E

IAT C:\WINDOWS\system32\wuauclt.exe[1292] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00084A23

IAT C:\WINDOWS\system32\wuauclt.exe[1292] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00084A7E

IAT C:\WINDOWS\system32\wuauclt.exe[1292] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 000849F7

IAT C:\WINDOWS\system32\wuauclt.exe[1292] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00084A23

IAT C:\WINDOWS\system32\wuauclt.exe[1292] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00084A4F

IAT C:\WINDOWS\system32\wuauclt.exe[1292] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00084A7E

IAT C:\WINDOWS\system32\wuauclt.exe[1292] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00084A7E

IAT C:\WINDOWS\system32\wuauclt.exe[1292] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00084A23

IAT C:\WINDOWS\system32\wuauclt.exe[1292] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0008471E

IAT C:\WINDOWS\system32\wuauclt.exe[1292] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00084416

IAT C:\WINDOWS\system32\spoolsv.exe[1404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 009E4416

IAT C:\WINDOWS\system32\spoolsv.exe[1404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 009E43A8

IAT C:\WINDOWS\system32\spoolsv.exe[1404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 009E436A

IAT C:\WINDOWS\system32\spoolsv.exe[1404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 009E4337

IAT C:\WINDOWS\system32\spoolsv.exe[1404] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 009E471E

IAT C:\WINDOWS\system32\spoolsv.exe[1404] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 009E4A23

IAT C:\WINDOWS\system32\spoolsv.exe[1404] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 009E4A7E

IAT C:\WINDOWS\system32\spoolsv.exe[1404] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 009E4A7E

IAT C:\WINDOWS\system32\spoolsv.exe[1404] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 009E4A23

IAT C:\WINDOWS\system32\spoolsv.exe[1404] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 009E471E

IAT C:\WINDOWS\system32\spoolsv.exe[1404] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 009E49F7

IAT C:\WINDOWS\system32\spoolsv.exe[1404] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 009E4A23

IAT C:\WINDOWS\system32\spoolsv.exe[1404] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 009E4A4F

IAT C:\WINDOWS\system32\spoolsv.exe[1404] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 009E4A7E

IAT C:\WINDOWS\system32\spoolsv.exe[1404] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 009E4416

IAT C:\Documents and Settings\Owner\Application Data\nidle\nidle.exe[1444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134416

IAT C:\Documents and Settings\Owner\Application Data\nidle\nidle.exe[1444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001343A8

IAT C:\Documents and Settings\Owner\Application Data\nidle\nidle.exe[1444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013436A

IAT C:\Documents and Settings\Owner\Application Data\nidle\nidle.exe[1444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134337

IAT C:\Documents and Settings\Owner\Application Data\nidle\nidle.exe[1444] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Documents and Settings\Owner\Application Data\nidle\nidle.exe[1444] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Documents and Settings\Owner\Application Data\nidle\nidle.exe[1444] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0013471E

IAT C:\Documents and Settings\Owner\Application Data\nidle\nidle.exe[1444] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 001349F7

IAT C:\Documents and Settings\Owner\Application Data\nidle\nidle.exe[1444] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Documents and Settings\Owner\Application Data\nidle\nidle.exe[1444] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00134A4F

IAT C:\Documents and Settings\Owner\Application Data\nidle\nidle.exe[1444] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Documents and Settings\Owner\Application Data\nidle\nidle.exe[1444] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013471E

IAT C:\Documents and Settings\Owner\Application Data\nidle\nidle.exe[1444] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Documents and Settings\Owner\Application Data\nidle\nidle.exe[1444] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Documents and Settings\Owner\Application Data\nidle\nidle.exe[1444] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134416

IAT C:\WINDOWS\system32\ctfmon.exe[1452] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00084416

IAT C:\WINDOWS\system32\ctfmon.exe[1452] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 000843A8

IAT C:\WINDOWS\system32\ctfmon.exe[1452] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0008436A

IAT C:\WINDOWS\system32\ctfmon.exe[1452] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00084337

IAT C:\WINDOWS\system32\ctfmon.exe[1452] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0008471E

IAT C:\WINDOWS\system32\ctfmon.exe[1452] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00084A23

IAT C:\WINDOWS\system32\ctfmon.exe[1452] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00084A7E

IAT C:\WINDOWS\system32\ctfmon.exe[1452] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00084A7E

IAT C:\WINDOWS\system32\ctfmon.exe[1452] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00084A23

IAT C:\WINDOWS\system32\ctfmon.exe[1452] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0008471E

IAT C:\WINDOWS\system32\ctfmon.exe[1452] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 000849F7

IAT C:\WINDOWS\system32\ctfmon.exe[1452] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00084A23

IAT C:\WINDOWS\system32\ctfmon.exe[1452] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00084A4F

IAT C:\WINDOWS\system32\ctfmon.exe[1452] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00084A7E

IAT C:\WINDOWS\system32\ctfmon.exe[1452] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00084416

IAT C:\WINDOWS\System32\svchost.exe[1484] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00624416

IAT C:\WINDOWS\System32\svchost.exe[1484] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 006243A8

IAT C:\WINDOWS\System32\svchost.exe[1484] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0062436A

IAT C:\WINDOWS\System32\svchost.exe[1484] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00624337

IAT C:\WINDOWS\System32\svchost.exe[1484] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0062471E

IAT C:\WINDOWS\System32\svchost.exe[1484] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00624A23

IAT C:\WINDOWS\System32\svchost.exe[1484] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00624A7E

IAT C:\WINDOWS\System32\svchost.exe[1484] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00624A7E

IAT C:\WINDOWS\System32\svchost.exe[1484] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00624A23

IAT C:\WINDOWS\System32\svchost.exe[1484] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0062471E

IAT C:\WINDOWS\System32\svchost.exe[1484] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 006249F7

IAT C:\WINDOWS\System32\svchost.exe[1484] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00624A23

IAT C:\WINDOWS\System32\svchost.exe[1484] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00624A4F

IAT C:\WINDOWS\System32\svchost.exe[1484] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00624A7E

IAT C:\WINDOWS\System32\svchost.exe[1484] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00624416

IAT C:\Program Files\Java\jre6\bin\jqs.exe[1556] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00DB4416

IAT C:\Program Files\Java\jre6\bin\jqs.exe[1556] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00DB43A8

IAT C:\Program Files\Java\jre6\bin\jqs.exe[1556] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00DB436A

IAT C:\Program Files\Java\jre6\bin\jqs.exe[1556] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00DB4337

IAT C:\Program Files\Java\jre6\bin\jqs.exe[1556] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00DB4416

IAT C:\Program Files\Java\jre6\bin\jqs.exe[1556] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 00DB471E

IAT C:\Program Files\Java\jre6\bin\jqs.exe[1556] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00DB4A23

IAT C:\Program Files\Java\jre6\bin\jqs.exe[1556] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00DB4A7E

IAT C:\Program Files\Java\jre6\bin\jqs.exe[1556] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 00DB49F7

IAT C:\Program Files\Java\jre6\bin\jqs.exe[1556] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00DB4A23

IAT C:\Program Files\Java\jre6\bin\jqs.exe[1556] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00DB4A4F

IAT C:\Program Files\Java\jre6\bin\jqs.exe[1556] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00DB4A7E

IAT C:\Program Files\Java\jre6\bin\jqs.exe[1556] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00DB4A7E

IAT C:\Program Files\Java\jre6\bin\jqs.exe[1556] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00DB4A23

IAT C:\Program Files\Java\jre6\bin\jqs.exe[1556] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 00DB471E

IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1592] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 003C4416

IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1592] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 003C43A8

IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1592] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 003C436A

IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1592] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 003C4337

IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1592] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 003C471E

IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1592] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 003C4A23

IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1592] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 003C4A7E

IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1592] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 003C4A7E

IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1592] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 003C4A23

IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1592] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 003C471E

IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1592] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 003C49F7

IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1592] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 003C4A23

IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1592] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 003C4A4F

IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1592] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 003C4A7E

IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1592] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 003C4416

IAT C:\Documents and Settings\Owner\Application Data\digifast\digifast.exe[1644] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134416

IAT C:\Documents and Settings\Owner\Application Data\digifast\digifast.exe[1644] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001343A8

IAT C:\Documents and Settings\Owner\Application Data\digifast\digifast.exe[1644] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013436A

IAT C:\Documents and Settings\Owner\Application Data\digifast\digifast.exe[1644] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134337

IAT C:\Documents and Settings\Owner\Application Data\digifast\digifast.exe[1644] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134416

IAT C:\Documents and Settings\Owner\Application Data\digifast\digifast.exe[1644] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013471E

IAT C:\Documents and Settings\Owner\Application Data\digifast\digifast.exe[1644] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Documents and Settings\Owner\Application Data\digifast\digifast.exe[1644] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Documents and Settings\Owner\Application Data\digifast\digifast.exe[1644] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Documents and Settings\Owner\Application Data\digifast\digifast.exe[1644] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Documents and Settings\Owner\Application Data\digifast\digifast.exe[1644] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0013471E

IAT C:\Documents and Settings\Owner\Application Data\digifast\digifast.exe[1644] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 001349F7

IAT C:\Documents and Settings\Owner\Application Data\digifast\digifast.exe[1644] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Documents and Settings\Owner\Application Data\digifast\digifast.exe[1644] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00134A4F

IAT C:\Documents and Settings\Owner\Application Data\digifast\digifast.exe[1644] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\vdmwm.exe[1692] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134416

IAT C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\vdmwm.exe[1692] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001343A8

IAT C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\vdmwm.exe[1692] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013436A

IAT C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\vdmwm.exe[1692] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134337

IAT C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\vdmwm.exe[1692] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013471E

IAT C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\vdmwm.exe[1692] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\vdmwm.exe[1692] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\vdmwm.exe[1692] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\vdmwm.exe[1692] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\vdmwm.exe[1692] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0013471E

IAT C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\vdmwm.exe[1692] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 001349F7

IAT C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\vdmwm.exe[1692] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\vdmwm.exe[1692] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00134A4F

IAT C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\vdmwm.exe[1692] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\vdmwm.exe[1692] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134416

IAT C:\WINDOWS\system32\rundll32.exe[1848] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00404416

IAT C:\WINDOWS\system32\rundll32.exe[1848] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 004043A8

IAT C:\WINDOWS\system32\rundll32.exe[1848] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0040436A

IAT C:\WINDOWS\system32\rundll32.exe[1848] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00404337

IAT C:\WINDOWS\system32\rundll32.exe[1848] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0040471E

IAT C:\WINDOWS\system32\rundll32.exe[1848] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00404A23

IAT C:\WINDOWS\system32\rundll32.exe[1848] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00404A7E

IAT C:\WINDOWS\system32\rundll32.exe[1848] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00404A7E

IAT C:\WINDOWS\system32\rundll32.exe[1848] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00404A23

IAT C:\WINDOWS\system32\rundll32.exe[1848] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0040471E

IAT C:\WINDOWS\system32\rundll32.exe[1848] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 004049F7

IAT C:\WINDOWS\system32\rundll32.exe[1848] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00404A23

IAT C:\WINDOWS\system32\rundll32.exe[1848] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00404A4F

IAT C:\WINDOWS\system32\rundll32.exe[1848] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00404A7E

IAT C:\WINDOWS\system32\rundll32.exe[1848] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00404416

IAT C:\Program Files\Messenger\msmsgs.exe[1888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00404416

IAT C:\Program Files\Messenger\msmsgs.exe[1888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 004043A8

IAT C:\Program Files\Messenger\msmsgs.exe[1888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0040436A

IAT C:\Program Files\Messenger\msmsgs.exe[1888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00404337

IAT C:\Program Files\Messenger\msmsgs.exe[1888] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00404416

IAT C:\Program Files\Messenger\msmsgs.exe[1888] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0040471E

IAT C:\Program Files\Messenger\msmsgs.exe[1888] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00404A23

IAT C:\Program Files\Messenger\msmsgs.exe[1888] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00404A7E

IAT C:\Program Files\Messenger\msmsgs.exe[1888] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 004049F7

IAT C:\Program Files\Messenger\msmsgs.exe[1888] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00404A23

IAT C:\Program Files\Messenger\msmsgs.exe[1888] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00404A4F

IAT C:\Program Files\Messenger\msmsgs.exe[1888] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00404A7E

IAT C:\Program Files\Messenger\msmsgs.exe[1888] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00404A7E

IAT C:\Program Files\Messenger\msmsgs.exe[1888] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00404A23

IAT C:\Program Files\Messenger\msmsgs.exe[1888] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0040471E

IAT C:\WINDOWS\System32\hkcmd.exe[1956] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134416

IAT C:\WINDOWS\System32\hkcmd.exe[1956] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001343A8

