scribbly Posted October 14, 2008 ID:30866 Share Posted October 14, 2008 Hi:OK, what happens is that a programme, it will generally be Explorer.exe, will start maxing out the CPU. It can sometime be some other programme, but often when the Process is displayed for the offending programme, Explorer will be highlighted, not the process for that programme. Once that process is killed, then Explorer will max out the CPU until I kill the process.Often the Explorer process will restart automatically, which I kill. This can happen a couple of times. Once it's gone I can start Explorer manually, and everything will be fine for a while. Though the problem is not automatic, but seems worse when using some programmes.I've been chasing this seriously for a couple of days now and have progressively cleaned the machine using different tools.Here are the log files:...now attached, as they made the post too long...ScanLogs_2005_10_15.txtScanLogs_2005_10_15.txt Link to post Share on other sites More sharing options...
JeanInMontana Posted October 14, 2008 ID:30870 Share Posted October 14, 2008 Malwarebytes' Anti-Malware 1.28Database version: 1267Windows 5.1.2600 Service Pack 215/10/2008 12:10:00 AMmbam-log-2008-10-15 (00-10-00).txtScan type: Quick ScanObjects scanned: 51792Time elapsed: 3 minute(s), 15 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
JeanInMontana Posted October 14, 2008 ID:30872 Share Posted October 14, 2008 \Sandbox\CompAdmin\DefaultBox\user\current\Application Data\Mozilla\Firefox\Profiles\aplu150x.default\cookies.txt[.did-it.com/]01262593 Application/NirCmd.A HackTools No 0 Yes No C:\$ISR\5\Program Files\FindAndRunRobot\AliasGroups\MyCustom\nircmd\nircmd.exe01262593 Application/NirCmd.A HackTools No 0 Yes No G:\My Downloads\Software\FARR\nircmd.zip[nircmd/nircmd.exe]01262593 Application/NirCmd.A HackTools No 0 Yes No C:\Program Files\FindAndRunRobot\AliasGroups\MyCustom\nircmd\nircmd.exe01262593 Application/NirCmd.A HackTools No 0 Yes No C:\$ISR\2\Program Files\FindAndRunRobot\AliasGroups\MyCustom\nircmd\nircmd.exe02878040 W32/Spammer.AEK.worm Virus/Trojan No 1 Yes No G:\My Mail\Perry\Inbox[brit.zip][brit.exe]02878040 W32/Spammer.AEK.worm Virus/Trojan No 1 Yes No G:\My Mail\Perry\Trash[brit.zip][brit.exe]02899655 Application/NirCmd.A HackTools No 0 Yes No G:\My Downloads\Software\FARR\nircmd.zip[nircmd/nircmdc.exe]02899655 Application/NirCmd.A HackTools No 0 Yes No C:\$ISR\2\Program Files\FindAndRunRobot\AliasGroups\MyCustom\nircmd\nircmdc.exe02899655 Application/NirCmd.A HackTools No 0 Yes No C:\$ISR\5\Program Files\FindAndRunRobot\AliasGroups\MyCustom\nircmd\nircmdc.exe02899655 Application/NirCmd.A HackTools No 0 Yes No C:\Program Files\FindAndRunRobot\AliasGroups\MyCustom\nircmd\nircmdc.exe03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\System Volume Information\_restore{181DC9B3-4A67-47DB-A87C-DB461CEA608C}\RP10\A0019774.exe03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\System Volume Information\_restore{181DC9B3-4A67-47DB-A87C-DB461CEA608C}\RP10\A0019775.exe03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\System Volume Information\_restore{181DC9B3-4A67-47DB-A87C-DB461CEA608C}\RP10\A0019776.exe03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\System Volume Information\_restore{181DC9B3-4A67-47DB-A87C-DB461CEA608C}\RP10\A0019777.exe03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\System Volume Information\_restore{181DC9B3-4A67-47DB-A87C-DB461CEA608C}\RP10\A0019778.exe03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\System Volume Information\_restore{181DC9B3-4A67-47DB-A87C-DB461CEA608C}\RP10\A0019779.exe03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\System Volume Information\_restore{181DC9B3-4A67-47DB-A87C-DB461CEA608C}\RP10\A0019780.exe03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\System Volume Information\_restore{181DC9B3-4A67-47DB-A87C-DB461CEA608C}\RP10\A0019781.exe03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\Papa-Oh\Temp\007.dat03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\System Volume Information\_restore{181DC9B3-4A67-47DB-A87C-DB461CEA608C}\RP10\A0019783.exe03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\System Volume Information\_restore{181DC9B3-4A67-47DB-A87C-DB461CEA608C}\RP10\A0019784.exe03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\System Volume Information\_restore{181DC9B3-4A67-47DB-A87C-DB461CEA608C}\RP10\A0019785.exe03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\System Volume Information\_restore{181DC9B3-4A67-47DB-A87C-DB461CEA608C}\RP10\A0019786.exe03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\System Volume Information\_restore{181DC9B3-4A67-47DB-A87C-DB461CEA608C}\RP10\A0019787.exe03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\System Volume Information\_restore{181DC9B3-4A67-47DB-A87C-DB461CEA608C}\RP10\A0019788.exe03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\System Volume Information\_restore{181DC9B3-4A67-47DB-A87C-DB461CEA608C}\RP10\A0019789.exe03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\System Volume Information\_restore{181DC9B3-4A67-47DB-A87C-DB461CEA608C}\RP10\A0019790.exe03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\System Volume Information\_restore{181DC9B3-4A67-47DB-A87C-DB461CEA608C}\RP10\A0019791.dll03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\System Volume Information\_restore{181DC9B3-4A67-47DB-A87C-DB461CEA608C}\RP10\A0019792.dll03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\System Volume Information\_restore{181DC9B3-4A67-47DB-A87C-DB461CEA608C}\RP10\A0019793.dll03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\System Volume Information\_restore{181DC9B3-4A67-47DB-A87C-DB461CEA608C}\RP10\A0019796.exe03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\System Volume Information\_restore{181DC9B3-4A67-47DB-A87C-DB461CEA608C}\RP10\A0019797.ocx03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\System Volume Information\_restore{181DC9B3-4A67-47DB-A87C-DB461CEA608C}\RP10\A0019799.exe03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\System Volume Information\_restore{181DC9B3-4A67-47DB-A87C-DB461CEA608C}\RP10\A0019802.exe03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\System Volume Information\_restore{181DC9B3-4A67-47DB-A87C-DB461CEA608C}\RP10\A0019807.exe03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\System Volume Information\_restore{181DC9B3-4A67-47DB-A87C-DB461CEA608C}\RP10\A0019808.exe03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\System Volume Information\_restore{181DC9B3-4A67-47DB-A87C-DB461CEA608C}\RP10\A0019809.exe03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\System Volume Information\_restore{181DC9B3-4A67-47DB-A87C-DB461CEA608C}\RP10\A0019818.exe03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\System Volume Information\_restore{181DC9B3-4A67-47DB-A87C-DB461CEA608C}\RP10\A0019820.exe03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\System Volume Information\_restore{181DC9B3-4A67-47DB-A87C-DB461CEA608C}\RP10\A0019821.exe03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\System Volume Information\_restore{181DC9B3-4A67-47DB-A87C-DB461CEA608C}\RP10\A0019822.exe03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\System Volume Information\_restore{181DC9B3-4A67-47DB-A87C-DB461CEA608C}\RP10\A0019823.exe03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\System Volume Information\_restore{181DC9B3-4A67-47DB-A87C-DB461CEA608C}\RP10\A0019824.exe03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\System Volume Information\_restore{181DC9B3-4A67-47DB-A87C-DB461CEA608C}\RP10\A0019825.dll03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\System Volume Information\_restore{181DC9B3-4A67-47DB-A87C-DB461CEA608C}\RP10\A0019826.exe03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\System Volume Information\_restore{181DC9B3-4A67-47DB-A87C-DB461CEA608C}\RP10\A0019827.exe03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\System Volume Information\_restore{181DC9B3-4A67-47DB-A87C-DB461CEA608C}\RP10\A0019832.exe03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\System Volume Information\_restore{181DC9B3-4A67-47DB-A87C-DB461CEA608C}\RP10\A0019833.exe03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\System Volume Information\_restore{181DC9B3-4A67-47DB-A87C-DB461CEA608C}\RP10\A0019834.exe03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\System Volume Information\_restore{181DC9B3-4A67-47DB-A87C-DB461CEA608C}\RP10\A0019835.exe03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\System Volume Information\_restore{181DC9B3-4A67-47DB-A87C-DB461CEA608C}\RP10\A0019842.exe03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\System Volume Information\_restore{181DC9B3-4A67-47DB-A87C-DB461CEA608C}\RP10\A0019844.exe03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\System Volume Information\_restore{181DC9B3-4A67-47DB-A87C-DB461CEA608C}\RP10\A0019845.exe03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\System Volume Information\_restore{181DC9B3-4A67-47DB-A87C-DB461CEA608C}\RP10\A0019846.exe03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\System Volume Information\_restore{181DC9B3-4A67-47DB-A87C-DB461CEA608C}\RP10\A0019847.exe03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\System Volume Information\_restore{181DC9B3-4A67-47DB-A87C-DB461CEA608C}\RP10\A0019848.exe03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\System Volume Information\_restore{181DC9B3-4A67-47DB-A87C-DB461CEA608C}\RP10\A0019849.exe03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\System Volume