• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Ken Jacobs

Two PCs infected ... let's work on the first

80 posts in this topic

My wife's PC (not protected by an AV tool .. doh!) got sick. I tried to help her. It got worse. I then used my machine to download some tools, copied them over on a memory stick, and lo and behold, my PC is infected too. GRRRR ...

 

I think I may have downloaded stuff to my PC that masquerades as anti-virus, but it actually propogates a virus. Maybe you can tell me what that is ...

 

Let's work on my PC first. It's a DELL Dimension 9100, dual core, with XP Media Center installed.

 

Symptoms: the mouse will freeze. It's a wireless Dell mouse. I press the button on the bottom to regain control. Funny, the wireless keyboard doesn't freeze. I have Symantec and now a trial version of Bit Defender. They seem to be catching and containing Brontok. However, I do get the symptom of mouse freezing and also a very slow machine at times.

 

I tried a number of tools like RegCure and REgistry Booster from UniBlue. They seem to work ok, and finish successfully. I also downloaded F-PROT to get rid of Brontok, but its messages were so annoying that I de-installed it.

 

Tried to follow your instructions. The HijackThis report is below. However, when I went to use AVGAS in Safe Mode, it gave me a message to the effect that "service could not be connected; reinstall". I tired that. I made sure that my VPN proxy server was not configured for AVGAS either in normal or safe mode. Nothing works. So, at the moment, I have no AVGAS report to share.

 

This mouse freezing is the most visible and annoying problem on my machine, plus sometimes slowness, with the Task Manager showing plenty of available CPU time. My wife's is worse, with pop-ups asking if she wants to install something, and terrible slowness. But let's do my machine first.

 

To answer your FAQ questions ...

o Do you have popups? ... No

o Has your browser been hijacked? ... no

o Does your antivirus detect an infected file? If so, what file, and what is the infection detected?

... YES, from BitDefender, it sees Generic.Brontok.73942F2D. I also have Symantec AV,

which probably has quaranteed it.

o Is your system sluggish? Is there a particular process using a lot of the CPU? If so, what is it? Does your firewall give alerts about a process trying to access the internet? If so, what is it?

... sometimes. Shutdown and startup are slow. No process seems to be using a lot of time. Plenty of Idle time.

o Have you already tried certain steps to fix your problem? If so, what have you tried?

... see above; In addition, have run Sybbot and Ad-Aware.

o Please also mention that you have read this FAQ and followed the directions, or else someone is likely to ask you to come back here.

.. been there, did that!

 

 

Question for you ... is there confidential info of mine (passwords to websites, for example) that you see from what I post? How can I provide you with what I need without disclosing such info in the next steps of this process?

 

Thanks in advance for your help!

 

Ken

 

Here's the log ...

 

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 8:03:16 PM, on 6/6/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Symantec AntiVirus\VPTray.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\WINDOWS\system32\LVCOMSX.EXE

D:\Applications\Adobe\Photoshop Elements 5.0\apdproxy.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\StartupMonitor.exe

D:\Applications\BitDefender\bdmcon.exe

D:\Applications\BitDefender\bdagent.exe

C:\Program Files\Array Networks\Common\4,0,1,3\arr_isrv4,0,1,3.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

D:\Program Files\Adobe\Photoshop Elements\PhotoshopElementsFileAgent.exe

C:\Program Files\Dell Support\DSAgnt.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\WINDOWS\system32\ctfmon.exe

D:\Applications\Zinio\ZinioDeliveryManager.exe

D:\Applications\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

D:\Applications\RegistryBooster2\RegistryBooster.exe

D:\Applications\Bluetooth Actiontec\BTTray.exe

C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe

D:\Applications\Palm Desktop\Hotsync.exe

C:\Program Files\Array Networks\Array SSL VPN\3,0,1,9\arr_srvs3,0,1,9.exe

C:\Program Files\Microsoft Office\Office\1033\msoffice.exe

D:\APPLIC~1\BLUETO~2\BTSTAC~1.EXE

C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

D:\Applications\Bluetooth Actiontec\bin\btwdins.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe

C:\WINDOWS\system32\nvsvc32.exe

D:\Applications\Oracle Drive\XfsSvcCon.exe

C:\WINDOWS\system32\mmc.exe

C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe

D:\Applications\Retrospect Backup\retrorun.exe

C:\Program Files\Cisco Systems\VPN Client\vpngui.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

D:\Applications\BitDefender\vsserv.exe

D:\Program Files\Mozilla\Thunderbird\thunderbird.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Mozilla Firefox\firefox.exe

D:\Downloads\HijackThis\HiJackThis_v2.exe

C:\PROGRA~1\SYMANT~1\DWHWIZRD.EXE

C:\WINDOWS\orclobi\gdswsuspatch.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://securityresponse.symantec.com/avcenter/fix_homepage/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/root/campaign.asp?cid...mp;affid=105-56

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-proxy1.us.oracle.com:80

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\APPLIC~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Oracle Drive Helper Object - {5D33B3E0-4FB3-4ED1-9106-B6EB06A3B7C2} - C:\WINDOWS\SYSTEM32\ODriveHelper.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] "C:\Program Files\Symantec AntiVirus\VPTray.exe"

O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Applications\Adobe\Photoshop Elements 5.0\apdproxy.exe"

O4 - HKLM\..\Run: [TweakAutomaticUpdates] C:\WINDOWS\orclobi\gdswsuspatch_soon.exe /s

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe

O4 - HKLM\..\Run: [bDMCon] "D:\Applications\BitDefender\bdmcon.exe" /reg

O4 - HKLM\..\Run: [bDAgent] "D:\Applications\BitDefender\bdagent.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Zinio DLM] D:\Applications\Zinio\ZinioDeliveryManager.exe /autostart

O4 - HKCU\..\Run: [uniblue Registry Booster2] D:\Applications\RegistryBooster2\RegistryBooster.exe /S

O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE

O4 - Global Startup: HotSync Manager.lnk = D:\Applications\Palm Desktop\Hotsync.exe

O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = D:\Applications\Treo Palm Desktop\Hotsync.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: VPN Client.lnk = ?

O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\APPLIC~1\MI69DF~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send To &Bluetooth - D:\Applications\Bluetooth Actiontec\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\APPLIC~1\MI69DF~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\APPLIC~1\MI69DF~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\APPLIC~1\MI69DF~1\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Applications\Bluetooth Actiontec\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Applications\Bluetooth Actiontec\btsendto_ie.htm

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...99/mcinsctl.cab

O16 - DPF: {66D845A0-C3BB-45AD-807C-9BFEAF20EF2C} (InPEditor Class) - http://stcontent.oracle.com/content/static...it_In_Place.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1175863491528

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5B9D91D4-26B3-460D-9815-F3FB29034F37}: NameServer = 130.35.249.41,130.35.249.52

O17 - HKLM\System\CCS\Services\Tcpip\..\{91D74CA9-7B8F-40C8-8E49-1ED8EA29672A}: NameServer = 130.35.249.41,138.2.202.15

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = us.oracle.com

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = us.oracle.com

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements\PhotoshopElementsFileAgent.exe

O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - D:\Applications\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe

O23 - Service: Array SSL VPN Service 3,0,1,9 (ArraySSL_VPN_Service3,0,1,9) - Unknown owner - C:\Program Files\Array Networks\Array SSL VPN\3,0,1,9\arr_srvs3,0,1,9.exe

O23 - Service: Array Utility Service 4,0,1,3 (Array_Utility_Service4,0,1,3) - Unknown owner - C:\Program Files\Array Networks\Common\4,0,1,3\arr_isrv4,0,1,3.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - D:\Applications\Bluetooth Actiontec\bin\btwdins.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

O23 - Service: MyDesktopService (MyDesktopWindows) - Oracle Corporation - C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe

O23 - Service: MySQL - Oracle Corporation - (no file)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ODrive Service (OdService) - Oracle - D:\Applications\Oracle Drive\XfsSvcCon.exe

O23 - Service: OracleServiceORCL - Oracle Corporation - e:\applications\oracle\oraclehome\bin\ORACLE.EXE

O23 - Service: QOS MyDesktop (QOSMyDesktop) - Oracle - C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe

O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Corporation - D:\Applications\Retrospect Backup\retrorun.exe

O23 - Service: Retrospect Helper - EMC Corporation - D:\Applications\Retrospect Backup\rthlpsvc.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - D:\Applications\BitDefender\vsserv.exe

O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

 

--

End of file - 16778 bytes

Share this post


Link to post
Share on other sites

This is getting worse! My PC was on all night long (not in safe mode), and this morning the mouse was freezing every 5-10 seconds. It appears this virus gets more aggressive as time goes by. I did not yet try rebooting to see if the problem continues to get worse. I will have to reboot this evening when I get home from work, though.

 

Appreciate any and all help!

 

Thanks

 

Ken

Share this post


Link to post
Share on other sites

More news ... Blue Screens of Death. Something about IRQL_LESS_BUT_NOT_EQUAL or some such. Desparately need help!

 

Also, the mouse freeze problem continues to worsen, even after a reboot. I do find, though, that if I keep the mouse moving, it won't freeze. That's not possible while typing (with both hands) of course, so I'm really hurting here ...

 

Thanks!

 

Ken

Share this post


Link to post
Share on other sites

Another thing is that the cursor on the screen sometimes moves in a random direction, not in the direction I intend.

 

Ken

Share this post


Link to post
Share on other sites

Not sure it is related, or a coincidence, but around this same time, some of the file-type associations have been messed up. For example, I open a .PPT file attached to an email in Thunderbird, and the system tries to open it in Notepad! I have reset it now to open with Powerpoint, of course.

 

In the interest of providing as much info as I could, I thought I'd add this tidbit ...

 

Ken

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hi,

 

Download Dr.Web CureIt to the desktop:

ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Next, please reboot your computer in Safe Mode by doing the following:

1) Restart your computer

2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.

3) Instead of Windows loading as normal, a menu should appear

4) Select the first option, to run Windows in Safe Mode.

 

For additional help in booting into Safe Mode, see the following site:

http://www.pchell.com/support/safemode.shtml

  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

Next:

 

1. Download this file - ComboFix

2. Double click combofix.exe & follow the prompts.

3. When finished, it will produce a log for you. Post that log in your next reply

 

Note:

Do not mouseclick combofix's window whilst it's running. That may cause it to stall

 

Question for you ... is there confidential info of mine (passwords to websites, for example) that you see from what I post?
No. The logs may show your name i.e. C:\Documents and Settings\Fred Bloggs\ but you can xxxxx that out if you want.

 

(Isolate your wife's PC from the internet so it doesn't get any more infected, and I'll work on it afterwards)

 

jedi

Share this post


Link to post
Share on other sites

Thank you for your help ... I certainly appreciate it ...

 

Here is the log from Dr. Web CureIt:

 

vsserv.exe;d:\applications\bitdefender;Probably DLOADER.Trojan;Incurable.Moved.;

NetZero - First Month Free!.exe;C:\Documents and Settings\All Users\Start Menu;Trojan.Click.1487;Deleted.;

Application Installer.exe;C:\Documents and Settings\Ken Jacobs\Desktop;Trojan.PWS.TOnline;Deleted.;

MiniBugTransporter.dll;C:\Program Files\Common Files\Real\WeatherBug;Adware.Minibug;Incurable.Moved.;

A0094857.exe;C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP626;Trojan.Click.1487;Deleted.;

A0094858.exe;C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP626;Trojan.PWS.TOnline;Deleted.;

vsserv.exe;D:\Applications\BitDefender;Probably DLOADER.Trojan;;

HelpSystem.chm\images/wwd_shelf_date2.png;D:\Applications\Tableau\help\HelpSystem.chm;Modification of Renegade.1176;;

HelpSystem.chm;D:\Applications\Tableau\help;Archive contains infected objects;Moved.;

MyYahoo.dll;D:\Applications\Yahoo Messenger;Probably STPAGE.Trojan;Incurable.Moved.;

ApplicationInstaller.exe;D:\Downloads\Oracle Downloads\App Installer;Trojan.PWS.TOnline;Deleted.;

A0094859.exe;D:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP626;Trojan.PWS.TOnline;Deleted.;

emSnapshotEnv.vbs;E:\Applications\Oracle\OracleHome\ccr\lib;Probably SCRIPT.Virus;Incurable.Moved.;

BufferOverrunPatch.exe;E:\Downloads2\Anti Virus Fixes\Blaster Worm August 2003;Trojan.PWS.TOnline;Deleted.;

ApplicationInstaller.exe;E:\Downloads2\Oracle\App Installer;Trojan.PWS.TOnline;Deleted.;

Application Installer.exe;E:\LAPTOP-D-Drive;Trojan.PWS.TOnline;Deleted.;

M_BARAX.SMK;E:\LAPTOP-D-Drive\C\GAMES\BlackDahlia\SOUND;Modification of Linux.Rst.4096;Moved.;

HKLM_1.reg;E:\LAPTOP-D-Drive\Win95 C Drive\Program Files\Regback;Probably SCRIPT.Virus;Incurable.Moved.;

Regback.exe;E:\LAPTOP-D-Drive\Win95 C Drive\Program Files\Regback;Trojan.PWS.TOnline;Deleted.;

A0095082.exe;E:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP626;Trojan.PWS.TOnline;Deleted.;

A0095882.exe;E:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP626;Trojan.PWS.TOnline;Deleted.;

A0096780.exe;E:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP626;Trojan.PWS.TOnline;Deleted.;

A0096781.exe;E:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP626;Trojan.PWS.TOnline;Deleted.;

Application Installer.exe;F:\CDRIVE\Documents and Settings\All Users\Start Menu\Programs\Application & Printer Installer;Trojan.PWS.TOnline;Deleted.;

Printer Installer.exe;F:\CDRIVE\Documents and Settings\All Users\Start Menu\Programs\Application & Printer Installer;Trojan.PWS.TOnline;Deleted.;

setup.exe;F:\CDRIVE\Program Files\Source\PrimoMon;Probably BACKDOOR.Trojan;Incurable.Moved.;

NortonAntivirus.exe;F:\Downloads\Oracle Downloads;Trojan.PWS.TOnline;Deleted.;

A0096782.exe;F:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP626;Trojan.PWS.TOnline;Deleted.;

A0096783.exe;F:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP626;Trojan.PWS.TOnline;Deleted.;

A0096784.exe;F:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP626;Trojan.PWS.TOnline;Deleted.;

 

 

And now the log from ComboFix:

 

ComboFix 07-06-13.3

"Ken Jacobs" - 2007-06-14 18:58:48 - Service Pack 2 NTFS

 

 

((((((((((((((((((((((((( Files Created from 2007-05-15 to 2007-06-15 )))))))))))))))))))))))))))))))

 

 

2007-06-14 18:57 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-06-14 05:50 <DIR> d-------- C:\DOCUME~1\KENJAC~1\DoctorWeb

2007-06-05 19:20 <DIR> d-------- C:\pebuilder3110a

2007-06-05 17:58 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2007-06-05 16:25 <DIR> d--hs---- C:\WINDOWS\CSC

2007-06-05 14:50 <DIR> d-------- C:\DOCUME~1\KENJAC~1\APPLIC~1\Lavasoft

2007-06-04 13:03 81,984 --a------ C:\WINDOWS\system32\bdod.bin

2007-06-04 12:58 <DIR> d-------- C:\DOCUME~1\KENJAC~1\APPLIC~1\Bitdefender

2007-06-04 12:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BitDefender

2007-06-04 09:46 <DIR> dr------- C:\DOCUME~1\KENJAC~1\APPLIC~1\SpaceTime 3D

2007-06-04 07:51 <DIR> d-------- C:\Program Files\Common Files\EZB Systems

2007-06-04 02:38 <DIR> d-------- C:\DOCUME~1\KENJAC~1\APPLIC~1\ImgBurn

2007-06-03 23:05 <DIR> d-------- C:\Program Files\FRISK Software

2007-06-03 23:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FRISK Software

2007-06-03 18:25 61,440 --a------ C:\WINDOWS\ContextMenuExt.dll

2007-06-03 18:24 77,824 --a------ C:\WINDOWS\system32\StartupCPL.exe

2007-06-03 18:24 159,232 --a------ C:\WINDOWS\system32\WindowsUptime.exe

2007-06-03 18:24 <DIR> d-------- C:\Program Files\PowerMenu

2007-06-03 18:23 <DIR> d-------- C:\Program Files\Microsoft CopyProfile

2007-06-03 18:23 <DIR> d-------- C:\Program Files\HighMAT CD Writing Wizard

2007-06-03 18:22 40,960 --a------ C:\WINDOWS\system32\SSUBTMR6.DLL

2007-06-03 18:22 10,752 --a------ C:\WINDOWS\system32\aamd532.dll

2007-06-03 12:17 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2

2007-05-29 15:57 <DIR> d-------- C:\DOCUME~1\KENJAC~1\APPLIC~1\PC Magazine Utilities

2007-05-29 11:52 <DIR> d-------- C:\Program Files\USBDLM

2007-05-26 11:44 <DIR> d-------- C:\DOCUME~1\KENJAC~1\APPLIC~1\Notepad++

2007-05-24 17:35 <DIR> d-------- C:\Program Files\MySQL

2007-05-21 07:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip

2007-05-21 00:21 <DIR> d-------- C:\TEMP

2007-05-20 23:59 <DIR> d-------- C:\Program Files\Virtual Earth 3D

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-06-13 14:31:46 1,324 ----a-w C:\WINDOWS\system32\d3d9caps.dat

2007-06-06 05:22:23 384 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000005-00000000-00000004-00001102-00000004-20061102}.dat

2007-06-06 05:22:23 384 ----a-w C:\WINDOWS\system32\DVCState-{00000005-00000000-00000004-00001102-00000004-20061102}.dat

2007-06-06 05:16:11 -------- d-----w C:\Program Files\Yahoo!

