Jump to content


Photo

Two PCs infected ... let's work on the first


  • This topic is locked This topic is locked
79 replies to this topic

#1 Ken Jacobs

Ken Jacobs

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 06 June 2007 - 10:37 PM

My wife's PC (not protected by an AV tool .. doh!) got sick. I tried to help her. It got worse. I then used my machine to download some tools, copied them over on a memory stick, and lo and behold, my PC is infected too. GRRRR ...

I think I may have downloaded stuff to my PC that masquerades as anti-virus, but it actually propogates a virus. Maybe you can tell me what that is ...

Let's work on my PC first. It's a DELL Dimension 9100, dual core, with XP Media Center installed.

Symptoms: the mouse will freeze. It's a wireless Dell mouse. I press the button on the bottom to regain control. Funny, the wireless keyboard doesn't freeze. I have Symantec and now a trial version of Bit Defender. They seem to be catching and containing Brontok. However, I do get the symptom of mouse freezing and also a very slow machine at times.

I tried a number of tools like RegCure and REgistry Booster from UniBlue. They seem to work ok, and finish successfully. I also downloaded F-PROT to get rid of Brontok, but its messages were so annoying that I de-installed it.

Tried to follow your instructions. The HijackThis report is below. However, when I went to use AVGAS in Safe Mode, it gave me a message to the effect that "service could not be connected; reinstall". I tired that. I made sure that my VPN proxy server was not configured for AVGAS either in normal or safe mode. Nothing works. So, at the moment, I have no AVGAS report to share.

This mouse freezing is the most visible and annoying problem on my machine, plus sometimes slowness, with the Task Manager showing plenty of available CPU time. My wife's is worse, with pop-ups asking if she wants to install something, and terrible slowness. But let's do my machine first.

To answer your FAQ questions ...
o Do you have popups? ... No
o Has your browser been hijacked? ... no
o Does your antivirus detect an infected file? If so, what file, and what is the infection detected?
... YES, from BitDefender, it sees Generic.Brontok.73942F2D. I also have Symantec AV,
which probably has quaranteed it.
o Is your system sluggish? Is there a particular process using a lot of the CPU? If so, what is it? Does your firewall give alerts about a process trying to access the internet? If so, what is it?
... sometimes. Shutdown and startup are slow. No process seems to be using a lot of time. Plenty of Idle time.
o Have you already tried certain steps to fix your problem? If so, what have you tried?
... see above; In addition, have run Sybbot and Ad-Aware.
o Please also mention that you have read this FAQ and followed the directions, or else someone is likely to ask you to come back here.
.. been there, did that!


Question for you ... is there confidential info of mine (passwords to websites, for example) that you see from what I post? How can I provide you with what I need without disclosing such info in the next steps of this process?

Thanks in advance for your help!

Ken

Here's the log ...


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:03:16 PM, on 6/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\LVCOMSX.EXE
D:\Applications\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\StartupMonitor.exe
D:\Applications\BitDefender\bdmcon.exe
D:\Applications\BitDefender\bdagent.exe
C:\Program Files\Array Networks\Common\4,0,1,3\arr_isrv4,0,1,3.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\Adobe\Photoshop Elements\PhotoshopElementsFileAgent.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Applications\Zinio\ZinioDeliveryManager.exe
D:\Applications\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
D:\Applications\RegistryBooster2\RegistryBooster.exe
D:\Applications\Bluetooth Actiontec\BTTray.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
D:\Applications\Palm Desktop\Hotsync.exe
C:\Program Files\Array Networks\Array SSL VPN\3,0,1,9\arr_srvs3,0,1,9.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
D:\APPLIC~1\BLUETO~2\BTSTAC~1.EXE
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Applications\Bluetooth Actiontec\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Applications\Oracle Drive\XfsSvcCon.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe
D:\Applications\Retrospect Backup\retrorun.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
D:\Applications\BitDefender\vsserv.exe
D:\Program Files\Mozilla\Thunderbird\thunderbird.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Downloads\HijackThis\HiJackThis_v2.exe
C:\PROGRA~1\SYMANT~1\DWHWIZRD.EXE
C:\WINDOWS\orclobi\gdswsuspatch.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://securityrespo...r/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com...mp;affid=105-56
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-proxy1.us.oracle.com:80
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\APPLIC~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Oracle Drive Helper Object - {5D33B3E0-4FB3-4ED1-9106-B6EB06A3B7C2} - C:\WINDOWS\SYSTEM32\ODriveHelper.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] "C:\Program Files\Symantec AntiVirus\VPTray.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Applications\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [TweakAutomaticUpdates] C:\WINDOWS\orclobi\gdswsuspatch_soon.exe /s
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [BDMCon] "D:\Applications\BitDefender\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "D:\Applications\BitDefender\bdagent.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Zinio DLM] D:\Applications\Zinio\ZinioDeliveryManager.exe /autostart
O4 - HKCU\..\Run: [Uniblue Registry Booster2] D:\Applications\RegistryBooster2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: HotSync Manager.lnk = D:\Applications\Palm Desktop\Hotsync.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = D:\Applications\Treo Palm Desktop\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\APPLIC~1\MI69DF~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - D:\Applications\Bluetooth Actiontec\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\APPLIC~1\MI69DF~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\APPLIC~1\MI69DF~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\APPLIC~1\MI69DF~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Applications\Bluetooth Actiontec\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Applications\Bluetooth Actiontec\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai...cat-no-eula.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...99/mcinsctl.cab
O16 - DPF: {66D845A0-C3BB-45AD-807C-9BFEAF20EF2C} (InPEditor Class) - http://stcontent.ora...it_In_Place.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1175863491528
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B9D91D4-26B3-460D-9815-F3FB29034F37}: NameServer = 130.35.249.41,130.35.249.52
O17 - HKLM\System\CCS\Services\Tcpip\..\{91D74CA9-7B8F-40C8-8E49-1ED8EA29672A}: NameServer = 130.35.249.41,138.2.202.15
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = us.oracle.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = us.oracle.com
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - D:\Applications\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Array SSL VPN Service 3,0,1,9 (ArraySSL_VPN_Service3,0,1,9) - Unknown owner - C:\Program Files\Array Networks\Array SSL VPN\3,0,1,9\arr_srvs3,0,1,9.exe
O23 - Service: Array Utility Service 4,0,1,3 (Array_Utility_Service4,0,1,3) - Unknown owner - C:\Program Files\Array Networks\Common\4,0,1,3\arr_isrv4,0,1,3.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - D:\Applications\Bluetooth Actiontec\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: MyDesktopService (MyDesktopWindows) - Oracle Corporation - C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe
O23 - Service: MySQL - Oracle Corporation - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ODrive Service (OdService) - Oracle - D:\Applications\Oracle Drive\XfsSvcCon.exe
O23 - Service: OracleServiceORCL - Oracle Corporation - e:\applications\oracle\oraclehome\bin\ORACLE.EXE
O23 - Service: QOS MyDesktop (QOSMyDesktop) - Oracle - C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Corporation - D:\Applications\Retrospect Backup\retrorun.exe
O23 - Service: Retrospect Helper - EMC Corporation - D:\Applications\Retrospect Backup\rthlpsvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - D:\Applications\BitDefender\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 16778 bytes

#2 Ken Jacobs

Ken Jacobs

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 07 June 2007 - 02:44 PM

This is getting worse! My PC was on all night long (not in safe mode), and this morning the mouse was freezing every 5-10 seconds. It appears this virus gets more aggressive as time goes by. I did not yet try rebooting to see if the problem continues to get worse. I will have to reboot this evening when I get home from work, though.

Appreciate any and all help!

Thanks

Ken

#3 Ken Jacobs

Ken Jacobs

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 07 June 2007 - 11:37 PM

More news ... Blue Screens of Death. Something about IRQL_LESS_BUT_NOT_EQUAL or some such. Desparately need help!

Also, the mouse freeze problem continues to worsen, even after a reboot. I do find, though, that if I keep the mouse moving, it won't freeze. That's not possible while typing (with both hands) of course, so I'm really hurting here ...

Thanks!

Ken

#4 Ken Jacobs

Ken Jacobs

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 08 June 2007 - 11:15 AM

Another thing is that the cursor on the screen sometimes moves in a random direction, not in the direction I intend.

Ken

#5 Ken Jacobs

Ken Jacobs

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 08 June 2007 - 11:27 AM

Not sure it is related, or a coincidence, but around this same time, some of the file-type associations have been messed up. For example, I open a .PPT file attached to an email in Thunderbird, and the system tries to open it in Notepad! I have reset it now to open with Powerpoint, of course.

In the interest of providing as much info as I could, I thought I'd add this tidbit ...

Ken

#6 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,520 posts

Posted 09 June 2007 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#7 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 14 June 2007 - 03:49 AM

Hi,

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
Next:

1. Download this file - ComboFix
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Question for you ... is there confidential info of mine (passwords to websites, for example) that you see from what I post?

No. The logs may show your name i.e. C:\Documents and Settings\Fred Bloggs\ but you can xxxxx that out if you want.

(Isolate your wife's PC from the internet so it doesn't get any more infected, and I'll work on it afterwards)

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#8 Ken Jacobs

Ken Jacobs

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 14 June 2007 - 09:07 PM

Thank you for your help ... I certainly appreciate it ...

Here is the log from Dr. Web CureIt:

vsserv.exe;d:\applications\bitdefender;Probably DLOADER.Trojan;Incurable.Moved.;
NetZero - First Month Free!.exe;C:\Documents and Settings\All Users\Start Menu;Trojan.Click.1487;Deleted.;
Application Installer.exe;C:\Documents and Settings\Ken Jacobs\Desktop;Trojan.PWS.TOnline;Deleted.;
MiniBugTransporter.dll;C:\Program Files\Common Files\Real\WeatherBug;Adware.Minibug;Incurable.Moved.;
A0094857.exe;C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP626;Trojan.Click.1487;Deleted.;
A0094858.exe;C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP626;Trojan.PWS.TOnline;Deleted.;
vsserv.exe;D:\Applications\BitDefender;Probably DLOADER.Trojan;;
HelpSystem.chm\images/wwd_shelf_date2.png;D:\Applications\Tableau\help\HelpSystem.chm;Modification of Renegade.1176;;
HelpSystem.chm;D:\Applications\Tableau\help;Archive contains infected objects;Moved.;
MyYahoo.dll;D:\Applications\Yahoo Messenger;Probably STPAGE.Trojan;Incurable.Moved.;
ApplicationInstaller.exe;D:\Downloads\Oracle Downloads\App Installer;Trojan.PWS.TOnline;Deleted.;
A0094859.exe;D:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP626;Trojan.PWS.TOnline;Deleted.;
emSnapshotEnv.vbs;E:\Applications\Oracle\OracleHome\ccr\lib;Probably SCRIPT.Virus;Incurable.Moved.;
BufferOverrunPatch.exe;E:\Downloads2\Anti Virus Fixes\Blaster Worm August 2003;Trojan.PWS.TOnline;Deleted.;
ApplicationInstaller.exe;E:\Downloads2\Oracle\App Installer;Trojan.PWS.TOnline;Deleted.;
Application Installer.exe;E:\LAPTOP-D-Drive;Trojan.PWS.TOnline;Deleted.;
M_BARAX.SMK;E:\LAPTOP-D-Drive\C\GAMES\BlackDahlia\SOUND;Modification of Linux.Rst.4096;Moved.;
HKLM_1.reg;E:\LAPTOP-D-Drive\Win95 C Drive\Program Files\Regback;Probably SCRIPT.Virus;Incurable.Moved.;
Regback.exe;E:\LAPTOP-D-Drive\Win95 C Drive\Program Files\Regback;Trojan.PWS.TOnline;Deleted.;
A0095082.exe;E:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP626;Trojan.PWS.TOnline;Deleted.;
A0095882.exe;E:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP626;Trojan.PWS.TOnline;Deleted.;
A0096780.exe;E:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP626;Trojan.PWS.TOnline;Deleted.;
A0096781.exe;E:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP626;Trojan.PWS.TOnline;Deleted.;
Application Installer.exe;F:\CDRIVE\Documents and Settings\All Users\Start Menu\Programs\Application & Printer Installer;Trojan.PWS.TOnline;Deleted.;
Printer Installer.exe;F:\CDRIVE\Documents and Settings\All Users\Start Menu\Programs\Application & Printer Installer;Trojan.PWS.TOnline;Deleted.;
setup.exe;F:\CDRIVE\Program Files\Source\PrimoMon;Probably BACKDOOR.Trojan;Incurable.Moved.;
NortonAntivirus.exe;F:\Downloads\Oracle Downloads;Trojan.PWS.TOnline;Deleted.;
A0096782.exe;F:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP626;Trojan.PWS.TOnline;Deleted.;
A0096783.exe;F:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP626;Trojan.PWS.TOnline;Deleted.;
A0096784.exe;F:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP626;Trojan.PWS.TOnline;Deleted.;


And now the log from ComboFix:

ComboFix 07-06-13.3
"Ken Jacobs" - 2007-06-14 18:58:48 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-05-15 to 2007-06-15 )))))))))))))))))))))))))))))))


2007-06-14 18:57 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-14 05:50 <DIR> d-------- C:\DOCUME~1\KENJAC~1\DoctorWeb
2007-06-05 19:20 <DIR> d-------- C:\pebuilder3110a
2007-06-05 17:58 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-05 16:25 <DIR> d--hs---- C:\WINDOWS\CSC
2007-06-05 14:50 <DIR> d-------- C:\DOCUME~1\KENJAC~1\APPLIC~1\Lavasoft
2007-06-04 13:03 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2007-06-04 12:58 <DIR> d-------- C:\DOCUME~1\KENJAC~1\APPLIC~1\Bitdefender
2007-06-04 12:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BitDefender
2007-06-04 09:46 <DIR> dr------- C:\DOCUME~1\KENJAC~1\APPLIC~1\SpaceTime 3D
2007-06-04 07:51 <DIR> d-------- C:\Program Files\Common Files\EZB Systems
2007-06-04 02:38 <DIR> d-------- C:\DOCUME~1\KENJAC~1\APPLIC~1\ImgBurn
2007-06-03 23:05 <DIR> d-------- C:\Program Files\FRISK Software
2007-06-03 23:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FRISK Software
2007-06-03 18:25 61,440 --a------ C:\WINDOWS\ContextMenuExt.dll
2007-06-03 18:24 77,824 --a------ C:\WINDOWS\system32\StartupCPL.exe
2007-06-03 18:24 159,232 --a------ C:\WINDOWS\system32\WindowsUptime.exe
2007-06-03 18:24 <DIR> d-------- C:\Program Files\PowerMenu
2007-06-03 18:23 <DIR> d-------- C:\Program Files\Microsoft CopyProfile
2007-06-03 18:23 <DIR> d-------- C:\Program Files\HighMAT CD Writing Wizard
2007-06-03 18:22 40,960 --a------ C:\WINDOWS\system32\SSUBTMR6.DLL
2007-06-03 18:22 10,752 --a------ C:\WINDOWS\system32\aamd532.dll
2007-06-03 12:17 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-29 15:57 <DIR> d-------- C:\DOCUME~1\KENJAC~1\APPLIC~1\PC Magazine Utilities
2007-05-29 11:52 <DIR> d-------- C:\Program Files\USBDLM
2007-05-26 11:44 <DIR> d-------- C:\DOCUME~1\KENJAC~1\APPLIC~1\Notepad++
2007-05-24 17:35 <DIR> d-------- C:\Program Files\MySQL
2007-05-21 07:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
2007-05-21 00:21 <DIR> d-------- C:\TEMP
2007-05-20 23:59 <DIR> d-------- C:\Program Files\Virtual Earth 3D