Information\_restore{181DC9B3-4A67-47DB-A87C-DB461CEA608C}\RP10\A0019850.dll03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\System Volume Information\_restore{181DC9B3-4A67-47DB-A87C-DB461CEA608C}\RP10\A0019851.exe03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\System Volume Information\_restore{181DC9B3-4A67-47DB-A87C-DB461CEA608C}\RP10\A0019852.exe03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\System Volume Information\_restore{181DC9B3-4A67-47DB-A87C-DB461CEA608C}\RP10\A0019854.exe03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\System Volume Information\_restore{181DC9B3-4A67-47DB-A87C-DB461CEA608C}\RP10\A0019855.exe03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\Papa-Oh\Temp\005.dat03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\Papa-Oh\Temp\002.dat03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\Papa-Oh\Temp\001.dat03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\Papa-Oh\Temp\000.dat03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\System Volume Information\_restore{181DC9B3-4A67-47DB-A87C-DB461CEA608C}\RP10\A0019770.exe03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\System Volume Information\_restore{181DC9B3-4A67-47DB-A87C-DB461CEA608C}\RP10\A0019769.exe03009106 W32/Xor-encoded.A Virus No 0 Yes No C:\$ISR\4\Documents and Settings\Papa Oh\Desktop\Papa Oh\Temp\009.dat03009106 W32/Xor-encoded.A Virus No 0 Yes No C:\$ISR\4\Documents and Settings\Papa Oh\Desktop\Papa Oh\Temp\007.dat03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe[G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe][12_bit_Halftone_pf.exe]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe[G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe][12_bit_Random_pf.exe]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe[G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe][Anim_edit_pm.exe]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe[G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe][ArrayToAnimatedBrush_pb.exe]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe[G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe][batch_px.exe]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe[G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe][blueRemove_pa.exe]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe[G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe][blueRemove_pf.exe]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe[G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe][bmp_pi.exe]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe[G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe][bmp_px.exe]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe[G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe][browser_pi.exe]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe[G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe][brushTimeline_pb.exe]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe[G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe][Channels_pm.exe]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe[G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe][Clipboard_Copy_px.exe]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe[G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe][Clipboard_Export_pb.exe]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe[G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe][Clipboard_Import_pb.exe]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe[G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe][convert.exe]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe[G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe][ConvolutionKernel_pf.exe]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe[G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe][DogLuaBrowser_pm.exe]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe[G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe][dogwaffle.exe]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe[G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe][drbrush.dll]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe[G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe][drFilter.dll]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe[G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe][drpaint.dll]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe[G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe][ExtractFolders.exe]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe[G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe][ExTvw.oca]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe[G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe][ExTvw.ocx]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe[G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe][Filmgrain_pf.exe]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe[G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe][FishEye_pf.exe]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe[G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe][Forcefield_pm.exe]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe[G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe][GUI_Server.exe]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe[G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe][GUI_Server_Windows.exe]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe[G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe][Key_Feather_pb.exe]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe[G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe][LightBloom_pf.exe]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe[G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe][LineCleanup_pa.exe]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe[G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe][MaxSharpen_pf.exe]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe[G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe][Median2_Color_pf.exe]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe[G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe][Median2_pf.exe]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe[G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe][medpdll.dll]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe[G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe][ModDogPlayer_pm.exe]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe[G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe][ModDogPlayer_round_pm.exe]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe[G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe][PlasmaYUV_pf.exe]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe[G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe][Premultiply_pm.exe]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe[G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe][Raw_pi.exe]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe[G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe][Raw_px.exe]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe[G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe][setWallpaper_px.exe]03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\Papa-Oh\Temp\013.dat03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe[G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe][store_Buffer_pm.exe]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe[G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe][swapYUV_YIQ_pf.exe]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe[G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe][Test_GUI_pm.exe]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe[G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe][Test_GUI_Widows_pm.exe]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe[G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe][Transparency_pb.exe]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe[G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe][VBTablet.dll]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe[G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe][Video_Legalize_NTSC_pf.exe]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe[G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe][Video_Legalize_Pal_pf.exe]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe[G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe][YIQ_ColorChart_pf.exe]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe[G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe][YUV_ColorChart_pf.exe]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4a_Update.zip[PD_Pro_4a_Update.exe][PD_Pro_4a_Update.exe][000.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4a_Update.zip[PD_Pro_4a_Update.exe][PD_Pro_4a_Update.exe][001.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4a_Update.zip[PD_Pro_4a_Update.exe][PD_Pro_4a_Update.exe][002.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_0c_Update.exe[G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_0c_Update.exe][000.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_0c_Update.exe[G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_0c_Update.exe][001.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_0c_Update.exe[G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_0c_Update.exe][003.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_0c_Update.exe[G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_0c_Update.exe][004.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_0c_Update.exe[G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_0c_Update.exe][005.