2007-06-06 05:12:33 -------- d--h--w C:\Program Files\InstallShield Installation Information

2007-06-06 05:07:42 -------- d-----w C:\Program Files\GemMaster

2007-06-06 05:03:34 -------- d-----w C:\Program Files\Common Files\AOL

2007-06-06 05:03:04 -------- d-----w C:\Program Files\Common Files\aolshare

2007-06-06 04:25:36 -------- d-----w C:\DOCUME~1\KENJAC~1\APPLIC~1\Creative

2007-06-05 21:39:45 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2007-06-05 16:25:54 -------- d-----w C:\DOCUME~1\KENJAC~1\APPLIC~1\.gaim

2007-06-04 16:47:32 9,862 -c--a-w C:\WINDOWS\mozver.dat

2007-06-02 22:46:14 -------- d-----w C:\DOCUME~1\KENJAC~1\APPLIC~1\System Tweaker

2007-06-02 21:49:37 -------- d-----w C:\Program Files\SightSpeed

2007-05-29 20:41:40 -------- d-----w C:\DOCUME~1\KENJAC~1\APPLIC~1\ContentGuard

2007-05-27 04:12:58 -------- d-----w C:\DOCUME~1\KENJAC~1\APPLIC~1\MySQL

2007-05-21 03:06:58 -------- d-----w C:\Program Files\Oracle

2007-05-20 22:45:50 -------- d-----w C:\DOCUME~1\KENJAC~1\APPLIC~1\OpenOffice.org2

2007-05-13 21:07:01 -------- d-----w C:\DOCUME~1\KENJAC~1\APPLIC~1\VMware

2007-05-12 22:56:47 -------- d-----w C:\Program Files\Microsoft IntelliPoint

2007-05-12 22:56:07 -------- d-----w C:\Program Files\Microsoft IntelliPoint 5.2

2007-05-10 02:40:59 -------- d-----w C:\DOCUME~1\KENJAC~1\APPLIC~1\GlobalSCAPE

2007-05-10 00:36:02 -------- d-----w C:\Program Files\Apache Software Foundation

2007-05-09 23:24:12 -------- d-----w C:\DOCUME~1\KENJAC~1\APPLIC~1\Oracle

2007-05-06 17:23:21 -------- d-----w C:\DOCUME~1\KENJAC~1\APPLIC~1\Uniblue

2007-05-02 17:34:01 -------- d-----w C:\DOCUME~1\KENJAC~1\APPLIC~1\Apple Computer

2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll

2007-04-13 03:05:04 5,120 ----a-r C:\WINDOWS\system32\vnetinst.dll

2007-03-23 13:07:56 1,683,280 ------w C:\WINDOWS\system32\XpsSvcs.dll

2007-03-23 13:07:54 583,504 ------w C:\WINDOWS\system32\XPSSHHDR.dll

2007-03-23 03:25:02 124,928 ------w C:\WINDOWS\system32\prntvpt.dll

2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{53707962-6F74-2D53-2644-206D7942484F}=D:\APPLIC~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]

{5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\system32\dla\tfswshx.dll [2005-05-31 05:33]

{5D33B3E0-4FB3-4ED1-9106-B6EB06A3B7C2}=C:\WINDOWS\SYSTEM32\ODriveHelper.DLL [2007-02-09 12:34]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-05-19 12:43]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-04-25 06:50]

"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 18:12]

"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 08:43]

"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-17 23:00]

"CTHelper"="CTHELPER.EXE" [2004-03-11 13:50 C:\WINDOWS\system32\CTHELPER.EXE]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-08-25 08:07]

"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 14:50]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 14:50]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 10:21]

"vptray"="C:\Program Files\Symantec AntiVirus\VPTray.exe" [2005-06-23 20:27]

"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-17 13:03]

"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 14:19]

"Adobe Photo Downloader"="D:\Applications\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 07:55]

"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 01:50]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-09-23 09:48]

"Run StartupMonitor"="StartupMonitor.exe" [2000-05-20 17:23 C:\WINDOWS\StartupMonitor.exe]

"BDMCon"="D:\Applications\BitDefender\bdmcon.exe" [2007-04-02 16:48]

"BDAgent"="D:\Applications\BitDefender\bdagent.exe" [2007-03-26 15:49]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24]

"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-01-18 17:07]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-19 12:43]

"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-08-28 22:57]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 03:00]

"Zinio DLM"="D:\Applications\Zinio\ZinioDeliveryManager.exe" [2006-04-26 16:13]

"Uniblue Registry Booster2"="D:\Applications\RegistryBooster2\RegistryBooster.exe" [2007-04-23 15:40]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]

"TSClientMSIUninstaller"=cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoRemoteRecursiveEvents"=1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSaveSettings"=0 (0x0)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 05:29]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]

backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DING!.lnk]

backup=C:\WINDOWS\pss\DING!.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]

backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]

backup=C:\WINDOWS\pss\Monitor Apache Servers.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Oracle Drive.lnk]

backup=C:\WINDOWS\pss\Oracle Drive.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ORB.lnk]

backup=C:\WINDOWS\pss\ORB.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]

backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Symantec Fax Starter Edition Port.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Symantec Fax Starter Edition Port.lnk

backup=C:\WINDOWS\pss\Symantec Fax Starter Edition Port.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ken Jacobs^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]

backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ken Jacobs^Start Menu^Programs^Startup^palmOne Registration.lnk]

backup=C:\WINDOWS\pss\palmOne Registration.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ken Jacobs^Start Menu^Programs^Startup^Winding Road Automatic.lnk]

backup=C:\WINDOWS\pss\Winding Road Automatic.lnkStartup

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FineReader7NewsReaderPro]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]

C:\Program Files\Logitech\Video\CameraAssistant.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]

C:\Program Files\Logitech\Video\InstallHelper.exe /inspect

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

"C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]

C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue Registry Booster2]

D:\Applications\RegistryBooster2\RegistryBooster.exe /S

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

"D:\PROGRA~1\YAHOOM~1\MESSEN~1\YAHOOM~1.EXE" -quiet

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zinio DLM]

D:\Applications\Zinio\ZinioDeliveryManager.exe /autostart

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Brother XP spl Service"=2 (0x2)

"ZendCoreApache"=2 (0x2)

"OrbMediaService"=2 (0x2)

"MySQL"=2 (0x2)

"Apache2"=2 (0x2)

"TapiSrv"=3 (0x3)

"RDSessMgr"=3 (0x3)

"RasMan"=3 (0x3)

"RasAuto"=3 (0x3)

"mnmsrvc"=3 (0x3)

"Fax"=2 (0x2)

"LVPrcSrv"=2 (0x2)

"AOL ACS"=2 (0x2)

"VMware NAT Service"=2 (0x2)

"vmserverdWin32"=2 (0x2)

"vmount2"=2 (0x2)

"VMnetDHCP"=2 (0x2)

"VMAuthdService"=2 (0x2)

"OracleOraDb11g_home1TNSListener"=2 (0x2)

"OracleDBConsoleorcl"=2 (0x2)

 

 

Contents of the 'Scheduled Tasks' folder

2007-06-15 01:54:43 C:\WINDOWS\tasks\At1.job

2007-06-02 01:30:00 C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (D9ZCK981-Ken Jacobs).job

2007-06-15 01:54:20 C:\WINDOWS\tasks\RegCure Program Check.job

2007-06-14 10:00:00 C:\WINDOWS\tasks\RegCure.job

2007-06-15 01:54:20 C:\WINDOWS\tasks\XoftSpySE 2.job

2007-06-12 10:00:00 C:\WINDOWS\tasks\XoftSpySE.job

 

**************************************************************************

 

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-14 19:02:27

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-06-14 19:02:51

 

--- E O F ---

 

 

Hope you can get rid of the bad things!

 

Thanks!

 

Ken

Edited by Ken Jacobs

Share this post


Link to post
Share on other sites

Hi again,

 

* Download Killbox.

Click killbox.exe.

Select the option "Delete on reboot".

Click the button: All Files (!important!)

Now it should flash green.

 

Now copy the next bold part:

 

C:\WINDOWS\system32\d3d9caps.dat

C:\WINDOWS\tasks\At1.job

 

Open 'file' in the killboxmenu on top and choose Paste from clipboard

 

Then press the button that looks like a red circle with a white X in it.

Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to Reboot now, click YES

If you don't get that message, reboot manually.

 

Your computer should reboot now.

 

Then please post a fresh HiJackThis log.

 

jedi

Share this post


Link to post
Share on other sites

Ran Killbox per instructions. The newest HijackThis log is below.

 

One more question ... aside from rebooting when it wants, and grabbing my mouse (and modifying files on my disk) what other bad things does this virus (these viruses?) do on my machine? In particular, is my machine infected with anything that captures passwords, cookies, keylogging, etc?

 

Thanks ... again, I do appreciate your help!

 

Ken

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 8:38:32 AM, on 6/15/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Symantec AntiVirus\VPTray.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

D:\Applications\Adobe\Photoshop Elements 5.0\apdproxy.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\StartupMonitor.exe

D:\Applications\BitDefender\bdmcon.exe

D:\Applications\BitDefender\bdagent.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Dell Support\DSAgnt.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\WINDOWS\system32\ctfmon.exe

D:\Applications\Zinio\ZinioDeliveryManager.exe

C:\Program Files\Array Networks\Common\4,0,1,3\arr_isrv4,0,1,3.exe

D:\Applications\RegistryBooster2\RegistryBooster.exe

D:\Program Files\Adobe\Photoshop Elements\PhotoshopElementsFileAgent.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

D:\Applications\Bluetooth Actiontec\BTTray.exe

D:\Applications\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

D:\Applications\Palm Desktop\Hotsync.exe

C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe

C:\Program Files\Microsoft Office\Office\1033\msoffice.exe

D:\APPLIC~1\BLUETO~2\BTSTAC~1.EXE

C:\Program Files\Array Networks\Array SSL VPN\3,0,1,9\arr_srvs3,0,1,9.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

D:\Applications\Bluetooth Actiontec\bin\btwdins.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe

C:\WINDOWS\system32\nvsvc32.exe

D:\Applications\Oracle Drive\XfsSvcCon.exe

C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe

D:\Applications\Retrospect Backup\retrorun.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\system32\dllhost.exe

D:\Downloads\HijackThis\HiJackThis_v2.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://securityresponse.symantec.com/avcenter/fix_homepage/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/root/campaign.asp?cid...mp;affid=105-56

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-proxy1.us.oracle.com:80

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\APPLIC~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Oracle Drive Helper Object - {5D33B3E0-4FB3-4ED1-9106-B6EB06A3B7C2} - C:\WINDOWS\SYSTEM32\ODriveHelper.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] "C:\Program Files\Symantec AntiVirus\VPTray.exe"

O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Applications\Adobe\Photoshop Elements 5.0\apdproxy.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe

O4 - HKLM\..\Run: [bDMCon] "D:\Applications\BitDefender\bdmcon.exe" /reg

O4 - HKLM\..\Run: [bDAgent] "D:\Applications\BitDefender\bdagent.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Zinio DLM] D:\Applications\Zinio\ZinioDeliveryManager.exe /autostart

O4 - HKCU\..\Run: [uniblue Registry Booster2] D:\Applications\RegistryBooster2\RegistryBooster.exe /S

O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE

O4 - Global Startup: HotSync Manager.lnk = D:\Applications\Palm Desktop\Hotsync.exe

O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = D:\Applications\Treo Palm Desktop\Hotsync.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: VPN Client.lnk = ?

O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\APPLIC~1\MI69DF~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send To &Bluetooth - D:\Applications\Bluetooth Actiontec\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\APPLIC~1\MI69DF~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\APPLIC~1\MI69DF~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\APPLIC~1\MI69DF~1\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Applications\Bluetooth Actiontec\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Applications\Bluetooth Actiontec\btsendto_ie.htm

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...99/mcinsctl.cab

O16 - DPF: {66D845A0-C3BB-45AD-807C-9BFEAF20EF2C} (InPEditor Class) - http://stcontent.oracle.com/content/static...it_In_Place.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1175863491528

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5B9D91D4-26B3-460D-9815-F3FB29034F37}: NameServer = 130.35.249.41,130.35.249.52

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements\PhotoshopElementsFileAgent.exe

O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - D:\Applications\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe

O23 - Service: Array SSL VPN Service 3,0,1,9 (ArraySSL_VPN_Service3,0,1,9) - Unknown owner - C:\Program Files\Array Networks\Array SSL VPN\3,0,1,9\arr_srvs3,0,1,9.exe

O23 - Service: Array Utility Service 4,0,1,3 (Array_Utility_Service4,0,1,3) - Unknown owner - C:\Program Files\Array Networks\Common\4,0,1,3\arr_isrv4,0,1,3.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - D:\Applications\Bluetooth Actiontec\bin\btwdins.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

O23 - Service: MyDesktopService (MyDesktopWindows) - Oracle Corporation - C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe

O23 - Service: MySQL - Oracle Corporation - (no file)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ODrive Service (OdService) - Oracle - D:\Applications\Oracle Drive\XfsSvcCon.exe

O23 - Service: OracleServiceORCL - Oracle Corporation - e:\applications\oracle\oraclehome\bin\ORACLE.EXE

O23 - Service: QOS MyDesktop (QOSMyDesktop) - Oracle - C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe

O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Corporation - D:\Applications\Retrospect Backup\retrorun.exe

O23 - Service: Retrospect Helper - EMC Corporation - D:\Applications\Retrospect Backup\rthlpsvc.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - D:\Applications\BitDefender\vsserv.exe (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

 

--

End of file - 16027 bytes

Edited by Ken Jacobs

Share this post


Link to post
Share on other sites

Hi again,

 

In particular, is my machine infected with anything that captures passwords, cookies, keylogging, etc?

Doubtful, not impossible, at the moment it doesn't look like it's infected with anything much, but I'll do some more checking.

This error notice - IRQL_NOT_LESS_OR_EQUAL - is more to do with bad drivers, if you could get the specific stop notice that comes with it that with be useful. Have you installed any programs recently?

 

Anyway - Download GMER from here:

http://www.majorgeeks.com/GMER_d5198.html

 

Unzip it to desktop.

 

Open the program and click on the Rootkit tab.

Make sure all the boxes on the right of the screen are checked, apart from ‘Show All’.

Click on Scan.

When the scan has run click Copy and paste the results (if any) into this thread.

 

jedi

Share this post


Link to post
Share on other sites

Here's the GMER post ... still having problems with the mouse by the way ...

 

Thanks for your continued help!

 

Ken

 

GMER 1.0.12.12244 - http://www.gmer.net

Rootkit scan 2007-06-15 23:23:21

Windows 5.1.2600 Service Pack 2

 

 

---- System - GMER 1.0.12 ----

 

SSDT 88B83C70 ZwConnectPort

SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess

SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess

 

---- Kernel code sections - GMER 1.0.12 ----

 

? C:\WINDOWS\system32\DRIVERS\update.sys

 

---- EOF - GMER 1.0.12 ----

Share this post


Link to post
Share on other sites

Ok,

 

Do Start > Control Panel > Mouse > Hardware > Properties > Driver > Update Driver > Yes, this time only > Install the software automatically. Let me know if the Wizard finds any better drivers for your mouse. If it does, follow the prompts to install them. Can you also tell me the exact model of your mouse.

 

Next, do Start > Run and type in chkdsk and hit OK.

 

Let me know any error messages you are getting, as much detail as you can.

 

jedi

Share this post


Link to post
Share on other sites

Thank you for your help so far ... I think we are making progress, but we're still not there. Here are the issues I'm still facing ...

 

1. Mouse still freezes

2. Blue Screen of Death (just about every other time)

3. An attempt to install VPN s/w on boot (I didn't mention this before but I should have ....)

 

I followed your instructions re CHKDSK. I got these messages ...

 

Correcting errors in master file table's <MFT> BITMAP attribute"

 

 

I also tried the mouse driver update routine .. it could not find a newer driver. The mouse I have came with my Dell 9100, and is Dell P/N 0T0179 (the mouse itself) and P/N 0U0754 for the wireless receiver that plus into my machine.

 

I have also done the following ...

 

Installed Microsoft Intellipoint 6.1 mouse driver (donwloaded from Microsoft's site). I chose the standard optical wireless driver. It installed successfully, but did not change anything. According to the control panel (etc) mouse hw device driver, this is the same driver that was installed previously. (Same driver date: 2001, and version 5.1.2600.0).

 

I unplugged the wireless receiver, got several "beep-boop" sounds, and re-attached the wireless receiver. Eventually the system recognized the USB device (first the receiver, then the "human interface device"). The mouse starts to work, but if I leave it still for 10 seconds, it hangs again.

 

I attached a NON-WIRES USB mouse, and it does not have that problem! It can be still for a long while, and never hang. Something is awry with the wireless USB receiver device driver, I guess. Naturally, I would greatly prefer the wireless mouse driver to work.

Share this post


Link to post
Share on other sites

Thank you for your help so far ... I think we are making progress, but we're still not there. Here are the issues I'm still facing ...

 

1. Mouse still freezes

2. Blue Screen of Death (just about every other time)

3. An attempt to install VPN s/w on boot (I didn't mention this before but I should have ....)

 

I followed your instructions re CHKDSK. I got these messages ...

 

Correcting errors in master file table's <MFT> BITMAP attribute

Correcting errors in volume bitmap

 

I then ran CHKDSK/F to correct this (before it was readonly). It required a reboot (BSoD, then success). I got this message from CHKDSK/F:

 

Deleting index entry tmp.edb in index $I30 of file 12341

 

Again, rebooted, ran CHKDSK/F again, got this:

 

Recovering lost files ...

Orphaned file temp.edb <9961> into diectory 12341

(same error about bitmaps)

 

Have rebooted successfully, but another CHKDSK says, in stage 2 of 3 ...

 

Deleting index entry sessionstore.js in index $I30 of file 56338.

Deleting index entry SESSIO~1.JS in index $I30 of file 56338

 

(I will have to reboot since CHKDSK/F says the volume is in use and it has to run on restart. I'll finish this entry first, the come back and post what happened.)

 

Back from reboot. First a BSoD. Power off. Windows boots, runs CHKDSK with NO errors. Reboots itself without poweroff. Back to Windows. Re-ran CHKDSK in CMD window, and it wrote several messages about recovering lost files:

 

Microsoft Windows XP [Version 5.1.2600]

© Copyright 1985-2001 Microsoft Corp.