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-13 14:31:46 1,324 ----a-w C:\WINDOWS\system32\d3d9caps.dat
2007-06-06 05:22:23 384 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000005-00000000-00000004-00001102-00000004-20061102}.dat
2007-06-06 05:22:23 384 ----a-w C:\WINDOWS\system32\DVCState-{00000005-00000000-00000004-00001102-00000004-20061102}.dat
2007-06-06 05:16:11 -------- d-----w C:\Program Files\Yahoo!
2007-06-06 05:12:33 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-06 05:07:42 -------- d-----w C:\Program Files\GemMaster
2007-06-06 05:03:34 -------- d-----w C:\Program Files\Common Files\AOL
2007-06-06 05:03:04 -------- d-----w C:\Program Files\Common Files\aolshare
2007-06-06 04:25:36 -------- d-----w C:\DOCUME~1\KENJAC~1\APPLIC~1\Creative
2007-06-05 21:39:45 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-06-05 16:25:54 -------- d-----w C:\DOCUME~1\KENJAC~1\APPLIC~1\.gaim
2007-06-04 16:47:32 9,862 -c--a-w C:\WINDOWS\mozver.dat
2007-06-02 22:46:14 -------- d-----w C:\DOCUME~1\KENJAC~1\APPLIC~1\System Tweaker
2007-06-02 21:49:37 -------- d-----w C:\Program Files\SightSpeed
2007-05-29 20:41:40 -------- d-----w C:\DOCUME~1\KENJAC~1\APPLIC~1\ContentGuard
2007-05-27 04:12:58 -------- d-----w C:\DOCUME~1\KENJAC~1\APPLIC~1\MySQL
2007-05-21 03:06:58 -------- d-----w C:\Program Files\Oracle
2007-05-20 22:45:50 -------- d-----w C:\DOCUME~1\KENJAC~1\APPLIC~1\OpenOffice.org2
2007-05-13 21:07:01 -------- d-----w C:\DOCUME~1\KENJAC~1\APPLIC~1\VMware
2007-05-12 22:56:47 -------- d-----w C:\Program Files\Microsoft IntelliPoint
2007-05-12 22:56:07 -------- d-----w C:\Program Files\Microsoft IntelliPoint 5.2
2007-05-10 02:40:59 -------- d-----w C:\DOCUME~1\KENJAC~1\APPLIC~1\GlobalSCAPE
2007-05-10 00:36:02 -------- d-----w C:\Program Files\Apache Software Foundation
2007-05-09 23:24:12 -------- d-----w C:\DOCUME~1\KENJAC~1\APPLIC~1\Oracle
2007-05-06 17:23:21 -------- d-----w C:\DOCUME~1\KENJAC~1\APPLIC~1\Uniblue
2007-05-02 17:34:01 -------- d-----w C:\DOCUME~1\KENJAC~1\APPLIC~1\Apple Computer
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-13 03:05:04 5,120 ----a-r C:\WINDOWS\system32\vnetinst.dll
2007-03-23 13:07:56 1,683,280 ------w C:\WINDOWS\system32\XpsSvcs.dll
2007-03-23 13:07:54 583,504 ------w C:\WINDOWS\system32\XPSSHHDR.dll
2007-03-23 03:25:02 124,928 ------w C:\WINDOWS\system32\prntvpt.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=D:\APPLIC~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\system32\dla\tfswshx.dll [2005-05-31 05:33]
{5D33B3E0-4FB3-4ED1-9106-B6EB06A3B7C2}=C:\WINDOWS\SYSTEM32\ODriveHelper.DLL [2007-02-09 12:34]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-05-19 12:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-04-25 06:50]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 18:12]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 08:43]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-17 23:00]
"CTHelper"="CTHELPER.EXE" [2004-03-11 13:50 C:\WINDOWS\system32\CTHELPER.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-08-25 08:07]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 14:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 14:50]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 10:21]
"vptray"="C:\Program Files\Symantec AntiVirus\VPTray.exe" [2005-06-23 20:27]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-17 13:03]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 14:19]
"Adobe Photo Downloader"="D:\Applications\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 07:55]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 01:50]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-09-23 09:48]
"Run StartupMonitor"="StartupMonitor.exe" [2000-05-20 17:23 C:\WINDOWS\StartupMonitor.exe]
"BDMCon"="D:\Applications\BitDefender\bdmcon.exe" [2007-04-02 16:48]
"BDAgent"="D:\Applications\BitDefender\bdagent.exe" [2007-03-26 15:49]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-01-18 17:07]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-19 12:43]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-08-28 22:57]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 03:00]
"Zinio DLM"="D:\Applications\Zinio\ZinioDeliveryManager.exe" [2006-04-26 16:13]
"Uniblue Registry Booster2"="D:\Applications\RegistryBooster2\RegistryBooster.exe" [2007-04-23 15:40]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"TSClientMSIUninstaller"=cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRemoteRecursiveEvents"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSaveSettings"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 05:29]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DING!.lnk]
backup=C:\WINDOWS\pss\DING!.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
backup=C:\WINDOWS\pss\Monitor Apache Servers.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Oracle Drive.lnk]
backup=C:\WINDOWS\pss\Oracle Drive.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ORB.lnk]
backup=C:\WINDOWS\pss\ORB.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Symantec Fax Starter Edition Port.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Symantec Fax Starter Edition Port.lnk
backup=C:\WINDOWS\pss\Symantec Fax Starter Edition Port.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ken Jacobs^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ken Jacobs^Start Menu^Programs^Startup^palmOne Registration.lnk]
backup=C:\WINDOWS\pss\palmOne Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ken Jacobs^Start Menu^Programs^Startup^Winding Road Automatic.lnk]
backup=C:\WINDOWS\pss\Winding Road Automatic.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FineReader7NewsReaderPro]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
C:\Program Files\Logitech\Video\CameraAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
C:\Program Files\Logitech\Video\InstallHelper.exe /inspect

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
"C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue Registry Booster2]
D:\Applications\RegistryBooster2\RegistryBooster.exe /S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"D:\PROGRA~1\YAHOOM~1\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zinio DLM]
D:\Applications\Zinio\ZinioDeliveryManager.exe /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Brother XP spl Service"=2 (0x2)
"ZendCoreApache"=2 (0x2)
"OrbMediaService"=2 (0x2)
"MySQL"=2 (0x2)
"Apache2"=2 (0x2)
"TapiSrv"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"mnmsrvc"=3 (0x3)
"Fax"=2 (0x2)
"LVPrcSrv"=2 (0x2)
"AOL ACS"=2 (0x2)
"VMware NAT Service"=2 (0x2)
"vmserverdWin32"=2 (0x2)
"vmount2"=2 (0x2)
"VMnetDHCP"=2 (0x2)
"VMAuthdService"=2 (0x2)
"OracleOraDb11g_home1TNSListener"=2 (0x2)
"OracleDBConsoleorcl"=2 (0x2)


Contents of the 'Scheduled Tasks' folder
2007-06-15 01:54:43 C:\WINDOWS\tasks\At1.job
2007-06-02 01:30:00 C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (D9ZCK981-Ken Jacobs).job
2007-06-15 01:54:20 C:\WINDOWS\tasks\RegCure Program Check.job
2007-06-14 10:00:00 C:\WINDOWS\tasks\RegCure.job
2007-06-15 01:54:20 C:\WINDOWS\tasks\XoftSpySE 2.job
2007-06-12 10:00:00 C:\WINDOWS\tasks\XoftSpySE.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-14 19:02:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-14 19:02:51

--- E O F ---


Hope you can get rid of the bad things!

Thanks!

Ken

Edited by Ken Jacobs, 14 June 2007 - 09:42 PM.


#9 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 15 June 2007 - 03:10 AM

Hi again,

* Download Killbox.
Click killbox.exe.
Select the option "Delete on reboot".
Click the button: All Files (!important!)
Now it should flash green.

Now copy the next bold part:

C:\WINDOWS\system32\d3d9caps.dat
C:\WINDOWS\tasks\At1.job


Open 'file' in the killboxmenu on top and choose Paste from clipboard

Then press the button that looks like a red circle with a white X in it.
Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to Reboot now, click YES
If you don't get that message, reboot manually.

Your computer should reboot now.

Then please post a fresh HiJackThis log.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#10 Ken Jacobs

Ken Jacobs

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 15 June 2007 - 10:41 AM

Ran Killbox per instructions. The newest HijackThis log is below.

One more question ... aside from rebooting when it wants, and grabbing my mouse (and modifying files on my disk) what other bad things does this virus (these viruses?) do on my machine? In particular, is my machine infected with anything that captures passwords, cookies, keylogging, etc?

Thanks ... again, I do appreciate your help!

Ken

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:38:32 AM, on 6/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
D:\Applications\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\StartupMonitor.exe
D:\Applications\BitDefender\bdmcon.exe
D:\Applications\BitDefender\bdagent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Applications\Zinio\ZinioDeliveryManager.exe
C:\Program Files\Array Networks\Common\4,0,1,3\arr_isrv4,0,1,3.exe
D:\Applications\RegistryBooster2\RegistryBooster.exe
D:\Program Files\Adobe\Photoshop Elements\PhotoshopElementsFileAgent.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\Applications\Bluetooth Actiontec\BTTray.exe
D:\Applications\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
D:\Applications\Palm Desktop\Hotsync.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
D:\APPLIC~1\BLUETO~2\BTSTAC~1.EXE
C:\Program Files\Array Networks\Array SSL VPN\3,0,1,9\arr_srvs3,0,1,9.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Applications\Bluetooth Actiontec\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Applications\Oracle Drive\XfsSvcCon.exe
C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe
D:\Applications\Retrospect Backup\retrorun.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\dllhost.exe
D:\Downloads\HijackThis\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://securityrespo...r/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com...mp;affid=105-56
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-proxy1.us.oracle.com:80
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\APPLIC~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Oracle Drive Helper Object - {5D33B3E0-4FB3-4ED1-9106-B6EB06A3B7C2} - C:\WINDOWS\SYSTEM32\ODriveHelper.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] "C:\Program Files\Symantec AntiVirus\VPTray.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Applications\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [BDMCon] "D:\Applications\BitDefender\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "D:\Applications\BitDefender\bdagent.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Zinio DLM] D:\Applications\Zinio\ZinioDeliveryManager.exe /autostart
O4 - HKCU\..\Run: [Uniblue Registry Booster2] D:\Applications\RegistryBooster2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: HotSync Manager.lnk = D:\Applications\Palm Desktop\Hotsync.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = D:\Applications\Treo Palm Desktop\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\APPLIC~1\MI69DF~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - D:\Applications\Bluetooth Actiontec\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\APPLIC~1\MI69DF~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\APPLIC~1\MI69DF~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\APPLIC~1\MI69DF~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Applications\Bluetooth Actiontec\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Applications\Bluetooth Actiontec\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai...cat-no-eula.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...99/mcinsctl.cab
O16 - DPF: {66D845A0-C3BB-45AD-807C-9BFEAF20EF2C} (InPEditor Class) - http://stcontent.ora...it_In_Place.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1175863491528
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B9D91D4-26B3-460D-9815-F3FB29034F37}: NameServer = 130.35.249.41,130.35.249.52
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - D:\Applications\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Array SSL VPN Service 3,0,1,9 (ArraySSL_VPN_Service3,0,1,9) - Unknown owner - C:\Program Files\Array Networks\Array SSL VPN\3,0,1,9\arr_srvs3,0,1,9.exe
O23 - Service: Array Utility Service 4,0,1,3 (Array_Utility_Service4,0,1,3) - Unknown owner - C:\Program Files\Array Networks\Common\4,0,1,3\arr_isrv4,0,1,3.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - D:\Applications\Bluetooth Actiontec\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: MyDesktopService (MyDesktopWindows) - Oracle Corporation - C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe
O23 - Service: MySQL - Oracle Corporation - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ODrive Service (OdService) - Oracle - D:\Applications\Oracle Drive\XfsSvcCon.exe
O23 - Service: OracleServiceORCL - Oracle Corporation - e:\applications\oracle\oraclehome\bin\ORACLE.EXE
O23 - Service: QOS MyDesktop (QOSMyDesktop) - Oracle - C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Corporation - D:\Applications\Retrospect Backup\retrorun.exe
O23 - Service: Retrospect Helper - EMC Corporation - D:\Applications\Retrospect Backup\rthlpsvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - D:\Applications\BitDefender\vsserv.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 16027 bytes

Edited by Ken Jacobs, 15 June 2007 - 10:47 AM.


#11 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 15 June 2007 - 12:19 PM

Hi again,

In particular, is my machine infected with anything that captures passwords, cookies, keylogging, etc?

Doubtful, not impossible, at the moment it doesn't look like it's infected with anything much, but I'll do some more checking.
This error notice - IRQL_NOT_LESS_OR_EQUAL - is more to do with bad drivers, if you could get the specific stop notice that comes with it that with be useful. Have you installed any programs recently?

Anyway - Download GMER from here:
http://www.majorgeek...GMER_d5198.html

Unzip it to desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, apart from ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#12 Ken Jacobs

Ken Jacobs

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 16 June 2007 - 01:25 AM

Here's the GMER post ... still having problems with the mouse by the way ...

Thanks for your continued help!

Ken

GMER 1.0.12.12244 - http://www.gmer.net
Rootkit scan 2007-06-15 23:23:21
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT 88B83C70 ZwConnectPort
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess

---- Kernel code sections - GMER 1.0.12 ----

? C:\WINDOWS\system32\DRIVERS\update.sys

---- EOF - GMER 1.0.12 ----

#13 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 16 June 2007 - 04:36 AM

Ok,

Do Start > Control Panel > Mouse > Hardware > Properties > Driver > Update Driver > Yes, this time only > Install the software automatically. Let me know if the Wizard finds any better drivers for your mouse. If it does, follow the prompts to install them. Can you also tell me the exact model of your mouse.

