Jump to content

chamished

Members
 View Profile  See their activity

  • Posts

    10

  • Joined

  • Last visited

 Content Type 

Everything posted by chamished

  1. chamished
    Everything seems to have been fixed. I don't know if it's completely out of the system though. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6463 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 4/28/2011 11:22:39 AM mbam-log-2011-04-28 (11-22-39).txt Scan type: Quick scan Objects scanned: 151378 Time elapsed: 6 minute(s), 33 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Mike\Local Settings\Application Data\jtf.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6479 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 4/30/2011 2:34:02 PM mbam-log-2011-04-30 (14-34-02).txt Scan type: Quick scan Objects scanned: 151663 Time elapsed: 4 minute(s), 36 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  2. chamished
    Thanks for the help. Logs: ComboFix 11-04-25.03 - Mike 04/28/2011 10:45:25.5.2 - x86 MINIMAL Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.982.785 [GMT -4:00] Running from: c:\documents and settings\Mike\Desktop\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Mike\Local Settings\Application Data\jtf.exe c:\windows\system32\drivers\etc\lmhosts c:\windows\system32\pthreadVC.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF . . ((((((((((((((((((((((((( Files Created from 2011-03-28 to 2011-04-28 ))))))))))))))))))))))))))))))) . . 2011-04-15 22:19 . 2011-04-15 22:19 -------- d-----w- c:\program files\Sony Media Go Install 2011-04-15 22:19 . 2011-04-15 22:19 -------- d-----w- c:\documents and settings\Mike\Application Data\Sony . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll 2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll 2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288] "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616] "Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-04-11 2937528] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 110592] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 512000] "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-06-17 200704] "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-06-17 208896] "TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-04-09 58416] "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176] "TpShocks"="TpShocks.exe" [2007-03-30 181808] "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 243248] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-04-09 1015808] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-02-26 131072] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-02-26 155648] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-02-26 131072] "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-02-08 536576] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 81920] "AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688] "LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-03-22 120368] "AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 419376] "ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-05-17 413696] "ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-05-17 126976] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792] "ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2004-07-28 221184] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 158448] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] . c:\documents and settings\Mike\Start Menu\Programs\Startup\ Styler.lnk - c:\documents and settings\Mike\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2010-1-23 15086] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-12-29 50688] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] 2006-09-06 07:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] 2006-12-14 02:06 28672 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Bizarro\\DCPlusPlus.exe"= "c:\\Program Files\\Digsby\\lib\\digsby-app.exe"= "c:\\Program Files\\MediaMonkey\\MediaMonkey.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"= "c:\\Program Files\\Starcraft\\StarCraft.exe"= "c:\\Program Files\\SoulseekNS\\slsk.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "56199:TCP"= 56199:TCP:Pando Media Booster "56199:UDP"= 56199:UDP:Pando Media Booster . R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [3/2/2007 9:47 PM 19760] R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [4/17/2010 4:43 PM 33824] R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2/8/2007 5:11 PM 569344] R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [10/9/2009 9:07 AM 493248] R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [9/13/2006 4:42 PM 35264] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/18/2010 2:22 PM 716272] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WUAUSERV . Contents of the 'Scheduled Tasks' folder . 2011-04-28 c:\windows\Tasks\PMTask.job - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-12-29 16:16] . . ------- Supplementary Scan ------- . uStart Page = hxxp://lenovo.live.com DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab FF - ProfilePath - c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\d5whm8nf.default\ FF - prefs.js: browser.startup.homepage - hxxp://scoute.org/blog/?p=238#more-238 FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 8118 FF - prefs.js: network.proxy.socks - 127.0.0.1 FF - prefs.js: network.proxy.socks_port - 9050 FF - prefs.js: network.proxy.ssl - 127.0.0.1 FF - prefs.js: network.proxy.ssl_port - 8118 FF - prefs.js: network.proxy.type - 4 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: 4chan: {9AA46F4F-4DC7-4c06-97AF-5035170633FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} FF - Ext: United States English Spellchecker: en-US@dictionaries.addons.mozilla.org - %profile%\extensions\en-US@dictionaries.addons.mozilla.org FF - Ext: Dictionary: dictionary@adarsh.tp - %profile%\extensions\dictionary@adarsh.tp FF - Ext: QuickDrag: quickdrag@mozilla.ktechcomputing.com - %profile%\extensions\quickdrag@mozilla.ktechcomputing.com FF - Ext: Full Flat: {6E1A2A2E-AE2A-4A26-A812-46F54288379E} - %profile%\extensions\{6E1A2A2E-AE2A-4A26-A812-46F54288379E} FF - Ext: In The Dark: {86FA6F53-95FE-7A69-D8C3-E1454281F8B6} - %profile%\extensions\{86FA6F53-95FE-7A69-D8C3-E1454281F8B6} FF - Ext: MonoChrome: {4a1a0a40-7d27-11dd-ad8b-0800200c9a66} - %profile%\extensions\{4a1a0a40-7d27-11dd-ad8b-0800200c9a66} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} FF - Ext: Japanese-English Dictionary for rikaichan: {6D898772-AD34-4c16-86BB-9DE787A5DEA0} - %profile%\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0} FF - Ext: Names Dictionary for rikaichan: {566D6332-1439-43bf-857E-7AD5F137AD0C} - %profile%\extensions\{566D6332-1439-43bf-857E-7AD5F137AD0C} FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF - Ext: rein: rein@notiz.jp - %profile%\extensions\rein@notiz.jp FF - Ext: PitchDark: {c1dffba0-628e-11d9-9669-0800200c9a66} - %profile%\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66} FF - Ext: Silvermel and Charamel XT: silvermelxt@pardal.de - %profile%\extensions\silvermelxt@pardal.de FF - Ext: Silvermel: silvermel@pardal.de - %profile%\extensions\silvermel@pardal.de FF - Ext: Ashen: {1b943ec0-28b7-11de-8c30-0800200c9a66} - %profile%\extensions\{1b943ec0-28b7-11de-8c30-0800200c9a66} FF - Ext: Charamel: {961408A3-C970-4577-970A-D97C29839A67} - %profile%\extensions\{961408A3-C970-4577-970A-D97C29839A67} FF - Ext: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - %profile%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-04-28 10:52 Windows 5.1.2600 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1c,80,73,f0,0b,8b,0e,45,88,4d,d1,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1c,80,73,f0,0b,8b,0e,45,88,4d,d1,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1384) c:\program files\Lenovo\HOTKEY\tphklock.dll . - - - - - - - > 'explorer.exe'(864) c:\windows\system32\WININET.dll c:\program files\RocketDock\RocketDock.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ibmpmsvc.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\windows\system32\IPSSVC.EXE c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\lenovo\system update\suservice.exe c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe c:\windows\System32\TPHDEXLG.exe c:\program files\Lenovo\Rescue and Recovery\rrservice.exe c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe c:\windows\system32\ZuneBusEnum.exe c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe c:\program files\Windows Media Player\WMPNetwk.exe c:\program files\Common Files\Lenovo\Logger\logmon.exe c:\windows\system32\rundll32.exe c:\windows\system32\TpShocks.exe c:\windows\system32\igfxsrvc.exe c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe c:\program files\Lenovo\HOTKEY\TPONSCR.exe c:\program files\Lenovo\Zoom\TpScrex.exe c:\program files\Styler\Styler.exe c:\\?\c:\windows\system32\WBEM\WMIADAP.EXE . ************************************************************************** . Completion time: 2011-04-28 10:56:59 - machine was rebooted ComboFix-quarantined-files.txt 2011-04-28 14:56 . Pre-Run: 18,173,005,824 bytes free Post-Run: 17,176,518,656 bytes free . - - End Of File - - 0D0456BF89A69E4FEB9845771D48DC18 . DDS (Ver_11-03-05.01) - NTFSx86 Run by Mike at 10:57:46.87 on Thu 04/28/2011 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.982.556 [GMT -4:00] . . ============== Running Processes =============== . C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe svchost.exe svchost.exe C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\WINDOWS\system32\IPSSVC.EXE C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc c:\program files\lenovo\system update\suservice.exe C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\WINDOWS\System32\TPHDEXLG.exe C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe c:\WINDOWS\system32\ZuneBusEnum.exe C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe C:\Program Files\Common Files\Lenovo\Logger\logmon.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe C:\WINDOWS\system32\TpShocks.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Lenovo\AwayTask\AwaySch.EXE C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\ThinkVantage\AMSG\Amsg.exe C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe C:\Program Files\Zune\ZuneLauncher.exe C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Pando Networks\Media Booster\PMB.exe C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\Program Files\Lenovo\Zoom\TpScrex.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Styler\Styler.