 

C:\Documents and Settings\Ken Jacobs>chkdsk

The type of the file system is NTFS.

Volume label is Windows XP.

 

WARNING! F parameter not specified.

Running CHKDSK in read-only mode.

 

CHKDSK is verifying files (stage 1 of 3)...

File verification completed.

CHKDSK is verifying indexes (stage 2 of 3)...

Index verification completed.

CHKDSK is recovering lost files.

Recovering orphaned file SESSIO~1.MOZ (14709) into directory file 56338.

Recovering orphaned file sessionstore.js.moztmp (14709) into directory file 5633

8.

Recovering orphaned file COOKIE~1.MOZ (14888) into directory file 56338.

Recovering orphaned file cookies.txt.moztmp (14888) into directory file 56338.

CHKDSK is verifying security descriptors (stage 3 of 3)...

Security descriptor verification completed.

Correcting errors in the master file table's (MFT) BITMAP attribute.

Correcting errors in the Volume Bitmap.

Windows found problems with the file system.

Run CHKDSK with the /F (fix) option to correct these.

 

22145602 KB total disk space.

16772712 KB in 89108 files.

30492 KB in 8248 indexes.

0 KB in bad sectors.

187802 KB in use by the system.

65536 KB occupied by the log file.

5154596 KB available on disk.

 

4096 bytes in each allocation unit.

5536400 total allocation units on disk.

1288649 allocation units available on disk.

 

C:\Documents and Settings\Ken Jacobs>

 

.... so I am getting file system problems immediately after Windows boots successfully.

 

The BSoD has happened many times (though fortunately not every time!) I reboot. Here are the details:

 

IRQL_NOT_LESS_OR_EQUAL

Stop: 0x0000000A

(0x0012009F, 0x000001C, 0x00000000, 0x804FA11E)

 

Powering off before the reboot occurs seems to avoid the BSoD, whereas just a restart seems to lead to the BSoD ... not sure it that's every time.

 

I also tried the mouse driver update routine .. it could not find a newer driver. The mouse I have came with my Dell 9100, and is Dell P/N 0T0179 (the mouse itself) and P/N 0U0754 for the wireless receiver that plugs into my machine.

 

I have also just re-installed Microsoft Intellipoint 6.1 mouse driver (downloaded from Microsoft's site). I chose the standard optical wireless driver. It installed successfully, but did not change anything. This is the same driver that was installed previously (driver date: 2001, and version 5.1.2600.0). The wireless mouse will work if I push the button on the bottom to re-sync with the wireless receiver, but then it hangs.

 

I unplugged the wireless receiver, got several "beep-boop" sounds, and re-attached the wireless receiver. Eventually the system recognized the USB device (first the receiver, then the "human interface device"). The mouse starts to work, but if I leave it still for 10 seconds, it hangs again.

 

I attached a NON-WIRELESS USB mouse, and it does not have that problem! It can be still for a long while, and never hang. Something is awry with the wireless USB receiver device driver, it seems. Naturally, I would greatly prefer the wireless mouse driver to work. What's also odd is that the Dell keyboard is wireless, and it works just fine!

 

The other thing I forgot to mention earlier is that every time I reboot, the system is looking for something to install (I believe it is the Cisco VPN driver my company provides). It can't find it, and rollsback the install. I don't need this to be reinstalled, as I've already got it installed. How can I stop Windows from trying to install this sw on reboot? When I hit CANCEL on the install, it takes a long time for it to stop/reverse the process.

 

Lastly, because I got a message from the Dell support utility, I downloaded and installed Microsoft's Hot Fix (KB 906569), which apparently does something to MSCONFIG. Nothing new seems to be happening as a result.

 

Sorry for this long message, but this is all relevant to this current set of problems.

 

Thanks!

 

Ken

Edited by Ken Jacobs

Share this post


Link to post
Share on other sites

Hi ...

 

I have some additional news ....

 

I now got a BSoD not as a result of a reboot -- it just happened while I was browsing. I briefly saw a CMD window that seemed to be titled Netsh, but I'm not sure. I didn't see anything in the window before it closed.

 

Also, I have fixed the VPN installer problem I mentioned ... I found the Microsoft Installer Cleanup Utility, and removed the installer for that product. No need for you to worry about this topic any more. So now, my problem is down the the hanging WIRELESS mouse and the BSoD. Bad enough!

 

On the topic of my wife's PC, I decided to completely re-install Windows, from scratch. Stupidly, I didn't immediately do a virus scan. And, I think the virus is back already! On my wife's machine, it appears the virus has very sneakily changed the icon for some of its executables to look like a folder. I click on what I think is a folder, and BOOM, I'm re-installing the virus. At least I think that's what happens ... bummer. I am in the process of re-installing ... AGAIN.

 

So, once we figure out the BSoD and mouse hanging problem here, we can work on her machine if I can't completely eradicate the virus myself.

 

Anyway, I do appreciate your help ... please let me know if there is any additional info I can provide.

 

Thanks

 

Ken

Edited by Ken Jacobs

Share this post


Link to post
Share on other sites

Hi again,

 

I found the Microsoft Installer Cleanup Utility

It's what I would have suggested anyway. :thumbsup:

 

If you're doing a fresh install on your wifes' PC, reformat the disk to remove all trace of the previous installation, it lessens the chance of reinfection. But anyway, we'll get to that, first, BSOD + stop codes. Unless it's hardware going bad, I suspect the mouse driver may be the problem, the relevant article is here:

http://support.microsoft.com/default.aspx?...b;en-us;Q314063

 

Particularly:

If you have installed any third-party software or drivers, try removing them or disabling them so that they do not load, and then restart the computer to see whether that software or driver is causing the error. If that software or driver is causing the error, report the problem to the vendor of the software or driver.

 

There's a driver rollback feature in Windows:

http://support.microsoft.com/kb/283657/

 

However, I know from past experience that these IRQL_NOT_LESS_OR_EQUAL notices can be difficult to diagnose, you might want to consider a repair-install of Windows it you can't diagnose this. Basically though, look at the WIRELESS mouse drivers first, the fact that it's hanging suggests the problem is there, then if there are any other software or driver changes you have made around the same time, look at them. For example the wireless USB receiver device driver may need rolling back also.

 

jedi

Share this post


Link to post
Share on other sites

Just an update ... I've seemingly gotten rid of the virus on my machine, and haven't seen a BSoD in a while. However, my mouse problem is still a problem. SO, I need to spend some time to try to rid the system of the apparently bad driver. The info I've found searching the MSFT knowledge base talks about modificatiosn to the registry, which I'm leery about doing. So, this weekend, I'll look at it again.

 

Worse news is that my wife's machine, which I completely rebuilt from scratch (reinstalling windows, applying all patches since 2001 ...ugh) is sick again. I installed Bit Defender, and it's now finding (and I hope disinfecting) a DIFFERENT virus from the one we saw before. Again, over the weekend, I'll upload some detail about that machine too.

 

Grrr ...

 

Thanks!

 

Ken

Share this post


Link to post
Share on other sites

Hi again,

 

By all means post a HiJackThis log from your wife's PC.

 

jedi

Share this post


Link to post
Share on other sites

Thanks for your continued help!

 

My wife's machine is very slow, even tho task manager shows plenty of idle time, and there is plenty of free space on disk. I'm posting below the HiJackThis log, plus some Bit Defender logs.

 

Note that there are some 34,549 files in 22 folders (and 329MB on disk) in the folder F:\temporary internet files. I'm tempted to simply delete them all. Shall I?

 

I hope you can help rid me of this scurge!

 

Thanks!

 

Ken

 

---------------------------

HijackThis log ...

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 10:49:29 AM, on 6/29/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

D:\Programs\BITDEF~1\bdmcon.exe

D:\Programs\BitDefender\bdagent.exe

C:\WINDOWS\system32\ctfmon.exe

D:\Programs\Palm\HOTSYNC.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

D:\Programs\Palm\palm.exe

C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

D:\Programs\BitDefender\vsserv.exe

D:\Programs\BitDefender\bdlite.exe

D:\Programs\BitDefender\bdlite.exe

D:\Programs\SpashID\SplashID Desktop.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

D:\Programs\BitDefender\bdlite.exe

D:\Programs\BitDefender\bdlite.exe

C:\WINDOWS\system32\taskmgr.exe

D:\Downloads\Antivirus stuff June 2007\HiJackThis_v2.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: IE7pro - {00011268-E188-40DF-A514-835FCD78B1BF} - D:\Programs\IE7Pro\IE7Pro.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [bDMCon] D:\Programs\BITDEF~1\bdmcon.exe

O4 - HKLM\..\Run: [bDAgent] "D:\Programs\BitDefender\bdagent.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - Startup: HotSync Manager.lnk = D:\Programs\Palm\HOTSYNC.EXE

O4 - Global Startup: Microsoft Office.lnk = D:\Programs\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - D:\Programs\IE7Pro\IE7Pro.dll

O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - D:\Programs\IE7Pro\IE7Pro.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1182059137811

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1182061521014

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O20 - Winlogon Notify: !SASWinLogon - D:\Programs\SUPERAntiSpyware\SASWINLO.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - D:\Programs\BitDefender\vsserv.exe

O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

 

--

End of file - 5182 bytes

------------

 

Bit Defender logs follow ...

 

 

//-----------------------------------------------------------------

//

// Product BitDefender Antivirus v10

// Product 10.2

//

// Created on: 28/06/2007 02:54:00

//

//-----------------------------------------------------------------

 

 

Virus Statistics

 

Scan path : C:\

D:\

E:\

F:\

G:\

H:\

Folders : 12438

Files : 862170

Memory processes scanned : 28

Archives : 86185

Runtime packers : 37384

Identified viruses : 4

Infected files : 8

Memory processes infected : 0

Suspect files : 1

Warnings : 0

Disinfected files : 6

Deleted files : 1

Moved files : 0

I/O errors : 195

Scan time : 05:44:55

Scan speed (files/sec) : 41

 

Spyware Statistics

 

Registry keys scanned : 1581

Registry keys infected : 0

Cookies scanned : 45

Cookies infected : 0

Spyware files infected : 0

Spyware threats detected : 0

 

 

Virus definitions : 646938

Scan plugins : 16

Archive plugins : 41

Unpack plugins : 6

Mail plugins : 6

System plugins : 5

 

Virus scan options

 

Detection

[X] Scan boot sectors

[X] Memory Processes

[X] Scan archives

[X] Scan runtime packers

[X] Scan email

 

File mask

[ ] Programs

[X] All files

[ ] User defined extensions:

[ ] Exclude extensions: ;

 

Action

 

Infected objects

[ ] Ignore

[X] Disinfect

[ ] Delete

[ ] Move to quarantine

[ ] Prompt user

 

Second action

[ ] Ignore

[ ] Delete

[X] Move to quarantine

[ ] Prompt user

 

Virus scan options

[X] Enable warnings

[X] Enable heuristics

[ ] Show all files in log

[X] Report file: C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\deep_scan\1183024440.log

 

Spyware scan options

 

[X] Scan for riskware

[ ] Skip dial and applications from scan

[X] Registry keys

[X] Cookies

 

 

Summary:

 

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\0F1B63E9.VIR=>(Quarantine-1) Infected: XM.Laroux.AA

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\0F1B63E9.VIR=>(Quarantine-1) Disinfected

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\0F1B63E9.VIR Archive repacking has failed (marked actions not taken)

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\11741154.VIR=>(Quarantine-1) Infected: XM.Laroux.AA

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\11741154.VIR=>(Quarantine-1) Disinfected

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\11741154.VIR Archive repacking has failed (marked actions not taken)

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\14EF577F.VIR=>(Quarantine-1) Infected: WM.Helper.A

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\14EF577F.VIR=>(Quarantine-1) Disinfected

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\14EF577F.VIR Archive repacking has failed (marked actions not taken)

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1E2E36.VIR=>(Quarantine-1) Infected: XM.Laroux.AA

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1E2E36.VIR=>(Quarantine-1) Disinfected

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1E2E36.VIR Archive repacking has failed (marked actions not taken)

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\71AE2564.VIR=>(Quarantine-1) Infected: XM.Laroux.AA

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\71AE2564.VIR=>(Quarantine-1) Disinfected

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\71AE2564.VIR Archive repacking has failed (marked actions not taken)

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\74FC1FC1.VIR=>(Quarantine-1) Infected: WM.Helper.A

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\74FC1FC1.VIR=>(Quarantine-1) Disinfected

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\74FC1FC1.VIR Archive repacking has failed (marked actions not taken)

E:\K-DATA\Downloads2\Screensavers\CoralFree.EXE=>wise0027=>(CAB Sfx r)=>SaveNow.exe Detected: Adware.Savenow.AA

E:\K-DATA\Downloads2\Screensavers\CoralFree.EXE=>wise0027=>(CAB Sfx r)=>SaveNow.exe Disinfection failed

E:\K-DATA\Downloads2\Screensavers\CoralFree.EXE=>wise0027=>(CAB Sfx r)=>SaveNow.exe Move failed

E:\K-DATA\Downloads2\Screensavers\CoralFree.EXE=>wise0027=>(CAB Sfx r)=>Uninst.exe Detected: Adware.Savenow.AU

E:\K-DATA\Downloads2\Screensavers\CoralFree.EXE=>wise0027=>(CAB Sfx r)=>Uninst.exe Disinfection failed

E:\K-DATA\Downloads2\Screensavers\CoralFree.EXE=>wise0027=>(CAB Sfx r)=>Uninst.exe Move failed

E:\K-DATA\LAPTOP-D-Drive\C\Downloads\PC Magazine Utilities\prime97.zip=>PRIME97w.exe=>wise0066 Suspect: Macro.VBA

E:\K-DATA\LAPTOP-D-Drive\C\Downloads\PC Magazine Utilities\prime97.zip=>PRIME97w.exe=>wise0066 Disinfection failed

E:\K-DATA\LAPTOP-D-Drive\C\Downloads\PC Magazine Utilities\prime97.zip=>PRIME97w.exe=>wise0066 Deleted

E:\K-DATA\LAPTOP-D-Drive\C\Downloads\PC Magazine Utilities\prime97.zip=>PRIME97w.exe Archive repacking has failed (marked actions not taken)

 

 

--------------------------------------

 

 

//-----------------------------------------------------------------

//

// Product BitDefender Antivirus v10

// Product 10.2

//

// Created on: 28/06/2007 02:55:19

//

//-----------------------------------------------------------------

 

 

Virus Statistics

 

Scan path : C:\

D:\

E:\

F:\

G:\

H:\

Folders : 12438

Files : 410980

Memory processes scanned : 29

Archives : 43697

Runtime packers : 13327

Identified viruses : 2

Infected files : 6

Memory processes infected : 0

Suspect files : 0

Warnings : 0

Disinfected files : 6

Deleted files : 0

Moved files : 0

I/O errors : 198

Scan time : 04:27:44

Scan speed (files/sec) : 25

 

Spyware Statistics

 

Registry keys scanned : 1581

Registry keys infected : 0

Cookies scanned : 45

Cookies infected : 0

Spyware files infected : 0

Spyware threats detected : 0

 

 

Virus definitions : 646938

Scan plugins : 16

Archive plugins : 41

Unpack plugins : 6

Mail plugins : 6

System plugins : 5

 

Virus scan options

 

Detection

[X] Scan boot sectors

[X] Memory Processes

[ ] Scan archives

[X] Scan runtime packers

[X] Scan email

 

File mask

[ ] Programs

[X] All files

[ ] User defined extensions:

[ ] Exclude extensions: ;

 

Action

 

Infected objects

[ ] Ignore

[X] Disinfect

[ ] Delete

[ ] Move to quarantine

[ ] Prompt user

 

Second action

[ ] Ignore

[ ] Delete

[X] Move to quarantine

[ ] Prompt user

 

Virus scan options

[X] Enable warnings

[X] Enable heuristics

[ ] Show all files in log

[X] Report file: C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\full_scan\1183024519.log

 

Spyware scan options

 

[X] Scan for riskware

[ ] Skip dial and applications from scan

[X] Registry keys

[X] Cookies

 

 

Summary:

 

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\0F1B63E9.VIR=>(Quarantine-1) Infected: XM.Laroux.AA

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\0F1B63E9.VIR=>(Quarantine-1) Disinfected

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\0F1B63E9.VIR Archive repacking has failed (marked actions not taken)

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\11741154.VIR=>(Quarantine-1) Infected: XM.Laroux.AA

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\11741154.VIR=>(Quarantine-1) Disinfected

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\11741154.VIR Archive repacking has failed (marked actions not taken)

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\14EF577F.VIR=>(Quarantine-1) Infected: WM.Helper.A

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\14EF577F.VIR=>(Quarantine-1) Disinfected

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\14EF577F.VIR Archive repacking has failed (marked actions not taken)

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1E2E36.VIR=>(Quarantine-1) Infected: XM.Laroux.AA

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1E2E36.VIR=>(Quarantine-1) Disinfected

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1E2E36.VIR Archive repacking has failed (marked actions not taken)

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\71AE2564.VIR=>(Quarantine-1) Infected: XM.Laroux.AA

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\71AE2564.VIR=>(Quarantine-1) Disinfected

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\71AE2564.VIR Archive repacking has failed (marked actions not taken)

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\74FC1FC1.VIR=>(Quarantine-1) Infected: WM.Helper.A

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\74FC1FC1.VIR=>(Quarantine-1) Disinfected

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\74FC1FC1.VIR Archive repacking has failed (marked actions not taken)

 

 

----------------

 

 

//-----------------------------------------------------------------

//

// Product BitDefender Antivirus v10

// Product 10.2

//

// Created on: 29/06/2007 02:55:23

//

//-----------------------------------------------------------------

 

 

Virus Statistics

 

Scan path : C:\

D:\

E:\

F:\

G:\

H:\

Folders : 12446

Files : 411913

Memory processes scanned : 34

Archives : 43815

Runtime packers : 13350

Identified viruses : 2

Infected files : 6

Memory processes infected : 0

Suspect files : 0

Warnings : 0

Disinfected files : 6

Deleted files : 0

Moved files : 0

I/O errors : 198

Scan time : 05:46:23

Scan speed (files/sec) : 19

 