Next, do Start > Run and type in chkdsk and hit OK.

Let me know any error messages you are getting, as much detail as you can.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#14 Ken Jacobs

Ken Jacobs

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 16 June 2007 - 02:25 PM

Thank you for your help so far ... I think we are making progress, but we're still not there. Here are the issues I'm still facing ...

1. Mouse still freezes
2. Blue Screen of Death (just about every other time)
3. An attempt to install VPN s/w on boot (I didn't mention this before but I should have ....)

I followed your instructions re CHKDSK. I got these messages ...

Correcting errors in master file table's <MFT> BITMAP attribute"


I also tried the mouse driver update routine .. it could not find a newer driver. The mouse I have came with my Dell 9100, and is Dell P/N 0T0179 (the mouse itself) and P/N 0U0754 for the wireless receiver that plus into my machine.

I have also done the following ...

Installed Microsoft Intellipoint 6.1 mouse driver (donwloaded from Microsoft's site). I chose the standard optical wireless driver. It installed successfully, but did not change anything. According to the control panel (etc) mouse hw device driver, this is the same driver that was installed previously. (Same driver date: 2001, and version 5.1.2600.0).

I unplugged the wireless receiver, got several "beep-boop" sounds, and re-attached the wireless receiver. Eventually the system recognized the USB device (first the receiver, then the "human interface device"). The mouse starts to work, but if I leave it still for 10 seconds, it hangs again.

I attached a NON-WIRES USB mouse, and it does not have that problem! It can be still for a long while, and never hang. Something is awry with the wireless USB receiver device driver, I guess. Naturally, I would greatly prefer the wireless mouse driver to work.

#15 Ken Jacobs

Ken Jacobs

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 16 June 2007 - 02:46 PM

Thank you for your help so far ... I think we are making progress, but we're still not there. Here are the issues I'm still facing ...

1. Mouse still freezes
2. Blue Screen of Death (just about every other time)
3. An attempt to install VPN s/w on boot (I didn't mention this before but I should have ....)

I followed your instructions re CHKDSK. I got these messages ...

Correcting errors in master file table's <MFT> BITMAP attribute
Correcting errors in volume bitmap

I then ran CHKDSK/F to correct this (before it was readonly). It required a reboot (BSoD, then success). I got this message from CHKDSK/F:

Deleting index entry tmp.edb in index $I30 of file 12341

Again, rebooted, ran CHKDSK/F again, got this:

Recovering lost files ...
Orphaned file temp.edb <9961> into diectory 12341
(same error about bitmaps)

Have rebooted successfully, but another CHKDSK says, in stage 2 of 3 ...

Deleting index entry sessionstore.js in index $I30 of file 56338.
Deleting index entry SESSIO~1.JS in index $I30 of file 56338

(I will have to reboot since CHKDSK/F says the volume is in use and it has to run on restart. I'll finish this entry first, the come back and post what happened.)

Back from reboot. First a BSoD. Power off. Windows boots, runs CHKDSK with NO errors. Reboots itself without poweroff. Back to Windows. Re-ran CHKDSK in CMD window, and it wrote several messages about recovering lost files:

Microsoft Windows XP [Version 5.1.2600]
© Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Ken Jacobs>chkdsk
The type of the file system is NTFS.
Volume label is Windows XP.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
CHKDSK is recovering lost files.
Recovering orphaned file SESSIO~1.MOZ (14709) into directory file 56338.
Recovering orphaned file sessionstore.js.moztmp (14709) into directory file 5633
8.
Recovering orphaned file COOKIE~1.MOZ (14888) into directory file 56338.
Recovering orphaned file cookies.txt.moztmp (14888) into directory file 56338.
CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
Correcting errors in the master file table's (MFT) BITMAP attribute.
Correcting errors in the Volume Bitmap.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.

22145602 KB total disk space.
16772712 KB in 89108 files.
30492 KB in 8248 indexes.
0 KB in bad sectors.
187802 KB in use by the system.
65536 KB occupied by the log file.
5154596 KB available on disk.

4096 bytes in each allocation unit.
5536400 total allocation units on disk.
1288649 allocation units available on disk.

C:\Documents and Settings\Ken Jacobs>

.... so I am getting file system problems immediately after Windows boots successfully.

The BSoD has happened many times (though fortunately not every time!) I reboot. Here are the details:

IRQL_NOT_LESS_OR_EQUAL
Stop: 0x0000000A
(0x0012009F, 0x000001C, 0x00000000, 0x804FA11E)

Powering off before the reboot occurs seems to avoid the BSoD, whereas just a restart seems to lead to the BSoD ... not sure it that's every time.

I also tried the mouse driver update routine .. it could not find a newer driver. The mouse I have came with my Dell 9100, and is Dell P/N 0T0179 (the mouse itself) and P/N 0U0754 for the wireless receiver that plugs into my machine.

I have also just re-installed Microsoft Intellipoint 6.1 mouse driver (downloaded from Microsoft's site). I chose the standard optical wireless driver. It installed successfully, but did not change anything. This is the same driver that was installed previously (driver date: 2001, and version 5.1.2600.0). The wireless mouse will work if I push the button on the bottom to re-sync with the wireless receiver, but then it hangs.

I unplugged the wireless receiver, got several "beep-boop" sounds, and re-attached the wireless receiver. Eventually the system recognized the USB device (first the receiver, then the "human interface device"). The mouse starts to work, but if I leave it still for 10 seconds, it hangs again.

I attached a NON-WIRELESS USB mouse, and it does not have that problem! It can be still for a long while, and never hang. Something is awry with the wireless USB receiver device driver, it seems. Naturally, I would greatly prefer the wireless mouse driver to work. What's also odd is that the Dell keyboard is wireless, and it works just fine!

The other thing I forgot to mention earlier is that every time I reboot, the system is looking for something to install (I believe it is the Cisco VPN driver my company provides). It can't find it, and rollsback the install. I don't need this to be reinstalled, as I've already got it installed. How can I stop Windows from trying to install this sw on reboot? When I hit CANCEL on the install, it takes a long time for it to stop/reverse the process.

Lastly, because I got a message from the Dell support utility, I downloaded and installed Microsoft's Hot Fix (KB 906569), which apparently does something to MSCONFIG. Nothing new seems to be happening as a result.

Sorry for this long message, but this is all relevant to this current set of problems.

Thanks!

Ken

Edited by Ken Jacobs, 16 June 2007 - 03:08 PM.


#16 Ken Jacobs

Ken Jacobs

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 16 June 2007 - 11:59 PM

Hi ...

I have some additional news ....

I now got a BSoD not as a result of a reboot -- it just happened while I was browsing. I briefly saw a CMD window that seemed to be titled Netsh, but I'm not sure. I didn't see anything in the window before it closed.

Also, I have fixed the VPN installer problem I mentioned ... I found the Microsoft Installer Cleanup Utility, and removed the installer for that product. No need for you to worry about this topic any more. So now, my problem is down the the hanging WIRELESS mouse and the BSoD. Bad enough!

On the topic of my wife's PC, I decided to completely re-install Windows, from scratch. Stupidly, I didn't immediately do a virus scan. And, I think the virus is back already! On my wife's machine, it appears the virus has very sneakily changed the icon for some of its executables to look like a folder. I click on what I think is a folder, and BOOM, I'm re-installing the virus. At least I think that's what happens ... bummer. I am in the process of re-installing ... AGAIN.

So, once we figure out the BSoD and mouse hanging problem here, we can work on her machine if I can't completely eradicate the virus myself.

Anyway, I do appreciate your help ... please let me know if there is any additional info I can provide.

Thanks

Ken

Edited by Ken Jacobs, 17 June 2007 - 12:27 AM.


#17 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 17 June 2007 - 05:21 AM

Hi again,

I found the Microsoft Installer Cleanup Utility


It's what I would have suggested anyway. :thumbsup:

If you're doing a fresh install on your wifes' PC, reformat the disk to remove all trace of the previous installation, it lessens the chance of reinfection. But anyway, we'll get to that, first, BSOD + stop codes. Unless it's hardware going bad, I suspect the mouse driver may be the problem, the relevant article is here:
http://support.micro...b;en-us;Q314063

Particularly:

If you have installed any third-party software or drivers, try removing them or disabling them so that they do not load, and then restart the computer to see whether that software or driver is causing the error. If that software or driver is causing the error, report the problem to the vendor of the software or driver.


There's a driver rollback feature in Windows:
http://support.micro....com/kb/283657/

However, I know from past experience that these IRQL_NOT_LESS_OR_EQUAL notices can be difficult to diagnose, you might want to consider a repair-install of Windows it you can't diagnose this. Basically though, look at the WIRELESS mouse drivers first, the fact that it's hanging suggests the problem is there, then if there are any other software or driver changes you have made around the same time, look at them. For example the wireless USB receiver device driver may need rolling back also.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#18 Ken Jacobs

Ken Jacobs

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 28 June 2007 - 10:19 AM

Just an update ... I've seemingly gotten rid of the virus on my machine, and haven't seen a BSoD in a while. However, my mouse problem is still a problem. SO, I need to spend some time to try to rid the system of the apparently bad driver. The info I've found searching the MSFT knowledge base talks about modificatiosn to the registry, which I'm leery about doing. So, this weekend, I'll look at it again.

Worse news is that my wife's machine, which I completely rebuilt from scratch (reinstalling windows, applying all patches since 2001 ...ugh) is sick again. I installed Bit Defender, and it's now finding (and I hope disinfecting) a DIFFERENT virus from the one we saw before. Again, over the weekend, I'll upload some detail about that machine too.

Grrr ...

Thanks!

Ken

#19 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 28 June 2007 - 03:25 PM

Hi again,

By all means post a HiJackThis log from your wife's PC.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#20 Ken Jacobs

Ken Jacobs

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 29 June 2007 - 01:01 PM

Thanks for your continued help!

My wife's machine is very slow, even tho task manager shows plenty of idle time, and there is plenty of free space on disk. I'm posting below the HiJackThis log, plus some Bit Defender logs.

Note that there are some 34,549 files in 22 folders (and 329MB on disk) in the folder F:\temporary internet files. I'm tempted to simply delete them all. Shall I?

I hope you can help rid me of this scurge!

Thanks!

Ken

---------------------------
HijackThis log ...

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:49:29 AM, on 6/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Programs\BITDEF~1\bdmcon.exe
D:\Programs\BitDefender\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programs\Palm\HOTSYNC.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
D:\Programs\Palm\palm.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
D:\Programs\BitDefender\vsserv.exe
D:\Programs\BitDefender\bdlite.exe
D:\Programs\BitDefender\bdlite.exe
D:\Programs\SpashID\SplashID Desktop.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Programs\BitDefender\bdlite.exe
D:\Programs\BitDefender\bdlite.exe
C:\WINDOWS\system32\taskmgr.exe
D:\Downloads\Antivirus stuff June 2007\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: IE7pro - {00011268-E188-40DF-A514-835FCD78B1BF} - D:\Programs\IE7Pro\IE7Pro.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [BDMCon] D:\Programs\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "D:\Programs\BitDefender\bdagent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: HotSync Manager.lnk = D:\Programs\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = D:\Programs\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - D:\Programs\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - D:\Programs\IE7Pro\IE7Pro.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1182059137811
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1182061521014
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - D:\Programs\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - D:\Programs\BitDefender\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 5182 bytes
------------

Bit Defender logs follow ...


//-----------------------------------------------------------------
//
// Product BitDefender Antivirus v10
// Product 10.2
//
// Created on: 28/06/2007 02:54:00
//
//-----------------------------------------------------------------


Virus Statistics

Scan path : C:\
D:\
E:\
F:\
G:\
H:\
Folders : 12438
Files : 862170
Memory processes scanned : 28
Archives : 86185
Runtime packers : 37384
Identified viruses : 4
Infected files : 8
Memory processes infected : 0
Suspect files : 1
Warnings : 0
Disinfected files : 6
Deleted files : 1
Moved files : 0
I/O errors : 195
Scan time : 05:44:55
Scan speed (files/sec) : 41

Spyware Statistics

Registry keys scanned : 1581
Registry keys infected : 0
Cookies scanned : 45
Cookies infected : 0
Spyware files infected : 0
Spyware threats detected : 0


Virus definitions : 646938
Scan plugins : 16
Archive plugins : 41
Unpack plugins : 6
Mail plugins : 6
System plugins : 5

Virus scan options

Detection
[X] Scan boot sectors
[X] Memory Processes
[X] Scan archives
[X] Scan runtime packers
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Move to quarantine
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[X] Move to quarantine
[ ] Prompt user

Virus scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\deep_scan\1183024440.log

Spyware scan options

[X] Scan for riskware
[ ] Skip dial and applications from scan
[X] Registry keys
[X] Cookies


Summary:

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\0F1B63E9.VIR=>(Quarantine-1) Infected: XM.Laroux.AA
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\0F1B63E9.VIR=>(Quarantine-1) Disinfected
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\0F1B63E9.VIR Archive repacking has failed (marked actions not taken)
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\11741154.VIR=>(Quarantine-1) Infected: XM.Laroux.AA
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\11741154.VIR=>(Quarantine-1) Disinfected
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\11741154.VIR Archive repacking has failed (marked actions not taken)
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\14EF577F.VIR=>(Quarantine-1) Infected: WM.Helper.A
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\14EF577F.VIR=>(Quarantine-1) Disinfected
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\14EF577F.VIR Archive repacking has failed (marked actions not taken)
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1E2E36.VIR=>(Quarantine-1) Infected: XM.Laroux.AA
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1E2E36.VIR=>(Quarantine-1) Disinfected
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1E2E36.VIR Archive repacking has failed (marked actions not taken)
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\71AE2564.VIR=>(Quarantine-1) Infected: XM.Laroux.AA
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\71AE2564.VIR=>(Quarantine-1) Disinfected
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\71AE2564.VIR Archive repacking has failed (marked actions not taken)
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\74FC1FC1.VIR=>(Quarantine-1) Infected: WM.Helper.A
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\74FC1FC1.VIR=>(Quarantine-1) Disinfected
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\74FC1FC1.VIR Archive repacking has failed (marked actions not taken)
E:\K-DATA\Downloads2\Screensavers\CoralFree.EXE=>wise0027=>(CAB Sfx r)=>SaveNow.exe Detected: Adware.Savenow.AA
E:\K-DATA\Downloads2\Screensavers\CoralFree.EXE=>wise0027=>(CAB Sfx r)=>SaveNow.exe Disinfection failed
E:\K-DATA\Downloads2\Screensavers\CoralFree.EXE=>wise0027=>(CAB Sfx r)=>SaveNow.exe Move failed
E:\K-DATA\Downloads2\Screensavers\CoralFree.EXE=>wise0027=>(CAB Sfx r)=>Uninst.exe Detected: Adware.Savenow.AU
E:\K-DATA\Downloads2\Screensavers\CoralFree.EXE=>wise0027=>(CAB Sfx r)=>Uninst.exe Disinfection failed
E:\K-DATA\Downloads2\Screensavers\CoralFree.EXE=>wise0027=>(CAB Sfx r)=>Uninst.exe Move failed
E:\K-DATA\LAPTOP-D-Drive\C\Downloads\PC Magazine Utilities\prime97.zip=>PRIME97w.exe=>wise0066 Suspect: Macro.VBA
E:\K-DATA\LAPTOP-D-Drive\C\Downloads\PC Magazine Utilities\prime97.zip=>PRIME97w.exe=>wise0066 Disinfection failed
E:\K-DATA\LAPTOP-D-Drive\C\Downloads\PC Magazine Utilities\prime97.zip=>PRIME97w.exe=>wise0066 Deleted
E:\K-DATA\LAPTOP-D-Drive\C\Downloads\PC Magazine Utilities\prime97.zip=>PRIME97w.exe Archive repacking has failed (marked actions not taken)