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_0c_Update.exe[G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_0c_Update.exe][007.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_0c_Update.exe[G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_0c_Update.exe][009.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_1_Update.exe[G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_1_Update.exe][000.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_1_Update.exe[G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_1_Update.exe][001.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_1_Update.exe[G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_1_Update.exe][002.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_1_Update.exe[G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_1_Update.exe][005.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_1_Update.exe[G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_1_Update.exe][007.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_1_Update.exe[G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_1_Update.exe][008.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_1_Update.exe[G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_1_Update.exe][010.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_1_Update.exe[G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_1_Update.exe][011.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_1_Update.exe[G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_1_Update.exe][013.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][000.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][001.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][002.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][003.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][004.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][005.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][006.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][007.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][008.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][009.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][010.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][011.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][012.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][013.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][014.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][015.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][017.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][018.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][021.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][022.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][023.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][024.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][025.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][026.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][027.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][028.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][029.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][030.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][031.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][032.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][033.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][034.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][035.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][038.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][040.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][041.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][043.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][045.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][046.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][049.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][050.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][051.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][052.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][054.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][055.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][056.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][057.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][059.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][060.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][061.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][062.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][063.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][064.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][065.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][066.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][067.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][068.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][069.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][070.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][071.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][072.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][073.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][075.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][076.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][077.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][078.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][080.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][081.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][082.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][083.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][084.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][085.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][086.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][087.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][088.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][089.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][090.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_Upgrade_3to4_Installer.zip[PD_Pro_Upgrade_3to4_Installer.exe][PD_Pro_Upgrade_3to4_Installer.exe][091.dat]03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\Papa-Oh\Temp\011.dat03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\Papa-Oh\Temp\010.dat03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe[G:\My Downloads\Software\Graphics\Dogwaffle\051021_PD_3_5_Update_web.exe][starBlur_pf.exe]03009106 W32/Xor-encoded.A Virus No 0 Yes No C:\$ISR\4\Documents and Settings\Papa Oh\Desktop\Papa Oh\Temp\005.dat03009106 W32/Xor-encoded.A Virus No 0 Yes No C:\$ISR\4\Documents and Settings\Papa Oh\Desktop\Papa Oh\Temp\004.dat03009106 W32/Xor-encoded.A Virus No 0 Yes No C:\$ISR\4\Documents and Settings\Papa Oh\Desktop\Papa Oh\Temp\003.dat03009106 W32/Xor-encoded.A Virus No 0 Yes No C:\$ISR\4\Documents and Settings\Papa Oh\Desktop\Papa Oh\Temp\001.dat03009106 W32/Xor-encoded.A Virus No 0 Yes No C:\$ISR\4\Documents and Settings\Papa Oh\Desktop\Papa Oh\Temp\000.dat03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\Papa-Oh\Temp\008.dat03009106 W32/Xor-encoded.A Virus No 0 Yes No F:\System Volume Information\_restore{181DC9B3-4A67-47DB-A87C-DB461CEA608C}\RP10\A0019782.exe Link to post Share on other sites More sharing options...
scribbly Posted October 14, 2008 Author ID:30876 Share Posted October 14, 2008 Ah, thanks!Should add that MBAM found and removed a couple of things previously... Link to post Share on other sites More sharing options...
JeanInMontana Posted October 14, 2008 ID:30878 Share Posted October 14, 2008 Hi there scribbly and welcome to Malwarebytes. First why do you have known malware in zip folders on the machine? They are in your mailbox empty it please. Second, what is all that stuff you have downloaded with graphics? Empty your sandbox. Move HJT to the main drive into a folder of it's own and do another scan post that log please. Link to post Share on other sites More sharing options...
scribbly Posted October 14, 2008 Author ID:30882 Share Posted October 14, 2008 Hi:Thanks!Hi there scribbly and welcome to Malwarebytes. First why do you have known malware in zip folders on the machine? They are in your mailbox empty it please. Second, what is all that stuff you have downloaded with graphics? Empty your sandbox. Move HJT to the main drive into a folder of it's own and do another scan post that log please.In self defense: first time I've seen what Active Scan reported (and I've been using quite a few tools recently).Avast didn't find any of that (it Project Dogwaffle bits and pieces, that if it is infected, wasn't when downloaded?)I'll do that tonight, off to work now... Link to post Share on other sites More sharing options...
JeanInMontana Posted October 14, 2008 ID:30884 Share Posted October 14, 2008 Sorry if you feel a need to defend. How could you not have seen the Active scan? You posted it and ran it? What tools have you been using? I can't help you if you give vague responses. So far I'm not seeing anything malware actually loose jump out, however, what your describing is classic malware behavior. Link to post Share on other sites More sharing options...
scribbly Posted October 14, 2008 Author ID:30900 Share Posted October 14, 2008 No, sorry: "in self defense" = a general light-hearted comment.I meant I'd only seen the Active log today.I've been using MBAM for the last week since the problem has gotten a lot worse, but apart from the first run that showed something, it's generally clean.I've run Avast over all the drives as well, which has not caught a lot either.The Active Scan seemed to find a lot more than what Avast did.Did you mean move HJT to the C: drive? Does that change something? Link to post Share on other sites More sharing options...