Spyware Statistics

 

Registry keys scanned : 1581

Registry keys infected : 0

Cookies scanned : 52

Cookies infected : 0

Spyware files infected : 0

Spyware threats detected : 0

 

 

Virus definitions : 40564269

Scan plugins : 16

Archive plugins : 41

Unpack plugins : 6

Mail plugins : 6

System plugins : 5

 

Virus scan options

 

Detection

[X] Scan boot sectors

[X] Memory Processes

[ ] Scan archives

[X] Scan runtime packers

[X] Scan email

 

File mask

[ ] Programs

[X] All files

[ ] User defined extensions:

[ ] Exclude extensions: ;

 

Action

 

Infected objects

[ ] Ignore

[X] Disinfect

[ ] Delete

[ ] Move to quarantine

[ ] Prompt user

 

Second action

[ ] Ignore

[ ] Delete

[X] Move to quarantine

[ ] Prompt user

 

Virus scan options

[X] Enable warnings

[X] Enable heuristics

[ ] Show all files in log

[X] Report file: C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\full_scan\1183110923.log

 

Spyware scan options

 

[X] Scan for riskware

[ ] Skip dial and applications from scan

[X] Registry keys

[X] Cookies

 

 

Summary:

 

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\0F1B63E9.VIR=>(Quarantine-1) Infected: XM.Laroux.AA

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\0F1B63E9.VIR=>(Quarantine-1) Disinfected

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\0F1B63E9.VIR Archive repacking has failed (marked actions not taken)

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\11741154.VIR=>(Quarantine-1) Infected: XM.Laroux.AA

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\11741154.VIR=>(Quarantine-1) Disinfected

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\11741154.VIR Archive repacking has failed (marked actions not taken)

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\14EF577F.VIR=>(Quarantine-1) Infected: WM.Helper.A

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\14EF577F.VIR=>(Quarantine-1) Disinfected

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\14EF577F.VIR Archive repacking has failed (marked actions not taken)

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1E2E36.VIR=>(Quarantine-1) Infected: XM.Laroux.AA

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1E2E36.VIR=>(Quarantine-1) Disinfected

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1E2E36.VIR Archive repacking has failed (marked actions not taken)

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\71AE2564.VIR=>(Quarantine-1) Infected: XM.Laroux.AA

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\71AE2564.VIR=>(Quarantine-1) Disinfected

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\71AE2564.VIR Archive repacking has failed (marked actions not taken)

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\74FC1FC1.VIR=>(Quarantine-1) Infected: WM.Helper.A

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\74FC1FC1.VIR=>(Quarantine-1) Disinfected

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\74FC1FC1.VIR Archive repacking has failed (marked actions not taken)

 

 

-----------------------------

 

 

//-----------------------------------------------------------------

//

// Product BitDefender Antivirus v10

// Product 10.2

//

// Created on: 29/06/2007 02:54:04

//

//-----------------------------------------------------------------

 

 

Virus Statistics

 

Scan path : C:\

D:\

E:\

F:\

G:\

H:\

Folders : 12445

Files : 860992

Memory processes scanned : 33

Archives : 86297

Runtime packers : 37290

Identified viruses : 4

Infected files : 8

Memory processes infected : 0

Suspect files : 1

Warnings : 0

Disinfected files : 6

Deleted files : 1

Moved files : 0

I/O errors : 198

Scan time : 07:39:16

Scan speed (files/sec) : 31

 

Spyware Statistics

 

Registry keys scanned : 1581

Registry keys infected : 0

Cookies scanned : 52

Cookies infected : 0

Spyware files infected : 0

Spyware threats detected : 0

 

 

Virus definitions : 40564269

Scan plugins : 16

Archive plugins : 41

Unpack plugins : 6

Mail plugins : 6

System plugins : 5

 

Virus scan options

 

Detection

[X] Scan boot sectors

[X] Memory Processes

[X] Scan archives

[X] Scan runtime packers

[X] Scan email

 

File mask

[ ] Programs

[X] All files

[ ] User defined extensions:

[ ] Exclude extensions: ;

 

Action

 

Infected objects

[ ] Ignore

[X] Disinfect

[ ] Delete

[ ] Move to quarantine

[ ] Prompt user

 

Second action

[ ] Ignore

[ ] Delete

[X] Move to quarantine

[ ] Prompt user

 

Virus scan options

[X] Enable warnings

[X] Enable heuristics

[ ] Show all files in log

[X] Report file: C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\deep_scan\1183110844.log

 

Spyware scan options

 

[X] Scan for riskware

[ ] Skip dial and applications from scan

[X] Registry keys

[X] Cookies

 

 

Summary:

 

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\0F1B63E9.VIR=>(Quarantine-1) Infected: XM.Laroux.AA

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\0F1B63E9.VIR=>(Quarantine-1) Disinfected

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\0F1B63E9.VIR Archive repacking has failed (marked actions not taken)

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\11741154.VIR=>(Quarantine-1) Infected: XM.Laroux.AA

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\11741154.VIR=>(Quarantine-1) Disinfected

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\11741154.VIR Archive repacking has failed (marked actions not taken)

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\14EF577F.VIR=>(Quarantine-1) Infected: WM.Helper.A

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\14EF577F.VIR=>(Quarantine-1) Disinfected

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\14EF577F.VIR Archive repacking has failed (marked actions not taken)

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1E2E36.VIR=>(Quarantine-1) Infected: XM.Laroux.AA

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1E2E36.VIR=>(Quarantine-1) Disinfected

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1E2E36.VIR Archive repacking has failed (marked actions not taken)

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\71AE2564.VIR=>(Quarantine-1) Infected: XM.Laroux.AA

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\71AE2564.VIR=>(Quarantine-1) Disinfected

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\71AE2564.VIR Archive repacking has failed (marked actions not taken)

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\74FC1FC1.VIR=>(Quarantine-1) Infected: WM.Helper.A

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\74FC1FC1.VIR=>(Quarantine-1) Disinfected

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\74FC1FC1.VIR Archive repacking has failed (marked actions not taken)

E:\K-DATA\Downloads2\Screensavers\CoralFree.EXE=>wise0027=>(CAB Sfx r)=>SaveNow.exe Detected: Adware.Savenow.AA

E:\K-DATA\Downloads2\Screensavers\CoralFree.EXE=>wise0027=>(CAB Sfx r)=>SaveNow.exe Disinfection failed

E:\K-DATA\Downloads2\Screensavers\CoralFree.EXE=>wise0027=>(CAB Sfx r)=>SaveNow.exe Move failed

E:\K-DATA\Downloads2\Screensavers\CoralFree.EXE=>wise0027=>(CAB Sfx r)=>Uninst.exe Detected: Adware.Savenow.AU

E:\K-DATA\Downloads2\Screensavers\CoralFree.EXE=>wise0027=>(CAB Sfx r)=>Uninst.exe Disinfection failed

E:\K-DATA\Downloads2\Screensavers\CoralFree.EXE=>wise0027=>(CAB Sfx r)=>Uninst.exe Move failed

E:\K-DATA\LAPTOP-D-Drive\C\Downloads\PC Magazine Utilities\prime97.zip=>PRIME97w.exe=>wise0066 Suspect: Macro.VBA

E:\K-DATA\LAPTOP-D-Drive\C\Downloads\PC Magazine Utilities\prime97.zip=>PRIME97w.exe=>wise0066 Disinfection failed

E:\K-DATA\LAPTOP-D-Drive\C\Downloads\PC Magazine Utilities\prime97.zip=>PRIME97w.exe=>wise0066 Deleted

E:\K-DATA\LAPTOP-D-Drive\C\Downloads\PC Magazine Utilities\prime97.zip=>PRIME97w.exe Archive repacking has failed (marked actions not taken)

Share this post


Link to post
Share on other sites

Hi again,

 

I'm tempted to simply delete them all. Shall I?

Yes, please do, in fact you can use this:

Download: CCleaner (freeware)

http://www.majorgeeks.com/download4191.html

Run the installer, and uncheck the option to install Yahoo toolbar (unless you want Yahoo toolbar).

Once installed, run CCleaner click the Windows [tab]

The following should be selected by default, if not, please select:

CCleanerA.png

Next: click Options click the Settings tab

Uncheck: "Only delete files older than 48 hrs.", click Ok

Then click Run Cleaner (bottom right) then Exit

 

Next:

 

(For your wife's PC)

 

Download Dr.Web CureIt to the desktop:

ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Next, please reboot your computer in Safe Mode by doing the following:

1) Restart your computer

2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.

3) Instead of Windows loading as normal, a menu should appear

4) Select the first option, to run Windows in Safe Mode.

 

For additional help in booting into Safe Mode, see the following site:

http://www.pchell.com/support/safemode.shtml

  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

jedi

Share this post


Link to post
Share on other sites

Thanks, Jedi ... I ran CClean, and now here's the DrWeb CureIt log ... LOTS of infected files! :eek:

 

A0000752.exe;C:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP15;BackDoor.Generic.1138;Deleted.;

A0000753.exe;C:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP15;BackDoor.Generic.1138;Deleted.;

A0011874.EXE;C:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP34;BackDoor.Generic.1138;Deleted.;

A0011875.exe;C:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP34;BackDoor.Generic.1138;Deleted.;

MyYahoo.dll;D:\K-APPS\Applications\Yahoo Messenger;Probably STPAGE.Trojan;Incurable.Moved.;

setup.exe;D:\K-APPS\CTEMP\activePDF\PrimoPDF\PrimoMon;Probably BACKDOOR.Trojan;Incurable.Moved.;

A0003455.exe;D:\System Volume Information\_restore{7FFF694B-F00C-4191-BB2F-90458DE2091A}\RP17;BackDoor.Generic.1138;Deleted.;

A0003456.exe;D:\System Volume Information\_restore{7FFF694B-F00C-4191-BB2F-90458DE2091A}\RP17;BackDoor.Generic.1138;Deleted.;

A0003459.exe;D:\System Volume Information\_restore{7FFF694B-F00C-4191-BB2F-90458DE2091A}\RP17;BackDoor.Generic.1138;Deleted.;

A0003460.exe;D:\System Volume Information\_restore{7FFF694B-F00C-4191-BB2F-90458DE2091A}\RP17;BackDoor.Generic.1138;Deleted.;

A0003461.exe;D:\System Volume Information\_restore{7FFF694B-F00C-4191-BB2F-90458DE2091A}\RP17;BackDoor.Generic.1138;Deleted.;

A0003464.exe;D:\System Volume Information\_restore{7FFF694B-F00C-4191-BB2F-90458DE2091A}\RP17;BackDoor.Generic.1138;Deleted.;

A0003472.exe;D:\System Volume Information\_restore{7FFF694B-F00C-4191-BB2F-90458DE2091A}\RP17;BackDoor.Generic.1138;Deleted.;

A0003473.exe;D:\System Volume Information\_restore{7FFF694B-F00C-4191-BB2F-90458DE2091A}\RP17;BackDoor.Generic.1138;Deleted.;

A0003474.exe;D:\System Volume Information\_restore{7FFF694B-F00C-4191-BB2F-90458DE2091A}\RP17;BackDoor.Generic.1138;Deleted.;

A0004024.exe;D:\System Volume Information\_restore{7FFF694B-F00C-4191-BB2F-90458DE2091A}\RP21;BackDoor.Generic.1138;Deleted.;

A0004822.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004823.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004824.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004825.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004826.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004827.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004828.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004829.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004830.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004831.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004832.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004833.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004834.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004835.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004836.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004837.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004838.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004839.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004840.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004841.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004842.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004843.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004844.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004845.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004846.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004847.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004848.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004849.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004850.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004851.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004852.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004853.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004854.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004855.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004856.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004857.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004858.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004859.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004860.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004861.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004862.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004863.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004864.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004865.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004866.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004867.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004868.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004869.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004870.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004871.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004872.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004873.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004874.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004875.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004876.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004877.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004878.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004879.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004880.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004881.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004882.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004883.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004884.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004885.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004886.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004887.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004888.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004889.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004890.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004891.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004892.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004893.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004894.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004895.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004896.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004897.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004898.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004899.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004900.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004901.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004902.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004903.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004904.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004905.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004906.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004907.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004908.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004909.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004910.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004911.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004912.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004913.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004914.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004915.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004916.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004917.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004918.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004919.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004920.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004921.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004922.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004923.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004924.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004925.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004926.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004927.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004928.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004929.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004930.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004931.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004932.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004933.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004934.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004935.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004936.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004937.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004938.EXE;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004939.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004940.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004941.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004942.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004943.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004944.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004945.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004946.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004947.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004948.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004949.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004950.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004951.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004952.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004953.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004954.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004955.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004956.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004957.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004958.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004959.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004960.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004961.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004962.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004963.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004964.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004965.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004966.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004967.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004968.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004969.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004970.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004971.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004972.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004973.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004974.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004975.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004976.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004977.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004978.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004979.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004980.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004981.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004982.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004983.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004984.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004985.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004986.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004987.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004988.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004989.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004990.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004991.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004992.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004993.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004994.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004995.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004996.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004997.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004998.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0004999.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005000.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005001.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005002.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005003.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005004.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005005.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005006.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005007.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005008.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005009.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005010.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005011.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005012.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005013.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005014.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005015.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005016.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005017.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005018.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005019.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005020.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005021.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005022.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005023.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005024.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005025.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005026.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005027.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005028.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005029.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005030.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005031.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005032.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005033.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005034.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005035.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005036.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005037.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005038.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005039.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005040.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005041.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005042.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005043.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005044.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005045.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005046.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005047.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005048.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005049.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005050.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005051.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005052.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005053.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005054.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005055.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005056.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005057.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005058.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005059.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005060.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005061.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005062.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005063.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005064.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005065.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005066.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005067.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005068.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005069.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005070.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005071.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005072.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005073.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005074.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005075.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005076.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005077.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005078.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005079.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005080.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005081.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005082.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005083.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005084.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005085.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005086.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005087.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005088.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005089.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005090.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005091.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005092.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005093.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005094.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005095.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005096.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005097.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005098.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005099.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005100.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005101.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005102.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005103.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005104.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005105.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005106.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005107.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005108.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005109.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005110.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005111.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005112.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005113.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005114.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005115.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005116.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005117.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005118.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005119.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005120.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005121.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005122.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005123.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005124.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005125.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005126.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005127.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005128.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005129.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005130.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005131.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005132.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005133.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005134.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005135.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005136.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005137.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005138.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005139.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005140.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005141.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005142.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005143.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005144.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005145.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005146.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005147.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005148.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005149.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005150.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005151.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005152.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005153.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005154.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005155.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005156.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005157.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005158.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005159.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005160.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005161.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005162.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005163.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005164.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005165.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005166.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005167.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005168.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005169.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005170.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005171.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005172.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005173.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005174.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005175.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005176.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005177.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005178.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005179.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005180.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005181.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005182.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005183.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005184.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005185.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005186.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005187.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005188.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005189.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005190.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005191.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005192.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005193.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005194.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005195.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005196.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005197.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005198.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005199.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005200.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005201.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005202.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005203.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005204.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005205.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005206.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005207.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005208.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005209.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005210.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005211.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005212.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005213.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005214.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005215.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005216.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005217.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005218.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005219.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005220.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005221.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005222.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005223.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005224.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005225.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005226.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005227.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005228.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005229.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005230.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005231.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005232.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005233.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005234.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005235.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005236.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005237.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005238.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005239.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005240.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005241.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005242.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005243.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005244.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005245.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005246.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005247.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005248.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005249.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005250.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005251.exe;D:\System Volume Information

Edited by Ken Jacobs

Share this post


Link to post
Share on other sites

For some reason my earlier post was truncated ... here's the next segment ...