IAT C:\WINDOWS\System32\hkcmd.exe[1956] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013436A

IAT C:\WINDOWS\System32\hkcmd.exe[1956] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134337

IAT C:\WINDOWS\System32\hkcmd.exe[1956] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013471E

IAT C:\WINDOWS\System32\hkcmd.exe[1956] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\WINDOWS\System32\hkcmd.exe[1956] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\WINDOWS\System32\hkcmd.exe[1956] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\WINDOWS\System32\hkcmd.exe[1956] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\WINDOWS\System32\hkcmd.exe[1956] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetClipboardData] 0013471E

IAT C:\WINDOWS\System32\hkcmd.exe[1956] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 001349F7

IAT C:\WINDOWS\System32\hkcmd.exe[1956] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\WINDOWS\System32\hkcmd.exe[1956] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00134A4F

IAT C:\WINDOWS\System32\hkcmd.exe[1956] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\WINDOWS\System32\hkcmd.exe[1956] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134416

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[1960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134416

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[1960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001343A8

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[1960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013436A

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[1960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134337

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[1960] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 001349F7

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[1960] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[1960] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00134A4F

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[1960] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[1960] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[1960] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[1960] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetClipboardData] 0013471E

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[1960] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013471E

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[1960] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[1960] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[1960] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134416

IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\Explorer.EXE [uSER32.dll!GetMessageW] 00D54A23

IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\Explorer.EXE [uSER32.dll!PeekMessageW] 00D54A7E

IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00D54416

IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00D543A8

IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00D5436A

IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00D54337

IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 00D549F7

IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00D54A23

IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00D54A4F

IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00D54A7E

IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00D54A7E

IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00D54A23

IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 00D5471E

IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 00D5471E

IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00D54A23

IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00D54A7E

IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00D54416

IAT C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[3564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134416

IAT C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[3564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001343A8

IAT C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[3564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013436A

IAT C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[3564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134337

IAT C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[3564] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[3564] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[3564] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetClipboardData] 0013471E

IAT C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[3564] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 001349F7

IAT C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[3564] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[3564] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00134A4F

IAT C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[3564] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[3564] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013471E

IAT C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[3564] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00134A23

IAT C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[3564] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00134A7E

IAT C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[3564] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134416

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77DD6C07] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DD7832] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] [77DDE927] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 00000000

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [7C80E94F] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [7C90FF2D] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] [7C9174E9] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] [7C80EA2B] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] [7C80C068] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [7C80978A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [7C80A0E4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] [7C809A19] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] [7C809C08] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] [7C810647] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [7C80BDC6] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] [7C830D94] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] [7C809B57] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [7C80180E] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] [7C810B9E] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [7C801A24] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7C90FE21] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] [7C831EF5] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [7C860B1F] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] [7C835E12] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [7C802442] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] [7C801E16] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] [7C802520] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] [7C830A01] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [7C8092B8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] [7C80BE11] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] [7C9010E0] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [7C901000] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] [7C809F01] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [7C809740] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7C8098FB] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] [7C81CE13] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] [7C91137A] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] [7C801625] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] [7C834D89] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] [7C80ABD1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] [7C809E11] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] [7C809E89] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] [7C9100C4] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] [7C809776] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 00000000

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [771248C0] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] [7712503F] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [77125010] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] [771250DE] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] [77124920] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [77124B59] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] [7714C780] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 00000000

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] [77F72240] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] [77F8C41E] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [77F6818C] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 00000000

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [77D6FE82] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [77D4EEF7] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [77D4DB62] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] [77D4BD8E] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] [77D48A58] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] [77D4D935] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] [77D6F7A8] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] [77D6E083] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] [77D85B10] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [77D6EDC3] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] [77D4B7DB] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] [77D4FDAE] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] [77D48F75] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] [77D4EEE5] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] [77D6FCB2] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation)

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 00000000

IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] [771B7138] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\NDIS \Device\Ndis [81A8D982] NDIS.sys[.reloc]

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ndis.sys (size mismatch) 182656/182912 bytes executable

File C:\WINDOWS\system32\dllcache\ndis.sys (size mismatch) 213376/182912 bytes executable

File C:\WINDOWS\system32\drivers\ndis.sys (size mismatch) 213376/182912 bytes executable

File C:\WINDOWS\system32\ntos.exe 191488 bytes executable

File C:\WINDOWS\system32\wsnpoem 0 bytes

File C:\WINDOWS\system32\wsnpoem\audio.dll 0 bytes

File C:\WINDOWS\system32\wsnpoem\video.dll 36086 bytes

File C:\WINDOWS\$NtServicePackUninstall$\ndis.sys (size mismatch) 161536/182912 bytes executable

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

Hi again,

Please download the OTMoveIt3 by OldTimer.

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Copy the fix below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :processes
    explorer.exe

    :registry
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\nidle
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\IgfxSys
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DigiFast
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Diagnostic Manager
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{B2BA40A2-74F0-42BD-F434-12345A2C8953}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{C2BA40A1-74F3-42BD-F434-12345A2C8953}

    :files
    C:\WINDOWS\system32\ntos.exe
    C:\WINDOWS\SoftwareDistribution\Download\351c39c58af1240d8e8a02f54010533a\BIT32.tmp
    C:\WINDOWS\SoftwareDistribution\Download\5addd6f775e0368f244f62c739d66dd4\BIT58.tmp
    C:\WINDOWS\SoftwareDistribution\Download\7ab777f7de3e6e633438f06ba30269aa\BIT46.tmp
    C:\WINDOWS\temp\d4dhv2gu.exe
    C:\WINDOWS\temp\j1icns6s.exe
    C:\WINDOWS\temp\kscs4o5ayb.exe
    C:\WINDOWS\temp\ml2i872r.exe
    C:\WINDOWS\temp\mvtmymxi.exe
    C:\WINDOWS\temp\ur40dz.exe
    C:\Documents and Settings\Owner\Application Data\nidle
    C:\WINDOWS\system32\wsnpoem
    C:\Documents and Settings\Owner\Application Data\digifast
    C:\WINDOWS\system32\kjsdiowq8oikf.dll
    C:\Documents and Settings\Owner\Application Data\Messenger\Drivers\IgfxSys.dll
    C:\WINDOWS\system32\sdrgfcvbf.dll
    C:\WINDOWS\system32\kjsdiowq8oikf.dl

    :commands
    [purity]
    [emptytemp]
    [start explorer]


  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Link to post
Share on other sites

========== PROCESSES ==========

Process explorer.exe killed successfully.

Error: Unable to interpret <:registry> in the current context!

Error: Unable to interpret <HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}> in the current context!

Error: Unable to interpret <HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\nidle> in the current context!

Error: Unable to interpret <HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\IgfxSys> in the current context!

Error: Unable to interpret <HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DigiFast> in the current context!

Error: Unable to interpret <HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Diagnostic Manager> in the current context!

Error: Unable to interpret <HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{B2BA40A2-74F0-42BD-F434-12345A2C8953}> in the current context!

Error: Unable to interpret <HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{C2BA40A1-74F3-42BD-F434-12345A2C8953}> in the current context!

========== FILES ==========

File/Folder C:\WINDOWS\system32\ntos.exe not found.

C:\WINDOWS\SoftwareDistribution\Download\351c39c58af1240d8e8a02f54010533a\BIT32.tmp moved successfully.

C:\WINDOWS\SoftwareDistribution\Download\5addd6f775e0368f244f62c739d66dd4\BIT58.tmp moved successfully.

C:\WINDOWS\SoftwareDistribution\Download\7ab777f7de3e6e633438f06ba30269aa\BIT46.tmp moved successfully.

C:\WINDOWS\temp\d4dhv2gu.exe moved successfully.

C:\WINDOWS\temp\j1icns6s.exe moved successfully.

C:\WINDOWS\temp\kscs4o5ayb.exe moved successfully.

C:\WINDOWS\temp\ml2i872r.exe moved successfully.

C:\WINDOWS\temp\mvtmymxi.exe moved successfully.

C:\WINDOWS\temp\ur40dz.exe moved successfully.

C:\Documents and Settings\Owner\Application Data\nidle moved successfully.

File/Folder C:\WINDOWS\system32\wsnpoem not found.

Folder move failed. C:\Documents and Settings\Owner\Application Data\digifast scheduled to be moved on reboot.

C:\WINDOWS\system32\kjsdiowq8oikf.dll NOT unregistered.

C:\WINDOWS\system32\kjsdiowq8oikf.dll moved successfully.

DllUnregisterServer procedure not found in C:\Documents and Settings\Owner\Application Data\Messenger\Drivers\IgfxSys.dll

C:\Documents and Settings\Owner\Application Data\Messenger\Drivers\IgfxSys.dll NOT unregistered.

C:\Documents and Settings\Owner\Application Data\Messenger\Drivers\IgfxSys.dll moved successfully.

C:\WINDOWS\system32\sdrgfcvbf.dll NOT unregistered.

C:\WINDOWS\system32\sdrgfcvbf.dll moved successfully.

File/Folder C:\WINDOWS\system32\kjsdiowq8oikf.dl not found.

========== COMMANDS ==========

File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\570833324.exe scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\etilqs_73qu9UsfOT7SUVkjivy9 scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\JET6613.tmp scheduled to be deleted on reboot.

User's Temp folder emptied.

User's Internet Explorer cache folder emptied.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

User's Temporary Internet Files folder emptied.

Local Service Temp folder emptied.

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

Local Service Temporary Internet Files folder emptied.

Network Service Temp folder emptied.

File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

Network Service Temporary Internet Files folder emptied.

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_614.dat scheduled to be deleted on reboot.

Windows Temp folder emptied.

Java cache emptied.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\urlclassifier3.sqlite scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\urlclassifier3.sqlite-journal scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\XUL.mfl scheduled to be deleted on reboot.

FireFox cache emptied.

Temp folders emptied.

Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05142009_185305

Files moved on Reboot...

C:\Documents and Settings\Owner\Application Data\digifast moved successfully.

C:\DOCUME~1\Owner\LOCALS~1\Temp\570833324.exe moved successfully.

File C:\DOCUME~1\Owner\LOCALS~1\Temp\etilqs_73qu9UsfOT7SUVkjivy9 not found!

File C:\DOCUME~1\Owner\LOCALS~1\Temp\JET6613.tmp not found!

File C:\WINDOWS\temp\Perflib_Perfdata_614.dat not found!

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\Cache\_CACHE_001_ moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\Cache\_CACHE_002_ moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\Cache\_CACHE_003_ moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\Cache\_CACHE_MAP_ moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\urlclassifier3.sqlite moved successfully.

File C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\urlclassifier3.sqlite-journal not found!

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\XUL.mfl moved successfully.

Link to post
Share on other sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:59:28 PM, on 15/05/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\TEMP\BN2.tmp

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\D-Link\AirPlus G\AirGCFG.exe

C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,

O2 - BHO: C:\WINDOWS\system32\sdrgfcvbf.dll - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\sdrgfcvbf.dll (file missing)

O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [nidle] "C:\Documents and Settings\Owner\Application Data\nidle\nidle.exe" 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

O4 - HKCU\..\Run: [igfxSys] rundll32.exe "C:\Documents and Settings\Owner\Application Data\Messenger\Drivers\IgfxSys.dll",StartProtector

O4 - HKCU\..\Run: [Diagnostic Manager] C:\DOCUME~1\Owner\LOCALS~1\Temp\570833324.exe

O4 - HKUS\S-1-5-18\..\Run: [] C:\WINDOWS\TEMP\j1icns6s.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [Windows Resurections] C:\WINDOWS\TEMP\j1icns6s.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\1604645086.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [uidenhiufgsduiazghs] C:\WINDOWS\TEMP\mvtmymxi.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [] C:\WINDOWS\TEMP\j1icns6s.exe (User 'Default user')

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\The Hidden Object Show Season 2\Images\stg_drm.ocx

O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatieControl Object) - http://zone.msn.com/bingame/choc/default/C...eb.1.0.0.15.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1213917412731

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1213962550419

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Elizabeth Find, MD - Diagnosis Mystery\Images\armhelper.ocx

O16 - DPF: {E9B80D94-D8BC-43DE-9138-75605A8D9666} (CPlayFirstWeddingDasControl Object) - http://zone.msn.com/bingame/wedd/default/W...sh.1.0.0.50.cab

O20 - AppInit_DLLs: bvqtzn.dll

O22 - SharedTaskScheduler: jso8joigm409gopgmrlgd - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\kjsdiowq8oikf.dll (file missing)

O22 - SharedTaskScheduler: sdfsefsfdvdubgiungfuyd - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\sdrgfcvbf.dll (file missing)

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--

End of file - 7085 bytes

Link to post
Share on other sites

Hi again,

Please re-open HijackThis and scan. Check the boxes next to all the entries listed below.