JeanInMontana Posted October 15, 2008 ID:30924 Share Posted October 15, 2008 Yes it does change everything. If you have malware it's on the C drive. HJT is a tool used to find it. Let's start this over.Please get CCleaner Install the program run the scan. If you have any queries or comments then please use the Forum or contact us via this form.. NOTE: You may wish to save your cookies for sites you use often and have saved the passwords or use auto logon. Also Saved form information. BUT since this is a malware issue, starting over is always a good plan. You will be amazed at the amount of space on the HD you gain and probably notice improved performance.Now after that please update MBAM and run a scan post that log and a new HJT log Link to post Share on other sites More sharing options...
scribbly Posted October 15, 2008 Author ID:30945 Share Posted October 15, 2008 Yes it does change everything. If you have malware it's on the C drive. HJT is a tool used to find it. Let's start this over.I'll take your word for it, but looking at two different HJT logs, one run from C Drive and the other run from a second internal drive (G), are very similar...Please get CCleaner Install the program run the scan. If you have any queries or comments then please use the Forum or contact us via this form.. NOTE: You may wish to save your cookies for sites you use often and have saved the passwords or use auto logon. Also Saved form information. BUT since this is a malware issue, starting over is always a good plan. You will be amazed at the amount of space on the HD you gain and probably notice improved performance.Yep, I've done that, and yes many MB's of data were deleted!!Now after that please update MBAM and run a scan post that log and a new HJT logHere is the MBAM log:Malwarebytes' Anti-Malware 1.28Database version: 1271Windows 5.1.2600 Service Pack 215/10/2008 10:22:18 PMmbam-log-2008-10-15 (22-22-18).txtScan type: Quick ScanObjects scanned: 51211Time elapsed: 3 minute(s), 7 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)HJT (Run from the C Drive):Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:23:26 PM, on 15/10/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\COMODO\Firewall\cmdagent.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\Program Files\Canon\IJPLM\IJPLMSVC.EXEC:\$ISR\0\ISRService.exeC:\Program Files\Powerware\LanSafe\Bin\PowerMonitor.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeC:\Program Files\Powerware\LanSafe\Bin\LSTrayAgent.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Raxco\PerfectDisk\PDAgent.exeC:\Program Files\Sandboxie\SbieSvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\system32\Tablet.exeC:\WINDOWS\System32\vssvc.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\Program Files\Powerware\LanSafe\bin\xyntservice.exeC:\Program Files\Raxco\PerfectDisk\PDEngine.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\Program Files\Powerware\LanSafe\bin\httpserver.exeC:\$ISR\$APP\ISRMonitor.exeC:\Program Files\Intel Audio Studio\IntelAudioStudio.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Powerware\LanSafe\bin\status_glance.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\COMODO\Firewall\cfp.exeC:\WINDOWS\system32\dllhost.exeC:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeC:\Program Files\Canon\MyPrinter\BJMyPrt.exeC:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exeC:\Program Files\Chameleon Startup Manager 2\csmonitor.exeG:\Programmes\TaskSwitchXP\TaskSwitchXP.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Wakoopa\Wakoopa.exeC:\Program Files\Software Informer\softinfo.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\KlipFolio\KlipFolio.exeC:\WINDOWS\System32\alg.exeC:\Program Files\ProcessTamer\ProcessTamerTray.exeC:\WINDOWS\system32\msdtc.exec:\progra~1\intern~2\mum.exeC:\WINDOWS\System32\svchost.exec:\windows\system32\wtablet\tabuserw.exec:\program files\picasa2\picasamediadetector.exeC:\Program Files\Skype\Plugin Manager\skypePM.exeg:\programmes\cfdbutton\cfdbutton.exeg:\programmes\multimonitormouse\multimonitormouse.exec:\program files\launchbarcommander\launchbarcommander.exec:\program files\findandrunrobot\findandrunrobot.exec:\program files\siber systems\ai roboform\robotaskbaricon.exec:\program files\mozilla firefox\firefox.exec:\program files\sandboxie\sbiectrl.exeC:\Program Files\Free Download Manager\fdm.exec:\program files\netcomm\mfp server control center\control center.exeC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files\PSPad editor\PSPad.exec:\program files\free download manager\fum\fum.exec:\program files\softland\backup4all 3\backup4all.exec:\program files\softland\backup4all 3\backup4all.exec:\program files\common files\logishrd\lcommgr\communications_helper.exec:\program files\logitech\quickcam\quickcam.exeC:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exeG:\Programmes\NexusFile\NexusFile.exeC:\Program Files\HiJackThis\HijackThis.exeO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dllO3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dllO4 - HKLM\..\Run: [iSR_MONITOR] C:\$ISR\$APP\ISRMonitor.exeO4 - HKLM\..\Run: [intelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAYO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exeO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -hO4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logonO4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logonO4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -bootO4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"O4 - HKLM\..\Run: [LsTrayAgent] C:\Program Files\Powerware\LanSafe\Bin\LSTrayAgent.exeO4 - HKCU\..\Run: [Chameleon Startup Monitor] "C:\Program Files\Chameleon Startup Manager 2\csmonitor.exe" /startupO4 - HKCU\..\Run: [TaskSwitchXP] G:\Programmes\TaskSwitchXP\TaskSwitchXP.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Wakoopa] C:\Program Files\Wakoopa\Wakoopa.exeO4 - HKCU\..\Run: [software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorunO4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - HKCU\..\Run: [KlipFolio] "C:\Program Files\KlipFolio\KlipFolio.exe" /BOOTO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - S-1-5-18 Startup: ProcessTamer.lnk = C:\Program Files\ProcessTamer\ProcessTamerTray.exe (User 'SYSTEM')O4 - .DEFAULT Startup: ProcessTamer.lnk = C:\Program Files\ProcessTamer\ProcessTamerTray.exe (User 'Default user')O4 - Startup: ProcessTamer.lnk = C:\Program Files\ProcessTamer\ProcessTamerTray.exeO8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.htmlO8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htmO8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htmO8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htmO8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htmO8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htmO8 - Extra context menu item: eNF: AddLink - C:\Documents and Settings\CompAdmin\Local Settings\Apps\2.0\XHY67WXM.YR2\7Y7ZO9E4.0VC\enuf..tion_36add1d41e4bde84_0000.0001_752b80b7735258ef\IE\AddURL.htmlO8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlO8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlO8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlO8 - Extra context menu item: Surfulater: Add &new Article - res://C:\Program Files\SAIG\Surfulater\Surfulater.exe/SENDTOSURFULATER.HTMLO8 - Extra context menu item: Surfulater: Add Article pl&us Page - res://C:\Program Files\SAIG\Surfulater\Surfulater.exe/SENDANDATTACHTOSURFULATER.HTMLO8 - Extra context menu item: Surfulater: Attac&h Page to Article - res://C:\Program Files\SAIG\Surfulater\Surfulater.exe/ATTACHTOSURFULATER.HTMLO8 - Extra context menu item: Surfulater: Book&mark this Page - res://C:\Program Files\SAIG\Surfulater\Surfulater.exe/BOOKMARKINSURFULATER.HTMLO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlO9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlO9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlO9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlO9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlO9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlO9 - Extra button: Surfulater - {A9B34036-3ED6-460a-9C59-696DC24C516F} - C:\Program Files\SAIG\Surfulater\Surfulater.exeO9 - Extra 'Tools' menuitem: SAIG Surfula&ter - {A9B34036-3ED6-460a-9C59-696DC24C516F} - C:\Program Files\SAIG\Surfulater\Surfulater.exeO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dllO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\MusicIP\MusicIP Mixer\mDNSResponder.exeO23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXEO23 - Service: FirstDefense-ISR Service (ISRService) - Raxco Software, Inc. - C:\$ISR\0\ISRService.exeO23 - Service: LanSafe Power Monitor (LanSafe PM) - Eaton Corporation - C:\Program Files\Powerware\LanSafe\Bin\PowerMonitor.exeO23 - Service: LanSafe Process Manager - Powerware - C:\Program Files\Powerware\LanSafe\bin\xyntservice.exeO23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeO23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeO23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exeO23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exeO23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exeO23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe--End of file - 13739 bytesHJT (Run from the G Drive):Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:25:49 PM, on 15/10/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\COMODO\Firewall\cmdagent.