 

A0005253.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005254.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005255.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005256.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005257.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005258.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005259.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005260.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005261.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005262.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005263.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005264.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005265.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005266.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005267.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005268.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005269.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005270.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005271.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005272.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005273.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005274.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005275.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005276.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005277.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005278.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005279.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005280.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005281.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005282.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005283.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005284.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005285.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005286.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005287.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005288.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005289.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005290.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005291.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005292.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005293.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005294.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005295.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005296.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005297.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005298.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005299.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005300.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005301.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005302.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005303.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005304.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005305.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005306.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005307.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005308.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005309.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005310.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005311.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005312.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005313.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005314.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005315.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005316.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005317.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005318.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005319.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005320.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005321.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005322.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005323.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005324.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005325.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005326.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005327.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005328.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005329.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005330.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005331.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005332.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005333.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005334.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005335.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005336.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005337.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005338.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005339.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005340.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005341.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005342.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005343.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005344.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005345.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005346.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005347.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005348.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005349.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005350.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005351.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005352.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005353.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005354.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005355.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005356.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005357.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005358.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005359.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005360.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005361.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005362.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005363.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005364.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005365.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005366.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005367.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005368.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005369.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005370.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005371.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005372.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005373.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005374.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005375.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005376.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005377.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005378.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005379.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005380.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005381.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005382.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005383.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005384.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005385.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005386.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005387.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005388.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005389.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005390.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005391.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005392.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005393.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005394.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005395.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005396.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005397.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005398.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005399.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005400.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005401.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005402.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005403.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005404.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005405.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005406.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005407.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005408.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005409.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005410.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005411.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005412.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005413.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005414.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005415.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005416.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005417.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005418.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005419.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005420.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005421.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005422.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005423.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005424.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005425.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005426.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005427.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005428.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005429.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005430.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005431.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005432.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005433.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005434.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005435.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005436.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005437.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005438.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005439.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005440.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005441.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005442.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005443.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005444.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005445.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005446.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005447.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005448.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005449.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005450.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005451.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005452.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005453.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005454.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005455.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005456.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005457.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005458.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005459.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005460.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005461.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005462.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005463.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005464.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005465.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005466.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005467.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005468.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005469.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005470.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005471.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005472.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005473.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005474.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005475.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005476.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005477.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005478.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005479.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005480.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005481.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005482.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005483.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005484.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005485.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005486.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005487.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005488.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005489.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005490.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005491.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005492.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005493.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005494.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005495.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005496.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005497.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005498.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005499.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005500.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005501.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005502.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005503.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005504.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005505.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005506.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005507.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005508.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005509.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005510.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005511.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005512.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005513.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005514.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005515.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005516.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005517.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005518.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005519.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005520.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005521.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005522.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005523.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005524.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005525.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005526.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005527.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005528.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005529.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005530.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005531.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005532.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005533.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005534.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005535.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005536.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005537.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005538.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005539.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005540.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005541.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005542.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005543.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005544.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005545.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005546.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005547.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005548.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005549.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005550.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005551.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005552.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005553.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005554.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005555.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005556.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005557.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005558.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005559.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005560.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005561.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005562.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005563.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005564.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005565.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005566.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005567.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005568.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005569.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005570.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005571.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005572.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005573.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005574.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005575.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005576.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005577.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005578.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005579.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005580.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005581.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005582.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005583.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005584.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005585.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005586.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005587.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005588.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005589.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005590.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005591.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005592.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005593.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005594.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005595.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005596.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005597.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005598.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005599.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005600.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005601.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005602.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005603.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005604.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005605.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005606.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005607.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005608.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005609.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005610.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005611.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005612.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005613.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005614.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005615.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005616.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005617.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005618.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005619.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005620.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005621.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005622.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005623.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005624.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005625.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005626.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005627.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005628.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005629.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005630.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005631.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005632.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005633.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005634.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005635.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005636.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005637.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005638.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005639.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005640.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005641.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005642.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005643.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005644.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005645.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005646.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005647.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005648.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005649.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005650.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005651.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005652.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005653.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005654.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005655.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005656.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005657.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005658.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005659.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005660.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005661.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005662.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005663.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005664.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005665.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005666.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005667.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005668.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005669.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005670.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005671.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005672.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005673.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005674.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005675.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005676.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005677.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005678.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005679.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005680.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005681.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005682.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005683.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005684.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005685.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005686.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005687.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005688.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005689.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005690.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005691.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005692.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005693.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005694.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005695.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005696.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005697.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005698.exe;D:\Syst

Share this post


Link to post
Share on other sites

Truncated again ... but the pattern repeats until the last entry below. It's always the same (though sometimes .exe appears as .EXE), with these entries that don't fit the pattern:

 

A0005953.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0005954.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;Adware.Cfd;Incurable.Moved.;

A0005955.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

...

A0006794.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;Win32.HLLW.SpyBot;Deleted.;

....

A0007232.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

BufferOverrunPatch.exe;E:\K-DATA\Downloads2\Anti Virus Fixes\Blaster Worm August 2003;Trojan.PWS.TOnline;Deleted.;

ApplicationInstaller.exe;E:\K-DATA\Downloads2\Oracle\App Installer;Trojan.PWS.TOnline;Deleted.;

Application Installer.exe;E:\K-DATA\LAPTOP-D-Drive;Trojan.PWS.TOnline;Deleted.;

WINS.EXE;E:\K-DATA\LAPTOP-D-Drive\C\Downloads\Oracle Corp Downloads;Trojan.PWS.TOnline;Deleted.;

M_BARAX.SMK;E:\K-DATA\LAPTOP-D-Drive\C\GAMES\BlackDahlia\SOUND;Modification of Linux.Rst.4096;Moved.;

Application Installer.exe;E:\K-DATA\LAPTOP-D-Drive\Desktop things;Trojan.PWS.TOnline;Deleted.;

HKLM_1.reg;E:\K-DATA\LAPTOP-D-Drive\Win95 C Drive\Program Files\Regback;Probably SCRIPT.Virus;Incurable.Moved.;

Application Installer.exe;E:\K-DATA\WIN XP\Documents and Settings\All Users\Start Menu\Programs\Application & Printer Installer;Trojan.PWS.TOnline;Deleted.;

Printer Installer.exe;E:\K-DATA\WIN XP\Documents and Settings\All Users\Start Menu\Programs\Application & Printer Installer;Trojan.PWS.TOnline;Deleted.;

setup.exe;E:\K-DATA\WIN XP\Program Files\Source\PrimoMon;Probably BACKDOOR.Trojan;Incurable.Moved.;

A0007233.exe;E:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

.....

A0011490.exe;E:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0011491.exe;E:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;Dialer.Direct;Incurable.Moved.;

A0011492.exe;E:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

....

A0011529.exe;E:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;

A0012783.exe;E:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP41;Trojan.PWS.TOnline;Deleted.;

A0012784.exe;E:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP41;Trojan.PWS.TOnline;Deleted.;

A0012788.exe;E:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP41;Trojan.PWS.TOnline;Deleted.;

A0012790.EXE;E:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP41;Trojan.PWS.TOnline;Deleted.;

A0012791.exe;E:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP41;Trojan.PWS.TOnline;Deleted.;

A0012792.exe;E:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP41;Trojan.PWS.TOnline;Deleted.;

A0012793.exe;E:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP41;Trojan.PWS.TOnline;Deleted.;

NortonAntivirus.exe;F:\K-MEDIA\Downloads\Oracle Downloads;Trojan.PWS.TOnline;Deleted.;

A0019966.exe;F:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP41;Trojan.PWS.TOnline;Deleted.;

 

(the end)

Share this post


Link to post
Share on other sites

Hi again,

 

Most of that was resident in system restore rather than active. :thumbsup:

 

1. Download this file - ComboFix

2. Double click combofix.exe & follow the prompts.

3. When finished, it will produce a log for you. Post that log in your next reply

 

Note:

Do not mouseclick combofix's window whilst it's running. That may cause it to stall

 

jedi

Share this post


Link to post
Share on other sites

That's good news (it was in system restore) ... but I'm still seeing these two logs from Bit Defender, which is configured to run every night. I will now download ComboFix per your instructions.

 

thanks

 

Ken

 

 

//-----------------------------------------------------------------

//

// Product BitDefender Antivirus v10

// Product 10.2

//

// Created on: 01/07/2007 02:55:20

//

//-----------------------------------------------------------------

 

 

Virus Statistics

 

Scan path : C:\

D:\

E:\

F:\

G:\

H:\

Folders : 11670

Files : 314740

Memory processes scanned : 31

Archives : 43476

Runtime packers : 8768

Identified viruses : 2

Infected files : 6

Memory processes infected : 0

Suspect files : 0

Warnings : 0

Disinfected files : 6

Deleted files : 0

Moved files : 0

I/O errors : 198

Scan time : 04:08:19

Scan speed (files/sec) : 21

 

Spyware Statistics

 

Registry keys scanned : 1582

Registry keys infected : 0

Cookies scanned : 0

Cookies infected : 0

Spyware files infected : 0

Spyware threats detected : 0

 

 

Virus definitions : 696859

Scan plugins : 16

Archive plugins : 41

Unpack plugins : 6

Mail plugins : 6

System plugins : 5

 

Virus scan options

 

Detection

[X] Scan boot sectors

[X] Memory Processes

[ ] Scan archives

[X] Scan runtime packers

[X] Scan email

 

File mask

[ ] Programs

[X] All files

[ ] User defined extensions:

[ ] Exclude extensions: ;

 

Action

 

Infected objects

[ ] Ignore

[X] Disinfect

[ ] Delete

[ ] Move to quarantine

[ ] Prompt user

 

Second action

[ ] Ignore

[ ] Delete

[X] Move to quarantine

[ ] Prompt user

 

Virus scan options

[X] Enable warnings

[X] Enable heuristics

[ ] Show all files in log

[X] Report file: C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\full_scan\1183283720.log

 

Spyware scan options

 

[X] Scan for riskware

[ ] Skip dial and applications from scan

[X] Registry keys

[X] Cookies

 

 

Summary:

 

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\0F1B63E9.VIR=>(Quarantine-1) Infected: XM.Laroux.AA

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\0F1B63E9.VIR=>(Quarantine-1) Disinfected

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\0F1B63E9.VIR Archive repacking has failed (marked actions not taken)

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\11741154.VIR=>(Quarantine-1) Infected: XM.Laroux.AA

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\11741154.VIR=>(Quarantine-1) Disinfected

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\11741154.VIR Archive repacking has failed (marked actions not taken)

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\14EF577F.VIR=>(Quarantine-1) Infected: WM.Helper.A

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\14EF577F.VIR=>(Quarantine-1) Disinfected

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\14EF577F.VIR Archive repacking has failed (marked actions not taken)

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1E2E36.VIR=>(Quarantine-1) Infected: XM.Laroux.AA

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1E2E36.VIR=>(Quarantine-1) Disinfected

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1E2E36.VIR Archive repacking has failed (marked actions not taken)

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\71AE2564.VIR=>(Quarantine-1) Infected: XM.Laroux.AA

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\71AE2564.VIR=>(Quarantine-1) Disinfected

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\71AE2564.VIR Archive repacking has failed (marked actions not taken)

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\74FC1FC1.VIR=>(Quarantine-1) Infected: WM.Helper.A

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\74FC1FC1.VIR=>(Quarantine-1) Disinfected

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\74FC1FC1.VIR Archive repacking has failed (marked actions not taken)

 

 

----------------

 

 

 

//-----------------------------------------------------------------

//

// Product BitDefender Antivirus v10

// Product 10.2

//

// Created on: 01/07/2007 02:54:00

//

//-----------------------------------------------------------------

 

 

Virus Statistics

 

Scan path : C:\

D:\

E:\

F:\

G:\

H:\

Folders : 11670

Files : 718563

Memory processes scanned : 30

Archives : 77975

Runtime packers : 30779

Identified viruses : 6

Infected files : 10

Memory processes infected : 0

Suspect files : 1

Warnings : 0

Disinfected files : 6

Deleted files : 1

Moved files : 2

I/O errors : 198

Scan time : 05:29:56

Scan speed (files/sec) : 36

 

Spyware Statistics

 

Registry keys scanned : 1582

Registry keys infected : 0

Cookies scanned : 0

Cookies infected : 0

Spyware files infected : 0

Spyware threats detected : 0

 

 

Virus definitions : 696859

Scan plugins : 16

Archive plugins : 41

Unpack plugins : 6

Mail plugins : 6

System plugins : 5

 

Virus scan options

 

Detection

[X] Scan boot sectors

[X] Memory Processes

[X] Scan archives

[X] Scan runtime packers

[X] Scan email

 

File mask

[ ] Programs

[X] All files

[ ] User defined extensions:

[ ] Exclude extensions: ;

 

Action

 

Infected objects

[ ] Ignore

[X] Disinfect

[ ] Delete

[ ] Move to quarantine

[ ] Prompt user

 

Second action

[ ] Ignore

[ ] Delete

[X] Move to quarantine

[ ] Prompt user

 

Virus scan options

[X] Enable warnings

[X] Enable heuristics

[ ] Show all files in log

[X] Report file: C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\deep_scan\1183283640.log

 

Spyware scan options

 

[X] Scan for riskware

[ ] Skip dial and applications from scan

[X] Registry keys

[X] Cookies

 

 

Summary:

 

C:\Documents and Settings\Margaret Jacobs\DoctorWeb\Quarantine\A0005954.exe Detected: Adware.CFD

C:\Documents and Settings\Margaret Jacobs\DoctorWeb\Quarantine\A0005954.exe Disinfection failed

C:\Documents and Settings\Margaret Jacobs\DoctorWeb\Quarantine\A0005954.exe Moved

C:\Documents and Settings\Margaret Jacobs\DoctorWeb\Quarantine\A0011491.exe Detected: Application.Dialer.Worldxchange

C:\Documents and Settings\Margaret Jacobs\DoctorWeb\Quarantine\A0011491.exe Disinfection failed

C:\Documents and Settings\Margaret Jacobs\DoctorWeb\Quarantine\A0011491.exe Moved

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\0F1B63E9.VIR=>(Quarantine-1) Infected: XM.Laroux.AA

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\0F1B63E9.VIR=>(Quarantine-1) Disinfected

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\0F1B63E9.VIR Archive repacking has failed (marked actions not taken)

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\11741154.VIR=>(Quarantine-1) Infected: XM.Laroux.AA

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\11741154.VIR=>(Quarantine-1) Disinfected

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\11741154.VIR Archive repacking has failed (marked actions not taken)

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\14EF577F.VIR=>(Quarantine-1) Infected: WM.Helper.A

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\14EF577F.VIR=>(Quarantine-1) Disinfected

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\14EF577F.VIR Archive repacking has failed (marked actions not taken)

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1E2E36.VIR=>(Quarantine-1) Infected: XM.Laroux.AA

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1E2E36.VIR=>(Quarantine-1) Disinfected

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1E2E36.VIR Archive repacking has failed (marked actions not taken)

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\71AE2564.VIR=>(Quarantine-1) Infected: XM.Laroux.AA

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\71AE2564.VIR=>(Quarantine-1) Disinfected

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\71AE2564.VIR Archive repacking has failed (marked actions not taken)

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\74FC1FC1.VIR=>(Quarantine-1) Infected: WM.Helper.A

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\74FC1FC1.VIR=>(Quarantine-1) Disinfected

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\74FC1FC1.VIR Archive repacking has failed (marked actions not taken)

E:\K-DATA\Downloads2\Screensavers\CoralFree.EXE=>wise0027=>(CAB Sfx r)=>SaveNow.exe Detected: Adware.Savenow.AA

E:\K-DATA\Downloads2\Screensavers\CoralFree.EXE=>wise0027=>(CAB Sfx r)=>SaveNow.exe Disinfection failed

E:\K-DATA\Downloads2\Screensavers\CoralFree.EXE=>wise0027=>(CAB Sfx r)=>SaveNow.exe Move failed

E:\K-DATA\Downloads2\Screensavers\CoralFree.EXE=>wise0027=>(CAB Sfx r)=>Uninst.exe Detected: Adware.Savenow.AU

E:\K-DATA\Downloads2\Screensavers\CoralFree.EXE=>wise0027=>(CAB Sfx r)=>Uninst.exe Disinfection failed

E:\K-DATA\Downloads2\Screensavers\CoralFree.EXE=>wise0027=>(CAB Sfx r)=>Uninst.exe Move failed

E:\K-DATA\LAPTOP-D-Drive\C\Downloads\PC Magazine Utilities\prime97.zip=>PRIME97w.exe=>wise0066 Suspect: Macro.VBA

E:\K-DATA\LAPTOP-D-Drive\C\Downloads\PC Magazine Utilities\prime97.zip=>PRIME97w.exe=>wise0066 Disinfection failed

E:\K-DATA\LAPTOP-D-Drive\C\Downloads\PC Magazine Utilities\prime97.zip=>PRIME97w.exe=>wise0066 Deleted

E:\K-DATA\LAPTOP-D-Drive\C\Downloads\PC Magazine Utilities\prime97.zip=>PRIME97w.exe Archive repacking has failed (marked actions not taken)

Edited by Ken Jacobs

Share this post


Link to post
Share on other sites

Hi Jedi ... here's my ComboFix log ... Thanks again for your continuing help!

 

Ken

 

ComboFix 07-06-18.2 - D:\Downloads\Antivirus stuff June 2007\ComboFix.exe

"Margaret Jacobs" - 2007-07-01 9:45:46 - Service Pack 2 NTFS

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\DOCUME~1\MARGAR~1\Desktop.\internet explorer.lnk

 

 

((((((((((((((((((((((((( Files Created from 2007-06-01 to 2007-07-01 )))))))))))))))))))))))))))))))

 

 

2007-07-01 09:43 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-06-30 10:46 <DIR> d-------- C:\DOCUME~1\MARGAR~1\DoctorWeb

2007-06-24 14:31 <DIR> d-------- C:\DOCUME~1\MARGAR~1\APPLIC~1\Google

2007-06-24 14:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google

2007-06-24 14:30 <DIR> d-------- C:\Program Files\Google

2007-06-23 11:40 <DIR> d-------- C:\DOCUME~1\MARGAR~1\APPLIC~1\SUPERAntiSpyware.com

2007-06-20 18:09 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution

2007-06-17 20:48 <DIR> d-------- C:\DOCUME~1\MARGAR~1\APPLIC~1\Talkback

2007-06-17 20:45 <DIR> d-------- C:\DOCUME~1\MARGAR~1\APPLIC~1\IE7Pro

2007-06-17 18:04 <DIR> d-------- C:\DOCUME~1\MARGAR~1\APPLIC~1\Bitdefender

2007-06-17 18:03 1,572,864 --ah----- C:\DOCUME~1\MARGAR~1\NTUSER.DAT

2007-06-17 14:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com

2007-06-17 14:22 <DIR> d-------- C:\DOCUME~1\KENJAC~1\APPLIC~1\SUPERAntiSpyware.com

2007-06-17 14:21 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2007-06-17 13:53 <DIR> d-------- C:\DOCUME~1\KENJAC~1\APPLIC~1\Help