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,

O2 - BHO: C:\WINDOWS\system32\sdrgfcvbf.dll - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\sdrgfcvbf.dll (file missing)

O4 - HKCU\..\Run: [nidle] "C:\Documents and Settings\Owner\Application Data\nidle\nidle.exe"

O4 - HKCU\..\Run: [igfxSys] rundll32.exe "C:\Documents and Settings\Owner\Application Data\Messenger\Drivers\IgfxSys.dll",StartProtector

O4 - HKCU\..\Run: [Diagnostic Manager] C:\DOCUME~1\Owner\LOCALS~1\Temp\570833324.exe

O4 - HKUS\S-1-5-18\..\Run: [] C:\WINDOWS\TEMP\j1icns6s.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [Windows Resurections] C:\WINDOWS\TEMP\j1icns6s.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\1604645086.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [uidenhiufgsduiazghs] C:\WINDOWS\TEMP\mvtmymxi.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [] C:\WINDOWS\TEMP\j1icns6s.exe (User 'Default user')

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O22 - SharedTaskScheduler: jso8joigm409gopgmrlgd - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\kjsdiowq8oikf.dll (file missing)

O22 - SharedTaskScheduler: sdfsefsfdvdubgiungfuyd - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\sdrgfcvbf.dll (file missing)

Now close all windows other than Hijackthis, then click Fix Checked. Close HijackThis.

Then

  • Please double-click OTMoveIt3.exe to run it.
  • Copy the fix below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :processes
    explorer.exe

    :files
    C:\WINDOWS\system32\ntos.exe
    C:\WINDOWS\system32\sdrgfcvbf.dll
    C:\Documents and Settings\Owner\Application Data\nidle
    C:\Documents and Settings\Owner\Application Data\Messenger\Drivers\IgfxSys.dll
    C:\DOCUME~1\Owner\LOCALS~1\Temp\570833324.exe
    C:\WINDOWS\TEMP\j1icns6s.exe
    C:\WINDOWS\TEMP\1604645086.exe
    C:\WINDOWS\TEMP\mvtmymxi.exe
    C:\WINDOWS\system32\kjsdiowq8oikf.dll (file missing)
    C:\WINDOWS\system32\sdrgfcvbf.dll

    :commands
    [purity]
    [emptytemp]
    [start explorer]


  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Link to post
Share on other sites

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== FILES ==========

File move failed. C:\WINDOWS\system32\ntos.exe scheduled to be moved on reboot.

File/Folder C:\WINDOWS\system32\sdrgfcvbf.dll not found.

File/Folder C:\Documents and Settings\Owner\Application Data\nidle not found.

File/Folder C:\Documents and Settings\Owner\Application Data\Messenger\Drivers\IgfxSys.dll not found.

File/Folder C:\DOCUME~1\Owner\LOCALS~1\Temp\570833324.exe not found.

File/Folder C:\WINDOWS\TEMP\j1icns6s.exe not found.

File/Folder C:\WINDOWS\TEMP\1604645086.exe not found.

File/Folder C:\WINDOWS\TEMP\mvtmymxi.exe not found.

File/Folder C:\WINDOWS\system32\kjsdiowq8oikf.dll (file missing) not found.

File/Folder C:\WINDOWS\system32\sdrgfcvbf.dll not found.

========== COMMANDS ==========

File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\etilqs_hSix2IeqiWY9FO9zs2Bc scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\JET19EB.tmp scheduled to be deleted on reboot.

User's Temp folder emptied.

User's Internet Explorer cache folder emptied.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

User's Temporary Internet Files folder emptied.

Local Service Temp folder emptied.

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

Local Service Temporary Internet Files folder emptied.

Network Service Temp folder emptied.

File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

Network Service Temporary Internet Files folder emptied.

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_f8.dat scheduled to be deleted on reboot.

Windows Temp folder emptied.

Java cache emptied.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\urlclassifier3.sqlite scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\XUL.mfl scheduled to be deleted on reboot.

FireFox cache emptied.

Temp folders emptied.

Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05162009_165957

Files moved on Reboot...

File move failed. C:\WINDOWS\system32\ntos.exe scheduled to be moved on reboot.

File C:\DOCUME~1\Owner\LOCALS~1\Temp\etilqs_hSix2IeqiWY9FO9zs2Bc not found!

File C:\DOCUME~1\Owner\LOCALS~1\Temp\JET19EB.tmp not found!

File C:\WINDOWS\temp\Perflib_Perfdata_f8.dat not found!

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\Cache\_CACHE_001_ moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\Cache\_CACHE_002_ moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\Cache\_CACHE_003_ moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\Cache\_CACHE_MAP_ moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\urlclassifier3.sqlite moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\XUL.mfl moved successfully.

Link to post
Share on other sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:32:16 PM, on 16/05/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\TEMP\BN1.tmp

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\D-Link\AirPlus G\AirGCFG.exe

C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\System32\wudfhost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\ntos.exe,

O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\The Hidden Object Show Season 2\Images\stg_drm.ocx

O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatieControl Object) - http://zone.msn.com/bingame/choc/default/C...eb.1.0.0.15.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1213917412731

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1213962550419

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Elizabeth Find, MD - Diagnosis Mystery\Images\armhelper.ocx

O16 - DPF: {E9B80D94-D8BC-43DE-9138-75605A8D9666} (CPlayFirstWeddingDasControl Object) - http://zone.msn.com/bingame/wedd/default/W...sh.1.0.0.50.cab

O20 - AppInit_DLLs: bvqtzn.dll

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--

End of file - 5682 bytes

Link to post
Share on other sites

Please download this file - combofix.exe by sUBs

  • Save it to your Desktop
  • Please, never rename Combofix unless instructed.
  • Now physically disconnect from the internet and STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields)
  • Click on your START button and choose Run. Then copy/paste the entire content of the following quotebox (Including the "" marks and the Symbols) into the run box.
    "%userprofile%\desktop\ComboFix.exe" /KillAll

  • Click OK and this will start ComboFix in a special way.
  • When finished, it will produce a log. Please save that log to a Notepad File to post in your next reply along with a fresh HJT log.

Note:

Do not mouse-click combofix's window while it is running. That may cause it to stall.

* After you have saved the logs, restart your system to re-enable all the programs that were disabled during the running of ComboFix.

* Reconnect to the internet

* Post the following logs/Reports:

  • ComboFix.txt
  • Fresh HijackThis log run after all the other tools have performed their cleanup.

Link to post
Share on other sites

ComboFix 09-05-16.05 - Owner 16/05/2009 22:18.5 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.254.114 [GMT -4:00]

Running from: c:\documents and settings\Owner\desktop\ComboFix.exe

Command switches used :: /KillAll

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Owner\Local Settings\Temporary Internet Files\CPV.stt

c:\documents and settings\Owner\Local Settings\Temporary Internet Files\fbk.sts

c:\program files\Jcore

c:\program files\WWShow

c:\recycler\S-1-5-21-436374069-1364589140-1801674531-500\INFO2

c:\windows\IE4 Error Log.txt

c:\windows\Install.txt

c:\windows\mqcd.dbt

c:\windows\system32\Install.txt

c:\windows\system32\ntos.exe

c:\windows\system32\wsnpoem

c:\windows\system32\wsnpoem\audio.dll

c:\windows\system32\wsnpoem\video.dll

Infected copy of c:\windows\system32\drivers\ndis.sys was found and disinfected

Restored copy from - The cat ate it :)

.

((((((((((((((((((((((((( Files Created from 2009-04-17 to 2009-05-17 )))))))))))))))))))))))))))))))

.

2009-05-14 22:53 . 2009-05-14 22:53 -------- d-----w C:\_OTMoveIt

2009-05-05 22:26 . 2009-05-10 21:56 -------- d-----w c:\program files\Windows Media Connect 2

2009-05-05 22:21 . 2009-05-05 23:57 -------- d-----w c:\windows\system32\drivers\UMDF

2009-05-01 09:10 . 2009-05-01 09:10 -------- d-s---w c:\windows\system32\config\systemprofile\UserData

2009-04-23 21:39 . 2009-04-23 21:39 -------- d-----w c:\windows\data_0001810hapfp

2009-04-23 21:07 . 2009-04-23 21:50 -------- d-----w c:\program files\Tetris

2009-04-21 23:32 . 2009-04-21 23:32 -------- d-----w c:\program files\Selectsoft

2009-04-20 19:59 . 2009-05-05 22:21 -------- d-----w c:\windows\system32\LogFiles

2009-04-20 19:14 . 2009-04-20 19:14 -------- d-----w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Musicmatch

2009-04-20 19:13 . 2009-04-20 19:13 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Musicmatch

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-17 02:17 . 2001-08-18 12:00 182912 ----a-w c:\windows\system32\drivers\ndis.sys

2009-05-09 23:37 . 2008-06-29 21:10 -------- d-----w c:\program files\Yahoo! Games

2009-05-04 21:14 . 2009-05-04 21:14 0 ----a-w C:\4B.tmp

2009-05-04 21:14 . 2009-05-04 21:14 0 ----a-w C:\4A.tmp

2009-05-04 21:14 . 2009-05-04 21:14 0 ----a-w C:\49.tmp

2009-05-04 21:14 . 2009-05-04 21:14 0 ----a-w C:\48.tmp

2009-05-04 21:14 . 2009-05-04 21:14 0 ----a-w C:\12.tmp

2009-05-03 23:06 . 2009-05-03 23:06 0 ----a-w C:\47.tmp

2009-05-03 23:06 . 2009-05-03 23:06 0 ----a-w C:\46.tmp

2009-05-03 23:06 . 2009-05-03 23:06 0 ----a-w C:\45.tmp

2009-05-03 23:06 . 2009-05-03 23:06 0 ----a-w C:\44.tmp

2009-05-03 23:05 . 2009-05-03 23:05 38 ----a-w C:\3E.tmp

2009-05-03 23:05 . 2009-05-03 23:05 0 ----a-w C:\43.tmp

2009-05-03 23:05 . 2009-05-03 23:05 0 ----a-w C:\42.tmp

2009-05-03 23:05 . 2009-05-03 23:05 0 ----a-w C:\41.tmp

2009-05-03 23:05 . 2009-05-03 23:05 0 ----a-w C:\40.tmp

2009-05-03 23:05 . 2009-05-03 23:05 0 ----a-w C:\3F.tmp

2009-05-03 23:05 . 2009-05-03 23:05 51712 ----a-w C:\3A.tmp

2009-05-03 23:05 . 2009-05-03 23:05 0 ----a-w C:\3D.tmp

2009-05-03 23:05 . 2009-05-03 23:05 0 ----a-w C:\3C.tmp

2009-05-03 23:05 . 2009-05-03 23:05 0 ----a-w C:\3B.tmp

2009-04-30 09:06 . 2009-04-30 09:06 0 ----a-w C:\2B.tmp

2009-04-23 19:58 . 2009-04-23 19:58 38 ----a-w C:\1D.tmp

2009-04-23 19:58 . 2009-04-23 19:58 0 ----a-w C:\1C.tmp

2009-04-23 19:58 . 2009-04-23 19:58 0 ----a-w C:\1B.tmp

2009-04-23 19:58 . 2009-04-23 19:58 0 ----a-w C:\1A.tmp

2009-04-23 19:58 . 2009-04-23 19:58 0 ----a-w C:\19.tmp

2009-04-23 19:58 . 2009-04-23 19:58 0 ----a-w C:\18.tmp

2009-04-23 19:58 . 2009-04-23 19:58 0 ----a-w C:\17.tmp

2009-04-23 19:58 . 2009-04-23 19:58 0 ----a-w C:\16.tmp

2009-04-23 19:58 . 2009-04-23 19:58 0 ----a-w C:\15.tmp

2009-04-23 19:58 . 2009-04-23 19:58 38 ----a-w C:\14.tmp

2009-04-23 19:58 . 2009-04-23 19:58 54784 ----a-w C:\13.tmp

2009-04-20 19:10 . 2009-04-20 19:10 38 ----a-w C:\10.tmp

2009-04-20 19:10 . 2009-04-20 19:10 0 ----a-w C:\11.tmp

2009-04-20 19:10 . 2009-04-20 19:10 0 ----a-w C:\F.tmp

2009-04-20 19:10 . 2009-04-20 19:10 0 ----a-w C:\A.tmp

2009-04-20 19:10 . 2009-04-20 19:10 0 ----a-w C:\9.tmp

2009-04-20 19:10 . 2009-04-20 19:10 0 ----a-w C:\8.tmp

2009-04-20 19:10 . 2009-04-20 19:10 0 ----a-w C:\7.tmp

2009-04-20 19:10 . 2009-04-20 19:10 0 ----a-w C:\6.tmp

2009-04-20 19:10 . 2009-04-20 19:10 0 ----a-w C:\5.tmp

2009-04-20 19:10 . 2009-04-20 19:10 38 ----a-w C:\4.tmp

2009-04-20 19:10 . 2009-04-20 19:10 52736 ----a-w C:\3.tmp

2009-04-18 12:09 . 2009-04-18 12:09 0 ----a-w C:\E.tmp

2009-04-18 12:08 . 2009-04-18 12:08 0 ----a-w C:\D.tmp

2009-04-18 12:08 . 2009-04-18 12:08 0 ----a-w C:\C.tmp

2009-04-18 12:08 . 2009-04-18 12:08 0 ----a-w C:\B.tmp

2009-04-13 21:44 . 2009-01-06 00:46 -------- d-----w c:\program files\ANI

2009-04-13 21:44 . 2008-06-16 18:41 -------- d--h--w c:\program files\InstallShield Installation Information