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\Program Files\Canon\IJPLM\IJPLMSVC.EXEC:\$ISR\0\ISRService.exeC:\Program Files\Powerware\LanSafe\Bin\PowerMonitor.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeC:\Program Files\Powerware\LanSafe\Bin\LSTrayAgent.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Raxco\PerfectDisk\PDAgent.exeC:\Program Files\Sandboxie\SbieSvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\system32\Tablet.exeC:\WINDOWS\System32\vssvc.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\Program Files\Powerware\LanSafe\bin\xyntservice.exeC:\Program Files\Raxco\PerfectDisk\PDEngine.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\Program Files\Powerware\LanSafe\bin\httpserver.exeC:\$ISR\$APP\ISRMonitor.exeC:\Program Files\Intel Audio Studio\IntelAudioStudio.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Powerware\LanSafe\bin\status_glance.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\COMODO\Firewall\cfp.exeC:\WINDOWS\system32\dllhost.exeC:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeC:\Program Files\Canon\MyPrinter\BJMyPrt.exeC:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exeC:\Program Files\Chameleon Startup Manager 2\csmonitor.exeG:\Programmes\TaskSwitchXP\TaskSwitchXP.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Wakoopa\Wakoopa.exeC:\Program Files\Software Informer\softinfo.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\KlipFolio\KlipFolio.exeC:\WINDOWS\System32\alg.exeC:\Program Files\ProcessTamer\ProcessTamerTray.exeC:\WINDOWS\system32\msdtc.exec:\progra~1\intern~2\mum.exeC:\WINDOWS\System32\svchost.exec:\windows\system32\wtablet\tabuserw.exec:\program files\picasa2\picasamediadetector.exeC:\Program Files\Skype\Plugin Manager\skypePM.exeg:\programmes\cfdbutton\cfdbutton.exeg:\programmes\multimonitormouse\multimonitormouse.exec:\program files\launchbarcommander\launchbarcommander.exec:\program files\findandrunrobot\findandrunrobot.exec:\program files\siber systems\ai roboform\robotaskbaricon.exec:\program files\mozilla firefox\firefox.exec:\program files\sandboxie\sbiectrl.exeC:\Program Files\Free Download Manager\fdm.exec:\program files\netcomm\mfp server control center\control center.exeC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files\PSPad editor\PSPad.exec:\program files\free download manager\fum\fum.exec:\program files\softland\backup4all 3\backup4all.exec:\program files\softland\backup4all 3\backup4all.exec:\program files\common files\logishrd\lcommgr\communications_helper.exec:\program files\logitech\quickcam\quickcam.exeC:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exeG:\Programmes\NexusFile\NexusFile.exec:\program files\java\jre1.6.0_02\bin\jusched.exeg:\programmes\hijackthis\hijackthis.exeO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dllO3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dllO4 - HKLM\..\Run: [iSR_MONITOR] C:\$ISR\$APP\ISRMonitor.exeO4 - HKLM\..\Run: [intelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAYO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exeO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -hO4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logonO4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logonO4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -bootO4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"O4 - HKLM\..\Run: [LsTrayAgent] C:\Program Files\Powerware\LanSafe\Bin\LSTrayAgent.exeO4 - HKCU\..\Run: [Chameleon Startup Monitor] "C:\Program Files\Chameleon Startup Manager 2\csmonitor.exe" /startupO4 - HKCU\..\Run: [TaskSwitchXP] G:\Programmes\TaskSwitchXP\TaskSwitchXP.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Wakoopa] C:\Program Files\Wakoopa\Wakoopa.exeO4 - HKCU\..\Run: [software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorunO4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - HKCU\..\Run: [KlipFolio] "C:\Program Files\KlipFolio\KlipFolio.exe" /BOOTO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - S-1-5-18 Startup: ProcessTamer.lnk = C:\Program Files\ProcessTamer\ProcessTamerTray.exe (User 'SYSTEM')O4 - .DEFAULT Startup: ProcessTamer.lnk = C:\Program Files\ProcessTamer\ProcessTamerTray.exe (User 'Default user')O4 - Startup: ProcessTamer.lnk = C:\Program Files\ProcessTamer\ProcessTamerTray.exeO8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.htmlO8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htmO8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htmO8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htmO8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htmO8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htmO8 - Extra context menu item: eNF: AddLink - C:\Documents and Settings\CompAdmin\Local Settings\Apps\2.0\XHY67WXM.YR2\7Y7ZO9E4.0VC\enuf..tion_36add1d41e4bde84_0000.0001_752b80b7735258ef\IE\AddURL.htmlO8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlO8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlO8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlO8 - Extra context menu item: Surfulater: Add &new Article - res://C:\Program Files\SAIG\Surfulater\Surfulater.exe/SENDTOSURFULATER.HTMLO8 - Extra context menu item: Surfulater: Add Article pl&us Page - res://C:\Program Files\SAIG\Surfulater\Surfulater.exe/SENDANDATTACHTOSURFULATER.HTMLO8 - Extra context menu item: Surfulater: Attac&h Page to Article - res://C:\Program Files\SAIG\Surfulater\Surfulater.exe/ATTACHTOSURFULATER.HTMLO8 - Extra context menu item: Surfulater: Book&mark this Page - res://C:\Program Files\SAIG\Surfulater\Surfulater.exe/BOOKMARKINSURFULATER.HTMLO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlO9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlO9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlO9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlO9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlO9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlO9 - Extra button: Surfulater - {A9B34036-3ED6-460a-9C59-696DC24C516F} - C:\Program Files\SAIG\Surfulater\Surfulater.exeO9 - Extra 'Tools' menuitem: SAIG Surfula&ter - {A9B34036-3ED6-460a-9C59-696DC24C516F} - C:\Program Files\SAIG\Surfulater\Surfulater.exeO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dllO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\MusicIP\MusicIP Mixer\mDNSResponder.exeO23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXEO23 - Service: FirstDefense-ISR Service (ISRService) - Raxco Software, Inc. - C:\$ISR\0\ISRService.exeO23 - Service: LanSafe Power Monitor (LanSafe PM) - Eaton Corporation - C:\Program Files\Powerware\LanSafe\Bin\PowerMonitor.exeO23 - Service: LanSafe Process Manager - Powerware - C:\Program Files\Powerware\LanSafe\bin\xyntservice.exeO23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeO23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeO23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exeO23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exeO23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exeO23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe--End of file - 13787 bytesAnd that's actually interesting: The only difference between the two logs is that the log file run from the G Drive contains an extra entry:c:\program files\java\jre1.6.0_02\bin\jusched.exeHow is that?? Thanks for your help by the way: this is driving me crazy.I'll go and run an Active scan again...I ran Avast over my system today as well, and it found:File Name: SpybotSD.exe.hdmpVirus Description: Win32:Agent-COH [Trj]Original Location: F:CompAdmin\Temp\WERb56c.dir00 Link to post Share on other sites More sharing options...
scribbly Posted October 15, 2008 Author ID:31000 Share Posted October 15, 2008 And the Active Log (though I think that the DogWaffle entries are false positives):;***********************************************************************************************************************************************************************************ANALYSIS: 2008-10-16 07:11:00PROTECTIONS: 1MALWARE: 13SUSPECTS: 0;***********************************************************************************************************************************************************************************PROTECTIONSDescription Version Active Updated;===================================================================================================================================================================================avast! antivirus 4.8.1229 [VPS 081014-0] 4.8.1229 Yes Yes;===================================================================================================================================================================================MALWAREId Description Type Active Severity Disinfectable Disinfected Location;===================================================================================================================================================================================00024402 Exploit/iFrame HackTools No 0 Yes No M:\eMail\MAIL\Survey\fol068b4.pmm.zip[fol068b4.pmm][~0000391.