2007-06-17 13:47 98,304 -ra------ C:\WINDOWS\system32\CNCSUT50.DLL

2007-06-17 13:47 98,304 -ra------ C:\WINDOWS\system32\CNCFUT50.DLL

2007-06-17 13:47 90,112 -ra------ C:\WINDOWS\system32\CNCI730.DLL

2007-06-17 13:47 90,112 -ra------ C:\WINDOWS\system32\CNCAWS50.dll

2007-06-17 13:47 87,552 -ra------ C:\WINDOWS\system32\CNMLMya.DLL

2007-06-17 13:47 77,824 -ra------ C:\WINDOWS\system32\CNCSCM50.DLL

2007-06-17 13:47 73,728 -ra------ C:\WINDOWS\system32\CNCFCM50.DLL

2007-06-17 13:47 69,632 -ra------ C:\WINDOWS\system32\CNCFIM50.DLL

2007-06-17 13:47 57,344 -ra------ C:\WINDOWS\system32\CNCL730.DLL

2007-06-17 13:47 57,344 -ra------ C:\WINDOWS\system32\cncifco.dll

2007-06-17 13:47 57,344 -ra------ C:\WINDOWS\system32\CNCFSV50.DLL

2007-06-17 13:47 57,344 -ra------ C:\WINDOWS\system32\CNCFDs50.exe

2007-06-17 13:47 552,960 -ra------ C:\WINDOWS\system32\CNCC730.DLL

2007-06-17 13:47 53,248 -ra------ C:\WINDOWS\system32\cncipst.dll

2007-06-17 13:47 5,632 -ra------ C:\WINDOWS\system32\CNMVSya.DLL

2007-06-17 13:47 49,152 -ra------ C:\WINDOWS\system32\cncisco.dll

2007-06-17 13:47 40,960 -ra------ C:\WINDOWS\system32\CNCAAb50.exe

2007-06-17 13:47 327,740 -ra------ C:\WINDOWS\system32\UCS32P.DLL

2007-06-17 13:47 229,376 -ra------ C:\WINDOWS\system32\CNCAAi50.dll

2007-06-17 13:47 22,048 -ra------ C:\WINDOWS\system32\cocpyinf.dll

2007-06-17 13:47 217,088 -ra------ C:\WINDOWS\system32\CNCFDl50.dll

2007-06-17 13:47 15,922 -ra------ C:\WINDOWS\system32\CNCUPM2K.dll

2007-06-17 13:47 139,264 -ra------ C:\WINDOWS\system32\CNCAMg50.dll

2007-06-17 13:47 135,168 -ra------ C:\WINDOWS\system32\CNCSDO50.DLL

2007-06-17 13:47 126,976 -ra------ C:\WINDOWS\system32\CNCAPf50.exe

2007-06-17 13:47 122,880 -ra------ C:\WINDOWS\system32\CNCSTR50.DLL

2007-06-17 13:47 122,880 -ra------ C:\WINDOWS\system32\CNCFTR50.DLL

2007-06-17 13:47 122,880 -ra------ C:\WINDOWS\system32\CNCFDO50.DLL

2007-06-17 13:47 114,688 -ra------ C:\WINDOWS\system32\CNCFIF50.DLL

2007-06-17 13:47 110,592 -ra------ C:\WINDOWS\system32\CNCSIF50.DLL

2007-06-17 13:47 <DIR> d--h----- C:\BJPrinter

2007-06-17 13:46 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2007-06-17 13:34 <DIR> d--h----- C:\Program Files\InstallShield Installation Information

2007-06-17 13:32 <DIR> d--h----- C:\CanonMP

2007-06-17 13:31 <DIR> d-------- C:\Program Files\Common Files\InstallShield

2007-06-17 13:26 <DIR> d-------- C:\WINDOWS\ShellNew

2007-06-17 13:20 <DIR> d-------- C:\DOCUME~1\KENJAC~1\APPLIC~1\Microsoft Web Folders

2007-06-17 13:03 <DIR> d-------- C:\Program Files\Digital Locker Assistant

2007-06-17 12:59 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2007-06-17 12:47 <DIR> d-------- C:\Program Files\ACW

2007-06-17 12:37 <DIR> d-------- C:\DOCUME~1\KENJAC~1\APPLIC~1\IE7pro

2007-06-17 12:22 <DIR> d-------- C:\WINDOWS\network diagnostic

2007-06-17 08:51 <DIR> d-------- C:\312ce3d1bb41eb3ce3f4

2007-06-17 07:50 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2007-06-17 07:50 <DIR> d-------- C:\WINDOWS\system32\PreInstall

2007-06-17 07:46 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys

2007-06-17 07:46 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll

2007-06-17 07:46 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys

2007-06-17 07:46 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS

2007-06-17 07:46 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys

2007-06-17 07:46 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys

2007-06-17 07:46 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys

2007-06-17 07:46 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys

2007-06-17 07:42 <DIR> d-------- C:\WINDOWS\Prefetch

2007-06-17 07:30 <DIR> d-------- C:\WINDOWS\provisioning

2007-06-17 07:30 <DIR> d-------- C:\WINDOWS\peernet

2007-06-17 07:24 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2007-06-17 07:16 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe

2007-06-17 07:16 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups

2007-06-17 07:12 <DIR> d-------- C:\WINDOWS\EHome

2007-06-17 00:18 4,569 --------- C:\WINDOWS\system32\secupd.dat

2007-06-17 00:18 11,776 --------- C:\WINDOWS\system32\spnpinst.exe

2007-06-16 23:16 40,960 --a------ C:\WINDOWS\system32\mf3216.dll

2007-06-16 23:16 <DIR> d-------- C:\DOCUME~1\KENJAC~1\APPLIC~1\Bitdefender

2007-06-16 23:15 77,312 --a------ C:\WINDOWS\system32\browser.dll

2007-06-16 23:15 614,912 --a------ C:\WINDOWS\system32\h323msp.dll

2007-06-16 23:15 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll

2007-06-16 23:13 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll

2007-06-16 23:13 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll

2007-06-16 23:13 66,560 --a------ C:\WINDOWS\system32\mtxclu.dll

2007-06-16 23:13 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll

2007-06-16 23:13 60,416 --a------ C:\WINDOWS\system32\colbact.dll

2007-06-16 23:13 581,120 --a------ C:\WINDOWS\system32\rpcrt4.dll

2007-06-16 23:13 540,160 --a------ C:\WINDOWS\system32\comuid.dll

2007-06-16 23:13 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll

2007-06-16 23:13 397,824 --a------ C:\WINDOWS\system32\rpcss.dll

2007-06-16 23:13 243,200 --a------ C:\WINDOWS\system32\es.dll

2007-06-16 23:13 225,792 --a------ C:\WINDOWS\system32\catsrv.dll

2007-06-16 23:13 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll

2007-06-16 23:13 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll

2007-06-16 23:13 101,376 --a------ C:\WINDOWS\system32\txflog.dll

2007-06-16 23:13 1,285,120 --a------ C:\WINDOWS\system32\ole32.dll

2007-06-16 23:13 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll

2007-06-16 23:08 81,984 --a------ C:\WINDOWS\system32\bdod.bin

2007-06-16 23:08 239,104 --a------ C:\WINDOWS\system32\srrstr.dll

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll

2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll

2007-04-17 05:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll

2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

2007-04-17 05:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{00011268-E188-40DF-A514-835FCD78B1BF}=D:\Programs\IE7Pro\IE7Pro.dll [2007-04-23 15:16]

{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2007-06-24 14:31]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BDMCon"="D:\Programs\BITDEF~1\bdmcon.exe" [2007-06-17 21:15]

"BDAgent"="D:\Programs\BitDefender\bdagent.exe" [2007-03-26 15:49]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-06-24 14:31]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="D:\Programs\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

D:\Programs\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=sockspy.dll

 

 

**************************************************************************

 

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-01 09:48:00

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-07-01 9:49:48

C:\ComboFix-quarantined-files.txt ... 2007-07-01 09:49

 

--- E O F ---

Share this post


Link to post
Share on other sites

This is a BitDefender log AFTER running ComboFix ...

 

 

//-----------------------------------------------------------------

//

// Product BitDefender Antivirus v10

// Product 10.2

//

// Created on: 01/07/2007 10:35:08

//

//-----------------------------------------------------------------

 

 

Virus Statistics

 

Scan path : C:\

D:\

E:\

F:\

G:\

H:\

Folders : 11647

Files : 310403

Memory processes scanned : 28

Archives : 43502

Runtime packers : 8394

Identified viruses : 2

Infected files : 6

Memory processes infected : 0

Suspect files : 0

Warnings : 0

Disinfected files : 6

Deleted files : 0

Moved files : 0

I/O errors : 198

Scan time : 02:40:09

Scan speed (files/sec) : 32

 

Spyware Statistics

 

Registry keys scanned : 1582

Registry keys infected : 0

Cookies scanned : 0

Cookies infected : 0

Spyware files infected : 0

Spyware threats detected : 0

 

 

Virus definitions : 696914

Scan plugins : 16

Archive plugins : 41

Unpack plugins : 6

Mail plugins : 6

System plugins : 5

 

Virus scan options

 

Detection

[X] Scan boot sectors

[X] Memory Processes

[ ] Scan archives

[X] Scan runtime packers

[X] Scan email

 

File mask

[ ] Programs

[X] All files

[ ] User defined extensions:

[ ] Exclude extensions: ;

 

Action

 

Infected objects

[ ] Ignore

[X] Disinfect

[ ] Delete

[ ] Move to quarantine

[ ] Prompt user

 

Second action

[ ] Ignore

[ ] Delete

[X] Move to quarantine

[ ] Prompt user

 

Virus scan options

[X] Enable warnings

[X] Enable heuristics

[ ] Show all files in log

[X] Report file: C:\DOCUME~1\MARGAR~1\LOCALS~1\Temp\1183311308.log

 

Spyware scan options

 

[X] Scan for riskware

[ ] Skip dial and applications from scan

[X] Registry keys

[X] Cookies

 

 

Summary:

 

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\0F1B63E9.VIR=>(Quarantine-1) Infected: XM.Laroux.AA

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\0F1B63E9.VIR=>(Quarantine-1) Disinfected

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\0F1B63E9.VIR Archive repacking has failed (marked actions not taken)

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\11741154.VIR=>(Quarantine-1) Infected: XM.Laroux.AA

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\11741154.VIR=>(Quarantine-1) Disinfected

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\11741154.VIR Archive repacking has failed (marked actions not taken)

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\14EF577F.VIR=>(Quarantine-1) Infected: WM.Helper.A

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\14EF577F.VIR=>(Quarantine-1) Disinfected

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\14EF577F.VIR Archive repacking has failed (marked actions not taken)

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1E2E36.VIR=>(Quarantine-1) Infected: XM.Laroux.AA

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1E2E36.VIR=>(Quarantine-1) Disinfected

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1E2E36.VIR Archive repacking has failed (marked actions not taken)

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\71AE2564.VIR=>(Quarantine-1) Infected: XM.Laroux.AA

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\71AE2564.VIR=>(Quarantine-1) Disinfected

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\71AE2564.VIR Archive repacking has failed (marked actions not taken)

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\74FC1FC1.VIR=>(Quarantine-1) Infected: WM.Helper.A

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\74FC1FC1.VIR=>(Quarantine-1) Disinfected

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\74FC1FC1.VIR Archive repacking has failed (marked actions not taken)

Share this post


Link to post
Share on other sites

And this one today frpm Bit Defender ..

 

 

//-----------------------------------------------------------------

//

// Product BitDefender Antivirus v10

// Product 10.2

//

// Created on: 02/07/2007 02:55:16

//

//-----------------------------------------------------------------

 

 

Virus Statistics

 

Scan path : C:\

D:\

E:\

F:\

G:\

H:\

Folders : 11651

Files : 311260

Memory processes scanned : 30

Archives : 43514

Runtime packers : 8561

Identified viruses : 2

Infected files : 6

Memory processes infected : 0

Suspect files : 0

Warnings : 0

Disinfected files : 6

Deleted files : 0

Moved files : 0

I/O errors : 197

Scan time : 03:44:41

Scan speed (files/sec) : 23

 

Spyware Statistics

 

Registry keys scanned : 1582

Registry keys infected : 0

Cookies scanned : 10

Cookies infected : 0

Spyware files infected : 0

Spyware threats detected : 0

 

 

Virus definitions : 696914

Scan plugins : 16

Archive plugins : 41

Unpack plugins : 6

Mail plugins : 6

System plugins : 5

 

Virus scan options

 

Detection

[X] Scan boot sectors

[X] Memory Processes

[ ] Scan archives

[X] Scan runtime packers

[X] Scan email

 

File mask

[ ] Programs

[X] All files

[ ] User defined extensions:

[ ] Exclude extensions: ;

 

Action

 

Infected objects

[ ] Ignore

[X] Disinfect

[ ] Delete

[ ] Move to quarantine

[ ] Prompt user

 

Second action

[ ] Ignore

[ ] Delete

[X] Move to quarantine

[ ] Prompt user

 

Virus scan options

[X] Enable warnings

[X] Enable heuristics

[ ] Show all files in log

[X] Report file: C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\full_scan\1183370116.log

 

Spyware scan options

 

[X] Scan for riskware

[ ] Skip dial and applications from scan

[X] Registry keys

[X] Cookies

 

 

Summary:

 

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\0F1B63E9.VIR=>(Quarantine-1) Infected: XM.Laroux.AA

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\0F1B63E9.VIR=>(Quarantine-1) Disinfected

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\0F1B63E9.VIR Archive repacking has failed (marked actions not taken)

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\11741154.VIR=>(Quarantine-1) Infected: XM.Laroux.AA

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\11741154.VIR=>(Quarantine-1) Disinfected

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\11741154.VIR Archive repacking has failed (marked actions not taken)

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\14EF577F.VIR=>(Quarantine-1) Infected: WM.Helper.A

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\14EF577F.VIR=>(Quarantine-1) Disinfected

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\14EF577F.VIR Archive repacking has failed (marked actions not taken)

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1E2E36.VIR=>(Quarantine-1) Infected: XM.Laroux.AA

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1E2E36.VIR=>(Quarantine-1) Disinfected

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1E2E36.VIR Archive repacking has failed (marked actions not taken)

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\71AE2564.VIR=>(Quarantine-1) Infected: XM.Laroux.AA

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\71AE2564.VIR=>(Quarantine-1) Disinfected

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\71AE2564.VIR Archive repacking has failed (marked actions not taken)

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\74FC1FC1.VIR=>(Quarantine-1) Infected: WM.Helper.A

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\74FC1FC1.VIR=>(Quarantine-1) Disinfected

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\74FC1FC1.VIR Archive repacking has failed (marked actions not taken)

 

 

-----------------------

 

 

//-----------------------------------------------------------------

//

// Product BitDefender Antivirus v10

// Product 10.2

//

// Created on: 02/07/2007 02:54:01

//

//-----------------------------------------------------------------

 

 

Virus Statistics

 

Scan path : C:\

D:\

E:\

F:\

G:\

H:\

Folders : 11651

Files : 714783

Memory processes scanned : 29

Archives : 77960

Runtime packers : 30547

Identified viruses : 4

Infected files : 8

Memory processes infected : 0

Suspect files : 1

Warnings : 0

Disinfected files : 6

Deleted files : 1

Moved files : 0

I/O errors : 197

Scan time : 04:53:52

Scan speed (files/sec) : 40

 

Spyware Statistics

 

Registry keys scanned : 1582

Registry keys infected : 0

Cookies scanned : 10

Cookies infected : 0

Spyware files infected : 0

Spyware threats detected : 0

 

 

Virus definitions : 691978

Scan plugins : 16

Archive plugins : 41

Unpack plugins : 6

Mail plugins : 6

System plugins : 5

 

Virus scan options

 

Detection

[X] Scan boot sectors

[X] Memory Processes

[X] Scan archives

[X] Scan runtime packers

[X] Scan email

 

File mask

[ ] Programs

[X] All files

[ ] User defined extensions:

[ ] Exclude extensions: ;

 

Action

 

Infected objects

[ ] Ignore

[X] Disinfect

[ ] Delete

[ ] Move to quarantine

[ ] Prompt user

 

Second action

[ ] Ignore

[ ] Delete

[X] Move to quarantine

[ ] Prompt user

 

Virus scan options

[X] Enable warnings

[X] Enable heuristics

[ ] Show all files in log

[X] Report file: C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\deep_scan\1183370041.log

 

Spyware scan options

 

[X] Scan for riskware

[ ] Skip dial and applications from scan

[X] Registry keys

[X] Cookies

 

 

Summary:

 

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\0F1B63E9.VIR=>(Quarantine-1) Infected: XM.Laroux.AA

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\0F1B63E9.VIR=>(Quarantine-1) Disinfected

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\0F1B63E9.VIR Archive repacking has failed (marked actions not taken)

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\11741154.VIR=>(Quarantine-1) Infected: XM.Laroux.AA

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\11741154.VIR=>(Quarantine-1) Disinfected

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\11741154.VIR Archive repacking has failed (marked actions not taken)

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\14EF577F.VIR=>(Quarantine-1) Infected: WM.Helper.A

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\14EF577F.VIR=>(Quarantine-1) Disinfected

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\14EF577F.VIR Archive repacking has failed (marked actions not taken)

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1E2E36.VIR=>(Quarantine-1) Infected: XM.Laroux.AA

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1E2E36.VIR=>(Quarantine-1) Disinfected

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1E2E36.VIR Archive repacking has failed (marked actions not taken)

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\71AE2564.VIR=>(Quarantine-1) Infected: XM.Laroux.AA

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\71AE2564.VIR=>(Quarantine-1) Disinfected

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\71AE2564.VIR Archive repacking has failed (marked actions not taken)

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\74FC1FC1.VIR=>(Quarantine-1) Infected: WM.Helper.A

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\74FC1FC1.VIR=>(Quarantine-1) Disinfected

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\74FC1FC1.VIR Archive repacking has failed (marked actions not taken)

E:\K-DATA\Downloads2\Screensavers\CoralFree.EXE=>wise0027=>(CAB Sfx r)=>SaveNow.exe Detected: Adware.Savenow.AA

E:\K-DATA\Downloads2\Screensavers\CoralFree.EXE=>wise0027=>(CAB Sfx r)=>SaveNow.exe Disinfection failed

E:\K-DATA\Downloads2\Screensavers\CoralFree.EXE=>wise0027=>(CAB Sfx r)=>SaveNow.exe Move failed

E:\K-DATA\Downloads2\Screensavers\CoralFree.EXE=>wise0027=>(CAB Sfx r)=>Uninst.exe Detected: Adware.Savenow.AU

E:\K-DATA\Downloads2\Screensavers\CoralFree.EXE=>wise0027=>(CAB Sfx r)=>Uninst.exe Disinfection failed

E:\K-DATA\Downloads2\Screensavers\CoralFree.EXE=>wise0027=>(CAB Sfx r)=>Uninst.exe Move failed

E:\K-DATA\LAPTOP-D-Drive\C\Downloads\PC Magazine Utilities\prime97.zip=>PRIME97w.exe=>wise0066 Suspect: Macro.VBA

E:\K-DATA\LAPTOP-D-Drive\C\Downloads\PC Magazine Utilities\prime97.zip=>PRIME97w.exe=>wise0066 Disinfection failed

E:\K-DATA\LAPTOP-D-Drive\C\Downloads\PC Magazine Utilities\prime97.zip=>PRIME97w.exe=>wise0066 Deleted

E:\K-DATA\LAPTOP-D-Drive\C\Downloads\PC Magazine Utilities\prime97.zip=>PRIME97w.exe Archive repacking has failed (marked actions not taken)

Share this post


Link to post
Share on other sites

Hi again,

 

Ok, that's looking a lot better, can I see a fresh HiJackThis log please?