2009-04-13 21:42 . 2009-04-13 21:42 -------- d-----w c:\program files\D-Link

2009-04-13 21:12 . 2008-06-16 18:41 -------- d-----w c:\program files\Common Files\InstallShield

2009-04-08 09:22 . 2009-04-08 09:22 0 ----a-w c:\windows\system32\2D.tmp

2009-04-08 09:21 . 2009-04-08 09:21 0 ----a-w c:\windows\system32\2C.tmp

2009-04-08 09:20 . 2009-04-08 09:20 0 ----a-w c:\windows\system32\2A.tmp

2009-04-08 09:20 . 2009-04-08 09:20 0 ----a-w c:\windows\system32\28.tmp

2009-04-08 09:19 . 2009-04-08 09:19 0 ----a-w c:\windows\system32\27.tmp

2009-04-08 09:19 . 2009-04-08 09:19 0 ----a-w c:\windows\system32\26.tmp

2009-04-08 09:19 . 2009-04-08 09:19 0 ----a-w c:\windows\system32\25.tmp

2009-04-08 09:19 . 2009-04-08 09:19 0 ----a-w c:\windows\system32\23.tmp

2009-04-08 09:18 . 2009-04-08 09:18 0 ----a-w c:\windows\system32\22.tmp

2009-04-08 09:18 . 2009-04-08 09:18 0 ----a-w c:\windows\system32\21.tmp

2009-04-08 09:18 . 2009-04-08 09:18 0 ----a-w c:\windows\system32\20.tmp

2009-04-08 09:18 . 2009-04-08 09:18 0 ----a-w c:\windows\system32\1F.tmp

2009-04-08 09:17 . 2009-04-08 09:17 0 ----a-w c:\windows\system32\1E.tmp

2009-04-08 09:17 . 2009-04-08 09:17 0 ----a-w c:\windows\system32\1D.tmp

2009-04-08 09:17 . 2009-04-08 09:17 0 ----a-w c:\windows\system32\1C.tmp

2009-04-08 00:05 . 2009-04-08 00:05 0 ----a-w c:\windows\system32\1B.tmp

2009-04-07 23:56 . 2009-04-07 23:56 0 ----a-w c:\windows\system32\1A.tmp

2009-04-07 23:55 . 2009-04-07 23:55 0 ----a-w c:\windows\system32\19.tmp

2009-04-07 23:55 . 2009-04-07 23:55 0 ----a-w c:\windows\system32\18.tmp

2009-04-07 23:42 . 2009-04-07 23:42 0 ----a-w c:\windows\system32\17.tmp

2009-04-07 23:42 . 2009-04-07 23:42 0 ----a-w c:\windows\system32\16.tmp

2009-04-07 23:27 . 2009-04-07 23:27 0 ----a-w c:\windows\system32\15.tmp

2009-04-07 23:27 . 2009-04-07 23:27 0 ----a-w c:\windows\system32\14.tmp

2009-04-07 22:36 . 2009-04-07 22:36 0 ----a-w c:\windows\system32\13.tmp

2009-04-07 22:13 . 2009-04-07 22:13 0 ----a-w c:\windows\system32\12.tmp

2009-04-07 22:05 . 2009-04-07 22:05 0 ----a-w c:\windows\system32\11.tmp

2009-04-07 21:56 . 2009-04-07 21:56 0 ----a-w c:\windows\system32\10.tmp

2009-04-06 20:41 . 2009-01-06 20:41 84992 --sha-w c:\windows\system32\nuvameje.dll.vir

2009-04-04 13:14 . 2009-04-04 13:14 -------- d-----w c:\program files\MSECache

2009-03-24 22:33 . 2008-06-18 15:29 64368 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-03-23 20:04 . 2009-03-22 22:21 114 ----a-w c:\windows\de04ch5.dat

2009-03-22 22:46 . 2009-03-19 20:00 -------- d-----w c:\program files\Family Feud Dream Home

2009-03-22 22:20 . 2009-03-22 22:20 -------- d-----w c:\program files\detest5

2009-03-22 21:29 . 2009-03-22 21:29 -------- d-----w c:\program files\Common Files\SWF Studio

2009-03-22 21:29 . 2009-03-22 21:29 -------- d-----w c:\program files\KAZ Typing Test

2009-03-22 21:28 . 2009-03-22 21:29 737280 ----a-w c:\windows\iun6002.exe

2009-03-20 22:14 . 2009-03-20 22:14 81 ----a-w C:\CTX.DAT

2009-03-20 22:03 . 2009-01-25 16:00 410984 ----a-w c:\windows\system32\deploytk.dll

2009-03-20 22:03 . 2008-06-18 17:05 -------- d-----w c:\program files\Java

2009-03-17 16:19 . 2009-03-17 16:19 147456 ----a-w c:\windows\system32\vbzip10.dll

2009-03-06 14:44 . 2001-08-18 12:00 283648 ----a-w c:\windows\system32\pdh.dll

2009-02-20 08:30 . 2009-02-19 17:01 81920 ------w c:\windows\system32\ieencode.dll

2009-02-20 08:30 . 2001-08-18 12:00 659456 ----a-w c:\windows\system32\wininet.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2006-01-19 110592]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-06-17 98304]

"IgfxTray"="c:\windows\System32\igfxtray.exe" [2002-06-19 155648]

"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2002-06-19 114688]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-11 180269]

"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe" [2006-01-19 11776]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-20 148888]

"D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2007-04-14 1556480]

"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

--- Other Services/Drivers In Memory ---

*Deregistered* - AFD

*Deregistered* - ALG

*Deregistered* - ANIO

*Deregistered* - ANIWZCSdService

*Deregistered* - AudioSrv

*Deregistered* - audstub

*Deregistered* - Beep

*Deregistered* - BITS

*Deregistered* - Browser

*Deregistered* - Cdfs

*Deregistered* - CryptSvc

*Deregistered* - DcomLaunch

*Deregistered* - Dhcp

*Deregistered* - Dnscache

*Deregistered* - ERSvc

*Deregistered* - EventSystem

*Deregistered* - Fallback

*Deregistered* - FastUserSwitchingCompatibility

*Deregistered* - Fips

*Deregistered* - FltMgr

*Deregistered* - Fsks

*Deregistered* - Ftdisk

*Deregistered* - Gpc

*Deregistered* - helpsvc

*Deregistered* - HTTP

*Deregistered* - HTTPFilter

*Deregistered* - IpNat

*Deregistered* - IPSec

*Deregistered* - JavaQuickStarterService

*Deregistered* - K56

*Deregistered* - KSecDD

*Deregistered* - lanmanserver

*Deregistered* - lanmanworkstation

*Deregistered* - LmHosts

*Deregistered* - MDM

*Deregistered* - mdmxsdk

*Deregistered* - mnmdd

*Deregistered* - Mouclass

*Deregistered* - MountMgr

*Deregistered* - MRxDAV

*Deregistered* - MRxSmb

*Deregistered* - Msfs

*Deregistered* - mssmbios

*Deregistered* - Mup

*Deregistered* - NDIS

*Deregistered* - NdisTapi

*Deregistered* - Ndisuio

*Deregistered* - NdisWan

*Deregistered* - NDProxy

*Deregistered* - NetBIOS

*Deregistered* - NetBT

*Deregistered* - Netman

*Deregistered* - Nla

*Deregistered* - Npfs

*Deregistered* - Ntfs

*Deregistered* - Null

*Deregistered* - OMCI

*Deregistered* - ParVdm

*Deregistered* - PolicyAgent

*Deregistered* - PptpMiniport

*Deregistered* - ProtectedStorage

*Deregistered* - PSched

*Deregistered* - RasAcd

*Deregistered* - Rasl2tp

*Deregistered* - RasMan

*Deregistered* - RasPppoe

*Deregistered* - Raspti

*Deregistered* - Rdbss

*Deregistered* - RDPCDD

*Deregistered* - RpcSs

*Deregistered* - SamSs

*Deregistered* - Schedule

*Deregistered* - seclogon

*Deregistered* - SENS

*Deregistered* - ShellHWDetection

*Deregistered* - SoftFax

*Deregistered* - Spooler

*Deregistered* - sr

*Deregistered* - srservice

*Deregistered* - Srv

*Deregistered* - SSDPSRV

*Deregistered* - swenum

*Deregistered* - TapiSrv

*Deregistered* - Tcpip

*Deregistered* - TermDD

*Deregistered* - TermService

*Deregistered* - Themes

*Deregistered* - Tones

*Deregistered* - TrkWks

*Deregistered* - Update

*Deregistered* - V124

*Deregistered* - VgaSave

*Deregistered* - VolSnap

*Deregistered* - W32Time

*Deregistered* - Wanarp

*Deregistered* - WebClient

*Deregistered* - winmgmt

*Deregistered* - WS2IFSL

*Deregistered* - wuauserv

*Deregistered* - WudfPf

*Deregistered* - WudfSvc

*Deregistered* - WZCSVC

.

Contents of the 'Scheduled Tasks' folder

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

mWindow Title = Microsoft Internet Explorer

IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: musicmatch.com\online

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\

FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-16 22:34

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3428)

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\msi.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\wscntfy.exe

c:\progra~1\MUSICM~1\MUSICM~1\MMDiag.exe

c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe

.

**************************************************************************

.

Completion time: 2009-05-17 22:48 - machine was rebooted

ComboFix-quarantined-files.txt 2009-05-17 02:48

ComboFix2.txt 2009-03-18 22:53

ComboFix3.txt 2009-03-18 21:44

ComboFix4.txt 2009-02-20 23:39

ComboFix5.txt 2009-05-17 02:08

Pre-Run: 20,198,514,688 bytes free

Post-Run: 20,208,234,496 bytes free

314 --- E O F --- 2009-05-13 22:08

I was told to write this down and to reboot computer

c:/windows/system32/ntos.exe

HIJACK THIS LOG

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:50:15 PM, on 16/05/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe

C:\Program Files\D-Link\AirPlus G\AirGCFG.exe

C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\The Hidden Object Show Season 2\Images\stg_drm.ocx

O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatieControl Object) - http://zone.msn.com/bingame/choc/default/C...eb.1.0.0.15.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1213917412731

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1213962550419

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Elizabeth Find, MD - Diagnosis Mystery\Images\armhelper.ocx

O16 - DPF: {E9B80D94-D8BC-43DE-9138-75605A8D9666} (CPlayFirstWeddingDasControl Object) - http://zone.msn.com/bingame/wedd/default/W...sh.1.0.0.50.cab

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--

End of file - 5000 bytes

Link to post
Share on other sites

Hello again,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

File::

C:\4B.tmp

C:\4A.tmp

C:\49.tmp

C:\48.tmp

C:\12.tmp

C:\47.tmp

C:\46.tmp

C:\45.tmp

C:\44.tmp

C:\3E.tmp

C:\43.tmp

C:\42.tmp

C:\41.tmp

C:\40.tmp

C:\3F.tmp

C:\3A.tmp

C:\3D.tmp

C:\3C.tmp

C:\3B.tmp

C:\2B.tmp

C:\1D.tmp

C:\1C.tmp

C:\1B.tmp

C:\1A.tmp

C:\19.tmp

C:\18.tmp

C:\17.tmp

C:\16.tmp

C:\15.tmp

C:\14.tmp

C:\13.tmp

C:\10.tmp

C:\11.tmp

C:\F.tmp

C:\A.tmp

C:\9.tmp

C:\8.tmp

C:\7.tmp

C:\6.tmp

C:\5.tmp

C:\4.tmp

C:\3.tmp

C:\E.tmp

C:\D.tmp

C:\C.tmp

C:\B.tmp

c:\windows\system32\2D.tmp

cc:\windows\system32\2C.tmp

c:\windows\system32\2A.tmp

c:\windows\system32\28.tmp

c:\windows\system32\27.tmp

c:\windows\system32\26.tmp

c:\windows\system32\25.tmp

c:\windows\system32\23.tmp

c:\windows\system32\22.tmp

c:\windows\system32\21.tmp

c:\windows\system32\20.tmp

c:\windows\system32\1F.tmp

c:\windows\system32\1E.tmp

c:\windows\system32\1D.tmp

c:\windows\system32\1C.tmp

c:\windows\system32\1B.tmp

c:\windows\system32\1A.tmp

c:\windows\system32\19.tmp

c:\windows\system32\18.tmp

c:\windows\system32\17.tmp

c:\windows\system32\16.tmp

c:\windows\system32\15.tmp

c:\windows\system32\14.tmp

c:\windows\system32\13.tmp

c:\windows\system32\12.tmp

c:\windows\system32\11.tmp

c:\windows\system32\10.tmp

c:\windows\system32\nuvameje.dll.vir

c:\windows\iun6002.exe

c:\windows\system32\vbzip10.dll

Rootkit::