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\Mike\Desktop\dds.scr . ============== Pseudo HJT Report =============== . uStart Page = hxxp://lenovo.live.com BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: StylerToolBar: {d2f8f919-690b-4ea2-9fa7-a203d1e04f75} - c:\program files\styler\tb\StylerTB.dll uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe" uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe uRun: [WallPaper] c:\docume~1\mike\mydocu~1\compu-~1\apps\WALLPA~1.EXE /h mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor mRun: [bLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe mRun: [TpShocks] TpShocks.exe mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe /startup mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\docume~1\mike\startm~1\programs\startup\styler.lnk - c:\docume~1\mike\applic~1\microsoft\installer\{e9ecf354-2422-4fdb-9abf-d8adac0ef941}\_585b207a.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab Notify: igfxcui - igfxdev.dll Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\docume~1\mike\applic~1\mozilla\firefox\profiles\d5whm8nf.default\ FF - prefs.js: browser.startup.homepage - hxxp://scoute.org/blog/?p=238#more-238 FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 8118 FF - prefs.js: network.proxy.socks - 127.0.0.1 FF - prefs.js: network.proxy.socks_port - 9050 FF - prefs.js: network.proxy.ssl - 127.0.0.1 FF - prefs.js: network.proxy.ssl_port - 8118 FF - prefs.js: network.proxy.type - 4 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: 4chan: {9AA46F4F-4DC7-4c06-97AF-5035170633FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} FF - Ext: United States English Spellchecker: en-US@dictionaries.addons.mozilla.org - %profile%\extensions\en-US@dictionaries.addons.mozilla.org FF - Ext: Dictionary: dictionary@adarsh.tp - %profile%\extensions\dictionary@adarsh.tp FF - Ext: QuickDrag: quickdrag@mozilla.ktechcomputing.com - %profile%\extensions\quickdrag@mozilla.ktechcomputing.com FF - Ext: Full Flat: {6E1A2A2E-AE2A-4A26-A812-46F54288379E} - %profile%\extensions\{6E1A2A2E-AE2A-4A26-A812-46F54288379E} FF - Ext: In The Dark: {86FA6F53-95FE-7A69-D8C3-E1454281F8B6} - %profile%\extensions\{86FA6F53-95FE-7A69-D8C3-E1454281F8B6} FF - Ext: MonoChrome: {4a1a0a40-7d27-11dd-ad8b-0800200c9a66} - %profile%\extensions\{4a1a0a40-7d27-11dd-ad8b-0800200c9a66} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} FF - Ext: Japanese-English Dictionary for rikaichan: {6D898772-AD34-4c16-86BB-9DE787A5DEA0} - %profile%\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0} FF - Ext: Names Dictionary for rikaichan: {566D6332-1439-43bf-857E-7AD5F137AD0C} - %profile%\extensions\{566D6332-1439-43bf-857E-7AD5F137AD0C} FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF - Ext: rein: rein@notiz.jp - %profile%\extensions\rein@notiz.jp FF - Ext: PitchDark: {c1dffba0-628e-11d9-9669-0800200c9a66} - %profile%\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66} FF - Ext: Silvermel and Charamel XT: silvermelxt@pardal.de - %profile%\extensions\silvermelxt@pardal.de FF - Ext: Silvermel: silvermel@pardal.de - %profile%\extensions\silvermel@pardal.de FF - Ext: Ashen: {1b943ec0-28b7-11de-8c30-0800200c9a66} - %profile%\extensions\{1b943ec0-28b7-11de-8c30-0800200c9a66} FF - Ext: Charamel: {961408A3-C970-4577-970A-D97C29839A67} - %profile%\extensions\{961408A3-C970-4577-970A-D97C29839A67} FF - Ext: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - %profile%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff . ============= SERVICES / DRIVERS =============== . R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-3-2 19760] R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2010-4-17 33824] R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-2-8 569344] R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-10-9 493248] R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2006-9-13 35264] . =============== Created Last 30 ================ . 2011-04-28 14:42:29 98816 ----a-w- c:\windows\sed.exe 2011-04-28 14:42:29 89088 ----a-w- c:\windows\MBR.exe 2011-04-28 14:42:29 256512 ----a-w- c:\windows\PEV.exe 2011-04-28 14:42:29 161792 ----a-w- c:\windows\SWREG.exe 2011-04-15 22:19:45 -------- d-----w- c:\program files\Sony Media Go Install . ==================== Find3M ==================== . 2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll 2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll 2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll . ============= FINISH: 10:58:07.28 ===============
  3. chamished
    Hello. I've been infected with the XP Security 11 bug. I'm unable to access the internet through firefox (blocks any attempts to connect to any website) and my malwarebytes won't open. Also, while I was running the scans, the fake pop-up scan I think was interfering with GMER scan and wouldn't let it finish. Let me know if I should attempt another GMER scan or if there's any other scan program I should use. . DDS (Ver_11-03-05.01) - NTFSx86 Run by Mike at 16:10:04.17 on Tue 04/26/2011 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.982.568 [GMT -4:00] . . ============== Running Processes =============== . C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe svchost.exe svchost.exe C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\WINDOWS\system32\IPSSVC.EXE C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc c:\program files\lenovo\system update\suservice.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\WINDOWS\System32\TPHDEXLG.exe C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe c:\WINDOWS\system32\ZuneBusEnum.exe C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe C:\Program Files\Common Files\Lenovo\Logger\logmon.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe C:\WINDOWS\system32\TpShocks.exe C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Lenovo\AwayTask\AwaySch.EXE C:\WINDOWS\system32\igfxpers.exe C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe C:\Program Files\ThinkVantage\AMSG\Amsg.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Pando Networks\Media Booster\PMB.exe C:\Program Files\Zune\ZuneLauncher.exe C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Lenovo\Zoom\TpScrex.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Mike\Local Settings\Application Data\jtf.exe C:\Program Files\Styler\Styler.exe C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe H:\dds.scr . ============== Pseudo HJT Report =============== . uStart Page = hxxp://lenovo.live.com BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: StylerToolBar: {d2f8f919-690b-4ea2-9fa7-a203d1e04f75} - c:\program files\styler\tb\StylerTB.dll uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe" uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [WallPaper] c:\docume~1\mike\mydocu~1\compu-~1\apps\WALLPA~1.EXE /h mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor mRun: [bLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe mRun: [TpShocks] TpShocks.exe mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe /startup mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\docume~1\mike\startm~1\programs\startup\styler.lnk - c:\docume~1\mike\applic~1\microsoft\installer\{e9ecf354-2422-4fdb-9abf-d8adac0ef941}\_585b207a.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab Notify: igfxcui - igfxdev.dll Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\docume~1\mike\applic~1\mozilla\firefox\profiles\d5whm8nf.default\ FF - prefs.js: browser.startup.homepage - hxxp://scoute.org/blog/?p=238#more-238 FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 8118 FF - prefs.js: network.proxy.socks - 127.0.0.1 FF - prefs.js: network.proxy.socks_port - 9050 FF - prefs.js: network.proxy.ssl - 127.0.0.1 FF - prefs.js: network.proxy.ssl_port - 8118 FF - prefs.js: network.proxy.type - 4 FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: 4chan: {9AA46F4F-4DC7-4c06-97AF-5035170633FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} FF - Ext: United States English Spellchecker: en-US@dictionaries.addons.mozilla.org - %profile%\extensions\en-US@dictionaries.addons.mozilla.org FF - Ext: Dictionary: dictionary@adarsh.tp - %profile%\extensions\dictionary@adarsh.tp FF - Ext: QuickDrag: quickdrag@mozilla.ktechcomputing.com - %profile%\extensions\quickdrag@mozilla.ktechcomputing.com FF - Ext: Full Flat: {6E1A2A2E-AE2A-4A26-A812-46F54288379E} - %profile%\extensions\{6E1A2A2E-AE2A-4A26-A812-46F54288379E} FF - Ext: In The Dark: {86FA6F53-95FE-7A69-D8C3-E1454281F8B6} - %profile%\extensions\{86FA6F53-95FE-7A69-D8C3-E1454281F8B6} FF - Ext: MonoChrome: {4a1a0a40-7d27-11dd-ad8b-0800200c9a66} - %profile%\extensions\{4a1a0a40-7d27-11dd-ad8b-0800200c9a66} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} FF - Ext: Japanese-English Dictionary for rikaichan: {6D898772-AD34-4c16-86BB-9DE787A5DEA0} - %profile%\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0} FF - Ext: Names Dictionary for rikaichan: {566D6332-1439-43bf-857E-7AD5F137AD0C} - %profile%\extensions\{566D6332-1439-43bf-857E-7AD5F137AD0C} FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF - Ext: rein: rein@notiz.jp - %profile%\extensions\rein@notiz.jp FF - Ext: PitchDark: {c1dffba0-628e-11d9-9669-0800200c9a66} - %profile%\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66} FF - Ext: Silvermel and Charamel XT: silvermelxt@pardal.de - %profile%\extensions\silvermelxt@pardal.de FF - Ext: Silvermel: silvermel@pardal.de - %profile%\extensions\silvermel@pardal.de FF - Ext: Ashen: {1b943ec0-28b7-11de-8c30-0800200c9a66} - %profile%\extensions\{1b943ec0-28b7-11de-8c30-0800200c9a66} FF - Ext: Charamel: {961408A3-C970-4577-970A-D97C29839A67} - %profile%\extensions\{961408A3-C970-4577-970A-D97C29839A67} FF - Ext: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - %profile%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff . ============= SERVICES / DRIVERS =============== . R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-3-2 19760] R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2010-4-17 33824] R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-2-8 569344] R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-10-9 493248] R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2006-9-13 35264] . =============== Created Last 30 ================ . 2011-04-26 00:52:41 348160 --sha-w- c:\docume~1\mike\locals~1\applic~1\jtf.exe 2011-04-15 22:19:45 -------- d-----w- c:\program files\Sony Media Go Install . ==================== Find3M ==================== . 2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll 2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll 2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll . ============= FINISH: 16:11:25.09 =============== Attach.zip
  4. chamished
    I guess I have to reformat it then. But is there anything to be down for more of a short term solution, something that'll let me use it a little bit while I try and locate a XP installation disc and learn the proper way to format.