--------------------------------------


//-----------------------------------------------------------------
//
// Product BitDefender Antivirus v10
// Product 10.2
//
// Created on: 28/06/2007 02:55:19
//
//-----------------------------------------------------------------


Virus Statistics

Scan path : C:\
D:\
E:\
F:\
G:\
H:\
Folders : 12438
Files : 410980
Memory processes scanned : 29
Archives : 43697
Runtime packers : 13327
Identified viruses : 2
Infected files : 6
Memory processes infected : 0
Suspect files : 0
Warnings : 0
Disinfected files : 6
Deleted files : 0
Moved files : 0
I/O errors : 198
Scan time : 04:27:44
Scan speed (files/sec) : 25

Spyware Statistics

Registry keys scanned : 1581
Registry keys infected : 0
Cookies scanned : 45
Cookies infected : 0
Spyware files infected : 0
Spyware threats detected : 0


Virus definitions : 646938
Scan plugins : 16
Archive plugins : 41
Unpack plugins : 6
Mail plugins : 6
System plugins : 5

Virus scan options

Detection
[X] Scan boot sectors
[X] Memory Processes
[ ] Scan archives
[X] Scan runtime packers
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Move to quarantine
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[X] Move to quarantine
[ ] Prompt user

Virus scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\full_scan\1183024519.log

Spyware scan options

[X] Scan for riskware
[ ] Skip dial and applications from scan
[X] Registry keys
[X] Cookies


Summary:

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\0F1B63E9.VIR=>(Quarantine-1) Infected: XM.Laroux.AA
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\0F1B63E9.VIR=>(Quarantine-1) Disinfected
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\0F1B63E9.VIR Archive repacking has failed (marked actions not taken)
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\11741154.VIR=>(Quarantine-1) Infected: XM.Laroux.AA
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\11741154.VIR=>(Quarantine-1) Disinfected
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\11741154.VIR Archive repacking has failed (marked actions not taken)
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\14EF577F.VIR=>(Quarantine-1) Infected: WM.Helper.A
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\14EF577F.VIR=>(Quarantine-1) Disinfected
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\14EF577F.VIR Archive repacking has failed (marked actions not taken)
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1E2E36.VIR=>(Quarantine-1) Infected: XM.Laroux.AA
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1E2E36.VIR=>(Quarantine-1) Disinfected
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1E2E36.VIR Archive repacking has failed (marked actions not taken)
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\71AE2564.VIR=>(Quarantine-1) Infected: XM.Laroux.AA
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\71AE2564.VIR=>(Quarantine-1) Disinfected
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\71AE2564.VIR Archive repacking has failed (marked actions not taken)
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\74FC1FC1.VIR=>(Quarantine-1) Infected: WM.Helper.A
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\74FC1FC1.VIR=>(Quarantine-1) Disinfected
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\74FC1FC1.VIR Archive repacking has failed (marked actions not taken)


----------------


//-----------------------------------------------------------------
//
// Product BitDefender Antivirus v10
// Product 10.2
//
// Created on: 29/06/2007 02:55:23
//
//-----------------------------------------------------------------


Virus Statistics

Scan path : C:\
D:\
E:\
F:\
G:\
H:\
Folders : 12446
Files : 411913
Memory processes scanned : 34
Archives : 43815
Runtime packers : 13350
Identified viruses : 2
Infected files : 6
Memory processes infected : 0
Suspect files : 0
Warnings : 0
Disinfected files : 6
Deleted files : 0
Moved files : 0
I/O errors : 198
Scan time : 05:46:23
Scan speed (files/sec) : 19

Spyware Statistics

Registry keys scanned : 1581
Registry keys infected : 0
Cookies scanned : 52
Cookies infected : 0
Spyware files infected : 0
Spyware threats detected : 0


Virus definitions : 40564269
Scan plugins : 16
Archive plugins : 41
Unpack plugins : 6
Mail plugins : 6
System plugins : 5

Virus scan options

Detection
[X] Scan boot sectors
[X] Memory Processes
[ ] Scan archives
[X] Scan runtime packers
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Move to quarantine
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[X] Move to quarantine
[ ] Prompt user

Virus scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\full_scan\1183110923.log

Spyware scan options

[X] Scan for riskware
[ ] Skip dial and applications from scan
[X] Registry keys
[X] Cookies


Summary:

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\0F1B63E9.VIR=>(Quarantine-1) Infected: XM.Laroux.AA
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\0F1B63E9.VIR=>(Quarantine-1) Disinfected
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\0F1B63E9.VIR Archive repacking has failed (marked actions not taken)
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\11741154.VIR=>(Quarantine-1) Infected: XM.Laroux.AA
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\11741154.VIR=>(Quarantine-1) Disinfected
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\11741154.VIR Archive repacking has failed (marked actions not taken)
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\14EF577F.VIR=>(Quarantine-1) Infected: WM.Helper.A
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\14EF577F.VIR=>(Quarantine-1) Disinfected
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\14EF577F.VIR Archive repacking has failed (marked actions not taken)
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1E2E36.VIR=>(Quarantine-1) Infected: XM.Laroux.AA
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1E2E36.VIR=>(Quarantine-1) Disinfected
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1E2E36.VIR Archive repacking has failed (marked actions not taken)
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\71AE2564.VIR=>(Quarantine-1) Infected: XM.Laroux.AA
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\71AE2564.VIR=>(Quarantine-1) Disinfected
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\71AE2564.VIR Archive repacking has failed (marked actions not taken)
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\74FC1FC1.VIR=>(Quarantine-1) Infected: WM.Helper.A
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\74FC1FC1.VIR=>(Quarantine-1) Disinfected
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\74FC1FC1.VIR Archive repacking has failed (marked actions not taken)


-----------------------------


//-----------------------------------------------------------------
//
// Product BitDefender Antivirus v10
// Product 10.2
//
// Created on: 29/06/2007 02:54:04
//
//-----------------------------------------------------------------


Virus Statistics

Scan path : C:\
D:\
E:\
F:\
G:\
H:\
Folders : 12445
Files : 860992
Memory processes scanned : 33
Archives : 86297
Runtime packers : 37290
Identified viruses : 4
Infected files : 8
Memory processes infected : 0
Suspect files : 1
Warnings : 0
Disinfected files : 6
Deleted files : 1
Moved files : 0
I/O errors : 198
Scan time : 07:39:16
Scan speed (files/sec) : 31

Spyware Statistics

Registry keys scanned : 1581
Registry keys infected : 0
Cookies scanned : 52
Cookies infected : 0
Spyware files infected : 0
Spyware threats detected : 0


Virus definitions : 40564269
Scan plugins : 16
Archive plugins : 41
Unpack plugins : 6
Mail plugins : 6
System plugins : 5

Virus scan options

Detection
[X] Scan boot sectors
[X] Memory Processes
[X] Scan archives
[X] Scan runtime packers
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Move to quarantine
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[X] Move to quarantine
[ ] Prompt user

Virus scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\deep_scan\1183110844.log

Spyware scan options

[X] Scan for riskware
[ ] Skip dial and applications from scan
[X] Registry keys
[X] Cookies


Summary:

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\0F1B63E9.VIR=>(Quarantine-1) Infected: XM.Laroux.AA
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\0F1B63E9.VIR=>(Quarantine-1) Disinfected
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\0F1B63E9.VIR Archive repacking has failed (marked actions not taken)
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\11741154.VIR=>(Quarantine-1) Infected: XM.Laroux.AA
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\11741154.VIR=>(Quarantine-1) Disinfected
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\11741154.VIR Archive repacking has failed (marked actions not taken)
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\14EF577F.VIR=>(Quarantine-1) Infected: WM.Helper.A
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\14EF577F.VIR=>(Quarantine-1) Disinfected
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\14EF577F.VIR Archive repacking has failed (marked actions not taken)
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1E2E36.VIR=>(Quarantine-1) Infected: XM.Laroux.AA
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1E2E36.VIR=>(Quarantine-1) Disinfected
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1E2E36.VIR Archive repacking has failed (marked actions not taken)
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\71AE2564.VIR=>(Quarantine-1) Infected: XM.Laroux.AA
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\71AE2564.VIR=>(Quarantine-1) Disinfected
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\71AE2564.VIR Archive repacking has failed (marked actions not taken)
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\74FC1FC1.VIR=>(Quarantine-1) Infected: WM.Helper.A
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\74FC1FC1.VIR=>(Quarantine-1) Disinfected
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\74FC1FC1.VIR Archive repacking has failed (marked actions not taken)
E:\K-DATA\Downloads2\Screensavers\CoralFree.EXE=>wise0027=>(CAB Sfx r)=>SaveNow.exe Detected: Adware.Savenow.AA
E:\K-DATA\Downloads2\Screensavers\CoralFree.EXE=>wise0027=>(CAB Sfx r)=>SaveNow.exe Disinfection failed
E:\K-DATA\Downloads2\Screensavers\CoralFree.EXE=>wise0027=>(CAB Sfx r)=>SaveNow.exe Move failed
E:\K-DATA\Downloads2\Screensavers\CoralFree.EXE=>wise0027=>(CAB Sfx r)=>Uninst.exe Detected: Adware.Savenow.AU
E:\K-DATA\Downloads2\Screensavers\CoralFree.EXE=>wise0027=>(CAB Sfx r)=>Uninst.exe Disinfection failed
E:\K-DATA\Downloads2\Screensavers\CoralFree.EXE=>wise0027=>(CAB Sfx r)=>Uninst.exe Move failed
E:\K-DATA\LAPTOP-D-Drive\C\Downloads\PC Magazine Utilities\prime97.zip=>PRIME97w.exe=>wise0066 Suspect: Macro.VBA
E:\K-DATA\LAPTOP-D-Drive\C\Downloads\PC Magazine Utilities\prime97.zip=>PRIME97w.exe=>wise0066 Disinfection failed
E:\K-DATA\LAPTOP-D-Drive\C\Downloads\PC Magazine Utilities\prime97.zip=>PRIME97w.exe=>wise0066 Deleted
E:\K-DATA\LAPTOP-D-Drive\C\Downloads\PC Magazine Utilities\prime97.zip=>PRIME97w.exe Archive repacking has failed (marked actions not taken)

#21 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 30 June 2007 - 06:02 AM

Hi again,

I'm tempted to simply delete them all. Shall I?

Yes, please do, in fact you can use this:
Download: CCleaner (freeware)
http://www.majorgeek...wnload4191.html
Run the installer, and uncheck the option to install Yahoo toolbar (unless you want Yahoo toolbar).
Once installed, run CCleaner click the Windows [tab]
The following should be selected by default, if not, please select:
Posted Image
Next: click Options click the Settings tab
Uncheck: "Only delete files older than 48 hrs.", click Ok
Then click Run Cleaner (bottom right) then Exit

Next:

(For your wife's PC)

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#22 Ken Jacobs

Ken Jacobs

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 30 June 2007 - 06:12 PM

Thanks, Jedi ... I ran CClean, and now here's the DrWeb CureIt log ... LOTS of infected files! :eek:

A0000752.exe;C:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP15;BackDoor.Generic.1138;Deleted.;
A0000753.exe;C:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP15;BackDoor.Generic.1138;Deleted.;
A0011874.EXE;C:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP34;BackDoor.Generic.1138;Deleted.;
A0011875.exe;C:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP34;BackDoor.Generic.1138;Deleted.;
MyYahoo.dll;D:\K-APPS\Applications\Yahoo Messenger;Probably STPAGE.Trojan;Incurable.Moved.;
setup.exe;D:\K-APPS\CTEMP\activePDF\PrimoPDF\PrimoMon;Probably BACKDOOR.Trojan;Incurable.Moved.;
A0003455.exe;D:\System Volume Information\_restore{7FFF694B-F00C-4191-BB2F-90458DE2091A}\RP17;BackDoor.Generic.1138;Deleted.;
A0003456.exe;D:\System Volume Information\_restore{7FFF694B-F00C-4191-BB2F-90458DE2091A}\RP17;BackDoor.Generic.1138;Deleted.;
A0003459.exe;D:\System Volume Information\_restore{7FFF694B-F00C-4191-BB2F-90458DE2091A}\RP17;BackDoor.Generic.1138;Deleted.;
A0003460.exe;D:\System Volume Information\_restore{7FFF694B-F00C-4191-BB2F-90458DE2091A}\RP17;BackDoor.Generic.1138;Deleted.;
A0003461.exe;D:\System Volume Information\_restore{7FFF694B-F00C-4191-BB2F-90458DE2091A}\RP17;BackDoor.Generic.1138;Deleted.;
A0003464.exe;D:\System Volume Information\_restore{7FFF694B-F00C-4191-BB2F-90458DE2091A}\RP17;BackDoor.Generic.1138;Deleted.;
A0003472.exe;D:\System Volume Information\_restore{7FFF694B-F00C-4191-BB2F-90458DE2091A}\RP17;BackDoor.Generic.1138;Deleted.;
A0003473.exe;D:\System Volume Information\_restore{7FFF694B-F00C-4191-BB2F-90458DE2091A}\RP17;BackDoor.Generic.1138;Deleted.;
A0003474.exe;D:\System Volume Information\_restore{7FFF694B-F00C-4191-BB2F-90458DE2091A}\RP17;BackDoor.Generic.1138;Deleted.;
A0004024.exe;D:\System Volume Information\_restore{7FFF694B-F00C-4191-BB2F-90458DE2091A}\RP21;BackDoor.Generic.1138;Deleted.;
A0004822.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004823.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004824.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004825.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004826.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004827.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004828.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004829.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004830.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004831.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004832.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004833.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004834.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004835.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004836.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004837.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004838.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004839.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004840.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004841.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004842.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004843.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004844.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004845.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004846.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004847.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004848.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004849.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004850.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004851.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004852.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004853.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004854.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004855.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004856.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004857.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004858.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004859.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004860.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004861.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004862.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004863.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004864.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004865.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004866.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004867.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004868.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004869.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004870.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004871.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004872.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004873.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004874.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004875.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004876.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004877.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004878.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004879.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004880.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004881.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004882.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004883.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004884.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004885.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004886.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004887.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004888.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004889.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004890.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004891.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004892.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004893.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004894.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004895.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004896.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004897.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004898.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004899.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004900.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004901.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004902.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004903.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004904.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004905.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004906.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004907.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004908.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004909.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004910.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004911.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004912.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004913.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004914.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004915.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004916.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004917.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004918.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004919.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004920.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004921.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004922.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004923.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004924.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004925.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004926.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004927.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004928.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004929.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004930.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004931.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004932.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004933.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004934.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004935.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004936.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004937.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004938.EXE;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004939.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004940.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004941.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004942.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004943.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004944.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004945.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004946.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004947.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004948.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004949.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004950.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004951.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004952.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004953.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004954.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004955.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004956.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004957.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004958.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004959.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004960.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004961.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004962.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004963.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004964.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004965.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004966.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004967.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004968.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004969.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004970.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004971.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004972.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004973.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004974.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004975.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004976.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004977.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004978.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004979.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004980.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004981.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004982.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004983.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004984.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004985.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004986.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004987.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004988.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004989.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004990.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004991.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004992.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004993.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004994.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004995.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004996.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004997.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004998.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0004999.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005000.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005001.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005002.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005003.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005004.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005005.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005006.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005007.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005008.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005009.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005010.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005011.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005012.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005013.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005014.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005015.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005016.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005017.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005018.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005019.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005020.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005021.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005022.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005023.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005024.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005025.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005026.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005027.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005028.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005029.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005030.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005031.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005032.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005033.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005034.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005035.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005036.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005037.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005038.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005039.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005040.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005041.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005042.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005043.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005044.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005045.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005046.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005047.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005048.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005049.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005050.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005051.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005052.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005053.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005054.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005055.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005056.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005057.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005058.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005059.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005060.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005061.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005062.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005063.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005064.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005065.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005066.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005067.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005068.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005069.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005070.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005071.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005072.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005073.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005074.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005075.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005076.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005077.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005078.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005079.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005080.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005081.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005082.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005083.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005084.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005085.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005086.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005087.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005088.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005089.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005090.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005091.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005092.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005093.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005094.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005095.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005096.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005097.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005098.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005099.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005100.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005101.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005102.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005103.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005104.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005105.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005106.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005107.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005108.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005109.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005110.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005111.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005112.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005113.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005114.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005115.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005116.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005117.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005118.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005119.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005120.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005121.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005122.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005123.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005124.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005125.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005126.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005127.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005128.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005129.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005130.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005131.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005132.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005133.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005134.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005135.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005136.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005137.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005138.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005139.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005140.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005141.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005142.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005143.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005144.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005145.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005146.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005147.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005148.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005149.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005150.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005151.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005152.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005153.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005154.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005155.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005156.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005157.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005158.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005159.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005160.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005161.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005162.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005163.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005164.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005165.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005166.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005167.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005168.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005169.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005170.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005171.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005172.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005173.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005174.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005175.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005176.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005177.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005178.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005179.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005180.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005181.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005182.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005183.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005184.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005185.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005186.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005187.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005188.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005189.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005190.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005191.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005192.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005193.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005194.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005195.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005196.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005197.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005198.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005199.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005200.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005201.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005202.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005203.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005204.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005205.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005206.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005207.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005208.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005209.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005210.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005211.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005212.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005213.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005214.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005215.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005216.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005217.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005218.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005219.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005220.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005221.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005222.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005223.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005224.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005225.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005226.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005227.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005228.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005229.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005230.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005231.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005232.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005233.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005234.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005235.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005236.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005237.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005238.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005239.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005240.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005241.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005242.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005243.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005244.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005245.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005246.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005247.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005248.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005249.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005250.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005251.exe;D:\System Volume Information&#

Edited by Ken Jacobs, 30 June 2007 - 06:15 PM.


#23 Ken Jacobs

Ken Jacobs

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 30 June 2007 - 06:18 PM

For some reason my earlier post was truncated ... here's the next segment ...

A0005253.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005254.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005255.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005256.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005257.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005258.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005259.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005260.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005261.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005262.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005263.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005264.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005265.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005266.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005267.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005268.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005269.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005270.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005271.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005272.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005273.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005274.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005275.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005276.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005277.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005278.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005279.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005280.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005281.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005282.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005283.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005284.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005285.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005286.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005287.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005288.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005289.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005290.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005291.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005292.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005293.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005294.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005295.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005296.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005297.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005298.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005299.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005300.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005301.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005302.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005303.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005304.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005305.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005306.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005307.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005308.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005309.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005310.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005311.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005312.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005313.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005314.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005315.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005316.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005317.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005318.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005319.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005320.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005321.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005322.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005323.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005324.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005325.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005326.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005327.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005328.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005329.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005330.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005331.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005332.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005333.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005334.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005335.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005336.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005337.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005338.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005339.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005340.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005341.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005342.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005343.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005344.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005345.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005346.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005347.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005348.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005349.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005350.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005351.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005352.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005353.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005354.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005355.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005356.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005357.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005358.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005359.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005360.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005361.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005362.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005363.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005364.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005365.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005366.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005367.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005368.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005369.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005370.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005371.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005372.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005373.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005374.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005375.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005376.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005377.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005378.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005379.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005380.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005381.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005382.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005383.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005384.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005385.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005386.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005387.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005388.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005389.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005390.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005391.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005392.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005393.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005394.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005395.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005396.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005397.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005398.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005399.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005400.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005401.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005402.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005403.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005404.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005405.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005406.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005407.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005408.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005409.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005410.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005411.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005412.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005413.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005414.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005415.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005416.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005417.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005418.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005419.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005420.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005421.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005422.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005423.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005424.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005425.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005426.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005427.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005428.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005429.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005430.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005431.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005432.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005433.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005434.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005435.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005436.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005437.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005438.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005439.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005440.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005441.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005442.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005443.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005444.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005445.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005446.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005447.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005448.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005449.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005450.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005451.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005452.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005453.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005454.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005455.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005456.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005457.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005458.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005459.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005460.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005461.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005462.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005463.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005464.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005465.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005466.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005467.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005468.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005469.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005470.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005471.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005472.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005473.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005474.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005475.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005476.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005477.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005478.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005479.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005480.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005481.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005482.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005483.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005484.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005485.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005486.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005487.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005488.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005489.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005490.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005491.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005492.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005493.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005494.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005495.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005496.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005497.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005498.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005499.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005500.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005501.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005502.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005503.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005504.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005505.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005506.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005507.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005508.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005509.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005510.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005511.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005512.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005513.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005514.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005515.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005516.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005517.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005518.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005519.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005520.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005521.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005522.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005523.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005524.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005525.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005526.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005527.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005528.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005529.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005530.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005531.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005532.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005533.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005534.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005535.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005536.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005537.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005538.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005539.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005540.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005541.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005542.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005543.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005544.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005545.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005546.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005547.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005548.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005549.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005550.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005551.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005552.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005553.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005554.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005555.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005556.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005557.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005558.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005559.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005560.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005561.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005562.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005563.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005564.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005565.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005566.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005567.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005568.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005569.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005570.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005571.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005572.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005573.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005574.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005575.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005576.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005577.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005578.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005579.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005580.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005581.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005582.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005583.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005584.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005585.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005586.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005587.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005588.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005589.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005590.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005591.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005592.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005593.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005594.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005595.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005596.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005597.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005598.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005599.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005600.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005601.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005602.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005603.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005604.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005605.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005606.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005607.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005608.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005609.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005610.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005611.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005612.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005613.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005614.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005615.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005616.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005617.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005618.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005619.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005620.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005621.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005622.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005623.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005624.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005625.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005626.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005627.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005628.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005629.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005630.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005631.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005632.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005633.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005634.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005635.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005636.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005637.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005638.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005639.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005640.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005641.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005642.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005643.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005644.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005645.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005646.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005647.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005648.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005649.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005650.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005651.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005652.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005653.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005654.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005655.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005656.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005657.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005658.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005659.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005660.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005661.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005662.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005663.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005664.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005665.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005666.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005667.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005668.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005669.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005670.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005671.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005672.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005673.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005674.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005675.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005676.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005677.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005678.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005679.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005680.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005681.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005682.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005683.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005684.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005685.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005686.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005687.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005688.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005689.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005690.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005691.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005692.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005693.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005694.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005695.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005696.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005697.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005698.exe;D:\Syst

#24 Ken Jacobs

Ken Jacobs

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 30 June 2007 - 06:31 PM

Truncated again ... but the pattern repeats until the last entry below. It's always the same (though sometimes .exe appears as .EXE), with these entries that don't fit the pattern:

A0005953.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0005954.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;Adware.Cfd;Incurable.Moved.;
A0005955.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
...
A0006794.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;Win32.HLLW.SpyBot;Deleted.;
....
A0007232.exe;D:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
BufferOverrunPatch.exe;E:\K-DATA\Downloads2\Anti Virus Fixes\Blaster Worm August 2003;Trojan.PWS.TOnline;Deleted.;
ApplicationInstaller.exe;E:\K-DATA\Downloads2\Oracle\App Installer;Trojan.PWS.TOnline;Deleted.;
Application Installer.exe;E:\K-DATA\LAPTOP-D-Drive;Trojan.PWS.TOnline;Deleted.;
WINS.EXE;E:\K-DATA\LAPTOP-D-Drive\C\Downloads\Oracle Corp Downloads;Trojan.PWS.TOnline;Deleted.;
M_BARAX.SMK;E:\K-DATA\LAPTOP-D-Drive\C\GAMES\BlackDahlia\SOUND;Modification of Linux.Rst.4096;Moved.;
Application Installer.exe;E:\K-DATA\LAPTOP-D-Drive\Desktop things;Trojan.PWS.TOnline;Deleted.;
HKLM_1.reg;E:\K-DATA\LAPTOP-D-Drive\Win95 C Drive\Program Files\Regback;Probably SCRIPT.Virus;Incurable.Moved.;
Application Installer.exe;E:\K-DATA\WIN XP\Documents and Settings\All Users\Start Menu\Programs\Application & Printer Installer;Trojan.PWS.TOnline;Deleted.;
Printer Installer.exe;E:\K-DATA\WIN XP\Documents and Settings\All Users\Start Menu\Programs\Application & Printer Installer;Trojan.PWS.TOnline;Deleted.;
setup.exe;E:\K-DATA\WIN XP\Program Files\Source\PrimoMon;Probably BACKDOOR.Trojan;Incurable.Moved.;
A0007233.exe;E:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
.....
A0011490.exe;E:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0011491.exe;E:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;Dialer.Direct;Incurable.Moved.;
A0011492.exe;E:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
....
A0011529.exe;E:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP26;BackDoor.Generic.1138;Deleted.;
A0012783.exe;E:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP41;Trojan.PWS.TOnline;Deleted.;
A0012784.exe;E:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP41;Trojan.PWS.TOnline;Deleted.;
A0012788.exe;E:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP41;Trojan.PWS.TOnline;Deleted.;
A0012790.EXE;E:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP41;Trojan.PWS.TOnline;Deleted.;
A0012791.exe;E:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP41;Trojan.PWS.TOnline;Deleted.;
A0012792.exe;E:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP41;Trojan.PWS.TOnline;Deleted.;
A0012793.exe;E:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP41;Trojan.PWS.TOnline;Deleted.;
NortonAntivirus.exe;F:\K-MEDIA\Downloads\Oracle Downloads;Trojan.PWS.TOnline;Deleted.;
A0019966.exe;F:\System Volume Information\_restore{C9F3DCB0-BD16-48B6-BC85-2BD8FF93EC70}\RP41;Trojan.PWS.TOnline;Deleted.;

(the end)

#25 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 01 July 2007 - 06:21 AM

Hi again,

Most of that was resident in system restore rather than active. :thumbsup:

1. Download this file - ComboFix
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#26 Ken Jacobs

Ken Jacobs

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 01 July 2007 - 11:40 AM

That's good news (it was in system restore) ... but I'm still seeing these two logs from Bit Defender, which is configured to run every night. I will now download ComboFix per your instructions.

thanks

Ken


//-----------------------------------------------------------------
//
// Product BitDefender Antivirus v10
// Product 10.2
//
// Created on: 01/07/2007 02:55:20
//
//-----------------------------------------------------------------


Virus Statistics

Scan path : C:\
D:\
E:\
F:\
G:\
H:\
Folders : 11670
Files : 314740
Memory processes scanned : 31
Archives : 43476
Runtime packers : 8768
Identified viruses : 2
Infected files : 6
Memory processes infected : 0
Suspect files : 0
Warnings : 0
Disinfected files : 6
Deleted files : 0
Moved files : 0
I/O errors : 198
Scan time : 04:08:19
Scan speed (files/sec) : 21

Spyware Statistics

Registry keys scanned : 1582
Registry keys infected : 0
Cookies scanned : 0
Cookies infected : 0
Spyware files infected : 0
Spyware threats detected : 0


Virus definitions : 696859
Scan plugins : 16
Archive plugins : 41
Unpack plugins : 6
Mail plugins : 6
System plugins : 5

Virus scan options

Detection
[X] Scan boot sectors
[X] Memory Processes
[ ] Scan archives
[X] Scan runtime packers
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Move to quarantine
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[X] Move to quarantine
[ ] Prompt user

Virus scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\full_scan\1183283720.log

Spyware scan options

[X] Scan for riskware
[ ] Skip dial and applications from scan
[X] Registry keys
[X] Cookies


Summary:

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\0F1B63E9.VIR=>(Quarantine-1) Infected: XM.Laroux.AA
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\0F1B63E9.VIR=>(Quarantine-1) Disinfected
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\0F1B63E9.VIR Archive repacking has failed (marked actions not taken)
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\11741154.VIR=>(Quarantine-1) Infected: XM.Laroux.AA
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\11741154.VIR=>(Quarantine-1) Disinfected
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\11741154.VIR Archive repacking has failed (marked actions not taken)
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\14EF577F.VIR=>(Quarantine-1) Infected: WM.Helper.A
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\14EF577F.VIR=>(Quarantine-1) Disinfected
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\14EF577F.VIR Archive repacking has failed (marked actions not taken)
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1E2E36.VIR=>(Quarantine-1) Infected: XM.Laroux.AA
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1E2E36.VIR=>(Quarantine-1) Disinfected
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1E2E36.VIR Archive repacking has failed (marked actions not taken)
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\71AE2564.VIR=>(Quarantine-1) Infected: XM.Laroux.AA
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\71AE2564.VIR=>(Quarantine-1) Disinfected
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\71AE2564.VIR Archive repacking has failed (marked actions not taken)
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\74FC1FC1.VIR=>(Quarantine-1) Infected: WM.Helper.A
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\74FC1FC1.VIR=>(Quarantine-1) Disinfected
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\74FC1FC1.VIR Archive repacking has failed (marked actions not taken)