C:\WINDOWS\system32\ntos.exe

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Link to post
Share on other sites

ComboFix 09-05-17.08 - Owner 18/05/2009 15:53.6 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.254.124 [GMT -4:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt

FILE ::

C:\10.tmp

C:\11.tmp

C:\12.tmp

C:\13.tmp

C:\14.tmp

C:\15.tmp

C:\16.tmp

C:\17.tmp

C:\18.tmp

C:\19.tmp

C:\1A.tmp

C:\1B.tmp

C:\1C.tmp

C:\1D.tmp

C:\2B.tmp

C:\3.tmp

C:\3A.tmp

C:\3B.tmp

C:\3C.tmp

C:\3D.tmp

C:\3E.tmp

C:\3F.tmp

C:\4.tmp

C:\40.tmp

C:\41.tmp

C:\42.tmp

C:\43.tmp

C:\44.tmp

C:\45.tmp

C:\46.tmp

C:\47.tmp

C:\48.tmp

C:\49.tmp

C:\4A.tmp

C:\4B.tmp

C:\5.tmp

C:\6.tmp

C:\7.tmp

C:\8.tmp

C:\9.tmp

C:\A.tmp

C:\B.tmp

C:\C.tmp

C:\D.tmp

C:\E.tmp

C:\F.tmp

c:\windows\iun6002.exe

c:\windows\system32\10.tmp

c:\windows\system32\11.tmp

c:\windows\system32\12.tmp

c:\windows\system32\13.tmp

c:\windows\system32\14.tmp

c:\windows\system32\15.tmp

c:\windows\system32\16.tmp

c:\windows\system32\17.tmp

c:\windows\system32\18.tmp

c:\windows\system32\19.tmp

c:\windows\system32\1A.tmp

c:\windows\system32\1B.tmp

c:\windows\system32\1C.tmp

c:\windows\system32\1D.tmp

c:\windows\system32\1E.tmp

c:\windows\system32\1F.tmp

c:\windows\system32\20.tmp

c:\windows\system32\21.tmp

c:\windows\system32\22.tmp

c:\windows\system32\23.tmp

c:\windows\system32\25.tmp

c:\windows\system32\26.tmp

c:\windows\system32\27.tmp

c:\windows\system32\28.tmp

c:\windows\system32\2A.tmp

c:\windows\system32\2D.tmp

c:\windows\system32\nuvameje.dll.vir

c:\windows\system32\vbzip10.dll

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\10.tmp

C:\11.tmp

C:\12.tmp

C:\13.tmp

C:\14.tmp

C:\15.tmp

C:\16.tmp

C:\17.tmp

C:\18.tmp

C:\19.tmp

C:\1A.tmp

C:\1B.tmp

C:\1C.tmp

C:\1D.tmp

C:\2B.tmp

C:\3.tmp

C:\3A.tmp

C:\3B.tmp

C:\3C.tmp

C:\3D.tmp

C:\3E.tmp

C:\3F.tmp

C:\4.tmp

C:\40.tmp

C:\41.tmp

C:\42.tmp

C:\43.tmp

C:\44.tmp

C:\45.tmp

C:\46.tmp

C:\47.tmp

C:\48.tmp

C:\49.tmp

C:\4A.tmp

C:\4B.tmp

C:\5.tmp

C:\6.tmp

C:\7.tmp

C:\8.tmp

C:\9.tmp

C:\A.tmp

C:\B.tmp

C:\C.tmp

C:\D.tmp

C:\E.tmp

C:\F.tmp

c:\windows\iun6002.exe

c:\windows\system32\10.tmp

c:\windows\system32\11.tmp

c:\windows\system32\12.tmp

c:\windows\system32\13.tmp

c:\windows\system32\14.tmp

c:\windows\system32\15.tmp

c:\windows\system32\16.tmp

c:\windows\system32\17.tmp

c:\windows\system32\18.tmp

c:\windows\system32\19.tmp

c:\windows\system32\1A.tmp

c:\windows\system32\1B.tmp

c:\windows\system32\1C.tmp

c:\windows\system32\1D.tmp

c:\windows\system32\1E.tmp

c:\windows\system32\1F.tmp

c:\windows\system32\20.tmp

c:\windows\system32\21.tmp

c:\windows\system32\22.tmp

c:\windows\system32\23.tmp

c:\windows\system32\25.tmp

c:\windows\system32\26.tmp

c:\windows\system32\27.tmp

c:\windows\system32\28.tmp

c:\windows\system32\2A.tmp

c:\windows\system32\2D.tmp

c:\windows\system32\ntos.exe

c:\windows\system32\nuvameje.dll.vir

c:\windows\system32\vbzip10.dll

.

((((((((((((((((((((((((( Files Created from 2009-04-18 to 2009-05-18 )))))))))))))))))))))))))))))))

.

2009-05-14 22:53 . 2009-05-14 22:53 -------- d-----w C:\_OTMoveIt

2009-05-05 22:26 . 2009-05-10 21:56 -------- d-----w c:\program files\Windows Media Connect 2

2009-05-05 22:21 . 2009-05-05 23:57 -------- d-----w c:\windows\system32\drivers\UMDF

2009-05-01 09:10 . 2009-05-01 09:10 -------- d-s---w c:\windows\system32\config\systemprofile\UserData

2009-04-23 21:39 . 2009-04-23 21:39 -------- d-----w c:\windows\data_0001810hapfp

2009-04-23 21:07 . 2009-04-23 21:50 -------- d-----w c:\program files\Tetris

2009-04-21 23:32 . 2009-04-21 23:32 -------- d-----w c:\program files\Selectsoft

2009-04-20 19:59 . 2009-05-05 22:21 -------- d-----w c:\windows\system32\LogFiles

2009-04-20 19:14 . 2009-04-20 19:14 -------- d-----w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Musicmatch

2009-04-20 19:13 . 2009-04-20 19:13 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Musicmatch

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-17 02:17 . 2001-08-18 12:00 182912 ----a-w c:\windows\system32\drivers\ndis.sys

2009-05-09 23:37 . 2008-06-29 21:10 -------- d-----w c:\program files\Yahoo! Games

2009-05-01 09:07 . 2009-05-01 09:07 0 ----a-w C:\39.tmp

2009-04-30 09:06 . 2009-04-30 09:06 38 ----a-w C:\2A.tmp

2009-04-30 09:06 . 2009-04-30 09:06 0 ----a-w C:\29.tmp

2009-04-30 09:06 . 2009-04-30 09:06 0 ----a-w C:\28.tmp

2009-04-30 09:06 . 2009-04-30 09:06 0 ----a-w C:\27.tmp

2009-04-30 09:06 . 2009-04-30 09:06 0 ----a-w C:\26.tmp

2009-04-30 09:06 . 2009-04-30 09:06 0 ----a-w C:\25.tmp

2009-04-30 09:06 . 2009-04-30 09:06 0 ----a-w C:\24.tmp

2009-04-30 09:06 . 2009-04-30 09:06 0 ----a-w C:\23.tmp

2009-04-30 09:06 . 2009-04-30 09:06 0 ----a-w C:\22.tmp

2009-04-30 09:06 . 2009-04-30 09:06 0 ----a-w C:\21.tmp

2009-04-30 09:06 . 2009-04-30 09:06 0 ----a-w C:\20.tmp

2009-04-30 09:06 . 2009-04-30 09:06 0 ----a-w C:\1F.tmp

2009-04-30 09:06 . 2009-04-30 09:06 54784 ----a-w C:\1E.tmp

2009-04-13 21:44 . 2009-01-06 00:46 -------- d-----w c:\program files\ANI

2009-04-13 21:44 . 2008-06-16 18:41 -------- d--h--w c:\program files\InstallShield Installation Information

2009-04-13 21:42 . 2009-04-13 21:42 -------- d-----w c:\program files\D-Link

2009-04-13 21:12 . 2008-06-16 18:41 -------- d-----w c:\program files\Common Files\InstallShield

2009-04-08 09:21 . 2009-04-08 09:21 0 ----a-w c:\windows\system32\2C.tmp

2009-04-04 13:14 . 2009-04-04 13:14 -------- d-----w c:\program files\MSECache

2009-03-24 22:33 . 2008-06-18 15:29 64368 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-03-23 20:04 . 2009-03-22 22:21 114 ----a-w c:\windows\de04ch5.dat

2009-03-22 22:46 . 2009-03-19 20:00 -------- d-----w c:\program files\Family Feud Dream Home

2009-03-22 22:20 . 2009-03-22 22:20 -------- d-----w c:\program files\detest5

2009-03-22 21:29 . 2009-03-22 21:29 -------- d-----w c:\program files\Common Files\SWF Studio

2009-03-22 21:29 . 2009-03-22 21:29 -------- d-----w c:\program files\KAZ Typing Test

2009-03-20 22:14 . 2009-03-20 22:14 81 ----a-w C:\CTX.DAT

2009-03-20 22:03 . 2009-01-25 16:00 410984 ----a-w c:\windows\system32\deploytk.dll

2009-03-20 22:03 . 2008-06-18 17:05 -------- d-----w c:\program files\Java

2009-03-06 14:44 . 2001-08-18 12:00 283648 ----a-w c:\windows\system32\pdh.dll

2009-02-20 08:30 . 2009-02-19 17:01 81920 ------w c:\windows\system32\ieencode.dll

2009-02-20 08:30 . 2001-08-18 12:00 659456 ----a-w c:\windows\system32\wininet.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-05-17_02.35.04 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-05-18 20:04 . 2009-05-18 20:04 16384 c:\windows\temp\Perflib_Perfdata_610.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2006-01-19 110592]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-06-17 98304]

"IgfxTray"="c:\windows\System32\igfxtray.exe" [2002-06-19 155648]

"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2002-06-19 114688]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-11 180269]

"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe" [2006-01-19 11776]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-20 148888]

"D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2007-04-14 1556480]