~]00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\CompAdmin\Cookies\compadmin@doubleclick[1].txt00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\CompAdmin\Cookies\compadmin@atdmt[1].txt00148914 Cookie/Tucows TrackingCookie No 0 Yes No C:\$ISR\6\Documents and Settings\CompAdmin\Application Data\Mozilla\Firefox\Profiles\aplu150x.default\cookies.txt[.tucows.com/]00148914 Cookie/Tucows TrackingCookie No 0 Yes No C:\$ISR\6\Documents and Settings\CompAdmin\Application Data\Mozilla\Firefox\Profiles\aplu150x.default\cookies.txt[.tucows.com/]00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\$ISR\3\Documents and Settings\Papa Oh\Application Data\Mozilla\Firefox\Profiles\j5wnroue.default\cookies.txt[.com.com/]00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\$ISR\6\Documents and Settings\CompAdmin\Application Data\Mozilla\Firefox\Profiles\aplu150x.default\cookies.txt[.com.com/]00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\$ISR\5\Sandbox\CompAdmin\MyNewSandbaox\user\current\Application Data\Mozilla\Firefox\Profiles\aplu150x.default\cookies.txt[.com.com/]00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\$ISR\3\Sandbox\CompAdmin\DefaultBox\user\current\Application Data\Mozilla\Firefox\Profiles\aplu150x.default\cookies.txt.moztmp[.com.com/]00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\$ISR\5\Sandbox\CompAdmin\DefaultBox\user\current\Application Data\Mozilla\Firefox\Profiles\aplu150x.default\cookies.txt.moztmp[.com.com/]00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\$ISR\5\Sandbox\CompAdmin\DefaultBox\user\current\Application Data\Mozilla\Firefox\Profiles\aplu150x.default\cookies.txt[.com.com/]00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\$ISR\3\Sandbox\CompAdmin\DefaultBox\user\current\Application Data\Mozilla\Firefox\Profiles\aplu150x.default\cookies.txt[.com.com/]00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\CompAdmin\Cookies\compadmin@serving-sys[2].txt00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\CompAdmin\Cookies\compadmin@bs.serving-sys[2].txt00194327 Cookie/Go TrackingCookie No 0 Yes No C:\$ISR\3\Documents and Settings\Papa Oh\Application Data\Mozilla\Firefox\Profiles\j5wnroue.default\cookies.txt[.go.com/]00194327 Cookie/Go TrackingCookie No 0 Yes No C:\$ISR\5\Sandbox\CompAdmin\DefaultBox\user\current\Cookies\compadmin@go[1].txt00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\$ISR\5\Sandbox\CompAdmin\DefaultBox\user\current\Application Data\Mozilla\Firefox\Profiles\aplu150x.default\cookies.txt.moztmp[searchportal.information.com/]00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\$ISR\5\Sandbox\CompAdmin\DefaultBox\user\current\Application Data\Mozilla\Firefox\Profiles\aplu150x.default\cookies.txt[searchportal.information.com/]00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\$ISR\3\Sandbox\CompAdmin\DefaultBox\user\current\Application Data\Mozilla\Firefox\Profiles\aplu150x.default\cookies.txt[searchportal.information.com/]00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\$ISR\3\Sandbox\CompAdmin\DefaultBox\user\current\Application Data\Mozilla\Firefox\Profiles\aplu150x.default\cookies.txt.moztmp[searchportal.information.com/]00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\$ISR\3\Sandbox\CompAdmin\DefaultBox\user\current\Application Data\Mozilla\Firefox\Profiles\aplu150x.default\cookies.txt.moztmp[.did-it.com/]00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\$ISR\3\Sandbox\CompAdmin\DefaultBox\user\current\Application Data\Mozilla\Firefox\Profiles\aplu150x.default\cookies.txt.moztmp[.did-it.com/]00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\$ISR\3\Sandbox\CompAdmin\DefaultBox\user\current\Application Data\Mozilla\Firefox\Profiles\aplu150x.default\cookies.txt[.did-it.com/]00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\$ISR\5\Sandbox\CompAdmin\DefaultBox\user\current\Application Data\Mozilla\Firefox\Profiles\aplu150x.default\cookies.txt[.did-it.com/]00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\$ISR\3\Sandbox\CompAdmin\DefaultBox\user\current\Application Data\Mozilla\Firefox\Profiles\aplu150x.default\cookies.txt[.did-it.com/]00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\$ISR\3\Sandbox\CompAdmin\DefaultBox\user\current\Application Data\Mozilla\Firefox\Profiles\aplu150x.default\cookies.txt.moztmp[.did-it.com/]00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\$ISR\3\Sandbox\CompAdmin\DefaultBox\user\current\Application Data\Mozilla\Firefox\Profiles\aplu150x.default\cookies.txt[.did-it.com/]00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\$ISR\5\Sandbox\CompAdmin\DefaultBox\user\current\Application Data\Mozilla\Firefox\Profiles\aplu150x.default\cookies.txt[.did-it.com/]00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\$ISR\5\Sandbox\CompAdmin\DefaultBox\user\current\Application Data\Mozilla\Firefox\Profiles\aplu150x.default\cookies.txt.moztmp[.did-it.com/]00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\$ISR\5\Sandbox\CompAdmin\DefaultBox\user\current\Application Data\Mozilla\Firefox\Profiles\aplu150x.default\cookies.txt.moztmp[.did-it.com/]01262593 Application/NirCmd.A HackTools No 0 Yes No C:\$ISR\5\Program Files\FindAndRunRobot\AliasGroups\MyCustom\nircmd\nircmd.exe01262593 Application/NirCmd.A HackTools No 0 Yes No G:\My Downloads\Software\FARR\nircmd.zip[nircmd/nircmd.exe]01262593 Application/NirCmd.A HackTools No 0 Yes No C:\Program Files\FindAndRunRobot\AliasGroups\MyCustom\nircmd\nircmd.exe01262593 Application/NirCmd.A HackTools No 0 Yes No C:\$ISR\2\Program Files\FindAndRunRobot\AliasGroups\MyCustom\nircmd\nircmd.exe02899655 Application/NirCmd.A HackTools No 0 Yes No C:\$ISR\5\Program Files\FindAndRunRobot\AliasGroups\MyCustom\nircmd\nircmdc.exe02899655 Application/NirCmd.A HackTools No 0 Yes No G:\My Downloads\Software\FARR\nircmd.zip[nircmd/nircmdc.exe]02899655 Application/NirCmd.A HackTools No 0 Yes No C:\Program Files\FindAndRunRobot\AliasGroups\MyCustom\nircmd\nircmdc.exe03009106 W32/Xor-encoded.A Virus No 0 Yes No C:\$ISR\4\Documents and Settings\Papa Oh\Desktop\Papa Oh\Temp\005.dat03009106 W32/Xor-encoded.A Virus No 0 Yes No C:\$ISR\4\Documents and Settings\Papa Oh\Desktop\Papa Oh\Temp\004.dat03009106 W32/Xor-encoded.A Virus No 0 Yes No C:\$ISR\4\Documents and Settings\Papa Oh\Desktop\Papa Oh\Temp\003.dat03009106 W32/Xor-encoded.A Virus No 0 Yes No C:\$ISR\4\Documents and Settings\Papa Oh\Desktop\Papa Oh\Temp\007.dat03009106 W32/Xor-encoded.A Virus No 0 Yes No C:\$ISR\4\Documents and Settings\Papa Oh\Desktop\Papa Oh\Temp\001.dat03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_0c_Update.exe[G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_0c_Update.exe][000.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_0c_Update.exe[G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_0c_Update.exe][001.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_0c_Update.exe[G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_0c_Update.exe][003.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_0c_Update.exe[G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_0c_Update.exe][004.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_0c_Update.exe[G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_0c_Update.exe][005.dat]03009106 W32/Xor-encoded.A Virus No 0 Yes No C:\$ISR\4\Documents and Settings\Papa Oh\Desktop\Papa Oh\Temp\009.dat03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_0c_Update.exe[G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_0c_Update.exe][009.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_1_Update.exe[G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_1_Update.exe][000.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_1_Update.exe[G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_1_Update.exe][001.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_1_Update.exe[G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_1_Update.exe][002.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_1_Update.exe[G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_1_Update.exe][005.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_1_Update.exe[G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_1_Update.exe][007.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_1_Update.exe[G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_1_Update.exe][008.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_1_Update.exe[G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_1_Update.exe][010.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_1_Update.exe[G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_1_Update.exe][011.dat]03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_1_Update.exe[G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_1_Update.exe][013.dat]03009106 W32/Xor-encoded.A Virus No 0 Yes No C:\$ISR\4\Documents and Settings\Papa Oh\Desktop\Papa Oh\Temp\000.dat03009106 W32/Xor-encoded.A Virus No 0 No No G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_0c_Update.exe[G:\My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_0c_Update.exe][007.dat];===================================================================================================================================================================================SUSPECTSSent Location Q;===================================================================================================================================================================================;===================================================================================================================================================================================VULNERABILITIESId Severity Description Q;===================================================================================================================================================================================;=================================================================================================================================================================================== Link to post Share on other sites More sharing options...