----------------



//-----------------------------------------------------------------
//
// Product BitDefender Antivirus v10
// Product 10.2
//
// Created on: 01/07/2007 02:54:00
//
//-----------------------------------------------------------------


Virus Statistics

Scan path : C:\
D:\
E:\
F:\
G:\
H:\
Folders : 11670
Files : 718563
Memory processes scanned : 30
Archives : 77975
Runtime packers : 30779
Identified viruses : 6
Infected files : 10
Memory processes infected : 0
Suspect files : 1
Warnings : 0
Disinfected files : 6
Deleted files : 1
Moved files : 2
I/O errors : 198
Scan time : 05:29:56
Scan speed (files/sec) : 36

Spyware Statistics

Registry keys scanned : 1582
Registry keys infected : 0
Cookies scanned : 0
Cookies infected : 0
Spyware files infected : 0
Spyware threats detected : 0


Virus definitions : 696859
Scan plugins : 16
Archive plugins : 41
Unpack plugins : 6
Mail plugins : 6
System plugins : 5

Virus scan options

Detection
[X] Scan boot sectors
[X] Memory Processes
[X] Scan archives
[X] Scan runtime packers
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Move to quarantine
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[X] Move to quarantine
[ ] Prompt user

Virus scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\deep_scan\1183283640.log

Spyware scan options

[X] Scan for riskware
[ ] Skip dial and applications from scan
[X] Registry keys
[X] Cookies


Summary:

C:\Documents and Settings\Margaret Jacobs\DoctorWeb\Quarantine\A0005954.exe Detected: Adware.CFD
C:\Documents and Settings\Margaret Jacobs\DoctorWeb\Quarantine\A0005954.exe Disinfection failed
C:\Documents and Settings\Margaret Jacobs\DoctorWeb\Quarantine\A0005954.exe Moved
C:\Documents and Settings\Margaret Jacobs\DoctorWeb\Quarantine\A0011491.exe Detected: Application.Dialer.Worldxchange
C:\Documents and Settings\Margaret Jacobs\DoctorWeb\Quarantine\A0011491.exe Disinfection failed
C:\Documents and Settings\Margaret Jacobs\DoctorWeb\Quarantine\A0011491.exe Moved
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\0F1B63E9.VIR=>(Quarantine-1) Infected: XM.Laroux.AA
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\0F1B63E9.VIR=>(Quarantine-1) Disinfected
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\0F1B63E9.VIR Archive repacking has failed (marked actions not taken)
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\11741154.VIR=>(Quarantine-1) Infected: XM.Laroux.AA
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\11741154.VIR=>(Quarantine-1) Disinfected
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\11741154.VIR Archive repacking has failed (marked actions not taken)
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\14EF577F.VIR=>(Quarantine-1) Infected: WM.Helper.A
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\14EF577F.VIR=>(Quarantine-1) Disinfected
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\14EF577F.VIR Archive repacking has failed (marked actions not taken)
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1E2E36.VIR=>(Quarantine-1) Infected: XM.Laroux.AA
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1E2E36.VIR=>(Quarantine-1) Disinfected
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1E2E36.VIR Archive repacking has failed (marked actions not taken)
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\71AE2564.VIR=>(Quarantine-1) Infected: XM.Laroux.AA
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\71AE2564.VIR=>(Quarantine-1) Disinfected
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\71AE2564.VIR Archive repacking has failed (marked actions not taken)
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\74FC1FC1.VIR=>(Quarantine-1) Infected: WM.Helper.A
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\74FC1FC1.VIR=>(Quarantine-1) Disinfected
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\74FC1FC1.VIR Archive repacking has failed (marked actions not taken)
E:\K-DATA\Downloads2\Screensavers\CoralFree.EXE=>wise0027=>(CAB Sfx r)=>SaveNow.exe Detected: Adware.Savenow.AA
E:\K-DATA\Downloads2\Screensavers\CoralFree.EXE=>wise0027=>(CAB Sfx r)=>SaveNow.exe Disinfection failed
E:\K-DATA\Downloads2\Screensavers\CoralFree.EXE=>wise0027=>(CAB Sfx r)=>SaveNow.exe Move failed
E:\K-DATA\Downloads2\Screensavers\CoralFree.EXE=>wise0027=>(CAB Sfx r)=>Uninst.exe Detected: Adware.Savenow.AU
E:\K-DATA\Downloads2\Screensavers\CoralFree.EXE=>wise0027=>(CAB Sfx r)=>Uninst.exe Disinfection failed
E:\K-DATA\Downloads2\Screensavers\CoralFree.EXE=>wise0027=>(CAB Sfx r)=>Uninst.exe Move failed
E:\K-DATA\LAPTOP-D-Drive\C\Downloads\PC Magazine Utilities\prime97.zip=>PRIME97w.exe=>wise0066 Suspect: Macro.VBA
E:\K-DATA\LAPTOP-D-Drive\C\Downloads\PC Magazine Utilities\prime97.zip=>PRIME97w.exe=>wise0066 Disinfection failed
E:\K-DATA\LAPTOP-D-Drive\C\Downloads\PC Magazine Utilities\prime97.zip=>PRIME97w.exe=>wise0066 Deleted
E:\K-DATA\LAPTOP-D-Drive\C\Downloads\PC Magazine Utilities\prime97.zip=>PRIME97w.exe Archive repacking has failed (marked actions not taken)

Edited by Ken Jacobs, 01 July 2007 - 11:43 AM.


#27 Ken Jacobs

Ken Jacobs

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 01 July 2007 - 12:35 PM

Hi Jedi ... here's my ComboFix log ... Thanks again for your continuing help!

Ken

ComboFix 07-06-18.2 - D:\Downloads\Antivirus stuff June 2007\ComboFix.exe
"Margaret Jacobs" - 2007-07-01 9:45:46 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\MARGAR~1\Desktop.\internet explorer.lnk


((((((((((((((((((((((((( Files Created from 2007-06-01 to 2007-07-01 )))))))))))))))))))))))))))))))


2007-07-01 09:43 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-30 10:46 <DIR> d-------- C:\DOCUME~1\MARGAR~1\DoctorWeb
2007-06-24 14:31 <DIR> d-------- C:\DOCUME~1\MARGAR~1\APPLIC~1\Google
2007-06-24 14:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-06-24 14:30 <DIR> d-------- C:\Program Files\Google
2007-06-23 11:40 <DIR> d-------- C:\DOCUME~1\MARGAR~1\APPLIC~1\SUPERAntiSpyware.com
2007-06-20 18:09 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-06-17 20:48 <DIR> d-------- C:\DOCUME~1\MARGAR~1\APPLIC~1\Talkback
2007-06-17 20:45 <DIR> d-------- C:\DOCUME~1\MARGAR~1\APPLIC~1\IE7Pro
2007-06-17 18:04 <DIR> d-------- C:\DOCUME~1\MARGAR~1\APPLIC~1\Bitdefender
2007-06-17 18:03 1,572,864 --ah----- C:\DOCUME~1\MARGAR~1\NTUSER.DAT
2007-06-17 14:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-06-17 14:22 <DIR> d-------- C:\DOCUME~1\KENJAC~1\APPLIC~1\SUPERAntiSpyware.com
2007-06-17 14:21 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-17 13:53 <DIR> d-------- C:\DOCUME~1\KENJAC~1\APPLIC~1\Help
2007-06-17 13:47 98,304 -ra------ C:\WINDOWS\system32\CNCSUT50.DLL
2007-06-17 13:47 98,304 -ra------ C:\WINDOWS\system32\CNCFUT50.DLL
2007-06-17 13:47 90,112 -ra------ C:\WINDOWS\system32\CNCI730.DLL
2007-06-17 13:47 90,112 -ra------ C:\WINDOWS\system32\CNCAWS50.dll
2007-06-17 13:47 87,552 -ra------ C:\WINDOWS\system32\CNMLMya.DLL
2007-06-17 13:47 77,824 -ra------ C:\WINDOWS\system32\CNCSCM50.DLL
2007-06-17 13:47 73,728 -ra------ C:\WINDOWS\system32\CNCFCM50.DLL
2007-06-17 13:47 69,632 -ra------ C:\WINDOWS\system32\CNCFIM50.DLL
2007-06-17 13:47 57,344 -ra------ C:\WINDOWS\system32\CNCL730.DLL
2007-06-17 13:47 57,344 -ra------ C:\WINDOWS\system32\cncifco.dll
2007-06-17 13:47 57,344 -ra------ C:\WINDOWS\system32\CNCFSV50.DLL
2007-06-17 13:47 57,344 -ra------ C:\WINDOWS\system32\CNCFDs50.exe
2007-06-17 13:47 552,960 -ra------ C:\WINDOWS\system32\CNCC730.DLL
2007-06-17 13:47 53,248 -ra------ C:\WINDOWS\system32\cncipst.dll
2007-06-17 13:47 5,632 -ra------ C:\WINDOWS\system32\CNMVSya.DLL
2007-06-17 13:47 49,152 -ra------ C:\WINDOWS\system32\cncisco.dll
2007-06-17 13:47 40,960 -ra------ C:\WINDOWS\system32\CNCAAb50.exe
2007-06-17 13:47 327,740 -ra------ C:\WINDOWS\system32\UCS32P.DLL
2007-06-17 13:47 229,376 -ra------ C:\WINDOWS\system32\CNCAAi50.dll
2007-06-17 13:47 22,048 -ra------ C:\WINDOWS\system32\cocpyinf.dll
2007-06-17 13:47 217,088 -ra------ C:\WINDOWS\system32\CNCFDl50.dll
2007-06-17 13:47 15,922 -ra------ C:\WINDOWS\system32\CNCUPM2K.dll
2007-06-17 13:47 139,264 -ra------ C:\WINDOWS\system32\CNCAMg50.dll
2007-06-17 13:47 135,168 -ra------ C:\WINDOWS\system32\CNCSDO50.DLL
2007-06-17 13:47 126,976 -ra------ C:\WINDOWS\system32\CNCAPf50.exe
2007-06-17 13:47 122,880 -ra------ C:\WINDOWS\system32\CNCSTR50.DLL
2007-06-17 13:47 122,880 -ra------ C:\WINDOWS\system32\CNCFTR50.DLL
2007-06-17 13:47 122,880 -ra------ C:\WINDOWS\system32\CNCFDO50.DLL
2007-06-17 13:47 114,688 -ra------ C:\WINDOWS\system32\CNCFIF50.DLL
2007-06-17 13:47 110,592 -ra------ C:\WINDOWS\system32\CNCSIF50.DLL
2007-06-17 13:47 <DIR> d--h----- C:\BJPrinter
2007-06-17 13:46 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-06-17 13:34 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-06-17 13:32 <DIR> d--h----- C:\CanonMP
2007-06-17 13:31 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-06-17 13:26 <DIR> d-------- C:\WINDOWS\ShellNew
2007-06-17 13:20 <DIR> d-------- C:\DOCUME~1\KENJAC~1\APPLIC~1\Microsoft Web Folders
2007-06-17 13:03 <DIR> d-------- C:\Program Files\Digital Locker Assistant
2007-06-17 12:59 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-06-17 12:47 <DIR> d-------- C:\Program Files\ACW
2007-06-17 12:37 <DIR> d-------- C:\DOCUME~1\KENJAC~1\APPLIC~1\IE7pro
2007-06-17 12:22 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-06-17 08:51 <DIR> d-------- C:\312ce3d1bb41eb3ce3f4
2007-06-17 07:50 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-06-17 07:50 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-06-17 07:46 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-06-17 07:46 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-06-17 07:46 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-06-17 07:46 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-06-17 07:46 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-06-17 07:46 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-06-17 07:46 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-06-17 07:46 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-06-17 07:42 <DIR> d-------- C:\WINDOWS\Prefetch
2007-06-17 07:30 <DIR> d-------- C:\WINDOWS\provisioning
2007-06-17 07:30 <DIR> d-------- C:\WINDOWS\peernet
2007-06-17 07:24 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-06-17 07:16 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-06-17 07:16 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-06-17 07:12 <DIR> d-------- C:\WINDOWS\EHome
2007-06-17 00:18 4,569 --------- C:\WINDOWS\system32\secupd.dat
2007-06-17 00:18 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2007-06-16 23:16 40,960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-06-16 23:16 <DIR> d-------- C:\DOCUME~1\KENJAC~1\APPLIC~1\Bitdefender
2007-06-16 23:15 77,312 --a------ C:\WINDOWS\system32\browser.dll
2007-06-16 23:15 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2007-06-16 23:15 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2007-06-16 23:13 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-06-16 23:13 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-06-16 23:13 66,560 --a------ C:\WINDOWS\system32\mtxclu.dll
2007-06-16 23:13 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-06-16 23:13 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2007-06-16 23:13 581,120 --a------ C:\WINDOWS\system32\rpcrt4.dll
2007-06-16 23:13 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2007-06-16 23:13 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-06-16 23:13 397,824 --a------ C:\WINDOWS\system32\rpcss.dll
2007-06-16 23:13 243,200 --a------ C:\WINDOWS\system32\es.dll
2007-06-16 23:13 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2007-06-16 23:13 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-06-16 23:13 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-06-16 23:13 101,376 --a------ C:\WINDOWS\system32\txflog.dll
2007-06-16 23:13 1,285,120 --a------ C:\WINDOWS\system32\ole32.dll
2007-06-16 23:13 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-06-16 23:08 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2007-06-16 23:08 239,104 --a------ C:\WINDOWS\system32\srrstr.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 05:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 05:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{00011268-E188-40DF-A514-835FCD78B1BF}=D:\Programs\IE7Pro\IE7Pro.dll [2007-04-23 15:16]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2007-06-24 14:31]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BDMCon"="D:\Programs\BITDEF~1\bdmcon.exe" [2007-06-17 21:15]
"BDAgent"="D:\Programs\BitDefender\bdagent.exe" [2007-03-26 15:49]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-06-24 14:31]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="D:\Programs\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\Programs\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sockspy.dll


**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-01 09:48:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-01 9:49:48
C:\ComboFix-quarantined-files.txt ... 2007-07-01 09:49

--- E O F ---

#28 Ken Jacobs

Ken Jacobs

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 01 July 2007 - 03:51 PM

This is a BitDefender log AFTER running ComboFix ...