 

jedi

Share this post


Link to post
Share on other sites

Looking better, but still slow .. here's the latest HiJackThis log ...

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 1:05:34 PM, on 7/2/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

D:\Programs\BITDEF~1\bdmcon.exe

D:\Programs\BitDefender\bdagent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

D:\Programs\Palm\HOTSYNC.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

D:\Programs\BitDefender\vsserv.exe

D:\Programs\BITDEF~1\bdlite.exe

C:\Program Files\Outlook Express\msimn.exe

D:\Programs\Palm\palm.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

D:\Programs\Mozilla Firefox\firefox.exe

D:\Downloads\Antivirus stuff June 2007\HiJackThis_v2.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: IE7pro - {00011268-E188-40DF-A514-835FCD78B1BF} - D:\Programs\IE7Pro\IE7Pro.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [bDMCon] D:\Programs\BITDEF~1\bdmcon.exe

O4 - HKLM\..\Run: [bDAgent] "D:\Programs\BitDefender\bdagent.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - Startup: HotSync Manager.lnk = D:\Programs\Palm\HOTSYNC.EXE

O4 - Global Startup: Microsoft Office.lnk = D:\Programs\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - D:\Programs\IE7Pro\IE7Pro.dll

O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - D:\Programs\IE7Pro\IE7Pro.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1182059137811

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1182061521014

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O20 - Winlogon Notify: !SASWinLogon - D:\Programs\SUPERAntiSpyware\SASWINLO.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - D:\Programs\BitDefender\vsserv.exe

O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

 

--

End of file - 4890 bytes

Share this post


Link to post
Share on other sites

Hi again,

 

Download RegSeeker from here:

http://www.snapfiles.com/get/regseeker.html

 

Open RegSeeker.

 

Check the 'Backup before Deletion' box

Click on 'Clean the Registry'

Make sure all boxes except “Invalid Sevices (experimental)” are checked.

Click AutoClean and follow the prompts to allow it to run.

You will get a notification when AutoClean has run.

Exit RegSeeker.

Do not try to use any of the other functions on RegSeeker, it is a powerful program with the potential to damage your PC if used incorrectly

 

Next:

 

Do Start > My Computer.

Right-Click on Local Disk C.

Click Properties > Tools.

Under 'Error-Checking' click 'Check Now'.

Under 'Check Local Disk C’ check both boxes and click 'Start'. You will be prompted to restart. Do so. You will get a blue screen on restart, be patient, the error-check takes time, your PC will start normally when it is complete.

 

Next:

 

Do Start > My Computer.

Right-Click on Local Disk C.

Click Properties > Tools.

Click on 'Defragment now' and follow the prompts to defragment your disk.

 

Let me know if this speeds the PC up.

 

jedi

Share this post


Link to post
Share on other sites

Thanks, Jedi ... just want to let you know we are going to be traveling for a few days. Will get back to you when we return.

 

Thanks

 

Ken

Share this post


Link to post
Share on other sites

Hi again,

 

Ok, I'll leave the thread open, just post when you return.

 

jedi

Share this post


Link to post
Share on other sites

Hi Jedi ... back again, but haven't had time to report what's going on. My wife's machine is virus-free according to BitDefender. But it's incredibly SLOW. She also continues to receive emails with "FROM" names similar to names she's sent mail to in the past. She complains that "the internet" (she means "the browser") just quits ... she didn't record the message, so I'll post that when we get it again. We're on our way out of town until Monday, so I just thought I would post the HijackThis log below.

 

Thanks again for your help ...

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 8:02:27 AM, on 8/2/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

C:\WINDOWS\Explorer.EXE

D:\Programs\BITDEF~1\bdmcon.exe

D:\Programs\BitDefender\bdagent.exe

C:\WINDOWS\system32\ctfmon.exe

D:\Programs\Palm\HOTSYNC.EXE

C:\Program Files\Messenger\msmsgs.exe

D:\Programs\Microsoft Office\Office\1033\msohelp.exe

D:\Programs\Adobe\Photoshop Elements\PhotoshopElementsFileAgent.exe

D:\Programs\Adobe\Photoshop Elements\PhotoshopElementsDeviceConnect.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

D:\Programs\Palm\palm.exe

C:\Program Files\Outlook Express\msimn.exe

C:\WINDOWS\system32\taskmgr.exe

D:\PROGRAMS\MOZILL~1\plugins\GetFlash.exe

C:\Program Files\Internet Explorer\iexplore.exe

D:\Programs\Microsoft Office\Office\WINWORD.EXE

C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

D:\Programs\BitDefender\vsserv.exe

D:\Programs\BitDefender\bdlite.exe

D:\Programs\BitDefender\bdlite.exe

D:\Programs\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wscntfy.exe

D:\Downloads\Antivirus stuff June 2007\HiJackThis_v2.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: IE7pro - {00011268-E188-40DF-A514-835FCD78B1BF} - D:\Programs\IE7Pro\IE7Pro.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [bDMCon] D:\Programs\BITDEF~1\bdmcon.exe

O4 - HKLM\..\Run: [bDAgent] "D:\Programs\BitDefender\bdagent.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - Startup: HotSync Manager.lnk = D:\Programs\Palm\HOTSYNC.EXE

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = D:\Programs\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - D:\Programs\IE7Pro\IE7Pro.dll

O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - D:\Programs\IE7Pro\IE7Pro.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1182059137811

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1182061521014

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O20 - Winlogon Notify: !SASWinLogon - D:\Programs\SUPERAntiSpyware\SASWINLO.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - D:\Programs\Adobe\Photoshop Elements\PhotoshopElementsFileAgent.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - D:\Programs\Adobe\Photoshop Elements\PhotoshopElementsDeviceConnect.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - D:\Programs\BitDefender\vsserv.exe

O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

 

--

End of file - 6148 bytes

Share this post


Link to post
Share on other sites

Hi again,

 

Please register (it's free, don't worry) with PCPitStop and run the full tests here. When the tests are complete, a results page will pop up. Click "Share these results with TechExpress" on the left-hand side. Then copy the URL provided and post it here for me.

 

jedi

Share this post


Link to post
Share on other sites

Hi Jedi ... the URL from PCPitstop is

 

http://www.pcpitstop.com/techexpress.asp?id=VCAQHWD3CFVSCJUW

 

The report generally says things are ok, with minor problems for memory disk and internet. I did use the opportunity to buy the PC Optimize program from PCPitstop, and ran it successfully. So, I'm not quite sure why it is still finding these "minor" problems.

 

Also, BitDefender reported viruses ()see below) that it could not remove ... something is wrong with Combofix, but I think that was one of the programs I downloaded at your request to get rid of viruses.

 

Hmmmm ...

 

Thanks for your continued help!

 

Ken

 

 

//-----------------------------------------------------------------

//

// Product BitDefender Antivirus v10

// Product 10.2

//

// Created on: 11/08/2007 02:54:00

//

//-----------------------------------------------------------------

 

 

Virus Statistics

 

Scan path : C:\

D:\

E:\

F:\

G:\

H:\

Folders : 12140

Files : 748083

Memory processes scanned : 31

Archives : 85769

Runtime packers : 31570

Identified viruses : 1

Infected files : 1

Memory processes infected : 0

Suspect files : 0

Warnings : 0

Disinfected files : 0

Deleted files : 0

Moved files : 0

I/O errors : 196

Scan time : 06:27:43

Scan speed (files/sec) : 32

 

Spyware Statistics

 

Registry keys scanned : 1599

Registry keys infected : 0

Cookies scanned : 117

Cookies infected : 0

Spyware files infected : 0

Spyware threats detected : 0

 

 

Virus definitions : 754610

Scan plugins : 16

Archive plugins : 40

Unpack plugins : 6

Mail plugins : 6

System plugins : 5

 

Virus scan options

 

Detection

[X] Scan boot sectors

[X] Memory Processes

[X] Scan archives

[X] Scan runtime packers

[X] Scan email

 

File mask

[ ] Programs

[X] All files

[ ] User defined extensions:

[ ] Exclude extensions: ;

 

Action

 

Infected objects

[ ] Ignore

[X] Disinfect

[ ] Delete

[ ] Move to quarantine

[ ] Prompt user

 

Second action

[ ] Ignore

[ ] Delete

[X] Move to quarantine

[ ] Prompt user

 

Virus scan options

[X] Enable warnings

[X] Enable heuristics

[ ] Show all files in log

[X] Report file: C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\deep_scan\1186826040.log

 

Spyware scan options

 

[X] Scan for riskware

[ ] Skip dial and applications from scan

[X] Registry keys

[X] Cookies

 

 

Summary:

 

D:\Downloads\Antivirus stuff June 2007\ComboFix.exe=>(RAR Sfx o)=>CFCleanUp.bat Infected: Trojan.Bat.Sdel.AC

D:\Downloads\Antivirus stuff June 2007\ComboFix.exe=>(RAR Sfx o)=>CFCleanUp.bat Disinfection failed

D:\Downloads\Antivirus stuff June 2007\ComboFix.exe=>(RAR Sfx o)=>CFCleanUp.bat Move failed

Share this post


Link to post
Share on other sites

Hi again,

 

Combofix is safe, BitDefender is detecting it because it's not familiar with it, and CF uses techniques to scan and fix that are in some ways similar to how some Malware works. But you can delete it anyway, as we won't need it.

 

As for the tuneup tips, these need to be done manually which is why PC Optimize couldn't do them for you.

 

Browser cache size adjustment:

 

# Start Internet Explorer

# Select Tools | Internet Options | General

# Under Temporary Internet Files (or under Browsing history for IE 7) click the Settings button.

# In the box for the amount of disk space to use, enter a value between 10 and 100 megabytes.

# Click OK to accept the changes.

 

Defragment:

 

Do Start > My Computer.

Right-Click on Local Disk C.

Click Properties > Tools.

Click on 'Defragment now' and follow the prompts to defragment your disk.

 

But the most important tip is to increase RAM, 256 mb is simply not emough to run today's utilities. RAM sticks are not expensive and doubling up to 512 mb will significantly improve both the performance and the lifespan of this PC.

Let me know if you want to do it.

 

jedi

Share this post


Link to post
Share on other sites

Thanks, Jedi ....

 

I've successfully upgraded to 1GB of ram. I ran defrag twice (and now a third time) on C:, and it won't entirely eliminate fragmentation. Here's the defrag report for the C: drive:

 

Volume (C:)

Volume size = 12.23 GB

Cluster size = 4 KB

Used space = 4.99 GB

Free space = 7.23 GB

Percent free space = 59 %

 

Volume fragmentation

Total fragmentation = 15 %

File fragmentation = 30 %

Free space fragmentation = 0 %

 

File fragmentation

Total files = 21,981

Average file size = 286 KB

Total fragmented files = 1

Total excess fragments = 3

Average fragments per file = 1.00

 

Pagefile fragmentation

Pagefile size = 1.50 GB

Total fragments = 4

 

Folder fragmentation

Total folders = 1,811

Fragmented folders = 1

Excess folder fragments = 0

 

Master File Table (MFT) fragmentation

Total MFT size = 41 MB

MFT record count = 23,887

Percent MFT in use = 57 %

Total MFT fragments = 2

 

--------------------------------------------------------------------------------

Fragments File Size Files that cannot be defragmented

None

 

So, though the utility says "you should defragment this drive" (I guess because it is over 12%), it won't do anything better. I've also checked the other partitions, and they are ok.

 

Here's the latest PCPitstop scan ... http://www.pcpitstop.com/techexpress.asp?id=U4WQHWD3CFVS9KUW

 

Overall, performance is pretty good now, so I think we're done with my wife's machine! THANK YOU SO MUCH FOR ALL YOUR HELP! We've got BitDefender installed and turned on, and hopefully we won't ever go through this again!

 

I do now need to return to my PC, and see if I can figure out what do do about that wireless mouse. Let me investigate, and tell you where we stand. Since it was originally a virus-related problem, let's keep this thread open. I'll post a HiJackThis report and a PCPitsop report from my machine too ...

 

Thanks

 

Ken

Edited by Ken Jacobs

Share this post


Link to post
Share on other sites

Hi Jedi ... I'm back at my PC, and here are a couple of scans (HijackThis below and PCPitstop: http://www.pcpitstop.com/techexpress.asp?i...DQHWJCV3VS7KUW). I don't know if I have a virus or not, but I do still have the problem with the mouse ... it's a wireless Dell mouse that came with the machine, and it just hangs. I can get it to work by pressing the button on the bottom. As long as I keep moving it around, it works, but then it hangs after a few seconds. I sure wish I could fix it ...

 

Thanks

 

Ken

 

P.S. By the way, I have a third computer that I don't use regularly, but will be looking at at the end of the month ... it's HORRIBLY slow ...

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 2:46:40 PM, on 8/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Symantec AntiVirus\VPTray.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

D:\Applications\Adobe\Photoshop Elements 5.0\apdproxy.exe

C:\WINDOWS\StartupMonitor.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Dell Support\DSAgnt.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\WINDOWS\system32\ctfmon.exe

D:\Applications\Zinio\ZinioDeliveryManager.exe

D:\Applications\RegistryBooster2\RegistryBooster.exe

D:\Applications\Bluetooth Actiontec\BTTray.exe

C:\Program Files\Array Networks\Common\4,0,1,3\arr_isrv4,0,1,3.exe

D:\Applications\Palm Desktop\Hotsync.exe

D:\Program Files\Adobe\Photoshop Elements\PhotoshopElementsFileAgent.exe

D:\APPLIC~1\BLUETO~2\BTSTAC~1.EXE

C:\Program Files\Microsoft Office\Office\1033\msoffice.exe

D:\Program Files\WinZip\WZQKPICK.EXE

D:\Applications\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Array Networks\Array SSL VPN\3,0,1,9\arr_srvs3,0,1,9.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Bonjour\mDNSResponder.exe

D:\Applications\Bluetooth Actiontec\bin\btwdins.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe

D:\Applications\MySQL V6\bin\mysqld-nt.exe

C:\WINDOWS\system32\nvsvc32.exe

D:\Applications\Oracle Drive\XfsSvcCon.exe

e:\applications\oracle\oraclehome\bin\ORACLE.EXE

C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe

D:\Applications\Retrospect Backup\retrorun.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Cisco Systems\VPN Client\vpngui.exe

D:\Applications\Quicken2007\qw.exe

D:\Applications\Zinio\ZinioReader.exe

C:\Program Files\Mozilla Firefox\firefox.exe

D:\Applications\Agendus\Agendus for Windows Palm Desktop Edition\AgendusPDEd.exe

D:\Program Files\Mozilla\Thunderbird\thunderbird.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

D:\Applications\Macro Scheduler\msched.exe

C:\WINDOWS\System32\winhlp32.exe

C:\WINDOWS\winhlp32.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

C:\Program Files\Internet Explorer\iexplore.exe

D:\Applications\SplashID\SplashID Desktop.exe

D:\Downloads\HijackThis\HiJackThis_v2.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://securityresponse.symantec.com/avcenter/fix_homepage/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/root/campaign.asp?cid...mp;affid=105-56

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-proxy1.us.oracle.com:80

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\APPLIC~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Oracle Drive Helper Object - {5D33B3E0-4FB3-4ED1-9106-B6EB06A3B7C2} - C:\WINDOWS\SYSTEM32\ODriveHelper.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] "C:\Program Files\Symantec AntiVirus\VPTray.exe"

O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Applications\Adobe\Photoshop Elements 5.0\apdproxy.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Zinio DLM] D:\Applications\Zinio\ZinioDeliveryManager.exe /autostart

O4 - HKCU\..\Run: [uniblue Registry Booster2] D:\Applications\RegistryBooster2\RegistryBooster.exe /S

O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Macro Scheduler.lnk = D:\Applications\Macro Scheduler\msched.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE

O4 - Global Startup: HotSync Manager.lnk = D:\Applications\Palm Desktop\Hotsync.exe

O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = D:\Applications\Treo Palm Desktop\Hotsync.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: VPN Client.lnk = ?

O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\APPLIC~1\MI69DF~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send To &Bluetooth - D:\Applications\Bluetooth Actiontec\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\APPLIC~1\MI69DF~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\APPLIC~1\MI69DF~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\APPLIC~1\MI69DF~1\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Applications\Bluetooth Actiontec\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Applications\Bluetooth Actiontec\btsendto_ie.htm

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...99/mcinsctl.cab

O16 - DPF: {66D845A0-C3BB-45AD-807C-9BFEAF20EF2C} (InPEditor Class) - http://stcontent.oracle.com/content/static...it_In_Place.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1175863491528

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5B9D91D4-26B3-460D-9815-F3FB29034F37}: NameServer = 130.35.249.41,130.35.249.52

O17 - HKLM\System\CCS\Services\Tcpip\..\{91D74CA9-7B8F-40C8-8E49-1ED8EA29672A}: NameServer = 130.35.249.41,138.2.202.15

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = us.oracle.com

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = us.oracle.com

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements\PhotoshopElementsFileAgent.exe

O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - D:\Applications\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

O23 - Service: Array SSL VPN Service 3,0,1,9 (ArraySSL_VPN_Service3,0,1,9) - Unknown owner - C:\Program Files\Array Networks\Array SSL VPN\3,0,1,9\arr_srvs3,0,1,9.exe

O23 - Service: Array Utility Service 4,0,1,3 (Array_Utility_Service4,0,1,3) - Unknown owner - C:\Program Files\Array Networks\Common\4,0,1,3\arr_isrv4,0,1,3.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - D:\Applications\Bluetooth Actiontec\bin\btwdins.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: MyDesktopService (MyDesktopWindows) - Oracle Corporation - C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe

O23 - Service: MySQL - Oracle Corporation - (no file)

O23 - Service: MySQL6 (MySQL4) - Unknown owner - D:\Applications\MySQL.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ODrive Service (OdService) - Oracle - D:\Applications\Oracle Drive\XfsSvcCon.exe

O23 - Service: OracleServiceORCL - Oracle Corporation - e:\applications\oracle\oraclehome\bin\ORACLE.EXE

O23 - Service: QOS MyDesktop (QOSMyDesktop) - Oracle - C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe

O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Corporation - D:\Applications\Retrospect Backup\retrorun.exe

O23 - Service: Retrospect Helper - EMC Corporation - D:\Applications\Retrospect Backup\rthlpsvc.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

 

--

End of file - 15768 bytes

Share this post


Link to post
Share on other sites

Hi again,

 

Looking at the Tech Express report, this is not advisable:

Drive C:\ has only 18 percent of its space available.