"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

--- Other Services/Drivers In Memory ---

*Deregistered* - AFD

*Deregistered* - ALG

*Deregistered* - ANIO

*Deregistered* - ANIWZCSdService

*Deregistered* - AudioSrv

*Deregistered* - audstub

*Deregistered* - Beep

*Deregistered* - BITS

*Deregistered* - Browser

*Deregistered* - Cdfs

*Deregistered* - CryptSvc

*Deregistered* - DcomLaunch

*Deregistered* - Dhcp

*Deregistered* - Dnscache

*Deregistered* - ERSvc

*Deregistered* - EventSystem

*Deregistered* - Fallback

*Deregistered* - FastUserSwitchingCompatibility

*Deregistered* - Fips

*Deregistered* - FltMgr

*Deregistered* - Fsks

*Deregistered* - Ftdisk

*Deregistered* - Gpc

*Deregistered* - helpsvc

*Deregistered* - HTTP

*Deregistered* - HTTPFilter

*Deregistered* - IpNat

*Deregistered* - IPSec

*Deregistered* - JavaQuickStarterService

*Deregistered* - K56

*Deregistered* - KSecDD

*Deregistered* - lanmanserver

*Deregistered* - lanmanworkstation

*Deregistered* - LmHosts

*Deregistered* - MDM

*Deregistered* - mdmxsdk

*Deregistered* - mnmdd

*Deregistered* - Mouclass

*Deregistered* - MountMgr

*Deregistered* - MRxDAV

*Deregistered* - MRxSmb

*Deregistered* - Msfs

*Deregistered* - mssmbios

*Deregistered* - Mup

*Deregistered* - NDIS

*Deregistered* - NdisTapi

*Deregistered* - Ndisuio

*Deregistered* - NdisWan

*Deregistered* - NDProxy

*Deregistered* - NetBIOS

*Deregistered* - NetBT

*Deregistered* - Netman

*Deregistered* - Nla

*Deregistered* - Npfs

*Deregistered* - Ntfs

*Deregistered* - Null

*Deregistered* - OMCI

*Deregistered* - PartMgr

*Deregistered* - ParVdm

*Deregistered* - Pcmcia

*Deregistered* - PolicyAgent

*Deregistered* - PptpMiniport

*Deregistered* - ProtectedStorage

*Deregistered* - PSched

*Deregistered* - RasAcd

*Deregistered* - Rasl2tp

*Deregistered* - RasMan

*Deregistered* - RasPppoe

*Deregistered* - Raspti

*Deregistered* - Rdbss

*Deregistered* - RDPCDD

*Deregistered* - RpcSs

*Deregistered* - SamSs

*Deregistered* - Schedule

*Deregistered* - seclogon

*Deregistered* - SENS

*Deregistered* - ShellHWDetection

*Deregistered* - SoftFax

*Deregistered* - Spooler

*Deregistered* - sr

*Deregistered* - srservice

*Deregistered* - Srv

*Deregistered* - SSDPSRV

*Deregistered* - swenum

*Deregistered* - TapiSrv

*Deregistered* - Tcpip

*Deregistered* - TermDD

*Deregistered* - TermService

*Deregistered* - Themes

*Deregistered* - Tones

*Deregistered* - TrkWks

*Deregistered* - Update

*Deregistered* - V124

*Deregistered* - VgaSave

*Deregistered* - VolSnap

*Deregistered* - W32Time

*Deregistered* - Wanarp

*Deregistered* - WebClient

*Deregistered* - winmgmt

*Deregistered* - WS2IFSL

*Deregistered* - wuauserv

*Deregistered* - WudfPf

*Deregistered* - WudfSvc

*Deregistered* - WZCSVC

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

mWindow Title = Microsoft Internet Explorer

IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: musicmatch.com\online

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\

FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-18 16:04

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2632)

c:\windows\system32\msi.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\wscntfy.exe

c:\progra~1\MUSICM~1\MUSICM~1\MMDiag.exe

c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe

.

**************************************************************************

.

Completion time: 2009-05-18 16:18 - machine was rebooted

ComboFix-quarantined-files.txt 2009-05-18 20:18

ComboFix2.txt 2009-05-17 02:48

ComboFix3.txt 2009-03-18 22:53

ComboFix4.txt 2009-03-18 21:44

ComboFix5.txt 2009-05-18 19:50

Pre-Run: 19,993,059,328 bytes free

Post-Run: 19,978,661,888 bytes free

394 --- E O F --- 2009-05-13 22:08

Link to post
Share on other sites

Hi,

Lets run an F-Secure online scan for Viruses, Spyware and RootKits:

  • Go to http://support.f-secure.com/enu/home/ols.shtml
  • Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
  • Allow the Active X control to be installed on your computer, then click the Accept button
  • Click Full System Scan and allow the components to download and the scan to complete.
  • If malware is found, check Submit samples to F-Secure then select Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post

If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan

  • When the cleaning option is presented, Uncheck Submit samples to F-Secure
  • Click Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post

Notes:

  • This scan will only work with Internet Explorer
  • You must have administrator rights to run this scan
  • This scan can take several hours, so please be patient

Link to post
Share on other sites
  • 3 weeks later...

Hi,

Lets try a different scan then.

Please go HERE to run Panda ActiveScan 2.0

  • Click the big green Scan now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • Once the scan is completed, please hit the notepad icon next to the text Export to:
  • Save it to a convenient location such as your Desktop
  • Post the contents of the ActiveScan.txt in your next reply

Link to post
Share on other sites

;*******************************************************************************

*********************************************************************************

*******************

ANALYSIS: 2009-06-04 15:42:57

PROTECTIONS: 0

MALWARE: 52

SUSPECTS: 22

;*******************************************************************************

*********************************************************************************

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

=================================================================================

===================

;===============================================================================

=================================================================================

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

=================================================================================

===================

00003729 spyware/conducent-timesink Spyware No 0 Yes No hkey_current_user\software\timesink, inc.

00003729 spyware/conducent-timesink Spyware No 0 Yes No hkey_local_machine\software\timesink, inc.

00003729 spyware/conducent-timesink Spyware No 0 Yes No c:\program files\timesink

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\WINDOWS\system32\config\systemprofile\Cookies\system@doubleclick[1].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\WINDOWS\system32\config\systemprofile\Cookies\system@atdmt[1].txt

00560149 W32/P2PWorm.Y.worm Virus/Worm No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\dpnlobby32.dll.vir

00560149 W32/P2PWorm.Y.worm Virus/Worm No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\_dpnlobby32_.dll.zip[dpnlobby32.dll]

00569747 Spyware/Virtumonde Spyware No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\qigkdfeq.dll.vir

00569747 Spyware/Virtumonde Spyware No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\wkzrha.dll.vir

00590315 Rootkit/Agent.LNB HackTools No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP83\A0025677.sys

00590315 Rootkit/Agent.LNB HackTools No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP101\A0047869.sys

00610370 W32/P2PWorm.AB.worm Virus/Worm No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\45.keygen.zip.vir[setup.exe]

00610370 W32/P2PWorm.AB.worm Virus/Worm No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\46.serial.zip.vir[setup.exe]

00610370 W32/P2PWorm.AB.worm Virus/Worm No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\45.keygen.zip.vir[keygen/keygen.exe]

00610370 W32/P2PWorm.AB.worm Virus/Worm No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\44.unpack.zip.vir[self_extracting_archive.exe]

00610370 W32/P2PWorm.AB.worm Virus/Worm No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\41.crack.zip.vir[crack/CORE10k.EXE]

00610370 W32/P2PWorm.AB.worm Virus/Worm No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\41.crack.zip.vir[crack/crack.exe]

00610370 W32/P2PWorm.AB.worm Virus/Worm No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\41.crack.zip.vir[setup.exe]

00610370 W32/P2PWorm.AB.worm Virus/Worm No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\42.keymaker.zip.vir[keygen/keygen.exe]

00610370 W32/P2PWorm.AB.worm Virus/Worm No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\43.setup.zip.vir[setup.exe]

00610370 W32/P2PWorm.AB.worm Virus/Worm No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\43.setup.zip.vir[crack/patch.exe]

00610370 W32/P2PWorm.AB.worm Virus/Worm No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\46.serial.zip.vir[serial/serial.exe]

00625332 Spyware/Virtumonde Spyware No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\__c008D31A.dat.vir

00625332 Spyware/Virtumonde Spyware No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\___c002917C_.dat.zip[__c002917C.dat]

00625332 Spyware/Virtumonde Spyware No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\__c0044400.dat.vir

00625332 Spyware/Virtumonde Spyware No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\__c0021000.dat.vir

00654615 Trj/Spammer.ALU Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP83\A0025310.exe

00656624 Trj/Downloader.VOV Virus/Trojan No 0 Yes No C:\_OTMoveIt\MovedFiles\05142009_185305\Documents and Settings\Owner\Application Data\nidle\NIDLE.0XE

00656624 Trj/Downloader.VOV Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP83\A0024321.exe

00656624 Trj/Downloader.VOV Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP140\A0065313.exe

00656624 Trj/Downloader.VOV Virus/Trojan No 0 Yes No C:\_OTMoveIt\MovedFiles\05142009_185305\Documents and Settings\Owner\Application Data\nidle\nidle.ex_

00674120 Adware/SystemSecurity Adware No 0 Yes No C:\Documents and Settings\All Users\Application Data\1447988137\1331176861.exe

00702406 Trj/Downloader.VRN Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP83\A0025309.exe

00702406 Trj/Downloader.VRN Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP124\A0054733.exe

00702417 Trj/Clicker.ANV Virus/Trojan No 1 Yes No C:\Documents and Settings\Owner\Application Data\Messenger\Sys\mu.dll

00702417 Trj/Clicker.ANV Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP73\A0023126.dll

00702417 Trj/Clicker.ANV Virus/Trojan No 1 Yes No C:\Documents and Settings\Owner\Application Data\Messenger\Drivers\MsgUpdate.dll

00702417 Trj/Clicker.ANV Virus/Trojan No 1 No No C:\WINDOWS\system32\kt\conf02091b.exe[MsgUpdate.dll]

00702417 Trj/Clicker.ANV Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP73\A0023123.dll

00715171 Trj/Downloader.VQL Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP83\A0025606.exe

00715171 Trj/Downloader.VQL Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84\A0025844.exe

00716215 Adware/VapSup Adware No 0 Yes No C:\Documents and Settings\Owner\Application Data\Messenger\Drivers\Aud32\msgasst.dll

00716322 Trj/BHO.DR Virus/Trojan No 0 Yes No C:\Documents and Settings\Owner\Application Data\Messenger\Drivers\Aud32\msgutil.dll

00721305 W32/Sality.AO Virus No 1 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP83\A0025648.exe

00737304 Rootkit/Lineage.KSS Virus No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84\A0026145.sys

00739483 Trj/Downloader.VSS Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP140\A0065314.exe

00739483 Trj/Downloader.VSS Virus/Trojan No 0 Yes No C:\_OTMoveIt\MovedFiles\05142009_185305\Documents and Settings\Owner\Application Data\digifast\DIGIFAST.0XE

00739483 Trj/Downloader.VSS Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP83\A0025703.exe

00814651 Trj/Downloader.VUF Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\13.tmp.vir

00814912 Trj/Downloader.VUF Virus/Trojan No 0 Yes No C:\_OTMoveIt\MovedFiles\05142009_185305\WINDOWS\system32\KJSDIOWQ8OIKF.0LL

00814912 Trj/Downloader.VUF Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP140\A0065311.dll

00814917 Trj/Downloader.VUF Virus/Trojan No 0 Yes No C:\_OTMoveIt\MovedFiles\05142009_185305\WINDOWS\temp\J1ICNS6S.0XE

00814917 Trj/Downloader.VUF Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP140\A0065310.exe

00814917 Trj/Downloader.VUF Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP140\A0065309.exe

00814917 Trj/Downloader.VUF Virus/Trojan No 0 Yes No C:\_OTMoveIt\MovedFiles\05142009_185305\WINDOWS\temp\KSCS4O5AYB.0XE

00892791 JS/Sality.AO Virus No 0 Yes No C:\Program Files\Mozilla Firefox\res\hiddenWindow.html

00892791 JS/Sality.AO Virus No 0 Yes No C:\WINDOWS\Help\migwiz.htm

00892791 JS/Sality.AO Virus No 0 Yes No C:\Program Files\NetMeeting\netmeet.htm

00892791 JS/Sality.AO Virus No 0 Yes No C:\WINDOWS\Help\ixqlang.htm

00892791 JS/Sality.AO Virus No 0 Yes No C:\Program Files\Yahoo! Games\Emerald City Confidential\readme.htm

00892791 JS/Sality.AO Virus No 0 Yes No C:\WINDOWS\Help\ciadmin.htm

00915568 Adware/Suurch Adware No 1 Yes No C:\_OTMoveIt\MovedFiles\05142009_185305\Documents and Settings\Owner\LOCALS~1\Temp\570833324.0XE

00915568 Adware/Suurch Adware No 1 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP140\A0065312.exe

00915574 Trj/Downloader.VWJ Virus/Trojan No 0 Yes No C:\_OTMoveIt\MovedFiles\05142009_185305\WINDOWS\temp\mvtmymxi.exe

00915574 Trj/Downloader.VWJ Virus/Trojan No 0 Yes No C:\_OTMoveIt\MovedFiles\05142009_185305\WINDOWS\temp\ur40dz.exe

00915749 JS/Sality.AO Virus No 0 Yes No C:\WINDOWS\Help\ciquery.htm

00926642 Trj/Dropper.AIE Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84\A0026143.exe

00926821 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84\A0026162.exe

00931441 Bck/Gh0stRat.D Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84\A0026141.dll

00948556 W32/Protector.A Virus No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\ndis.sys.vir

00948556 W32/Protector.A Virus No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP128\A0054938.sys

00948556 W32/Protector.A Virus No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP128\A0054937.sys

01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP64\A0022730.EXE

02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP129\A0055121.sys

02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP128\A0054944.sys

02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP128\A0054918.sys

02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP64\A0022707.sys

02906063 Bck/VB.ABN Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\Fonts\a.zip.vir[setup.exe]

03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\_OTMoveIt\MovedFiles\05142009_185305\WINDOWS\system32\sdrgfcvbf.dll

03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\rukcng.dll.vir

03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\3A.tmp.vir

03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\_OTMoveIt\MovedFiles\05142009_185305\WINDOWS\temp\d4dhv2gu.exe