//-----------------------------------------------------------------
//
// Product BitDefender Antivirus v10
// Product 10.2
//
// Created on: 01/07/2007 10:35:08
//
//-----------------------------------------------------------------


Virus Statistics

Scan path : C:\
D:\
E:\
F:\
G:\
H:\
Folders : 11647
Files : 310403
Memory processes scanned : 28
Archives : 43502
Runtime packers : 8394
Identified viruses : 2
Infected files : 6
Memory processes infected : 0
Suspect files : 0
Warnings : 0
Disinfected files : 6
Deleted files : 0
Moved files : 0
I/O errors : 198
Scan time : 02:40:09
Scan speed (files/sec) : 32

Spyware Statistics

Registry keys scanned : 1582
Registry keys infected : 0
Cookies scanned : 0
Cookies infected : 0
Spyware files infected : 0
Spyware threats detected : 0


Virus definitions : 696914
Scan plugins : 16
Archive plugins : 41
Unpack plugins : 6
Mail plugins : 6
System plugins : 5

Virus scan options

Detection
[X] Scan boot sectors
[X] Memory Processes
[ ] Scan archives
[X] Scan runtime packers
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Move to quarantine
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[X] Move to quarantine
[ ] Prompt user

Virus scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: C:\DOCUME~1\MARGAR~1\LOCALS~1\Temp\1183311308.log

Spyware scan options

[X] Scan for riskware
[ ] Skip dial and applications from scan
[X] Registry keys
[X] Cookies


Summary:

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\0F1B63E9.VIR=>(Quarantine-1) Infected: XM.Laroux.AA
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\0F1B63E9.VIR=>(Quarantine-1) Disinfected
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\0F1B63E9.VIR Archive repacking has failed (marked actions not taken)
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\11741154.VIR=>(Quarantine-1) Infected: XM.Laroux.AA
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\11741154.VIR=>(Quarantine-1) Disinfected
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\11741154.VIR Archive repacking has failed (marked actions not taken)
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\14EF577F.VIR=>(Quarantine-1) Infected: WM.Helper.A
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\14EF577F.VIR=>(Quarantine-1) Disinfected
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\14EF577F.VIR Archive repacking has failed (marked actions not taken)
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1E2E36.VIR=>(Quarantine-1) Infected: XM.Laroux.AA
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1E2E36.VIR=>(Quarantine-1) Disinfected
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1E2E36.VIR Archive repacking has failed (marked actions not taken)
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\71AE2564.VIR=>(Quarantine-1) Infected: XM.Laroux.AA
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\71AE2564.VIR=>(Quarantine-1) Disinfected
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\71AE2564.VIR Archive repacking has failed (marked actions not taken)
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\74FC1FC1.VIR=>(Quarantine-1) Infected: WM.Helper.A
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\74FC1FC1.VIR=>(Quarantine-1) Disinfected
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\74FC1FC1.VIR Archive repacking has failed (marked actions not taken)

#29 Ken Jacobs

Ken Jacobs

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 02 July 2007 - 10:02 AM

And this one today frpm Bit Defender ..


//-----------------------------------------------------------------
//
// Product BitDefender Antivirus v10
// Product 10.2
//
// Created on: 02/07/2007 02:55:16
//
//-----------------------------------------------------------------


Virus Statistics

Scan path : C:\
D:\
E:\
F:\
G:\
H:\
Folders : 11651
Files : 311260
Memory processes scanned : 30
Archives : 43514
Runtime packers : 8561
Identified viruses : 2
Infected files : 6
Memory processes infected : 0
Suspect files : 0
Warnings : 0
Disinfected files : 6
Deleted files : 0
Moved files : 0
I/O errors : 197
Scan time : 03:44:41
Scan speed (files/sec) : 23

Spyware Statistics

Registry keys scanned : 1582
Registry keys infected : 0
Cookies scanned : 10
Cookies infected : 0
Spyware files infected : 0
Spyware threats detected : 0


Virus definitions : 696914
Scan plugins : 16
Archive plugins : 41
Unpack plugins : 6
Mail plugins : 6
System plugins : 5

Virus scan options

Detection
[X] Scan boot sectors
[X] Memory Processes
[ ] Scan archives
[X] Scan runtime packers
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Move to quarantine
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[X] Move to quarantine
[ ] Prompt user

Virus scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\full_scan\1183370116.log

Spyware scan options

[X] Scan for riskware
[ ] Skip dial and applications from scan
[X] Registry keys
[X] Cookies


Summary:

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\0F1B63E9.VIR=>(Quarantine-1) Infected: XM.Laroux.AA
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\0F1B63E9.VIR=>(Quarantine-1) Disinfected
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\0F1B63E9.VIR Archive repacking has failed (marked actions not taken)
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\11741154.VIR=>(Quarantine-1) Infected: XM.Laroux.AA
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\11741154.VIR=>(Quarantine-1) Disinfected
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\11741154.VIR Archive repacking has failed (marked actions not taken)
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\14EF577F.VIR=>(Quarantine-1) Infected: WM.Helper.A
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\14EF577F.VIR=>(Quarantine-1) Disinfected
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\14EF577F.VIR Archive repacking has failed (marked actions not taken)
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1E2E36.VIR=>(Quarantine-1) Infected: XM.Laroux.AA
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1E2E36.VIR=>(Quarantine-1) Disinfected
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1E2E36.VIR Archive repacking has failed (marked actions not taken)
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\71AE2564.VIR=>(Quarantine-1) Infected: XM.Laroux.AA
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\71AE2564.VIR=>(Quarantine-1) Disinfected
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\71AE2564.VIR Archive repacking has failed (marked actions not taken)
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\74FC1FC1.VIR=>(Quarantine-1) Infected: WM.Helper.A
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\74FC1FC1.VIR=>(Quarantine-1) Disinfected
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\74FC1FC1.VIR Archive repacking has failed (marked actions not taken)


-----------------------


//-----------------------------------------------------------------
//
// Product BitDefender Antivirus v10
// Product 10.2
//
// Created on: 02/07/2007 02:54:01
//
//-----------------------------------------------------------------


Virus Statistics

Scan path : C:\
D:\
E:\
F:\
G:\
H:\
Folders : 11651
Files : 714783
Memory processes scanned : 29
Archives : 77960
Runtime packers : 30547
Identified viruses : 4
Infected files : 8
Memory processes infected : 0
Suspect files : 1
Warnings : 0
Disinfected files : 6
Deleted files : 1
Moved files : 0
I/O errors : 197
Scan time : 04:53:52
Scan speed (files/sec) : 40

Spyware Statistics

Registry keys scanned : 1582
Registry keys infected : 0
Cookies scanned : 10
Cookies infected : 0
Spyware files infected : 0
Spyware threats detected : 0


Virus definitions : 691978
Scan plugins : 16
Archive plugins : 41
Unpack plugins : 6
Mail plugins : 6
System plugins : 5

Virus scan options

Detection
[X] Scan boot sectors
[X] Memory Processes
[X] Scan archives
[X] Scan runtime packers
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Move to quarantine
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[X] Move to quarantine
[ ] Prompt user

Virus scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\deep_scan\1183370041.log

Spyware scan options

[X] Scan for riskware
[ ] Skip dial and applications from scan
[X] Registry keys
[X] Cookies


Summary:

D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\0F1B63E9.VIR=>(Quarantine-1) Infected: XM.Laroux.AA
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\0F1B63E9.VIR=>(Quarantine-1) Disinfected
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\0F1B63E9.VIR Archive repacking has failed (marked actions not taken)
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\11741154.VIR=>(Quarantine-1) Infected: XM.Laroux.AA
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\11741154.VIR=>(Quarantine-1) Disinfected
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\11741154.VIR Archive repacking has failed (marked actions not taken)
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\14EF577F.VIR=>(Quarantine-1) Infected: WM.Helper.A
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\14EF577F.VIR=>(Quarantine-1) Disinfected
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\14EF577F.VIR Archive repacking has failed (marked actions not taken)
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1E2E36.VIR=>(Quarantine-1) Infected: XM.Laroux.AA
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1E2E36.VIR=>(Quarantine-1) Disinfected
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1E2E36.VIR Archive repacking has failed (marked actions not taken)
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\71AE2564.VIR=>(Quarantine-1) Infected: XM.Laroux.AA
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\71AE2564.VIR=>(Quarantine-1) Disinfected
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\71AE2564.VIR Archive repacking has failed (marked actions not taken)
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\74FC1FC1.VIR=>(Quarantine-1) Infected: WM.Helper.A
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\74FC1FC1.VIR=>(Quarantine-1) Disinfected
D:\K-APPS\Applications\Norton SystemWorks\Norton AntiVirus\Quarantine\74FC1FC1.VIR Archive repacking has failed (marked actions not taken)
E:\K-DATA\Downloads2\Screensavers\CoralFree.EXE=>wise0027=>(CAB Sfx r)=>SaveNow.exe Detected: Adware.Savenow.AA
E:\K-DATA\Downloads2\Screensavers\CoralFree.EXE=>wise0027=>(CAB Sfx r)=>SaveNow.exe Disinfection failed
E:\K-DATA\Downloads2\Screensavers\CoralFree.EXE=>wise0027=>(CAB Sfx r)=>SaveNow.exe Move failed
E:\K-DATA\Downloads2\Screensavers\CoralFree.EXE=>wise0027=>(CAB Sfx r)=>Uninst.exe Detected: Adware.Savenow.AU
E:\K-DATA\Downloads2\Screensavers\CoralFree.EXE=>wise0027=>(CAB Sfx r)=>Uninst.exe Disinfection failed
E:\K-DATA\Downloads2\Screensavers\CoralFree.EXE=>wise0027=>(CAB Sfx r)=>Uninst.exe Move failed
E:\K-DATA\LAPTOP-D-Drive\C\Downloads\PC Magazine Utilities\prime97.zip=>PRIME97w.exe=>wise0066 Suspect: Macro.VBA
E:\K-DATA\LAPTOP-D-Drive\C\Downloads\PC Magazine Utilities\prime97.zip=>PRIME97w.exe=>wise0066 Disinfection failed
E:\K-DATA\LAPTOP-D-Drive\C\Downloads\PC Magazine Utilities\prime97.zip=>PRIME97w.exe=>wise0066 Deleted
E:\K-DATA\LAPTOP-D-Drive\C\Downloads\PC Magazine Utilities\prime97.zip=>PRIME97w.exe Archive repacking has failed (marked actions not taken)

#30 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 02 July 2007 - 12:45 PM

Hi again,

Ok, that's looking a lot better, can I see a fresh HiJackThis log please?

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#31 Ken Jacobs

Ken Jacobs

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 02 July 2007 - 03:07 PM

Looking better, but still slow .. here's the latest HiJackThis log ...

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:05:34 PM, on 7/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Programs\BITDEF~1\bdmcon.exe
D:\Programs\BitDefender\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
D:\Programs\Palm\HOTSYNC.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
D:\Programs\BitDefender\vsserv.exe
D:\Programs\BITDEF~1\bdlite.exe
C:\Program Files\Outlook Express\msimn.exe
D:\Programs\Palm\palm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Programs\Mozilla Firefox\firefox.exe
D:\Downloads\Antivirus stuff June 2007\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: IE7pro - {00011268-E188-40DF-A514-835FCD78B1BF} - D:\Programs\IE7Pro\IE7Pro.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [BDMCon] D:\Programs\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "D:\Programs\BitDefender\bdagent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: HotSync Manager.lnk = D:\Programs\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = D:\Programs\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - D:\Programs\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - D:\Programs\IE7Pro\IE7Pro.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1182059137811
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1182061521014
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - D:\Programs\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - D:\Programs\BitDefender\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 4890 bytes

#32 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 03 July 2007 - 11:08 AM

Hi again,

Download RegSeeker from here:
http://www.snapfiles.../regseeker.html

Open RegSeeker.

Check the 'Backup before Deletion' box
Click on 'Clean the Registry'
Make sure all boxes except “Invalid Sevices (experimental)” are checked.
Click AutoClean and follow the prompts to allow it to run.
You will get a notification when AutoClean has run.
Exit RegSeeker.
Do not try to use any of the other functions on RegSeeker, it is a powerful program with the potential to damage your PC if used incorrectly

Next:

Do Start > My Computer.
Right-Click on Local Disk C.
Click Properties > Tools.
Under 'Error-Checking' click 'Check Now'.
Under 'Check Local Disk C’ check both boxes and click 'Start'. You will be prompted to restart. Do so. You will get a blue screen on restart, be patient, the error-check takes time, your PC will start normally when it is complete.

Next:

Do Start > My Computer.
Right-Click on Local Disk C.
Click Properties > Tools.
Click on 'Defragment now' and follow the prompts to defragment your disk.

Let me know if this speeds the PC up.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#33 Ken Jacobs

Ken Jacobs

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 03 July 2007 - 12:57 PM

Thanks, Jedi ... just want to let you know we are going to be traveling for a few days. Will get back to you when we return.

Thanks

Ken

#34 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 04 July 2007 - 10:42 AM

Hi again,

Ok, I'll leave the thread open, just post when you return.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#35 Ken Jacobs

Ken Jacobs

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 02 August 2007 - 10:09 AM

Hi Jedi ... back again, but haven't had time to report what's going on. My wife's machine is virus-free according to BitDefender. But it's incredibly SLOW. She also continues to receive emails with "FROM" names similar to names she's sent mail to in the past. She complains that "the internet" (she means "the browser") just quits ... she didn't record the message, so I'll post that when we get it again. We're on our way out of town until Monday, so I just thought I would post the HijackThis log below.

Thanks again for your help ...

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:02:27 AM, on 8/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\Explorer.EXE
D:\Programs\BITDEF~1\bdmcon.exe
D:\Programs\BitDefender\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programs\Palm\HOTSYNC.EXE
C:\Program Files\Messenger\msmsgs.exe
D:\Programs\Microsoft Office\Office\1033\msohelp.exe
D:\Programs\Adobe\Photoshop Elements\PhotoshopElementsFileAgent.exe
D:\Programs\Adobe\Photoshop Elements\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Programs\Palm\palm.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\taskmgr.exe
D:\PROGRAMS\MOZILL~1\plugins\GetFlash.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Programs\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
D:\Programs\BitDefender\vsserv.exe
D:\Programs\BitDefender\bdlite.exe
D:\Programs\BitDefender\bdlite.exe
D:\Programs\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Downloads\Antivirus stuff June 2007\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IE7pro - {00011268-E188-40DF-A514-835FCD78B1BF} - D:\Programs\IE7Pro\IE7Pro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [BDMCon] D:\Programs\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "D:\Programs\BitDefender\bdagent.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: HotSync Manager.lnk = D:\Programs\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Programs\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - D:\Programs\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - D:\Programs\IE7Pro\IE7Pro.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1182059137811
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1182061521014
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - D:\Programs\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - D:\Programs\Adobe\Photoshop Elements\PhotoshopElementsFileAgent.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - D:\Programs\Adobe\Photoshop Elements\PhotoshopElementsDeviceConnect.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - D:\Programs\BitDefender\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 6148 bytes

#36 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 03 August 2007 - 03:09 AM

Hi again,

Please register (it's free, don't worry) with PCPitStop and run the full tests here. When the tests are complete, a results page will pop up. Click "Share these results with TechExpress" on the left-hand side. Then copy the URL provided and post it here for me.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#37 Ken Jacobs

Ken Jacobs

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 11 August 2007 - 11:48 AM

Hi Jedi ... the URL from PCPitstop is

http://www.pcpitstop...CAQHWD3CFVSCJUW

The report generally says things are ok, with minor problems for memory disk and internet. I did use the opportunity to buy the PC Optimize program from PCPitstop, and ran it successfully. So, I'm not quite sure why it is still finding these "minor" problems.