  5. chamished
    Dr.Web Cure It A0017499.dll;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Trojan.Juan.80;Deleted.; A0017503.dll;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Trojan.Virtumod.1615;Deleted.; A0018008.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Trojan.Packed.154;Deleted.; A0018025.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Trojan.DownLoad.12588;Deleted.; A0018027.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Trojan.Spambot.2424;Deleted.; A0018599.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Trojan.Packed.154;Deleted.; A0018616.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Trojan.DownLoad.12588;Deleted.; A0018618.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Trojan.Spambot.2424;Deleted.; A0018661.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Trojan.DownLoad.12588;Deleted.; A0018718.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Trojan.Packed.154;Deleted.; A0018720.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Trojan.Packed.154;Deleted.; A0018746.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Trojan.Packed.140;Deleted.; A0018921.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Trojan.Packed.140;Deleted.; acxb.exe;C:\Documents and Settings\Administrator;Trojan.Packed.154;Deleted.; bepesata.dll.tmp.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.1610;Deleted.; Buildalot2.exe;C:\Program Files\eMachines Games\Build-a-lot 2;Trojan.Packed.140;Deleted.; chglogon.exe;C:\WINDOWS\system32\dllcache;Trojan.Packed.140;Deleted.; dxdiag.exe;C:\WINDOWS\system32\dllcache;Trojan.Packed.140;Deleted.; gwqypx.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.80;Deleted.; hpoapd01.exe;C:\Program Files\HP\Digital Imaging\{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}\setup;Trojan.Packed.140;Deleted.; hpsjrreg.exe;C:\Program Files\HP\Digital Imaging\bin;Trojan.Packed.140;Deleted.; i386kd.exe;C:\WINDOWS\system32;Trojan.Spambot.2424;Deleted.; jrfwotwn.exe;c:\windows;Trojan.DownLoad.12588;Deleted.; kinit.exe;C:\Program Files\Java\jre1.6.0_05\bin;Trojan.Packed.140;Deleted.; ouoj.exe;C:\Documents and Settings\Nancy Powell;Trojan.Packed.154;Deleted.; pewofesa.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.1615;Deleted.; protect.sys.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers;Trojan.NtRootKit.429;Deleted.; tutatezu.dll.tmp.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.1610;Deleted.; uuu.exe;C:\WINDOWS\system32\config\systemprofile;Trojan.Packed.154;Deleted.; HUD.Vision_by_Jiri_Mahel-v1.9.exe\Skins\HUD.Vision\Black\util\fileExec.exe;C:\Documents and Settings\Mike Powell\My Documents\Vis Style Stuff\Rain\HUD.Vision_by_Jiri_Mahel-v1.9.exe;Trojan.DownLoader.origin;; HUD.Vision_by_Jiri_Mahel-v1.9.exe\Skins\HUD.Vision\White\util\fileExec.exe;C:\Documents and Settings\Mike Powell\My Documents\Vis Style Stuff\Rain\HUD.Vision_by_Jiri_Mahel-v1.9.exe;Trojan.DownLoader.origin;; A0017548.EXE;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Program.PsExec.170;; A0017656.EXE;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Program.PsExec.170;; A0018133.EXE;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Program.PsExec.170;; A0018970.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;; mplayer2.exe;C:\Program Files\Windows Media Player;Win32.Virut.56;; A0010313.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.; A0010314.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.; A0010315.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.; A0010316.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.; A0010317.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.; A0010318.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.; A0010319.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.; A0010320.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.; A0010321.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.; A0010322.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.; A0010323.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.; A0010324.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.; A0010325.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.; A0010326.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.; A0010327.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.; A0010328.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.; A0010329.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.; A0010330.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.; A0010331.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.; A0010332.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.; A0010333.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.; A0010334.EXE;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.; A0010335.EXE;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.; A0010336.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.; A0010337.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.; A0010338.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.; A0010339.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.; A0010340.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.; A0010341.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.; A0010342.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.; A0010343.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.; A0010344.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.; A0010345.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.; A0010346.scr;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.; A0010347.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.; A0010348.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.; A0010349.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.; A0010350.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.; A0010351.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.; A0010352.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.; A0010353.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.; A0010354.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.; A0010355.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.; A0010356.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.; A0010357.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.; A0010358.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.; A0010359.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.; A0010360.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.; A0010361.scr;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.; A0010362.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.; A0010363.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.; A0010364.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.; A0010365.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.; A0010366.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.; A0010367.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP53;Win32.Virut.56;Cured.; A0010369.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.; A0010380.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.; A0010382.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.; A0011300.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.; A0011303.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.; A0011304.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.; A0011305.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.; A0011312.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.; A0011313.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.; A0011314.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.; A0013306.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.; A0013307.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.; A0013308.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.; A0013309.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.; A0013311.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.; A0013312.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.; A0013313.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.; A0013326.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.; A0013336.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.; A0013337.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.; A0013338.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.; A0013339.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.; A0013340.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.; A0016338.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.; A0016339.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.; A0017493.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.; A0017494.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.; A0017495.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.; A0017496.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.; A0017497.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.; A0017498.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.; A0017506.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.; A0017507.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.; A0017508.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.; A0017509.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.; A0017510.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.; A0017511.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.; A0017522.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.; A0017535.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.; A0017548.EXE;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.; A0017559.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.; A0017572.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.; A0017585.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.; A0017592.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.; A0017607.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.; A0017608.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.; A0017610.EXE;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.; A0017622.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.; A0017623.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.; A0017624.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.; A0017656.EXE;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.; A0017664.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.; A0017677.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.; A0017695.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP54;Win32.Virut.56;Cured.; A0017717.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.; A0017718.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.; A0017719.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.; A0017721.EXE;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.; A0017723.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.; A0017724.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.; A0017725.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.; A0017730.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.; A0017731.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.; A0017785.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.; A0017787.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.; A0017788.EXE;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.; A0017791.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.; A0017792.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.; A0017793.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.; A0017794.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.; A0017795.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.; A0017796.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.; A0017797.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.; A0017798.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.; A0017799.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.; A0017910.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.; A0017911.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.; A0017912.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.; A0017913.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.; A0017914.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.; A0017915.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.; A0017916.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.; A0017917.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.; A0017922.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.; A0017923.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.; A0018027.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.; A0018036.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.; A0018037.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.; A0018045.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.; A0018046.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.; A0018047.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.; A0018048.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.; A0018049.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.; A0018086.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.; A0018087.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.; A0018089.EXE;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.; A0018101.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.; A0018102.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.; A0018103.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.; A0018107.EXE;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.; A0018133.EXE;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.; A0018140.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.; A0018153.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.; A0018173.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP55;Win32.Virut.56;Cured.; A0018215.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018239.EXE;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018241.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018242.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018243.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018246.EXE;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018248.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018249.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018250.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018255.