03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\tqtraqcu.dll.vir

03074964 Trj/CI.A Virus/Trojan No 0 No No C:\WINDOWS\system32\kt\conf02091b.exe[bHOInstaller.exe]

03491464 W32/Patched.D Virus No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84\A0026156.dll

03491464 W32/Patched.D Virus No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84\A0026262.DLL

04853766 Generic Trojan Virus/Trojan No 0 Yes No C:\!FixIEDef\1.tmp

04881591 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\42.keymaker.zip.vir[setup.exe]

04946060 Generic Trojan Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\kjepncko.dll.vir

04946060 Generic Trojan Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\zdnvjq.dll.vir

04966615 Generic Trojan Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\ndqnvhgv.dll.vir

04966615 Generic Trojan Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\sjiznr.dll.vir

04980826 Trj/Zlob.KH Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP83\A0025566.exe

04980826 Trj/Zlob.KH Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP140\A0065308.exe

05066600 Generic Trojan Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\rnqcp.exe.vir

05342462 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84\A0026147.exe

05347963 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP83\A0025651.exe

05355088 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP83\A0025314.exe

05374530 Trj/Sinowal.DW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84\A0026159.exe

05388521 Trj/Zlob.KH Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84\A0026154.exe

05391596 Trj/Agent.DPE Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP83\A0025316.exe

05400339 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP83\A0025353.exe

05402331 Trj/Zlob.KH Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84\A0026148.dll

05404008 Adware/AccesMembre Adware No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84\A0026144.sys

05404064 W32/Socks.E.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84\A0026263.dll

05449092 Generic Trojan Virus/Trojan No 0 Yes No C:\_OTMoveIt\MovedFiles\05142009_185305\WINDOWS\temp\ml2i872r.exe

;===============================================================================

=================================================================================

===================

SUSPECTS

Sent Location )

;===============================================================================

=================================================================================

===================

Yes C:\Documents and Settings\Owner\Application Data\Messenger\Drivers\phuninst.dll )

Yes C:\Documents and Settings\Owner\Desktop\ComboFix.exe[32788R22FWJFW\n.com] )

Yes C:\Documents and Settings\Owner\Desktop\ComboFix.exe[32788R22FWJFW\NirCmd.cfexe] )

Yes C:\Documents and Settings\Owner\Desktop\Extra Files\win32.exe )

Yes C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP128\A0054925.exe )

Yes C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP128\A0054995.com )

Yes C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP128\A0054997.com )

Yes C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP129\A0055035.exe[32788R22FWJFW\NirCmd.cfexe]

Yes C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP129\A0055035.exe[32788R22FWJFW\n.com]

Yes C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP129\A0055076.com )

Yes C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP129\A0055078.com )

Yes C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP129\A0055101.exe )

Yes C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP129\A0055170.com )

Yes C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP129\A0055172.com )

Yes C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP128\A0054900.exe )

Yes C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP63\A0022630.exe )

Yes C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP73\A0023125.dll )

Yes C:\WINDOWS\NIRCMD.exe )

Yes C:\WINDOWS\system32\kt\conf02091b.exe[phuninst.dll] )

Yes C:\WINDOWS\system32\hsfiun3487dll )

Yes C:\WINDOWS\system32\kt\conf02091b.exe[igfxSys.dll] )

Yes C:\_OTMoveIt\MovedFiles\05142009_185305\Documents and Settings\Owner\Application Data\Messenger\Drivers\IgfxSys.dll

;===============================================================================

=================================================================================

===================

VULNERABILITIES

Id Severity Description )

;===============================================================================

=================================================================================

===================

184380 MEDIUM MS08-002 )

184379 MEDIUM MS08-001 )

182048 HIGH MS07-069 )

182046 HIGH MS07-067 )

182043 HIGH MS07-064 )

179553 HIGH MS07-061 )

176382 HIGH MS07-057 )

176383 HIGH MS07-058 )

170911 HIGH MS07-050 )

170907 HIGH MS07-046 )

170906 HIGH MS07-045 )

170904 HIGH MS07-043 )

164915 HIGH MS07-035 )

164913 HIGH MS07-033 )

164911 HIGH MS07-031 )

160623 HIGH MS07-027 )

157262 HIGH MS07-022 )

157261 HIGH MS07-021 )

157260 HIGH MS07-020 )

157259 HIGH MS07-019 )

156477 HIGH MS07-017 )

150253 HIGH MS07-016 )

150249 HIGH MS07-013 )

150248 HIGH MS07-012 )

150247 HIGH MS07-011 )

150243 HIGH MS07-008 )

150242 HIGH MS07-007 )

150241 MEDIUM MS07-006 )

141034 HIGH MS06-076 )

141033 MEDIUM MS06-075 )

141030 HIGH MS06-072 )

137571 HIGH MS06-070 )

137568 HIGH MS06-067 )

133387 MEDIUM MS06-065 )

133386 MEDIUM MS06-064 )

133385 MEDIUM MS06-063 )

133379 HIGH MS06-057 )

131654 HIGH MS06-055 )

129977 MEDIUM MS06-053 )

129976 MEDIUM MS06-052 )

126093 HIGH MS06-051 )

126092 MEDIUM MS06-050 )

126087 HIGH MS06-046 )

126086 MEDIUM MS06-045 )

126083 HIGH MS06-042 )

126082 HIGH MS06-041 )

126081 HIGH MS06-040 )

123421 HIGH MS06-036 )

123420 HIGH MS06-035 )

120825 MEDIUM MS06-032 )

120823 MEDIUM MS06-030 )

120818 HIGH MS06-025 )

120815 HIGH MS06-022 )

120814 HIGH MS06-021 )

117384 MEDIUM MS06-018 )

114666 HIGH MS06-015 )

114664 HIGH MS06-013 )

108744 MEDIUM MS06-008 )

108743 MEDIUM MS06-007 )

108742 MEDIUM MS06-006 )

104567 HIGH MS06-002 )

104237 HIGH MS06-001 )

96574 HIGH MS05-053 )

93395 HIGH MS05-051 )

93394 HIGH MS05-050 )

93454 MEDIUM MS05-049 )

;===============================================================================

=================================================================================

===================

Link to post
Share on other sites

Hi,

Download Dr.Web CureIt to the desktop:

ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.

Link to post
Share on other sites

__c0013A16.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c0019544.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c00210E4.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c0023CC6.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c0025964.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c002A68A.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c002F1E4.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c0034F69.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c0042D21.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c0044C2B.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c004AF7B.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c004C291.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c0051F8F.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c0052589.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c005670D.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c0058519.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c0059AEE.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c005E189.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c0061FB5.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c0065744.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c0068A40.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c006961B.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c006FE92.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c007592E.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c007D907.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c0086EC0.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c008D81A.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c008E442.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c00912FE.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c0094E24.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c0096412.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c009AF9A.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c009CFE2.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c009E490.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c009EE1C.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c00A024E.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c00A481B.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c00A4916.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c00A5BC1.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c00A6853.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c00AA101.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c00AA59C.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c00B4731.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c00B7984.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c00BB0C4.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c00BBF55.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c00BE2B5.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c00C3440.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c00C4CC1.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c00C7EFE.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c00C9254.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c00CA6E4.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c00D7B79.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c00DB189.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c00DB1B2.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c00DF600.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c00E6129.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c00E65D1.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c00E8841.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c00EA9A1.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c00F38C4.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c00F3964.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c00F4BC0.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c00F6B82.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c00F7A7A.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

__c00FF2EC.dat;C:\!FixIEDef;Probably Trojan.Packed.338;;

SSC.exe\data005;C:\aolextras\SSC.exe;Probably BACKDOOR.Trojan;;

SSC.exe;C:\aolextras;Archive contains infected objects;Moved.;

ComboFix.exe/data002\32788R22FWJFW\FIND3M.bat;C:\Documents and Settings\Owner\Desktop\ComboFix.exe/data002;Probably BATCH.Virus;;

data002;C:\Documents and Settings\Owner\Desktop;Archive contains infected objects;;

ComboFix.exe;C:\Documents and Settings\Owner\Desktop;Container contains infected objects;Moved.;

SDFix.exe\SDFix\apps\Process.exe;C:\Documents and Settings\Owner\Desktop\Extra Files\SDFix.exe;Tool.Prockill;;

SDFix.exe;C:\Documents and Settings\Owner\Desktop\Extra Files;Archive contains infected objects;Moved.;

win32.exe;C:\Documents and Settings\Owner\Desktop\Extra Files;Trojan.Packed.375;Deleted.;

IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe\data003;C:\Documents and Settings\Owner\My Documents\IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe;Adware.MyWebSearch.4;;

IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe\data008;C:\Documents and Settings\Owner\My Documents\IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe;Adware.MWS.75;;

IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe\data009;C:\Documents and Settings\Owner\My Documents\IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe;Adware.MyWebSearch.7;;

IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe\data010;C:\Documents and Settings\Owner\My Documents\IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe;Adware.MWS.82;;

IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe\data011;C:\Documents and Settings\Owner\My Documents\IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe;Adware.Websearch.7;;

IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe\data012;C:\Documents and Settings\Owner\My Documents\IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe;Adware.Websearch.35;;

IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe\data013;C:\Documents and Settings\Owner\My Documents\IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe;Adware.MWS.74;;

IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe\data014;C:\Documents and Settings\Owner\My Documents\IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe;Adware.MWS.76;;

IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe\data015;C:\Documents and Settings\Owner\My Documents\IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe;Adware.MyWebSearch.14;;

IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe\data016;C:\Documents and Settings\Owner\My Documents\IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe;Adware.MyWebSearch.11;;

IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe\data020;C:\Documents and Settings\Owner\My Documents\IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe;Adware.MyWebSearch.8;;

IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe\data021;C:\Documents and Settings\Owner\My Documents\IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe;Adware.MyWebSearch.10;;

IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe\data022;C:\Documents and Settings\Owner\My Documents\IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe;Adware.Msearch;;

IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe\data023;C:\Documents and Settings\Owner\My Documents\IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe;Adware.MyWebSearch.9;;

IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe\data025;C:\Documents and Settings\Owner\My Documents\IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe;Adware.MWS;;

IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe\data028;C:\Documents and Settings\Owner\My Documents\IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe;Adware.MyWebSearch.15;;

IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe\data031;C:\Documents and Settings\Owner\My Documents\IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe;Adware.MyWebSearch.12;;

IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe\data032;C:\Documents and Settings\Owner\My Documents\IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe;Adware.Websearch.8;;

mwsSetup.CommonCodebase.exe;C:\Documents and Settings\Owner\My Documents;Container contains infected objects;;

data001;C:\Documents and Settings\Owner\My Documents;Archive contains infected objects;;

IWONSetup2.3.50.45.ZLfox000.exe;C:\Documents and Settings\Owner\My Documents;Container contains infected objects;Moved.;

aolcinst.exe\core.cab\GTDOWNAO_106.ocx;C:\Program Files\Common Files\aolback\Comps\coach\aolcinst.exe;Adware.Gdown;;

aolcinst.exe;C:\Program Files\Common Files\aolback\Comps\coach;Archive contains infected objects;Moved.;

TSSetup.exe\data002;C:\Program Files\Common Files\aolback\Comps\tpspd\TSSetup.exe;Probably DLOADER.Trojan;;

TSSetup.exe;C:\Program Files\Common Files\aolback\Comps\tpspd;Archive contains infected objects;Moved.;

13.tmp.vir;C:\Qoobox\Quarantine\C;Trojan.Proxy.2684;Deleted.;

3.tmp.vir;C:\Qoobox\Quarantine\C;Trojan.Proxy.2684;Deleted.;

3A.tmp.vir;C:\Qoobox\Quarantine\C;Trojan.Proxy.2684;Deleted.;

rnqcp.exe.vir;C:\Qoobox\Quarantine\C;Trojan.DownLoad.28462;Deleted.;

a.zip.vir\Setup.exe;C:\Qoobox\Quarantine\C\WINDOWS\Fonts\a.zip.vir;Trojan.DownLoad.6032;;

a.zip.vir;C:\Qoobox\Quarantine\C\WINDOWS\Fonts;Archive contains infected objects;Moved.;

dpnlobby32.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.DownLoad.28458;Deleted.;

kjepncko.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Packed.375;Deleted.;

ndqnvhgv.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.78;Deleted.;

qigkdfeq.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Packed.375;Deleted.;

rukcng.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.78;Deleted.;

sjiznr.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.78;Deleted.;

tqtraqcu.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.78;Deleted.;

wkzrha.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Packed.375;Deleted.;

zdnvjq.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Packed.375;Deleted.;

__c0021000.dat.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Probably Trojan.Packed.338;;

__c0044400.dat.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Probably Trojan.Packed.338;;

__c008D31A.dat.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Probably Trojan.Packed.338;;

ndis.sys.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers;Trojan.NtRootKit.2670;Deleted.;