JeanInMontana Posted October 16, 2008 ID:31051 Share Posted October 16, 2008 Please only post what is asked for, there is enough to wade through. We need samples of all the stuff Panda is flagging.My Downloads\Software\Graphics\Dogwaffle\PD_Pro_4_0c_Update.exe and the others in your last log. Please find these files and attach it in a zipped folder here in a new topic you start, link back to your thread in the HJT forum please. I'll give instructions as soon as the files have been analyzed. Link to post Share on other sites More sharing options...
scribbly Posted October 16, 2008 Author ID:31091 Share Posted October 16, 2008 OK, I've tried that here but the zipped file is 2.6Mb which is a little bigger than what is allowed for attachments.I had to go and download it again as I'd deleted it before I got your post. While I was at it I put it through some one line scanners at http://www.virscan.org/ and http://www.virus.org/.I ran the Panda again, but it's just down to Tracking Cookies. Link to post Share on other sites More sharing options...
JeanInMontana Posted October 16, 2008 ID:31119 Share Posted October 16, 2008 The file upload for this whole site is 16MB. Did you try to upload it? Scan it at http://www.virustotal.com/ and post that report please. Link to post Share on other sites More sharing options...
scribbly Posted October 16, 2008 Author ID:31137 Share Posted October 16, 2008 See my reply here.The virusTotal log (this was a similar result to the two others that I tried):File PD_Pro_4_1_Update.exe received on 10.16.2008 23:51:48 (CET)Result: 1/36 (2.78%)Antivirus Version Last Update Result AhnLab-V3 2008.10.17.0 2008.10.16 - AntiVir 7.9.0.4 2008.10.16 - Authentium 5.1.0.4 2008.10.16 - Avast 4.8.1248.0 2008.10.15 - AVG 8.0.0.161 2008.10.16 - BitDefender 7.2 2008.10.16 - CAT-QuickHeal 9.50 2008.10.16 - ClamAV 0.93.1 2008.10.16 - DrWeb 4.44.0.09170 2008.10.16 - eSafe 7.0.17.0 2008.10.16 Suspicious File eTrust-Vet 31.6.6151 2008.10.16 - Ewido 4.0 2008.10.16 - F-Prot 4.4.4.56 2008.10.16 - F-Secure 8.0.14332.0 2008.10.16 - Fortinet 3.113.0.0 2008.10.16 - GData 19 2008.10.16 - Ikarus T3.1.1.44.0 2008.10.16 - K7AntiVirus 7.10.497 2008.10.16 - Kaspersky 7.0.0.125 2008.10.16 - McAfee 5407 2008.10.16 - Microsoft 1.4005 2008.10.16 - NOD32 3528 2008.10.16 - Norman 5.80.02 2008.10.16 - Panda 9.0.0.4 2008.10.16 - PCTools 4.4.2.0 2008.10.16 - Prevx1 V2 2008.10.16 - Rising 20.66.32.00 2008.10.16 - SecureWeb-Gateway 6.7.6 2008.10.16 - Sophos 4.34.0 2008.10.16 - Sunbelt 3.1.1728.1 2008.10.16 - Symantec 10 2008.10.16 - TheHacker 6.3.1.0.116 2008.10.16 - TrendMicro 8.700.0.1004 2008.10.16 - VBA32 3.12.8.7 2008.10.16 - ViRobot 2008.10.16.1423 2008.10.16 - VirusBuster 4.5.11.0 2008.10.16 - Additional information File size: 2705590 bytes MD5...: 2971bae6e0c95c8f1e754df0fd9d87e8 SHA1..: b0904981c3321fbe732d948dedc9df0dc48431fb SHA256: 3fdcc3303cf7d52f346b82fc75419e1e39f71f2ecba47eb1c74a97d214b4cbec SHA512: b1330ff1690ed19b7a85249801c30264afc47d2be75dd713d714ddf74247df7076814a102922a8bbd61a38b57baf98ca4e9d99124a18304c811b52a530cefde0 PEiD..: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser TrID..: File type identificationGeneric Win/DOS Executable (49.9%)DOS Executable Generic (49.8%)Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%) PEInfo: PE Structure information( base data )entrypointaddress.: 0x430a50timedatestamp.....: 0x3d2b40d9 (Tue Jul 09 20:00:25 2002)machinetype.......: 0x14c (I386)( 3 sections )name viradd virsiz rawdsiz ntrpy md5UPX0 0x1000 0x26000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427eUPX1 0x27000 0xa000 0x9c00 7.88 97106e4bb31a1f074266664eaf025e74.rsrc 0x31000 0x3000 0x2600 5.49 39848f8386e3d717d0281c495bb08514( 7 imports ) > KERNEL32.DLL: LoadLibraryA, GetProcAddress, ExitProcess> ADVAPI32.DLL: IsValidAcl> COMCTL32.DLL: InitCommonControls> CRTDLL.DLL: _iob> GDI32.DLL: SetPixel> SHELL32.DLL: ShellExecuteA> USER32.DLL: GetDC( 0 exports ) packers (Kaspersky): UPX, PE-Crypt.XorPE, PE-Crypt.XorPE, PE-Crypt.XorPE, PE-Crypt.XorPE, PE-Crypt.XorPE, PE-Crypt.XorPE, PE-Crypt.XorPE, PE-Crypt.XorPE, PE-Crypt.XorPE, PE-Crypt.XorPE packers (F-Prot): UPX, ZIP, XORCrypt Link to post Share on other sites More sharing options...
JeanInMontana Posted October 19, 2008 ID:31469 Share Posted October 19, 2008 Please see Raid's response there. This is weird I'll find out what is the deal. Link to post Share on other sites More sharing options...
scribbly Posted October 23, 2008 Author ID:31987 Share Posted October 23, 2008 Please see Raid's response there. This is weird I'll find out what is the deal.Hi: sorry I've been away (had to take a rest from these problems )I wondered if it was a hardware problem... On the way home from work I thought I'd re-check my hard drives: which all ended up fine BTW. But in the process, I re-remembered that nVidia's nView Desktop Manager sometimes produces problems (take a look at the 50,000 google hits!).So I unEnabled it and I think I found the problem! Been working all night so far without a problem.Sorry, it seems we've all been barking up the wrong tree: but I hope it may shorten other people's search if they have similar problems.Thanks for your time and help!! Link to post Share on other sites More sharing options...
JeanInMontana Posted October 24, 2008 ID:32156 Share Posted October 24, 2008 To be sure lets see a new MBAM log, be sure you update it, current version is 1.30. Run a quick scan and post that log then a new HJT too. Link to post Share on other sites More sharing options...