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018256.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018306.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018307.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018308.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018313.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018318.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018323.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018324.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018378.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018380.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018382.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018383.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018384.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018385.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018386.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018387.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018388.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018389.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018390.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018501.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018502.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018503.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018504.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018505.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018506.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018507.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018508.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018513.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018514.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018618.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018627.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018628.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018630.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018631.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018632.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018633.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018634.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018645.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018646.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018647.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018648.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018649.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018650.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018651.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018652.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018653.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018654.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018655.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018656.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018657.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018658.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018659.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018660.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018662.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018663.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018664.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018665.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018666.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018667.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018668.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018669.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018670.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018671.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018672.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018673.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018674.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018675.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018676.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018677.EXE;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018678.EXE;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018679.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018680.scr;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018681.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018682.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018683.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018684.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018685.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018686.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018687.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018688.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018689.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018690.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018691.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018692.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018693.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018694.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018695.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018696.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018697.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018698.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018699.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018700.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018701.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018702.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018703.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018706.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018706.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018709.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018710.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018718.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018720.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018732.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018733.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018734.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018735.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018736.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018738.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018741.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018743.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018747.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018750.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018762.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018796.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018803.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018807.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018809.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018811.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018814.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018825.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018843.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018847.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018864.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018871.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018873.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018880.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018881.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018882.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018883.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018884.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018885.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018886.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018908.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018926.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018928.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018929.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018930.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018931.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018932.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018933.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018934.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018936.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018937.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018938.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018943.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018944.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018945.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018946.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018948.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018963.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018964.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018969.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018970.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018971.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018972.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018973.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018974.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018975.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018976.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018977.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018978.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018979.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018980.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018981.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018982.EXE;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; A0018987.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Cured.; accwiz.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; actmovie.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; acxb.exe;C:\Documents and Settings\Administrator;Win32.Virut.56;Cured.; agentsvc.exe;c:\program files\newtech infosystems\nti backup now 5\client;Win32.Virut.56;Cured.; agrsmsvc.exe;c:\windows\system32;Win32.Virut.56;Cured.; ahui.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; Alaunch.exe;C:\WINDOWS;Win32.Virut.56;Cured.; Alcmtr.exe;C:\WINDOWS;Win32.Virut.56;Cured.; alcwzrd.exe;C:\WINDOWS;Win32.Virut.56;Cured.; alg.exe;c:\windows\system32;Win32.Virut.56;Cured.; AMove.exe;C:\WINDOWS;Win32.Virut.56;Cured.; APanel.exe;C:\WINDOWS;Win32.Virut.56;Cured.; arp.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; ARPPRODUCTICON.exe;C:\WINDOWS\Installer\{D7CAE58E-26DE-49B7-A75D-EAEDF76726BE};Win32.Virut.56;Cured.; ARPPRODUCTICON.exe;C:\WINDOWS\Installer\{2413930C-8309-47A6-BC61-5EF27A4222BC};Win32.Virut.56;Cured.; ARPPRODUCTICON.exe;C:\WINDOWS\Installer\{12EFA1A4-AC3B-443C-8143-237EDE760403};Win32.Virut.56;Cured.; at.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; atmadm.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; attrib.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; auditusr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; bckgzm.exe;C:\Program Files\MSN Gaming Zone\Windows;Win32.Virut.56;Cured.; blastcln.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; bootok.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; bootvrfy.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; cacls.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; calc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; cb32.exe;C:\Program Files\NetMeeting;Win32.Virut.56;Cured.; CDisplay.exe;C:\Program Files\CDisplay;Win32.Virut.56;Cured.; charmap.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; ChCfg.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; CheckD2DSystem.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; chkdsk.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; chkntfs.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; chkrzm.exe;C:\Program Files\MSN Gaming Zone\Windows;Win32.Virut.56;Cured.; cidaemon.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; cisvc.exe;c:\windows\system32;Win32.Virut.56;Cured.; ckcnv.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; cleanmgr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; ClearEvent.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; cliconfg.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; clipbrd.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; clipsrv.exe;c:\windows\system32;Win32.Virut.56;Cured.; cmd.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; cmdl32.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; cmmon32.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; cmstp.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; CombatArms.exe;C:\Nexon\Combat Arms;Win32.Virut.56;Cured.; comp.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; compact.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; comrepl.exe;C:\WINDOWS\system32\Com;Win32.Virut.56;Cured.; comrereg.exe;C:\WINDOWS\system32\Com;Win32.Virut.56;Cured.; conf.exe;C:\Program Files\NetMeeting;Win32.Virut.56;Cured.; ConfigWizards.exe;C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322;Win32.Virut.56;Cured.; conime.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; control.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; convert.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; cscript.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; ctfmon.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.; ctfmon.exe;c:\windows\system32;Win32.Virut.56;Cured.; daemon.exe;c:\program files\daemon tools lite;Win32.Virut.56;Cured.; dcomcnfg.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; ddeshare.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; defrag.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; devcon.exe;C:\WINDOWS;Win32.Virut.56;Cured.; dfrgfat.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; dfrgntfs.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; dialer.exe;C:\Program Files\Windows NT;Win32.Virut.56;Cured.; diantz.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; diskpart.