 

Drive D:\ has only 2 percent of its space available.

 

Drive E:\ has only 7 percent of its space available.

 

I suggest you go get a nice big external HD (Seagate do a good range, 80GB upwards) and dump data off those drives, that way you'll be able to defrag them and improve performance no end, they should ideally have around 25% free space each.

 

The mouse:

Have you tried the simple stuff?

- Change the batteries

- Move the receiver closer to the mouse

- Try a different mouse mat

- Check there's no metal between the mouse and receiver

 

jedi

Share this post


Link to post
Share on other sites

Hi!

 

Re the mouse, yes, I've tried all the simple stuff. It's just got to be a driver problem of some sort. Started happening about the time I was devirusing my wife's machine (and then mine because I had copied files over ...). If you can't help further, that's ok. i can work on it myself.

 

Is there any evidence of virus on my machine?

 

As to the disk issue, yeah, I know that low amounts of disk are not advisable. However, these "disks" are actually all partitions on a single hard drive. I use them this way ...

 

Drive Content Size Free

C: Windows 21.1GB 3.72GB

D: Applications 27.7 GB 669MB (execcutables)

E: Data 48.8 GB 3.61 GB (all sorts of data files)

F: Media 292 GB 130GB (photos, video editing, etc.)

 

I can re-partition and add storage to C, for example. There is very little growth on D: unless I install new apps. So, generally, I'm ok.

 

Thanks again for all your help.

 

Ken

Share this post


Link to post
Share on other sites

Hi again,

 

Is there any evidence of virus on my machine?

 

No, it looks clean.

 

Re the mouse, yes, I've tried all the simple stuff. It's just got to be a driver problem of some sort.

 

Not knowing exactly which model it is, it's hard to find driver updates, but if you know the exact model a little Googling should find them, I found this for example:

http://support.us.dell.com/support/downloa...p;fileid=203425

I'm not suggesting that is exactly right but you get the idea I'm sure.

I can re-partition and add storage to C, for example. There is very little growth on D: unless I install new apps. So, generally, I'm ok.

 

OK, that sounds fair enough.

 

jedi

Share this post


Link to post
Share on other sites

Thank you once again, Jedi, for all your help with both of these machines. What is the best way to honor your fine work?

 

No doubt I will be posting again, in a new thread (I guess) to cover the third machine I mentioned. (It's at our second home, out of town.) If I ask for your attention in the posting, would it somehow get assigned to you?

 

Thanks again ...

 

Ken

Share this post


Link to post
Share on other sites

Hi again Ken,

 

You're most welcome. :)

What is the best way to honor your fine work?

Well, donations are always welcome, they go to pay for the board upkeep, not to individuals, and we run on a tight budget because we won't carry adverts. There's a donation link under the ASAP banner at the bottom of my posts, but in no way do you need to feel obliged to do this, this is a free service to all.

 

No doubt I will be posting again, in a new thread (I guess) to cover the third machine I mentioned. (It's at our second home, out of town.) If I ask for your attention in the posting, would it somehow get assigned to you?

 

Post here, I'll leave this thread open for a while, as long as it's not going to be too far away in time. Either that or PM me when you start a new topic.

 

Best wishes,

 

jedi

Share this post


Link to post
Share on other sites

Jedi ... thanks, that's perfect! I will in fact make a donation. Is there way to designate the donation specifically to SywareInfo forums? The link I followed didn't mention which particular group or site would be supported.

 

We will be able to start on my third computer when I am next in Utah (at the end of August). We will only be there for a few days, then not again until October some time ... hope that works for you.

 

Thanks again!

 

Ken

Edited by Ken Jacobs

Share this post


Link to post
Share on other sites

Hi again,

 

Is there way to designate the donation specifically to SywareInfo forums? The link I followed didn't mention which particular group or site would be supported.

 

The way this site is funded is complex, but rest assured any donation you give will contribute to the upkeep of this site, directly or indirectly, or else I wouldn't have raised the issue, and we're most grateful for anything received. Our time and - hopefully - expertise, we donate for free as we all believe passionately in what we do.

 

We will be able to start on my third computer when I am next in Utah (at the end of August)

That's fine, I'll leave this thread open.

 

Best wishes,

 

jedi

Share this post


Link to post
Share on other sites

Thanks Jedi ... your professionalism, technical ability, volunteerism and devotion are all admirable. I have made a donation, and look forward to working with you on my third PC in a couple of weeks. Thanks!

 

Ken

Share this post


Link to post
Share on other sites

Hi Jedi ... I'm here at our second home and this computer is worse than I remembered. I had to boot up in SAFE MODE just to get here. I will post the HiJackThis log below, first in SAFE MODE, and then (if I can get it to work), in normal mode ...

 

The symptoms are SLOWSLOWSLOWNESS. Even window re-drawing won't work well (shadow windows). I can hardly do anything ...

 

We will only be here at this house till Saturday. I hope we can make LOTS of progress getting this computer right by then.

 

Thanks in advance for your help.

 

Here's the log from safe mode ...

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 7:52:59 PM, on 8/29/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Safe mode with network support

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

F:\Programs\Mozilla\Firrefox\firefox.exe

C:\WINDOWS\system32\taskmgr.exe

F:\Downloads\HijackThis\HiJackThis_v2.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-proxy.us.oracle.com:80

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.oracle.com;*.oracleads.com;*.us.oracle.com;*.uk.oracle.com;*.ca.orac

e.com;*.oraclecorp.com;*.oracleportal.com;<local>

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Programs\SPYBOT~1\SDHelper.dll

O2 - BHO: IE7pro - {68C55168-E188-40DF-A514-835FCD78B1BF} - F:\Programs\IE7pro\IE7pro.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [LantronixRedirector] C:\Program Files\Lantronix\Redirector\red32.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [sM1BG] C:\WINDOWS\SM1BG.EXE

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\Integrity Client\iclient.exe"

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [iTunesHelper] "F:\Programs\Apple iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "F:\programs\Quicktime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Ken Jacobs.UTAH-DESKTOP\Application Data\Mozilla\Firefox\Profiles\s3h5rlco.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Ken Jacobs.UTAH-DESKTOP\Application Data\Mozilla\Firefox\Profiles/s3h5rlco.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"

O4 - Startup: palmOne Registration.lnk = F:\Programs\Sony Clie\register.exe

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = F:\Programs\Sony Clie\Hotsync.exe

O4 - Global Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\AiO\HPis\bin\matcli.exe

O4 - Global Startup: HPAiODevice(hp officejet d series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe

O4 - Global Startup: HPAiODevice(hp officejet d series) - 3.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe

O4 - Global Startup: Microsoft Broadband Networking.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\MSOffice 2000 (Powerpoint)\Office\OSA9.EXE

O4 - Global Startup: VPN Client.lnk = ?

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\Programs\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send To &Bluetooth - F:\Programs\Kensington Bluetooth USB Adaptor\btsendto_ie_ctx.htm

O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: IE7pro - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - F:\Programs\IE7pro\IE7pro.dll

O9 - Extra 'Tools' menuitem: IE7pro Ctrl+Alt+7 - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - F:\Programs\IE7pro\IE7pro.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Programs\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Programs\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Programs\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - F:\Programs\Magic NetTrace\MTIE.exe

O9 - Extra 'Tools' menuitem: &Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - F:\Programs\Magic NetTrace\MTIE.exe

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programs\Kensington Bluetooth USB Adaptor\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programs\Kensington Bluetooth USB Adaptor\btsendto_ie.htm

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: ProxToggle - {E6850551-1B82-47cd-BBF3-8E7D6099F9B3} - c:\windows\off.vbs

O9 - Extra 'Tools' menuitem: Proxy &Off - {E6850551-1B82-47cd-BBF3-8E7D6099F9B3} - c:\windows\off.vbs

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.musicmatch.com

O15 - Trusted Zone: *.musicmatch.com (HKLM)

O16 - DPF: {00191E4B-49C2-48E2-A548-8F702D75622A} - https://strtc.oracle.com/imtapp/res/jar/cnsload.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab

O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/big/1.1....g/GoogleNav.cab

O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqna/downloads/msxml4.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = us.oracle.com

O17 - HKLM\Software\..\Telephony: DomainName = us.oracle.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{E3038549-6D06-4A6B-A22E-427D70AD08D2}: NameServer = 130.35.249.41,130.35.249.52

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = us.oracle.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = us.oracle.com

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - F:\Programs\Adobe\Photoshop Elements\PhotoshopElementsFileAgent.exe

O23 - Service: Array SSL VPN Service 3,0,1,9 (ArraySSL_VPN_Service3,0,1,9) - Unknown owner - C:\Program Files\Array Networks\Array SSL VPN\3,0,1,9\arr_srvs3,0,1,9.exe

O23 - Service: Array Utility Service 4,0,1,3 (Array_Utility_Service4,0,1,3) - Unknown owner - C:\Program Files\Array Networks\Common\4,0,1,3\arr_isrv4,0,1,3.exe

O23 - Service: AutoExNT - Unknown owner - C:\WINDOWS\system32\AutoExNT.Exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - F:\Programs\Kensington Bluetooth USB Adaptor\bin\btwdins.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: MyDesktopService (MyDesktopWindows) - Oracle Corporation - C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe

O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - F:\Programs\Network Magic\WebServer\bin\nmraapache.exe

O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - F:\Programs\Network Magic\nmsrvc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: QOS MyDesktop (QOSMyDesktop) - Oracle - C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 12426 bytes

 

And here is the HiJackThis log just after rebooting (and things seem "better" on this second reboot ... at least the performance is somewhat better. I couldn't even successfully reboot before!

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 8:07:20 PM, on 8/29/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Array Networks\Common\4,0,1,3\arr_isrv4,0,1,3.exe

F:\Programs\Adobe\Photoshop Elements\PhotoshopElementsFileAgent.exe

C:\Program Files\Array Networks\Array SSL VPN\3,0,1,9\arr_srvs3,0,1,9.exe

C:\WINDOWS\system32\cmd.exe

F:\Programs\Vantage QLink\WebPoint\Home.exe

F:\Programs\Kensington Bluetooth USB Adaptor\bin\btwdins.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe

C:\Program Files\Symantec AntiVirus\SavRoam.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\System32\MsPMSPSv.exe

F:\Programs\Network Magic\nmsrvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lantronix\Redirector\red32.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\SM1BG.EXE

C:\Program Files\Zone Labs\Integrity Client\iclient.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

F:\Programs\Apple iTunes\iTunesHelper.exe

F:\programs\Quicktime\qttask.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~2\VPTray.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

F:\Programs\Kensington Bluetooth USB Adaptor\BTTray.exe

F:\Programs\Sony Clie\Hotsync.exe

C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe

C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe

F:\Programs\KENSIN~1\BTSTAC~1.EXE

C:\PROGRA~1\HEWLET~1\AiO\HPis\common\MOTIVE~1.EXE

C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe

C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe

C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe

C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\rundll32.exe

F:\Downloads\HijackThis\HiJackThis_v2.exe

F:\Programs\Mozilla\Firrefox\firefox.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-proxy.us.oracle.com:80

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.oracle.com;*.oracleads.com;*.us.oracle.com;*.uk.oracle.com;*.ca.orac

e.com;*.oraclecorp.com;*.oracleportal.com;<local>

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Programs\SPYBOT~1\SDHelper.dll

O2 - BHO: IE7pro - {68C55168-E188-40DF-A514-835FCD78B1BF} - F:\Programs\IE7pro\IE7pro.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [LantronixRedirector] C:\Program Files\Lantronix\Redirector\red32.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [sM1BG] C:\WINDOWS\SM1BG.EXE

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\Integrity Client\iclient.exe"

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [iTunesHelper] "F:\Programs\Apple iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "F:\programs\Quicktime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Ken Jacobs.UTAH-DESKTOP\Application Data\Mozilla\Firefox\Profiles\s3h5rlco.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Ken Jacobs.UTAH-DESKTOP\Application Data\Mozilla\Firefox\Profiles/s3h5rlco.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"

O4 - Startup: palmOne Registration.lnk = F:\Programs\Sony Clie\register.exe

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = F:\Programs\Sony Clie\Hotsync.exe

O4 - Global Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\AiO\HPis\bin\matcli.exe

O4 - Global Startup: HPAiODevice(hp officejet d series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe

O4 - Global Startup: HPAiODevice(hp officejet d series) - 3.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe

O4 - Global Startup: Microsoft Broadband Networking.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\MSOffice 2000 (Powerpoint)\Office\OSA9.EXE

O4 - Global Startup: VPN Client.lnk = ?

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\Programs\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send To &Bluetooth - F:\Programs\Kensington Bluetooth USB Adaptor\btsendto_ie_ctx.htm

O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: IE7pro - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - F:\Programs\IE7pro\IE7pro.dll

O9 - Extra 'Tools' menuitem: IE7pro Ctrl+Alt+7 - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - F:\Programs\IE7pro\IE7pro.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Programs\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Programs\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Programs\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - F:\Programs\Magic NetTrace\MTIE.exe

O9 - Extra 'Tools' menuitem: &Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - F:\Programs\Magic NetTrace\MTIE.exe

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programs\Kensington Bluetooth USB Adaptor\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programs\Kensington Bluetooth USB Adaptor\btsendto_ie.htm

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: ProxToggle - {E6850551-1B82-47cd-BBF3-8E7D6099F9B3} - c:\windows\off.vbs

O9 - Extra 'Tools' menuitem: Proxy &Off - {E6850551-1B82-47cd-BBF3-8E7D6099F9B3} - c:\windows\off.vbs

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.musicmatch.com

O15 - Trusted Zone: *.musicmatch.com (HKLM)

O16 - DPF: {00191E4B-49C2-48E2-A548-8F702D75622A} - https://strtc.oracle.com/imtapp/res/jar/cnsload.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab

O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/big/1.1....g/GoogleNav.cab

O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqna/downloads/msxml4.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = us.oracle.com

O17 - HKLM\Software\..\Telephony: DomainName = us.oracle.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{E3038549-6D06-4A6B-A22E-427D70AD08D2}: NameServer = 130.35.249.41,130.35.249.52

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = us.oracle.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = us.oracle.com

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - F:\Programs\Adobe\Photoshop Elements\PhotoshopElementsFileAgent.exe

O23 - Service: Array SSL VPN Service 3,0,1,9 (ArraySSL_VPN_Service3,0,1,9) - Unknown owner - C:\Program Files\Array Networks\Array SSL VPN\3,0,1,9\arr_srvs3,0,1,9.exe

O23 - Service: Array Utility Service 4,0,1,3 (Array_Utility_Service4,0,1,3) - Unknown owner - C:\Program Files\Array Networks\Common\4,0,1,3\arr_isrv4,0,1,3.exe

O23 - Service: AutoExNT - Unknown owner - C:\WINDOWS\system32\AutoExNT.Exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - F:\Programs\Kensington Bluetooth USB Adaptor\bin\btwdins.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: MyDesktopService (MyDesktopWindows) - Oracle Corporation - C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe

O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - F:\Programs\Network Magic\WebServer\bin\nmraapache.exe

O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - F:\Programs\Network Magic\nmsrvc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: QOS MyDesktop (QOSMyDesktop) - Oracle - C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 14980 bytes

Edited by Ken Jacobs

Share this post


Link to post
Share on other sites

Hi again Ken,

 

OK, as we haven't much time, several steps in one go, firstly, the spyware check:

 

Download Dr.Web CureIt to the desktop:

ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Next, please reboot your computer in Safe Mode by doing the following:

1) Restart your computer

2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.

3) Instead of Windows loading as normal, a menu should appear

4) Select the first option, to run Windows in Safe Mode.

 

For additional help in booting into Safe Mode, see the following site:

http://www.pchell.com/support/safemode.shtml

  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

Next:

 

1. Download this file -

ComboFix

2. Double click ComboFix.exe & follow the prompts.

3. When finished, it will produce a log for you. Post that log in your next reply

 

Note:

Do not mouseclick ComboFix's window whilst it's running. That may cause it to stall

 

OK, post both those logs, then do the following:

 

Download: CCleaner (freeware)

http://www.majorgeeks.com/download4191.html

Run the installer, and uncheck the option to install Yahoo toolbar (unless you want Yahoo toolbar).

Once installed, run CCleaner click the Windows [tab]

The following should be selected by default, if not, please select:

CCleanerA.png

Next: click Options click the Settings tab

Uncheck: "Only delete files older than 48 hrs.", click Ok

Then click Run Cleaner (bottom right) then Exit

 

Next:

 

Do Start > My Computer.

Right-Click on Local Disk C.

Click Properties > Tools.

Under 'Error-Checking' click 'Check Now'.

Under 'Check Local Disk C’ check both boxes and click 'Start'. You will be prompted to restart. Do so. You will get a blue screen on restart, be patient, the error-check takes time, your PC will start normally when it is complete.

 

Next:

 

Do Start > My Computer.

Right-Click on Local Disk C.

Click Properties > Tools.

Click on 'Defragment now' and follow the prompts to defragment your disk.

 

Lastly, also post a fresh HiJackThis log, and tell me how the PC is running.

 

jedi :)

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0