scribbly Posted October 25, 2008 Author ID:32245 Share Posted October 25, 2008 To be sure lets see a new MBAM log, be sure you update it, current version is 1.30. Run a quick scan and post that log then a new HJT too.Not had a problem since unenabling the Desktop Manager, but to be sure...Malwarebytes' Anti-Malware 1.30Database version: 1316Windows 5.1.2600 Service Pack 325/10/2008 10:44:44 PMmbam-log-2008-10-25 (22-44-44).txtScan type: Quick ScanObjects scanned: 53294Time elapsed: 3 minute(s), 6 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:45:10 PM, on 25/10/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\COMODO\Firewall\cmdagent.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\Program Files\Canon\IJPLM\IJPLMSVC.EXEC:\$ISR\0\ISRService.exeC:\Program Files\Powerware\LanSafe\Bin\PowerMonitor.exeC:\Program Files\Powerware\LanSafe\Bin\LSTrayAgent.exeC:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Raxco\PerfectDisk\PDAgent.exeC:\Program Files\Sandboxie\SbieSvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\system32\Tablet.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\vssvc.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\Program Files\Powerware\LanSafe\bin\xyntservice.exeC:\Program Files\Powerware\LanSafe\bin\httpserver.exeC:\Program Files\Powerware\LanSafe\bin\status_glance.exeC:\Program Files\Raxco\PerfectDisk\PDEngine.exeC:\WINDOWS\system32\dllhost.exeC:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\system32\msdtc.exeC:\WINDOWS\system32\ctfmon.exeC:\$ISR\$APP\ISRMonitor.exeC:\Program Files\Intel Audio Studio\IntelAudioStudio.exeC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\COMODO\Firewall\cfp.exeC:\Program Files\Canon\MyPrinter\BJMyPrt.exeC:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Chameleon Startup Manager 2\csmonitor.exeG:\Programmes\TaskSwitchXP\TaskSwitchXP.exeC:\Program Files\Wakoopa\Wakoopa.exeC:\Program Files\Software Informer\softinfo.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\KlipFolio\KlipFolio.exeC:\Documents and Settings\CompAdmin\Local Settings\Application Data\Google\Update\GoogleUpdate.exeC:\Program Files\ProcessTamer\ProcessTamerTray.exec:\progra~1\intern~2\mum.exec:\windows\system32\wtablet\tabuserw.exec:\program files\picasa2\picasamediadetector.exeC:\Program Files\Skype\Plugin Manager\skypePM.exeg:\programmes\cfdbutton\cfdbutton.exeg:\programmes\multimonitormouse\multimonitormouse.exec:\program files\launchbarcommander\launchbarcommander.exec:\program files\findandrunrobot\findandrunrobot.exec:\program files\siber systems\ai roboform\robotaskbaricon.exec:\program files\sandboxie\sbiectrl.exeC:\Program Files\Free Download Manager\fdm.exeC:\Program Files\Mozilla Firefox\firefox.exec:\program files\netcomm\mfp server control center\control center.exec:\program files\digsby\lib\digsby-app.exec:\program files\free download manager\fum\fum.exec:\program files\softland\backup4all 3\backup4all.exec:\program files\softland\backup4all 3\backup4all.exec:\program files\common files\logishrd\lcommgr\communications_helper.exec:\program files\logitech\quickcam\quickcam.exeC:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exec:\program files\java\jre1.6.0_02\bin\jusched.exeG:\Programmes\NexusFile\NexusFile.exeC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files\PSPad editor\PSPad.exeg:\programmes\hijackthis\hijackthis.exeO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dllO3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dllO4 - HKLM\..\Run: [iSR_MONITOR] C:\$ISR\$APP\ISRMonitor.exeO4 - HKLM\..\Run: [intelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAYO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exeO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -hO4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logonO4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logonO4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -bootO4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"O4 - HKLM\..\Run: [LsTrayAgent] C:\Program Files\Powerware\LanSafe\Bin\LSTrayAgent.exeO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKCU\..\Run: [Chameleon Startup Monitor] "C:\Program Files\Chameleon Startup Manager 2\csmonitor.exe" /startupO4 - HKCU\..\Run: [TaskSwitchXP] G:\Programmes\TaskSwitchXP\TaskSwitchXP.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Wakoopa] C:\Program Files\Wakoopa\Wakoopa.exeO4 - HKCU\..\Run: [software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorunO4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - HKCU\..\Run: [KlipFolio] "C:\Program Files\KlipFolio\KlipFolio.exe" /BOOTO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - S-1-5-18 Startup: ProcessTamer.lnk = C:\Program Files\ProcessTamer\ProcessTamerTray.exe (User 'SYSTEM')O4 - .DEFAULT Startup: ProcessTamer.lnk = C:\Program Files\ProcessTamer\ProcessTamerTray.exe (User 'Default user')O4 - Startup: ProcessTamer.lnk = C:\Program Files\ProcessTamer\ProcessTamerTray.exeO8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.htmlO8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htmO8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htmO8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htmO8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htmO8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htmO8 - Extra context menu item: eNF: AddLink - C:\Documents and Settings\CompAdmin\Local Settings\Apps\2.0\XHY67WXM.YR2\7Y7ZO9E4.0VC\enuf..tion_36add1d41e4bde84_0000.0001_752b80b7735258ef\IE\AddURL.htmlO8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlO8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlO8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlO8 - Extra context menu item: Surfulater: Add &new Article - res://C:\Program Files\SAIG\Surfulater\Surfulater.exe/SENDTOSURFULATER.HTMLO8 - Extra context menu item: Surfulater: Add Article pl&us Page - res://C:\Program Files\SAIG\Surfulater\Surfulater.exe/SENDANDATTACHTOSURFULATER.HTMLO8 - Extra context menu item: Surfulater: Attac&h Page to Article - res://C:\Program Files\SAIG\Surfulater\Surfulater.exe/ATTACHTOSURFULATER.HTMLO8 - Extra context menu item: Surfulater: Book&mark this Page - res://C:\Program Files\SAIG\Surfulater\Surfulater.exe/BOOKMARKINSURFULATER.HTMLO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlO9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlO9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlO9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlO9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlO9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlO9 - Extra button: Surfulater - {A9B34036-3ED6-460a-9C59-696DC24C516F} - C:\Program Files\SAIG\Surfulater\Surfulater.exeO9 - Extra 'Tools' menuitem: SAIG Surfula&ter - {A9B34036-3ED6-460a-9C59-696DC24C516F} - C:\Program Files\SAIG\Surfulater\Surfulater.exeO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dllO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\MusicIP\MusicIP Mixer\mDNSResponder.exeO23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXEO23 - Service: FirstDefense-ISR Service (ISRService) - Raxco Software, Inc. - C:\$ISR\0\ISRService.exeO23 - Service: LanSafe Power Monitor (LanSafe PM) - Eaton Corporation - C:\Program Files\Powerware\LanSafe\Bin\PowerMonitor.exeO23 - Service: LanSafe Process Manager - Powerware - C:\Program Files\Powerware\LanSafe\bin\xyntservice.exeO23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeO23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeO23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exeO23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exeO23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exeO23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exeO24 - Desktop Component 0: (no name) - G:\Documents\My Pictures\ScribblyWallPapperRight.jpg--End of file - 13980 bytes Link to post Share on other sites More sharing options...
JeanInMontana Posted October 27, 2008 ID:32529 Share Posted October 27, 2008 Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK. Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it. Many of infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenal. Keep MBAM and Spybot Search & Destroy and always immunize SBS&D when you update. You will also need at least one other scanning program Asquared or SuperAntiSpyware are good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use.A firewall and antivirus are also essential. The Windows firewall in XP and Vista is not sufficient.Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan.Keep other software known for vulnerabilities updated also. Use the Secunia Inspector free scan to identify risks in outdated versions.SpywareBlaster from Javacool SoftwareWinPatrol by BillPStudios SiteHound by FireTrustRogueRemoverhpHostsThe windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free Also the full protection of MBAM is offered at a very low price, from the link in my signature. Link to post Share on other sites More sharing options...
JeanInMontana Posted November 1, 2008 ID:33258 Share Posted November 1, 2008 Since this topic has had no reply for over 5 days it will be closed to prevent other from posting into it. Should you decide to resume with your assistance PM any staff member and we will be happy to reopen the topic. Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you. Link to post Share on other sites More sharing options...
Recommended Posts