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; diskperf.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; dllhost.exe;c:\windows\system32;Win32.Virut.56;Cured.; dllhst3g.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; dmadmin.exe;c:\windows\system32;Win32.Virut.56;Cured.; dmremote.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; doskey.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; dplaysvr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; dpnsvr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; dpvsetup.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; drmupgds.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; drwtsn32.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; dumprep.exe;c:\windows\system32;Win32.Virut.56;Cured.; dvdplay.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; dvdupgrd.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; dwwin.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; dxdiag.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; EndingBanner.exe;C:\Nexon\Combat Arms;Win32.Virut.56;Cured.; Engine.exe;C:\Nexon\Combat Arms;Win32.Virut.56;Cured.; EOS Utility.exe;C:\Program Files\Canon\EOS Utility;Win32.Virut.56;Cured.; eragent.exe;c:\acer\empowering technology\erecovery;Win32.Virut.56;Cured.; ERDNT.EXE;C:\WINDOWS\ERDNT\subs;Win32.Virut.56;Cured.; ERDNT.EXE;C:\WINDOWS\ERDNT\Hiv-backup;Win32.Virut.56;Cured.; eRecovery.exe;C:\Acer\Empowering Technology\eRecovery;Win32.Virut.56;Cured.; eRecoveryUI.exe;C:\Acer\Empowering Technology\eRecovery;Win32.Virut.56;Cured.; ERUpdateHidden.EXE;C:\WINDOWS\system32;Win32.Virut.56;Cured.; esentutl.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; eudcedit.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; eventvwr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; expand.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; explorer.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.; explorer.exe;c:\windows;Win32.Virut.56;Cured.; explorer.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS;Win32.Virut.56;Cured.; extrac32.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; fc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; fdsv.exe;C:\WINDOWS;Win32.Virut.56;Cured.; find.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; findstr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; finger.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; fixmapi.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; fltMc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; fontview.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; forcedos.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; freecell.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; fsquirt.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; fsutil.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; ftp.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; fxsclnt.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; fxscover.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; fxssend.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; fxssvc.exe;c:\windows\system32;Win32.Virut.56;Cured.; grep.exe;C:\WINDOWS;Win32.Virut.56;Cured.; grpconv.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; help.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; HelpCtr.exe;C:\WINDOWS\pchealth\helpctr\binaries;Win32.Virut.56;Cured.; HelpSvc.exe;C:\WINDOWS\pchealth\helpctr\binaries;Win32.Virut.56;Cured.; hh.exe;C:\WINDOWS;Win32.Virut.56;Cured.; HideWin.exe;C:\WINDOWS;Win32.Virut.56;Cured.; HijackThis.exe;C:\Program Files\Trend Micro\HijackThis;Win32.Virut.56;Cured.; hostname.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; HP_IZE.exe;C:\Program Files\HP\Photosmart Essential;Win32.Virut.56;Cured.; hpqdirec.exe;C:\Program Files\HP\Digital Imaging\bin;Win32.Virut.56;Cured.; HpqPhUnl.exe;C:\Program Files\HP\Digital Imaging\Unload;Win32.Virut.56;Cured.; hpqpprop.exe;C:\Program Files\HP\Digital Imaging\bin;Win32.Virut.56;Cured.; hpqste08.exe;C:\Program Files\HP\Digital Imaging\bin;Win32.Virut.56;Cured.; hpqtbx01.exe;C:\Program Files\HP\Digital Imaging\bin;Win32.Virut.56;Cured.; hpqtra08.exe;c:\program files\hp\digital imaging\bin;Win32.Virut.56;Cured.; hpqusgl.exe;C:\Program Files\HP\Digital Imaging\bin;Win32.Virut.56;Cured.; hpqwrg.exe;C:\Program Files\HP\Digital Imaging\bin;Win32.Virut.56;Cured.; hprbui.exe;C:\Program Files\HP\Digital Imaging\Product Assistant\bin;Win32.Virut.56;Cured.; HPSUShortcut2_936C42D08CEE4BDFB8CEC4BDC93C6CF8_1.exe;C:\WINDOWS\Installer\{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93};Win32.Virut.56;Cured.; HPWUCli.exe;C:\Program Files\HP\HP Software Update;Win32.Virut.56;Cured.; hpwuschd2.exe;c:\program files\hp\hp software update;Win32.Virut.56;Cured.; HPZinw12.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; hpzipm12.exe;c:\windows\system32;Win32.Virut.56;Cured.; hpzscr01.exe;C:\Program Files\HP\Digital Imaging\{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}\setup;Win32.Virut.56;Cured.; hrtzzm.exe;C:\Program Files\MSN Gaming Zone\Windows;Win32.Virut.56;Cured.; HSUpdate.exe;C:\Nexon\Combat Arms\HShield;Win32.Virut.56;Cured.; HWID_detect.exe;C:\WINDOWS;Win32.Virut.56;Cured.; hypertrm.exe;C:\Program Files\Windows NT;Win32.Virut.56;Cured.; i386kd.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; icon.exe;C:\WINDOWS\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71};Win32.Virut.56;Cured.; icwconn1.exe;C:\Program Files\Internet Explorer\Connection Wizard;Win32.Virut.56;Cured.; icwconn2.exe;C:\Program Files\Internet Explorer\Connection Wizard;Win32.Virut.56;Cured.; icwrmind.exe;C:\Program Files\Internet Explorer\Connection Wizard;Win32.Virut.56;Cured.; icwtutor.exe;C:\Program Files\Internet Explorer\Connection Wizard;Win32.Virut.56;Cured.; ie4uinit.exe;c:\windows\system32;Win32.Virut.56;Cured.; iedw.exe;C:\Program Files\Internet Explorer;Win32.Virut.56;Cured.; ieudinit.exe;c:\windows\system32;Win32.Virut.56;Cured.; iexpress.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; imapi.exe;c:\windows\system32;Win32.Virut.56;Cured.; imjpmig.exe;c:\windows\ime\imjp8_1;Win32.Virut.56;Cured.; imscinst.exe;c:\windows\system32\ime\pintlgnt;Win32.Virut.56;Cured.; inetwiz.exe;C:\Program Files\Internet Explorer\Connection Wizard;Win32.Virut.56;Cured.; ipconfig.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; ipsec6.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; ipv6.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; ipxroute.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; isignup.exe;C:\Program Files\Internet Explorer\Connection Wizard;Win32.Virut.56;Cured.; IsUninst.exe;C:\WINDOWS;Win32.Virut.56;Cured.; java.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; javaw.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; javaws.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; javaws.exe;C:\Program Files\Java\jre1.6.0_07\bin;Win32.Virut.56;Cured.; keystone.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; label.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; language.exe;c:\program files\cyberlink\powerdvd\language;Win32.Virut.56;Cured.; LastFM.exe;C:\Program Files\Last.fm;Win32.Virut.56;Cured.; lights.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; lnkstub.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; locator.exe;c:\windows\system32;Win32.Virut.56;Cured.; lodctr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; logagent.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; logman.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; logoff.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; logon.scr;c:\windows\system32;Win32.Virut.56;Cured.; logonui.exe;c:\windows\system32;Win32.Virut.56;Cured.; lpq.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; lpr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; lssrvc.exe;c:\program files\common files\lightscribe;Win32.Virut.56;Cured.; magnify.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; makecab.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; mbam.exe;C:\Program Files\Malwarebytes' Anti-Malware;Win32.Virut.56;Cured.; MicCal.exe;C:\WINDOWS;Win32.Virut.56;Cured.; migpwd.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; migrate.exe;C:\Program Files\Windows Media Player;Win32.Virut.56;Cured.; migwiz.exe;C:\WINDOWS\system32\usmt;Win32.Virut.56;Cured.; mmc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; mmcperf.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; mnmsrvc.exe;c:\windows\system32;Win32.Virut.56;Cured.; mobsync.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; mofcomp.exe;C:\WINDOWS\system32\wbem;Win32.Virut.56;Cured.; mountvol.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; moviemk.exe;C:\Program Files\Movie Maker;Win32.Virut.56;Cured.; mplay32.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; mplayer2.exe;C:\Program Files\Windows Media Player;Win32.Virut.56;Cured.; mplayerc.exe;C:\Program Files\Combined Community Codec Pack\MPC;Win32.Virut.56;Cured.; mpnotify.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; mrinfo.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; msdtc.exe;c:\windows\system32;Win32.Virut.56;Cured.; msfeedssync.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; msg.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; mshearts.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; mshta.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; msiexec.exe;c:\windows\system32;Win32.Virut.56;Cured.; msimn.exe;C:\Program Files\Outlook Express;Win32.Virut.56;Cured.; msinfo32.exe;C:\Program Files\Common Files\Microsoft Shared\MSInfo;Win32.Virut.56;Cured.; msmsgs.exe;c:\program files\messenger;Win32.Virut.56;Cured.; mspaint.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; msswchx.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; mstinit.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; mstsc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; napstat.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; narrator.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; nbtstat.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; nddeapir.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; net.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; net1.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; netdde.exe;c:\windows\system32;Win32.Virut.56;Cured.; netsetup.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; netsh.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; netstat.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; NewShortcut1.A6CC6977_F7B4_4C0B_9510_BCD847D4BDB2.exe;C:\WINDOWS\Installer\{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6};Win32.Virut.56;Cured.; NewShortcut1_12EFA1A4AC3B443C8143237EDE760403.exe;C:\WINDOWS\Installer\{12EFA1A4-AC3B-443C-8143-237EDE760403};Win32.Virut.56;Cured.; NewShortcut1_2413930C830947A6BC615EF27A4222BC.exe;C:\WINDOWS\Installer\{2413930C-8309-47A6-BC61-5EF27A4222BC};Win32.Virut.56;Cured.; NewShortcut1_C673DF680CDE41FC9DFBF63D31DE4F28.exe;C:\WINDOWS\Installer\{CE386A4E-D0DA-4208-8235-BCE43275C694};Win32.Virut.56;Cured.; NewShortcut11_2413930C830947A6BC615EF27A4222BC.exe;C:\WINDOWS\Installer\{2413930C-8309-47A6-BC61-5EF27A4222BC};Win32.Virut.56;Cured.; NewShortcut2_2413930C830947A6BC615EF27A4222BC.exe;C:\WINDOWS\Installer\{2413930C-8309-47A6-BC61-5EF27A4222BC};Win32.Virut.56;Cured.; NewShortcut2_C673DF680CDE41FC9DFBF63D31DE4F28.exe;C:\WINDOWS\Installer\{CE386A4E-D0DA-4208-8235-BCE43275C694};Win32.Virut.56;Cured.; NewShortcut2_D7CAE58E26DE49B7A75DEAEDF76726BE.exe;C:\WINDOWS\Installer\{D7CAE58E-26DE-49B7-A75D-EAEDF76726BE};Win32.Virut.56;Cured.; NewShortcut3_2413930C830947A6BC615EF27A4222BC.exe;C:\WINDOWS\Installer\{2413930C-8309-47A6-BC61-5EF27A4222BC};Win32.Virut.56;Cured.; NewShortcut6_2413930C830947A6BC615EF27A4222BC.exe;C:\WINDOWS\Installer\{2413930C-8309-47A6-BC61-5EF27A4222BC};Win32.Virut.56;Cured.; NewShortcut7_2413930C830947A6BC615EF27A4222BC.exe;C:\WINDOWS\Installer\{2413930C-8309-47A6-BC61-5EF27A4222BC};Win32.Virut.56;Cured.; NewShortcut8_2413930C830947A6BC615EF27A4222BC.exe;C:\WINDOWS\Installer\{2413930C-8309-47A6-BC61-5EF27A4222BC};Win32.Virut.56;Cured.; NewShortcut9_2413930C830947A6BC615EF27A4222BC.exe;C:\WINDOWS\Installer\{2413930C-8309-47A6-BC61-5EF27A4222BC};Win32.Virut.56;Cured.; NIRCMD.exe;C:\WINDOWS;Win32.Virut.56;Cured.; NMService.exe;C:\Nexon\Combat Arms;Win32.Virut.56;Cured.; notepad.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; NOTEPAD.EXE;C:\WINDOWS;Win32.Virut.56;Cured.; nslookup.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; ntsd.exe;c:\windows\system32;Win32.Virut.56;Cured.; ntvdm.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; nvappbar.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; nvcolor.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; nvdspsch.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; nvsvc32.exe;c:\windows\system32;Win32.Virut.56;Cured.; nvudisp.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; NVUNINST.EXE;C:\WINDOWS\system32;Win32.Virut.56;Cured.; nvunrm.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; nvusmb.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; nwiz.exe;c:\windows\system32;Win32.Virut.56;Cured.; odbcad32.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; odbcconf.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; oemig50.exe;C:\Program Files\Outlook Express;Win32.Virut.56;Cured.; osk.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; osuninst.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; ouoj.exe;C:\Documents and Settings\Nancy Powell;Win32.Virut.56;Cured.; packager.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; pathping.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; pentnt.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; perfmon.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; PictureViewer.exe;C:\Program Files\QuickTime;Win32.Virut.56;Cured.; PINBALL.EXE;C:\Program Files\Windows NT\Pinball;Win32.Virut.56;Cured.; ping.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; ping6.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; places.exe;C:\WINDOWS\Installer\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227};Win32.Virut.56;Cured.; powercfg.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; print.