39.music.mp3.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest;Trojan.WMALoader;Cured.;

41.crack.zip.vir\crack/CORE10k.EXE;C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\41.crack.zip.vir;Trojan.MulDrop.23338;;

41.crack.zip.vir\crack/crack.exe;C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\41.crack.zip.vir;Trojan.MulDrop.23338;;

41.crack.zip.vir\setup.exe;C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\41.crack.zip.vir;Trojan.MulDrop.23338;;

41.crack.zip.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest;Archive contains infected objects;Moved.;

42.keymaker.zip.vir\keygen/keygen.exe;C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\42.keymaker.zip.vir;Trojan.MulDrop.23338;;

42.keymaker.zip.vir\setup.exe;C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\42.keymaker.zip.vir;Trojan.MulDrop.23338;;

42.keymaker.zip.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest;Archive contains infected objects;Moved.;

43.setup.zip.vir\crack/patch.exe;C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\43.setup.zip.vir;Trojan.MulDrop.23338;;

43.setup.zip.vir\setup.exe;C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\43.setup.zip.vir;Trojan.MulDrop.23338;;

43.setup.zip.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest;Archive contains infected objects;Moved.;

44.unpack.zip.vir\self_extracting_archive.exe;C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\44.unpack.zip.vir;Trojan.MulDrop.23338;;

44.unpack.zip.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest;Archive contains infected objects;Moved.;

45.keygen.zip.vir\keygen/keygen.exe;C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\45.keygen.zip.vir;Trojan.MulDrop.23338;;

45.keygen.zip.vir\setup.exe;C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\45.keygen.zip.vir;Trojan.MulDrop.23338;;

45.keygen.zip.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest;Archive contains infected objects;Moved.;

46.serial.zip.vir\serial/serial.exe;C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\46.serial.zip.vir;Trojan.MulDrop.23338;;

46.serial.zip.vir\setup.exe;C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\46.serial.zip.vir;Trojan.MulDrop.23338;;

46.serial.zip.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest;Archive contains infected objects;Moved.;

47.music.snd.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest;Trojan.WMALoader;Cured.;

Process.exe;C:\SDFix\apps;Tool.Prockill;;

A0048100.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP109;Trojan.Proxy.2684;Deleted.;

A0048121.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP110;Trojan.Proxy.2684;Deleted.;

A0050142.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP112;Trojan.Proxy.2684;Deleted.;

A0053528.exe\SDFix\apps\Process.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP122\A0053528.exe;Tool.Prockill;;

A0053528.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP122;Archive contains infected objects;Moved.;

A0053557.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP122;Tool.Prockill;;

A0054788.bat;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP127;Probably BATCH.Virus;;

A0054844.bat;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP127;Probably BATCH.Virus;;

A0054900.exe/data002\32788R22FWJFW\c.bat;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP128\A0054900.exe/data002;Probably BATCH.Virus;;

A0054900.exe/data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP128\A0054900.exe/data002;Program.PsExec.171;;

data002;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP128;Archive contains infected objects;;

A0054900.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP128;Container contains infected objects;Moved.;

A0054937.sys;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP128;Trojan.NtRootKit.2670;Deleted.;

A0054938.sys;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP128;Trojan.NtRootKit.2670;Deleted.;

A0055158.bat;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP129;Probably BATCH.Virus;;

A0065309.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP140;Trojan.Packed.2463;Incurable.Moved.;

A0065310.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP140;Trojan.Packed.2463;Incurable.Moved.;

A0065313.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP140;Trojan.DownLoad.32521;Deleted.;

A0065314.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP140;Trojan.Siggen.2321;Deleted.;

A0065325.exe\data005;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP141\A0065325.exe;Probably BACKDOOR.Trojan;;

A0065325.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP141;Archive contains infected objects;Moved.;

A0065326.exe/data002\32788R22FWJFW\FIND3M.bat;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP141\A0065326.exe/data002;Probably BATCH.Virus;;

data002;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP141;Archive contains infected objects;;

A0065326.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP141;Container contains infected objects;Moved.;

A0065327.exe\SDFix\apps\Process.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP141\A0065327.exe;Tool.Prockill;;

A0065327.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP141;Archive contains infected objects;Moved.;

A0065328.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP141;Trojan.Packed.375;Deleted.;

A0065329.exe\core.cab\GTDOWNAO_106.ocx;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP141\A0065329.exe;Adware.Gdown;;

A0065329.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP141;Archive contains infected objects;Moved.;

A0065330.exe\data002;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP141\A0065330.exe;Probably DLOADER.Trojan;;

A0065330.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP141;Archive contains infected objects;Moved.;

A0022381.bat;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP62;Probably BATCH.Virus;;

A0022454.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP63;Tool.Prockill;;

A0022613.bat;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP63;Probably BATCH.Virus;;

A0022630.exe/data002\32788R22FWJFW\c.bat;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP63\A0022630.exe/data002;Probably BATCH.Virus;;

A0022630.exe/data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP63\A0022630.exe/data002;Program.PsExec.171;;

data002;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP63;Archive contains infected objects;;

A0022630.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP63;Container contains infected objects;Moved.;

A0022638.bat;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP63;Probably BATCH.Virus;;

A0022714.bat;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP64;Probably BATCH.Virus;;

A0022730.EXE;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP64;Program.PsExec.170;;

A0024310.dll;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP83;Trojan.Virtumod.based.27;Incurable.Moved.;

A0024311.dll;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP83;Trojan.Virtumod.based.27;Incurable.Moved.;

A0024321.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP83;Trojan.DownLoad.32521;Deleted.;

A0025310.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP83;Trojan.DownLoad.32229;Deleted.;

A0025314.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP83;Trojan.Packed.255;Deleted.;

A0025332.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP83;Trojan.Packed.375;Deleted.;

A0025353.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP83;Trojan.Packed.2450;Deleted.;

A0025606.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP83;Trojan.Fakealert.4154;Deleted.;

A0025648.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP83;Win32.Virut.56;Cured.;

A0025651.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP83;Trojan.Packed.2450;Deleted.;

A0025703.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP83;Trojan.Siggen.2321;Deleted.;

A0025738.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025742.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025743.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025744.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025745.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025746.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025747.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025748.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025749.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025750.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025751.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025752.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025753.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025754.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025755.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025756.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025757.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025758.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025759.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025760.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025761.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025762.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025763.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025766.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025766.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Trojan.Siggen.2321;Deleted.;

A0025767.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025768.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025769.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025770.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025771.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025772.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025773.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025774.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025775.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025776.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025777.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025778.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025779.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025780.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025781.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025782.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025783.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025784.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025785.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025786.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025787.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025788.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025789.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025790.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025791.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025792.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025793.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025794.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025795.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025796.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025797.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025798.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025799.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025799.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Trojan.Packed.2450;Deleted.;

A0025800.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025801.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025802.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025802.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025803.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025804.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025805.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025806.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025807.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025808.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025809.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025810.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025811.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025812.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025813.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025814.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025815.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025816.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025817.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025818.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025819.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025820.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025821.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025822.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025823.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025824.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025825.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025826.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025827.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025828.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025829.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025830.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025831.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025832.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025833.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025834.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025835.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025836.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025837.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025838.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025839.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025840.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025841.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025842.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025843.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025844.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025844.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Trojan.Fakealert.4154;Deleted.;

A0025845.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025846.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025847.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025848.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025849.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025850.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025851.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025852.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025853.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025854.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025855.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025856.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025857.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025858.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025859.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025860.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025861.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025862.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025863.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025864.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025865.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025866.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025867.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025868.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025869.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025870.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025871.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025872.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025873.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025874.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025875.scr;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025876.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025877.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025878.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025879.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025880.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025881.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025882.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025883.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025884.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025885.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025886.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025887.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025888.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025889.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025890.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025891.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025892.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025893.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025894.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025895.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025896.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025897.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025898.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025899.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025900.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025901.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025902.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025903.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025904.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025905.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025906.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025907.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025908.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025909.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025910.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025911.scr;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025912.scr;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025913.scr;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025914.scr;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025915.scr;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025916.scr;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025917.scr;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025918.scr;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025919.scr;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025920.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025921.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025922.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025923.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025924.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025925.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025926.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025927.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025928.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025929.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025930.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025931.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025932.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025933.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025934.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025935.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025936.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025937.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025938.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025939.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025940.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025941.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025942.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025943.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025944.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025945.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025946.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025947.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025948.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025949.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025950.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025951.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025952.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025953.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025954.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025955.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025956.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025957.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025958.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025959.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025960.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025961.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025962.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025963.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025964.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025965.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025966.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025967.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025968.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025969.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025970.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025971.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025972.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025973.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025974.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025975.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025976.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025977.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025978.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025979.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025980.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025981.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025982.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025983.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025984.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025985.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025986.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025987.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025988.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025989.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025990.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025991.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025992.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025993.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025994.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025995.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025996.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025997.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025998.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0025999.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026000.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026001.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026002.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026003.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026004.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026005.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026006.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026007.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026008.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026009.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026010.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026011.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026012.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026013.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026014.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026015.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026016.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026017.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026018.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026019.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026020.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026021.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026022.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026023.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026024.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026025.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026026.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026027.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026028.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026029.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026030.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026031.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026032.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026033.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026034.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026035.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026036.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026037.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026038.scr;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026039.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026040.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026041.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026042.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026043.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026044.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026045.EXE;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026046.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026047.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026048.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026049.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026050.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026051.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026052.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026053.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026054.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026055.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026056.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026057.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026058.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026059.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026060.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026061.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026062.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026063.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026064.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026065.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026066.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026067.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026068.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026069.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026070.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026071.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026072.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026073.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026074.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026075.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026076.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026077.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026078.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026079.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026081.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026082.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026086.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026087.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026089.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026090.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026091.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026092.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026093.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026094.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026095.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026096.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026096.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Trojan.Packed.2450;Deleted.;

A0026097.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026098.EXE;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026099.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026100.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026101.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026102.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026103.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026104.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026105.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026106.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026107.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026108.EXE;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026109.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026110.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026111.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026112.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026113.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026114.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026115.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026116.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026117.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026117.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Trojan.Packed.375;Deleted.;

A0026118.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026119.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026120.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026122.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026123.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026124.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026125.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026126.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026127.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026127.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Trojan.Packed.255;Deleted.;

A0026129.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026131.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026131.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Trojan.DownLoad.32229;Deleted.;

A0026132.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026133.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026134.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026135.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026136.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026137.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026138.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026143.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026143.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;BackDoor.BlackHole.3301;Deleted.;

A0026144.sys;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Trojan.Click.25631;Deleted.;

A0026145.sys;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Trojan.NtRootKit.2785;Deleted.;

A0026146.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026147.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Trojan.PWS.Wsgame.11064;Deleted.;

A0026148.dll;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Trojan.PWS.Wsgame.11009;Deleted.;

A0026149.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026150.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026152.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026153.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026153.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Trojan.DownLoad.32229;Deleted.;

A0026156.dll;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;BackDoor.Zapinit;Cured.;

A0026162.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Trojan.Packed.2450;Deleted.;

A0026258.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026259.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026260.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026261.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.;

A0026262.DLL;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;BackDoor.Zapinit;Cured.;

DIGIFAST.0XE;C:\_OTMoveIt\MovedFiles\05142009_185305\Documents and Settings\Owner\Application Data\digifast;Trojan.Siggen.2321;Deleted.;

NIDLE.0XE;C:\_OTMoveIt\MovedFiles\05142009_185305\Documents and Settings\Owner\Application Data\nidle;Trojan.DownLoad.32521;Deleted.;

nidle.ex_;C:\_OTMoveIt\MovedFiles\05142009_185305\Documents and Settings\Owner\Application Data\nidle;Trojan.DownLoad.32521;Deleted.;

sdrgfcvbf.dll;C:\_OTMoveIt\MovedFiles\05142009_185305\WINDOWS\system32;Trojan.DownLoad.36191;Deleted.;

d4dhv2gu.exe;C:\_OTMoveIt\MovedFiles\05142009_185305\WINDOWS\temp;Trojan.Packed.2463;Incurable.Moved.;

J1ICNS6S.0XE;C:\_OTMoveIt\MovedFiles\05142009_185305\WINDOWS\temp;Trojan.Packed.2463;Incurable.Moved.;

KSCS4O5AYB.0XE;C:\_OTMoveIt\MovedFiles\05142009_185305\WINDOWS\temp;Trojan.Packed.2463;Incurable.Moved.;

ml2i872r.exe;C:\_OTMoveIt\MovedFiles\05142009_185305\WINDOWS\temp;Trojan.Packed.2463;Incurable.Moved.;

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...