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; progman.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; proquota.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; proxycfg.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; qappsrv.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; qprocess.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; qttask.exe;c:\program files\quicktime;Win32.Virut.56;Cured.; qwinsta.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; rasautou.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; rasdial.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; rasphone.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; rcimlby.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; rcp.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; rdpclip.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; rdsaddin.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; rdshost.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; recover.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; reg.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; regedit.exe;C:\WINDOWS;Win32.Virut.56;Cured.; regedt32.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; regini.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; regipe.exe;C:\Program Files\HP\Digital Imaging\DocProc;Win32.Virut.56;Cured.; regsvr32.exe;c:\windows\system32;Win32.Virut.56;Cured.; regwiz.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; replace.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; reset.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; rexec.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; route.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; routemon.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; rsh.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; rsm.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; rsmsink.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; rsmui.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; rstrui.exe;C:\WINDOWS\system32\Restore;Win32.Virut.56;Cured.; rsvp.exe;c:\windows\system32;Win32.Virut.56;Cured.; rtcshare.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; rthdcpl.exe;c:\windows;Win32.Virut.56;Cured.; RTLCPL.exe;C:\WINDOWS;Win32.Virut.56;Cured.; RtlUpd.exe;C:\WINDOWS;Win32.Virut.56;Cured.; runas.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; rundll32.exe;c:\windows\system32;Win32.Virut.56;Cured.; runonce.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; Rvsezm.exe;C:\Program Files\MSN Gaming Zone\Windows;Win32.Virut.56;Cured.; rwinsta.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; savedump.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; sc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; scardsvr.exe;c:\windows\system32;Win32.Virut.56;Cured.; schedulersvc.exe;c:\program files\newtech infosystems\nti backup now 5;Win32.Virut.56;Cured.; scrcons.exe;C:\WINDOWS\system32\wbem;Win32.Virut.56;Cured.; scrnsave.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.; sdbinst.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; sed.exe;C:\WINDOWS;Win32.Virut.56;Cured.; services.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS;Win32.Virut.56;Cured.; sessmgr.exe;c:\windows\system32;Win32.Virut.56;Cured.; sethc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; setup.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; setup_wm.exe;C:\Program Files\Windows Media Player;Win32.Virut.56;Cured.; setup50.exe;c:\program files\outlook express;Win32.Virut.56;Cured.; setupn.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; sfc.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; shadow.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; shmgrate.exe;c:\windows\system32;Win32.Virut.56;Cured.; shrpubw.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; shutdown.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; shvlzm.exe;C:\Program Files\MSN Gaming Zone\Windows;Win32.Virut.56;Cured.; sigverif.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; skeys.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; SkyTel.exe;C:\WINDOWS;Win32.Virut.56;Cured.; slsk.exe;C:\Program Files\SoulseekNS;Win32.Virut.56;Cured.; smbinst.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; smlogsvc.exe;c:\windows\system32;Win32.Virut.56;Cured.; sndrec32.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; sndvol32.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; sol.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; sort.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; SoundMan.exe;C:\WINDOWS;Win32.Virut.56;Cured.; spider.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; spnpinst.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; spoolsv.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.; spoolsv.exe;c:\windows\system32;Win32.Virut.56;Cured.; spoolsv.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Win32.Virut.56;Cured.; ss3dfo.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.; ssbezier.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.; ssflwbox.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.; ssmarque.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.; ssmypics.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.; ssmyst.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.; sspipes.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.; ssstars.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.; sstext3d.scr;C:\WINDOWS\system32;Win32.Virut.56;Cured.; stimon.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; STLauncher.exe;C:\Program Files\Canon\PhotoStitch;Win32.Virut.56;Cured.; subst.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; SWREG.exe;C:\WINDOWS;Win32.Virut.56;Cured.; SWSC.exe;C:\WINDOWS;Win32.Virut.56;Cured.; SWXCACLS.exe;C:\WINDOWS;Win32.Virut.56;Cured.; syncapp.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; syskey.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; sysocmgr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; systray.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; taskman.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; TASKMAN.EXE;C:\WINDOWS;Win32.Virut.56;Cured.; taskmgr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; tcmsetup.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; tcpsvcs.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; telnet.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; tftp.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; tintsetp.exe;c:\windows\system32\ime\tintlgnt;Win32.Virut.56;Cured.; tourstart.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; tracert.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; tracert6.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; tscon.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; tsdiscon.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; tskill.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; tsshutdn.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; twunk_32.exe;C:\WINDOWS;Win32.Virut.56;Cured.; tzchange.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; Uninstall_eRecovery.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; unlodctr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; unregmp2.exe;c:\windows\inf;Win32.Virut.56;Cured.; unsecapp.exe;c:\windows\system32\wbem;Win32.Virut.56;Cured.; upnpcont.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; ups.exe;c:\windows\system32;Win32.Virut.56;Cured.; userinit.exe;C:\WINDOWS\system32\dllcache;Win32.Virut.56;Cured.; userinit.exe;c:\windows\system32;Win32.Virut.56;Cured.; userinit.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Win32.Virut.56;Cured.; usrmlnka.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; usrprbda.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; usrshuta.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; utilman.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; uwdf.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; verclsid.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; verifier.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; VFIND.exe;C:\WINDOWS;Win32.Virut.56;Cured.; viewpointservice.exe;c:\program files\viewpoint\common;Win32.Virut.56;Cured.; vssadmin.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; vssvc.exe;c:\windows\system32;Win32.Virut.56;Cured.; w32tm.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; wab.exe;C:\Program Files\Outlook Express;Win32.Virut.56;Cured.; wabmig.exe;C:\Program Files\Outlook Express;Win32.Virut.56;Cured.; wb32.exe;C:\Program Files\NetMeeting;Win32.Virut.56;Cured.; wbemtest.exe;C:\WINDOWS\system32\wbem;Win32.Virut.56;Cured.; wdfmgr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; wextract.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; wiaacmgr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; WinFXDocObj.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; winhlp32.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; winhlp32.exe;C:\WINDOWS;Win32.Virut.56;Cured.; winmgmt.exe;c:\windows\system32\wbem;Win32.Virut.56;Cured.; winmine.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; winmsd.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; WinRAR.exe;C:\Program Files\WinRAR;Win32.Virut.56;Cured.; winver.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; WISPTIS.EXE;C:\WINDOWS\system32;Win32.Virut.56;Cured.; wmdbexport.exe;C:\Program Files\Windows Media Player;Win32.Virut.56;Cured.; wmiadap.exe;C:\WINDOWS\system32\wbem;Win32.Virut.56;Cured.; wmiapsrv.exe;c:\windows\system32\wbem;Win32.Virut.56;Cured.; wmiprvse.exe;c:\windows\system32\wbem;Win32.Virut.56;Will be cured after restart.; wmiprvse.exe.delete_on_reboot;C:\WINDOWS\system32\wbem;Win32.Virut.56;Will be cured after restart.; wmlaunch.exe;C:\Program Files\Windows Media Player;Win32.Virut.56;Cured.; wmpenc.exe;C:\Program Files\Windows Media Player;Win32.Virut.56;Cured.; wmplayer.exe;C:\Program Files\Windows Media Player;Win32.Virut.56;Cured.; wmpnetwk.exe;c:\program files\windows media player;Win32.Virut.56;Cured.; wmpnscfg.exe;C:\Program Files\Windows Media Player;Win32.Virut.56;Cured.; wmpshare.exe;C:\Program Files\Windows Media Player;Win32.Virut.56;Cured.; wmsetsdk.exe;C:\Program Files\Windows Media Player;Win32.Virut.56;Cured.; wordpad.exe;C:\Program Files\Windows NT\Accessories;Win32.Virut.56;Cured.; wpabaln.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; wpdshextautoplay.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; wpnpinst.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; write.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; wscntfy.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; wscript.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; wuauclt1.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; WudfHost.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; wupdmgr.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; xcopy.exe;C:\WINDOWS\system32;Win32.Virut.56;Cured.; xpnetdiag.exe;c:\windows\network diagnostic;Win32.Virut.56;Cured.; xxweksc.exe;C:\;Win32.Virut.56;Cured.; xxweksc.exe;C:\;Win32.Virut.56;Cured.; zip.exe;C:\WINDOWS;Win32.Virut.56;Cured.; zplayer.exe;C:\Program Files\Combined Community Codec Pack\Zoom Player;Win32.Virut.56;Cured.; A0018704.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Incurable.Moved.; A0018705.exe;C:\System Volume Information\_restore{129EA77A-BE45-4173-896E-5F9DC32EF396}\RP56;Win32.Virut.56;Incurable.Moved.; HUD.Vision_by_Jiri_Mahel-v1.9.exe;C:\Documents and Settings\Mike Powell\My Documents\Vis Style Stuff\Rain;Archive contains infected objects;Moved.; jwfmld.exe;C:\;Win32.Virut.56;Incurable.Moved.; wskrote.exe;C:\;Win32.Virut.56;Incurable.Moved.; Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:22, on 2009-02-10 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\agrsmsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\dumprep.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\dwwin.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=A...08&m=le1200 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=A...08&m=le1200 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [bkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKCU\..\Run: [Power2GoExpress] NA O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-21-2350346248-1977711859-2420409974-1007\..\Run: [Power2GoExpress] NA (User '?') O4 - HKUS\S-1-5-21-2350346248-1977711859-2420409974-1007\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (User '?') O4 - HKUS\S-1-5-21-2350346248-1977711859-2420409974-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-21-2350346248-1977711859-2420409974-1007\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?') O4 - S-1-5-21-2350346248-1977711859-2420409974-1007 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User '?') O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User '?') O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.2.cab O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 9526 bytes Thanks for the help. Is anything here also affecting my internet connection as well? Because when trying to repair my connection, it's saying that it failed to query tcp ip settings of the connection. cannot proceed. Just wondering if this had anything to do with my current infection, or if it caused from running combofix.
  6. chamished
    ComboFix 09-02-07.01 - Administrator 2009-02-08 13:50:07.1 - NTFSx86 NETWORK Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.713 [GMT -5:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\windows\services.exe c:\windows\system32\3.tmp c:\windows\system32\4.tmp c:\windows\system32\bepesata.dll.tmp c:\windows\system32\drivers\protect.sys c:\windows\system32\gwqypx.dll c:\windows\system32\MlTEgNnn.ini c:\windows\system32\MlTEgNnn.ini2 c:\windows\system32\nnNgETlM.dll.vir c:\windows\system32\okirezun.ini c:\windows\system32\pdxlryir.dll c:\windows\system32\pewofesa.dll c:\windows\system32\qdlath.dll c:\windows\system32\tutatezu.dll.tmp c:\windows\system32\yrcjixcq.ini c:\windows\Tasks\illtwywq.job ----- BITS: Possible infected sites ----- hxxp://childhe.com c:\windows\system32\userinit.exe . . . is infected!! c:\windows\system32\spoolsv.exe . . . is infected!! c:\windows\explorer.exe . . . is infected!! . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_PROTECT -------\Service_Passthru -------\Service_protect ((((((((((((((((((((((((( Files Created from 2009-01-08 to 2009-02-08 ))))))))))))))))))))))))))))))) . 2009-02-08 13:33 . 2005-10-27 19:24 49,664 -ra------ c:\windows\system32\drivers\hpzid412.sys.bak 2009-02-08 13:33 . 2005-10-27 19:24 16,496 -ra------ c:\windows\system32\drivers\hpzipr12.sys.bak 2009-02-08 13:33 . 2009-02-08 13:33 11,776 --ah----- c:\windows\system32\config\systemprofile\uuu.exe 2009-02-08 13:33 . 2009-02-08 13:33 3,584 --a------ c:\windows\jrfwotwn.exe 2009-02-08 13:33 . 2009-02-08 13:33 130 --a------ c:\windows\adobe.bat 2009-02-08 13:33 . 2009-02-08 13:45 6 --a------ c:\windows\_id.dat 2009-02-08 13:29 . 2009-02-08 13:29 64,000 --a------ c:\windows\system32\i386kd.exe 2009-02-08 13:29 . 2009-02-08 13:29 168 --a------ c:\windows\system32\2.tmp 2009-02-08 01:44 . 2009-02-08 01:44 32,256 --ah----- c:\documents and settings\Administrator\acxb.exe 2009-02-08 01:33 . 2009-02-08 01:33 <DIR> d-------- c:\program files\Trend Micro 2009-02-08 01:30 . 2009-02-08 01:30 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-02-08 01:24 . 2009-02-08 01:24 67,585 --a------ c:\windows\system32\20.tmp 2009-02-08 01:24 . 2009-02-08 01:24 29,184 --a------ c:\windows\system32\1F.tmp 2009-02-08 01:24 . 2009-02-08 01:24 7,073 --a------ c:\windows\system32\22.tmp 2009-02-08 01:24 . 2009-02-08 01:24 172 --a------ c:\windows\system32\1E.tmp 2009-02-07 20:58 . 2009-02-07 20:58 <DIR> d-------- c:\documents and settings\Nancy Powell\Application Data\Apple Computer 2009-02-07 19:42 . 2009-02-07 19:42 33,920 --a------ c:\windows\system32\drivers\qktksgef.sys 2009-02-07 19:41 . 2009-02-08 01:44 137,408 --a------ c:\windows\system32\drivers\ethyhoay.sys 2009-02-07 19:41 . 2009-02-08 13:33 66,560 ---h----- c:\windows\system32\secupdat.dat 2009-02-07 19:41 . 2009-02-08 13:33 53,248 --a------ c:\windows\system32\drivers\ndisio.sys 2009-02-07 19:41 . 2009-02-07 19:41 32,768 --ah----- c:\documents and settings\Nancy Powell\ouoj.exe 2009-02-07 19:38 . 2009-02-07 19:41 164,708 --a------ c:\windows\system32\17.tmp 2009-02-07 19:38 . 2009-02-07 19:38 67,585 --a------ c:\windows\system32\15.tmp 2009-02-07 19:38 . 2009-02-07 19:38 29,184 --a------ c:\windows\system32\14.tmp 2009-02-07 19:38 . 2009-02-07 19:38 172 --a------ c:\windows\system32\13.tmp 2009-02-07 11:52 . 2009-02-07 11:52 39,936 --a------ C:\xxweksc.exe 2009-02-07 11:52 . 2009-02-07 11:52 21,504 --a------ C:\wskrote.exe 2009-02-07 11:52 . 2009-02-07 11:52 21,504 --a------ C:\jwfmld.exe 2009-02-07 11:52 . 2009-02-07 11:52 2 --a------ C:\1491518629 2009-01-30 20:49 . 2009-01-30 20:49 <DIR> d-------- c:\documents and settings\Nancy Powell\Application Data\HP 2009-01-20 16:05 . 2009-02-07 19:43 764 --ah----- C:\aaw7boot.cmd 2009-01-20 14:27 . 2009-01-20 14:27 <DIR> d-------- c:\documents and settings\Mike Powell\Application Data\Malwarebytes 2009-01-20 14:22 . 2009-01-20 14:27 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-20 14:22 . 2009-01-20 14:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-20 14:22 . 2009-01-20 14:21 64,160 --a------ c:\windows\system32\drivers\Lbd.sys 2009-01-20 14:22 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-20 14:22 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-20 14:18 . 2009-01-20 14:18 <DIR> d-------- c:\program files\Lavasoft 2009-01-20 14:18 . 2009-01-20 14:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft 2009-01-20 14:18 . 2009-01-20 14:18 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-01-20 13:37 . 2009-01-20 13:37 <DIR> d-------- c:\program files\Canon 2009-01-20 13:36 . 2009-01-20 13:36 <DIR> d-------- c:\program files\Common Files\Canon 2009-01-18 16:42 . 2000-01-18 04:11 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Symantec 2009-01-18 16:42 . 2009-02-08 01:44 <DIR> d-------- c:\documents and settings\Administrator 2009-01-15 00:55 . 2009-01-15 00:55 <DIR> d-------- c:\documents and settings\Mike Powell\Application Data\F-Secure 2009-01-14 23:39 . 2009-01-15 01:04 <DIR> d-------- c:\program files\F-Secure Internet Security 2009-01-14 23:39 . 2009-01-14 23:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\fssg 2009-01-14 23:35 . 2009-01-15 00:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\f-secure 2009-01-14 22:53 . 2009-02-08 13:48 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2009-01-14 22:46 . 2009-01-14 23:28 <DIR> d-------- c:\documents and settings\Nancy Powell\Application Data\uTorrent 2009-01-14 22:25 . 2009-01-20 15:51 4 --a------ c:\windows\prpdlcze 2009-01-14 21:58 . 2009-01-14 21:58 <DIR> d-------- c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP 2009-01-14 21:04 . 2009-01-18 16:02 <DIR> d-------- c:\program files\RocketDock 2009-01-14 20:41 . 2003-12-13 00:40 202,763 --a------ c:\windows\system32\uxtheme.uxtender 2009-01-14 16:35 . 2009-01-14 17:33 <DIR> d-------- c:\documents and settings\Mike Powell\Application Data\Download Manager 2009-01-12 18:02 . 2008-04-14 07:00 218,624 --a------ c:\windows\system32\uxtheme.backup . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-07 19:48 --------- d-----w c:\program files\Trillian 2009-01-29 23:48 --------- d-----w c:\documents and settings\Mike Powell\Application Data\uTorrent 2009-01-28 22:21 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-01-15 03:24 --------- d-----w c:\program files\BigFix 2009-01-15 02:59 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2009-01-15 02:58 --------- d-----w c:\program files\Symantec 2009-01-15 02:50 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-15 01:52 202,763 ----a-w c:\windows\system32\uxtheme.dll 2009-01-10 19:18 --------- d-----w c:\program files\Google 2009-01-10 03:06 --------- d-----w c:\documents and settings\Mike Powell\Application Data\Apple Computer 2009-01-03 23:32 --------- d-----w c:\documents and settings\Mike Powell\Application Data\Media Player Classic 2008-12-19 08:21 --------- d-----w c:\program files\iTunes 2008-12-19 08:21 --------- d-----w c:\documents and settings\All Users\Application Data\Last.fm 2008-12-19 08:20 --------- d-----w c:\program files\Last.fm 2008-12-18 02:43 --------- d-----w c:\program files\Norton PC Checkup 2008-12-16 09:25 --------- d-----w c:\program files\CDisplay 2008-12-15 23:45 --------- d-----w c:\program files\QuickTime 2008-12-15 23:45 --------- d-----w c:\program files\iPod 2008-12-15 23:45 --------- d-----w c:\program files\Common Files\Apple 2008-12-15 23:45 --------- d-----w c:\program files\Bonjour 2008-12-15 23:45 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer 2008-12-15 23:43 --------- d-----w c:\program files\Apple Software Update 2008-12-15 23:43 --------- d-----w c:\documents and settings\All Users\Application Data\Apple 2008-12-15 19:11 --------- d-----w c:\program files\Ubisoft 2008-12-15 19:10 --------- d-----w c:\program files\Common Files\InstallShield 2008-12-15 06:36 --------- d-----w c:\documents and settings\All Users\Application Data\NexonUS 2008-12-15 03:20 --------- d-----w c:\program files\Combined Community Codec Pack 2008-12-12 20:16 --------- d-----w c:\program files\Windows Media Connect 2 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-08-18 21:43 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat . ------- Sigcheck ------- 2008-04-14 07:00 1050624 bf24e3c99638657a52bbff0a397276bb c:\windows\explorer.exe 2008-04-14 07:00 1050624 66a371085bbfb8fcfbd2f99fe82702d1 c:\windows\system32\dllcache\explorer.exe 2008-04-14 07:00 32256 b649223adec090eca1954db5ca3acd62 c:\windows\system32\ctfmon.exe 2008-04-14 07:00 32768 a4947940dffadae7bdef24b6cecb3bb6 c:\windows\system32\dllcache\ctfmon.exe 2008-04-14 07:00 74752 fc2de0c15ccc5b6670493a8304d21276 c:\windows\system32\spoolsv.exe 2008-04-14 07:00 74752 9c103d4448987e2668c1756fe504f88e c:\windows\system32\dllcache\spoolsv.exe 2008-04-14 07:00 43008 172373b6195eb3e5a97d81eb0f46fd3f c:\windows\system32\userinit.exe 2008-04-14 07:00 43008 33a53a9bc77aa02d10b57a3b23dd71c5 c:\windows\system32\dllcache\userinit.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Power2GoExpress"="NA" [X] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 511432] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 32256] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-01 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-24 8491008] "BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-07 34040] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 229432] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 83896] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 472576] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 472576] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 72736] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-24 81920] "eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-07-10 442368] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 69632] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 434176] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "nwiz"="nwiz.exe" [2008-02-24 c:\windows\system32\nwiz.exe] "RTHDCPL"="RTHDCPL.EXE" [2008-05-16 c:\windows\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "jrfwotwn.exe"="c:\windows\jrfwotwn.exe" [2009-02-08 3584] c:\documents and settings\Mike Powell\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 101784] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 303104] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM "vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\qktksgef.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\BackupSvc.exe"= "c:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\SchedulerSvc.exe"= "c:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\Client\\Agentsvc.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"= "c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe "c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe "c:\\Nexon\\Combat Arms\\NMService.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "80:TCP"= 80:TCP:Promo "53:UDP"= 53:UDP:Promo R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-20 64160] R0 qktksgef;qktksgef;c:\windows\system32\drivers\qktksgef.sys [2009-02-07 33920] R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 33280] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 942416] R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-07 50424] R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 151552] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-11-22 45132] S1 ethyhoay;ethyhoay;c:\windows\system32\drivers\ethyhoay.sys [2009-02-07 137408] . Contents of the 'Scheduled Tasks' folder 2009-02-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-20 14:21] 2009-01-23 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-01-14 c:\windows\Tasks\Norton PC Checkup WeekDay Scanner.job - c:\program files\norton pc checkup\PC_Checkup.exe [2008-12-17 21:43] 2009-02-08 c:\windows\Tasks\Norton PC Checkup Weekend Scanner.job - c:\program files\norton pc checkup\PC_Checkup.exe [2008-12-17 21:43] . - - - - ORPHANS REMOVED - - - - HKCU-Run-RocketDock - c:\program files\RocketDock\RocketDock.exe HKCU-Run-jsf8uiw3jnjgffght - c:\docume~1\MIKEPO~1\LOCALS~1\Temp\winlognn.exe HKCU-Run-tezrtsjhfr84iusjfo84f - c:\docume~1\MIKEPO~1\LOCALS~1\Temp\csrssc.exe HKLM-Run-LaunchApp - (no file) HKU-Default-Run-services - c:\windows\services.exe HKLM-Explorer_Run-services - c:\windows\services.exe HKU-Default-Explorer_Run-services - c:\windows\services.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=0&o=xph&d=0808&m=le1200 uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACEW mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=0&o=xph&d=0808&m=le1200 uInternet Settings,ProxyOverride = *.local IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.2.cab FF - ProfilePath - c:\documents and settings\Mike Powell\Application Data\Mozilla\Firefox\Profiles\vrvwtex5.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.stickyscreen.org/ FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-08 13:54:21 Windows 5.1.2600 Service Pack 3 NTFS detected NTDLL code modification: ZwOpenFile scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\docume~1\MIKEPO~1\LOCALS~1\Temp\WER0820.dir00 c:\docume~1\MIKEPO~1\LOCALS~1\Temp\WER0820.dir00\appcompat.txt 16188 bytes c:\docume~1\MIKEPO~1\LOCALS~1\Temp\WER0820.dir00\logonui.exe.hdmp 2917399 bytes c:\docume~1\MIKEPO~1\LOCALS~1\Temp\WER0820.dir00\logonui.exe.mdmp 476081 bytes c:\docume~1\MIKEPO~1\LOCALS~1\Temp\WER0820.dir00\manifest.txt 2020 bytes scan completed successfully hidden files: 5 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(644) c:\program files\Bonjour\mdnsNSP.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\agrsmsvc.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\system32\nvsvc32.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\wscntfy.exe c:\program files\Lavasoft\Ad-Aware\AAWTray.exe c:\windows\system32\rundll32.exe c:\program files\iPod\bin\iPodService.exe c:\program files\HP\Digital Imaging\bin\hpqste08.exe . ************************************************************************** . Completion time: 2009-02-08 13:56:38 - machine was rebooted [Mike Powell] ComboFix-quarantined-files.txt 2009-02-08 18:56:33 Pre-Run: 50,189,938,688 bytes free Post-Run: 49,361,727,488 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 315 --- E O F --- 2009-01-15 00:45:07 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:21, on 2009-02-08 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\agrsmsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=A...08&m=le1200 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=A...08&m=le1200 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [bkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [Power2GoExpress] NA O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-18\..\Run: [jrfwotwn.exe] C:\WINDOWS\jrfwotwn.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [jrfwotwn.exe] C:\WINDOWS\jrfwotwn.exe (User 'Default user') O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM') O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.2.cab O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 8837 bytes How she look doc?
  7. chamished
    My computer went a little haywire earlier today and now loginning seems to be affected. Here are my MBAM and HJT logs and hopefully someone will be able to help. thank you. Malwarebytes' Anti-Malware 1.33 Database version: 1738 Windows 5.1.2600 Service Pack 3 2/8/2009 1:39:42 AM mbam-log-2009-02-08 (01-39-42).txt Scan type: Quick Scan Objects scanned: 64166 Time elapsed: 8 minute(s), 3 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 10 Registry Values Infected: 4 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 37 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{a407fae3-6795-49fb-8a12-27ef0bb63116} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\protect (Trojan.NtRootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\protect (Trojan.NtRootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\protect (Trojan.NtRootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\58e6c40a (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jsf8uiw3jnjgffght (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c5bf49a2-94f3-42bd-f434-3604812c8955} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PromoReg (Backdoor.Bot) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Mike Powell\Local Settings\Temp\winlognn.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\fprcyxcw.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\hdlhnnbt.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jkkHApMF.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kjdcutmn.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mcekkmtu.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\_hsfd83jfdg.dll (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\protect.sys (Trojan.NtRootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Mike Powell\Local Settings\Temporary Internet Files\Content.IE5\K6QQGIAQ\hrobc[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully. C:\Documents and Settings\Mike Powell\Local Settings\Temporary Internet Files\Content.IE5\K6QQGIAQ\islre[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully. C:\Documents and Settings\Mike Powell\Local Settings\Temporary Internet Files\Content.IE5\K6QQGIAQ\qjgguh[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Mike Powell\Local Settings\Temporary Internet Files\Content.IE5\K6QQGIAQ\upd105320[2] (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Mike Powell\Local Settings\Temporary Internet Files\Content.IE5\N1WWMERK\aasuper0[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully. C:\Documents and Settings\Mike Powell\Local Settings\Temporary Internet Files\Content.IE5\N1WWMERK\aSPhJ[1] (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Mike Powell\Local Settings\Temporary Internet Files\Content.IE5\N1WWMERK\dnxkllz[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully. C:\Documents and Settings\Mike Powell\Local Settings\Temporary Internet Files\Content.IE5\N1WWMERK\nddaa[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully. C:\Documents and Settings\Mike Powell\Local Settings\Temporary Internet Files\Content.IE5\N1WWMERK\vbclmznn[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully. C:\Documents and Settings\Mike Powell\Local Settings\Temporary Internet Files\Content.IE5\P0P7D11N\aasuper2[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully. C:\Documents and Settings\Mike Powell\Local Settings\Temporary Internet Files\Content.IE5\XOV63UKZ\img[1] (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\7z.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\codeblocks.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\makehm.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\2.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\3.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\4.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\5.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\6.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\7.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\8.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\9.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\A.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\B.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\D.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\E.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\TMPD.tmp (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\Nancy Powell\Local Settings\Temp\csrssc.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\senekarwxvnsru.dat (Trojan.Agent) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:34:15 AM, on 2/8/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\savedump.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Spyware Doctor\pctsTray.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=A...08&m=le1200 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=A...08&m=le1200 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=A...08&m=le1200 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [bkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [58e6c40a] rundll32.exe "C:\WINDOWS\system32\qcxijcry.dll",b O4 - HKLM\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\MIKEPO~1\LOCALS~1\Temp\winlognn.exe O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [PromoReg] C:\WINDOWS\TEMP\TMPD.tmp O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Power2GoExpress] NA O4 - HKUS\S-1-5-20\..\Run: [pitedehega] Rundll32.exe "C:\WINDOWS\system32\giyesewu.dll",s (User 'NETWORK SERVICE') O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM') O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.2.cab O20 - AppInit_DLLs: qhjdij.dll bbsyju.dll qdlath.dll O20 - Winlogon Notify: ddcYrQkL - ddcYrQkL.dll (file missing) O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - (no file) O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 8705 bytes
  8. chamished
    Everything seems to be running a lot smoothly. Thanks so much.
  9. chamished
    Malwarebytes' Anti-Malware 1.33 Database version: 1692 Windows 5.1.2600 Service Pack 2 1/25/2009 12:54:06 PM mbam-log-2009-01-25 (12-54-06).txt Scan type: Quick Scan Objects scanned: 61984 Time elapsed: 11 minute(s), 37 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:57:17 PM, on 1/25/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18241) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe c:\program files\lenovo\system update\suservice.exe C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\WINDOWS\System32\TPHDEXLG.exe C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Common Files\Lenovo\Logger\logmon.exe C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe C:\WINDOWS\system32\TpShocks.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Lenovo\Zoom\TpScrex.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe C:\Program Files\Lenovo\Client Security Solution\cssauth.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\RocketDock\RocketDock.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Last.fm\LastFM.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Rainmeter\Rainmeter.exe C:\WINDOWS\system32\drwtsn32.exe C:\WINDOWS\system32\drwtsn32.exe C:\Program Files\Soulseek\slsk.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [bLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - Startup: digsby.lnk = C:\Program Files\Digsby\digsby.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1192480662671 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1200860832750 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 14903 bytes Awesome. Thanks.
  10. chamished
    Malwarebytes' Anti-Malware 1.33 Database version: 1687 Windows 5.1.2600 Service Pack 2 1/24/2009 5:15:33 AM mbam-log-2009-01-24 (05-15-33).txt Scan type: Full Scan (C:\|) Objects scanned: 187520 Time elapsed: 2 hour(s), 1 minute(s), 57 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 19 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP392\A0086912.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP393\A0086993.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP393\A0087006.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP393\A0087010.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP393\A0087153.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP393\A0087154.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP419\A0103151.dll (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP419\A0103152.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP419\A0103153.dll (Trojan.TDSS) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP419\A0103154.dll (Trojan.TDSS) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP419\A0103155.dll (Trojan.TDSS) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP419\A0103156.dll (Trojan.TDSS) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP419\A0103157.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP419\A0103158.sys (Trojan.TDSS) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP419\A0103159.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP419\A0103160.exe (Trojan.TinyDownloader705) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP419\A0103161.exe (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP419\A0103162.dll (Spyware.Passwords) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP419\A0103178.dll (Spyware.Passwords) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:50:23 AM, on 1/24/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18241) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe c:\program files\lenovo\system update\suservice.exe C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\WINDOWS\System32\TPHDEXLG.exe C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Common Files\Lenovo\Logger\logmon.exe C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe C:\WINDOWS\system32\TpShocks.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Lenovo\Zoom\TpScrex.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe C:\Program Files\Lenovo\Client Security Solution\cssauth.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\RocketDock\RocketDock.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Adobe\Adobe Bridge CS3\Bridge.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file) O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [bLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - Startup: digsby.lnk = C:\Program Files\Digsby\digsby.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1192480662671 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1200860832750 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 14959 bytes I hope someone can help.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.