Also, BitDefender reported viruses ()see below) that it could not remove ... something is wrong with Combofix, but I think that was one of the programs I downloaded at your request to get rid of viruses.

Hmmmm ...

Thanks for your continued help!

Ken


//-----------------------------------------------------------------
//
// Product BitDefender Antivirus v10
// Product 10.2
//
// Created on: 11/08/2007 02:54:00
//
//-----------------------------------------------------------------


Virus Statistics

Scan path : C:\
D:\
E:\
F:\
G:\
H:\
Folders : 12140
Files : 748083
Memory processes scanned : 31
Archives : 85769
Runtime packers : 31570
Identified viruses : 1
Infected files : 1
Memory processes infected : 0
Suspect files : 0
Warnings : 0
Disinfected files : 0
Deleted files : 0
Moved files : 0
I/O errors : 196
Scan time : 06:27:43
Scan speed (files/sec) : 32

Spyware Statistics

Registry keys scanned : 1599
Registry keys infected : 0
Cookies scanned : 117
Cookies infected : 0
Spyware files infected : 0
Spyware threats detected : 0


Virus definitions : 754610
Scan plugins : 16
Archive plugins : 40
Unpack plugins : 6
Mail plugins : 6
System plugins : 5

Virus scan options

Detection
[X] Scan boot sectors
[X] Memory Processes
[X] Scan archives
[X] Scan runtime packers
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Move to quarantine
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[X] Move to quarantine
[ ] Prompt user

Virus scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\deep_scan\1186826040.log

Spyware scan options

[X] Scan for riskware
[ ] Skip dial and applications from scan
[X] Registry keys
[X] Cookies


Summary:

D:\Downloads\Antivirus stuff June 2007\ComboFix.exe=>(RAR Sfx o)=>CFCleanUp.bat Infected: Trojan.Bat.Sdel.AC
D:\Downloads\Antivirus stuff June 2007\ComboFix.exe=>(RAR Sfx o)=>CFCleanUp.bat Disinfection failed
D:\Downloads\Antivirus stuff June 2007\ComboFix.exe=>(RAR Sfx o)=>CFCleanUp.bat Move failed

#38 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 12 August 2007 - 08:05 AM

Hi again,

Combofix is safe, BitDefender is detecting it because it's not familiar with it, and CF uses techniques to scan and fix that are in some ways similar to how some Malware works. But you can delete it anyway, as we won't need it.

As for the tuneup tips, these need to be done manually which is why PC Optimize couldn't do them for you.

Browser cache size adjustment:

# Start Internet Explorer
# Select Tools | Internet Options | General
# Under Temporary Internet Files (or under Browsing history for IE 7) click the Settings button.
# In the box for the amount of disk space to use, enter a value between 10 and 100 megabytes.
# Click OK to accept the changes.

Defragment:

Do Start > My Computer.
Right-Click on Local Disk C.
Click Properties > Tools.
Click on 'Defragment now' and follow the prompts to defragment your disk.

But the most important tip is to increase RAM, 256 mb is simply not emough to run today's utilities. RAM sticks are not expensive and doubling up to 512 mb will significantly improve both the performance and the lifespan of this PC.
Let me know if you want to do it.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#39 Ken Jacobs

Ken Jacobs

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 12 August 2007 - 04:05 PM

Thanks, Jedi ....

I've successfully upgraded to 1GB of ram. I ran defrag twice (and now a third time) on C:, and it won't entirely eliminate fragmentation. Here's the defrag report for the C: drive:

Volume (C:)
Volume size = 12.23 GB
Cluster size = 4 KB
Used space = 4.99 GB
Free space = 7.23 GB
Percent free space = 59 %

Volume fragmentation
Total fragmentation = 15 %
File fragmentation = 30 %
Free space fragmentation = 0 %

File fragmentation
Total files = 21,981
Average file size = 286 KB
Total fragmented files = 1
Total excess fragments = 3
Average fragments per file = 1.00

Pagefile fragmentation
Pagefile size = 1.50 GB
Total fragments = 4

Folder fragmentation
Total folders = 1,811
Fragmented folders = 1
Excess folder fragments = 0

Master File Table (MFT) fragmentation
Total MFT size = 41 MB
MFT record count = 23,887
Percent MFT in use = 57 %
Total MFT fragments = 2

--------------------------------------------------------------------------------
Fragments File Size Files that cannot be defragmented
None

So, though the utility says "you should defragment this drive" (I guess because it is over 12%), it won't do anything better. I've also checked the other partitions, and they are ok.

Here's the latest PCPitstop scan ... http://www.pcpitstop...4WQHWD3CFVS9KUW

Overall, performance is pretty good now, so I think we're done with my wife's machine! THANK YOU SO MUCH FOR ALL YOUR HELP! We've got BitDefender installed and turned on, and hopefully we won't ever go through this again!

I do now need to return to my PC, and see if I can figure out what do do about that wireless mouse. Let me investigate, and tell you where we stand. Since it was originally a virus-related problem, let's keep this thread open. I'll post a HiJackThis report and a PCPitsop report from my machine too ...

Thanks

Ken

Edited by Ken Jacobs, 12 August 2007 - 04:06 PM.


#40 Ken Jacobs

Ken Jacobs

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 12 August 2007 - 04:52 PM

Hi Jedi ... I'm back at my PC, and here are a couple of scans (HijackThis below and PCPitstop: http://www.pcpitstop...DQHWJCV3VS7KUW). I don't know if I have a virus or not, but I do still have the problem with the mouse ... it's a wireless Dell mouse that came with the machine, and it just hangs. I can get it to work by pressing the button on the bottom. As long as I keep moving it around, it works, but then it hangs after a few seconds. I sure wish I could fix it ...

Thanks

Ken

P.S. By the way, I have a third computer that I don't use regularly, but will be looking at at the end of the month ... it's HORRIBLY slow ...

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 2:46:40 PM, on 8/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
D:\Applications\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Applications\Zinio\ZinioDeliveryManager.exe
D:\Applications\RegistryBooster2\RegistryBooster.exe
D:\Applications\Bluetooth Actiontec\BTTray.exe
C:\Program Files\Array Networks\Common\4,0,1,3\arr_isrv4,0,1,3.exe
D:\Applications\Palm Desktop\Hotsync.exe
D:\Program Files\Adobe\Photoshop Elements\PhotoshopElementsFileAgent.exe
D:\APPLIC~1\BLUETO~2\BTSTAC~1.EXE
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
D:\Program Files\WinZip\WZQKPICK.EXE
D:\Applications\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Array Networks\Array SSL VPN\3,0,1,9\arr_srvs3,0,1,9.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\Applications\Bluetooth Actiontec\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe
D:\Applications\MySQL V6\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Applications\Oracle Drive\XfsSvcCon.exe
e:\applications\oracle\oraclehome\bin\ORACLE.EXE
C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe
D:\Applications\Retrospect Backup\retrorun.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
D:\Applications\Quicken2007\qw.exe
D:\Applications\Zinio\ZinioReader.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Applications\Agendus\Agendus for Windows Palm Desktop Edition\AgendusPDEd.exe
D:\Program Files\Mozilla\Thunderbird\thunderbird.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Applications\Macro Scheduler\msched.exe
C:\WINDOWS\System32\winhlp32.exe
C:\WINDOWS\winhlp32.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Applications\SplashID\SplashID Desktop.exe
D:\Downloads\HijackThis\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://securityrespo...r/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com...mp;affid=105-56
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-proxy1.us.oracle.com:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\APPLIC~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Oracle Drive Helper Object - {5D33B3E0-4FB3-4ED1-9106-B6EB06A3B7C2} - C:\WINDOWS\SYSTEM32\ODriveHelper.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] "C:\Program Files\Symantec AntiVirus\VPTray.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Applications\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Zinio DLM] D:\Applications\Zinio\ZinioDeliveryManager.exe /autostart
O4 - HKCU\..\Run: [Uniblue Registry Booster2] D:\Applications\RegistryBooster2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Macro Scheduler.lnk = D:\Applications\Macro Scheduler\msched.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: HotSync Manager.lnk = D:\Applications\Palm Desktop\Hotsync.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = D:\Applications\Treo Palm Desktop\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\APPLIC~1\MI69DF~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - D:\Applications\Bluetooth Actiontec\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\APPLIC~1\MI69DF~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\APPLIC~1\MI69DF~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\APPLIC~1\MI69DF~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Applications\Bluetooth Actiontec\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Applications\Bluetooth Actiontec\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai...cat-no-eula.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...99/mcinsctl.cab
O16 - DPF: {66D845A0-C3BB-45AD-807C-9BFEAF20EF2C} (InPEditor Class) - http://stcontent.ora...it_In_Place.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1175863491528
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B9D91D4-26B3-460D-9815-F3FB29034F37}: NameServer = 130.35.249.41,130.35.249.52
O17 - HKLM\System\CCS\Services\Tcpip\..\{91D74CA9-7B8F-40C8-8E49-1ED8EA29672A}: NameServer = 130.35.249.41,138.2.202.15
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = us.oracle.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = us.oracle.com
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - D:\Applications\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Array SSL VPN Service 3,0,1,9 (ArraySSL_VPN_Service3,0,1,9) - Unknown owner - C:\Program Files\Array Networks\Array SSL VPN\3,0,1,9\arr_srvs3,0,1,9.exe
O23 - Service: Array Utility Service 4,0,1,3 (Array_Utility_Service4,0,1,3) - Unknown owner - C:\Program Files\Array Networks\Common\4,0,1,3\arr_isrv4,0,1,3.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - D:\Applications\Bluetooth Actiontec\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MyDesktopService (MyDesktopWindows) - Oracle Corporation - C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe
O23 - Service: MySQL - Oracle Corporation - (no file)
O23 - Service: MySQL6 (MySQL4) - Unknown owner - D:\Applications\MySQL.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ODrive Service (OdService) - Oracle - D:\Applications\Oracle Drive\XfsSvcCon.exe
O23 - Service: OracleServiceORCL - Oracle Corporation - e:\applications\oracle\oraclehome\bin\ORACLE.EXE
O23 - Service: QOS MyDesktop (QOSMyDesktop) - Oracle - C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Corporation - D:\Applications\Retrospect Backup\retrorun.exe
O23 - Service: Retrospect Helper - EMC Corporation - D:\Applications\Retrospect Backup\rthlpsvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 15768 bytes

#41 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 13 August 2007 - 03:35 PM

Hi again,

Looking at the Tech Express report, this is not advisable:

Drive C:\ has only 18 percent of its space available.

Drive D:\ has only 2 percent of its space available.

Drive E:\ has only 7 percent of its space available.


I suggest you go get a nice big external HD (Seagate do a good range, 80GB upwards) and dump data off those drives, that way you'll be able to defrag them and improve performance no end, they should ideally have around 25% free space each.

The mouse:
Have you tried the simple stuff?
- Change the batteries
- Move the receiver closer to the mouse
- Try a different mouse mat
- Check there's no metal between the mouse and receiver

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#42 Ken Jacobs

Ken Jacobs

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 13 August 2007 - 06:22 PM

Hi!

Re the mouse, yes, I've tried all the simple stuff. It's just got to be a driver problem of some sort. Started happening about the time I was devirusing my wife's machine (and then mine because I had copied files over ...). If you can't help further, that's ok. i can work on it myself.

Is there any evidence of virus on my machine?

As to the disk issue, yeah, I know that low amounts of disk are not advisable. However, these "disks" are actually all partitions on a single hard drive. I use them this way ...

Drive Content Size Free
C: Windows 21.1GB 3.72GB
D: Applications 27.7 GB 669MB (execcutables)
E: Data 48.8 GB 3.61 GB (all sorts of data files)
F: Media 292 GB 130GB (photos, video editing, etc.)

I can re-partition and add storage to C, for example. There is very little growth on D: unless I install new apps. So, generally, I'm ok.

Thanks again for all your help.

Ken

#43 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 14 August 2007 - 12:29 PM

Hi again,

Is there any evidence of virus on my machine?


No, it looks clean.

Re the mouse, yes, I've tried all the simple stuff. It's just got to be a driver problem of some sort.


Not knowing exactly which model it is, it's hard to find driver updates, but if you know the exact model a little Googling should find them, I found this for example:
http://support.us.de...p;fileid=203425
I'm not suggesting that is exactly right but you get the idea I'm sure.

I can re-partition and add storage to C, for example. There is very little growth on D: unless I install new apps. So, generally, I'm ok.


OK, that sounds fair enough.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#44 Ken Jacobs

Ken Jacobs

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 14 August 2007 - 04:56 PM

Thank you once again, Jedi, for all your help with both of these machines. What is the best way to honor your fine work?

No doubt I will be posting again, in a new thread (I guess) to cover the third machine I mentioned. (It's at our second home, out of town.) If I ask for your attention in the posting, would it somehow get assigned to you?

Thanks again ...

Ken

#45 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 15 August 2007 - 05:10 PM

Hi again Ken,

You're most welcome. :)

What is the best way to honor your fine work?

Well, donations are always welcome, they go to pay for the board upkeep, not to individuals, and we run on a tight budget because we won't carry adverts. There's a donation link under the ASAP banner at the bottom of my posts, but in no way do you need to feel obliged to do this, this is a free service to all.

No doubt I will be posting again, in a new thread (I guess) to cover the third machine I mentioned. (It's at our second home, out of town.) If I ask for your attention in the posting, would it somehow get assigned to you?


Post here, I'll leave this thread open for a while, as long as it's not going to be too far away in time. Either that or PM me when you start a new topic.

Best wishes,

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#46 Ken Jacobs

Ken Jacobs

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 15 August 2007 - 09:26 PM

Jedi ... thanks, that's perfect! I will in fact make a donation. Is there way to designate the donation specifically to SywareInfo forums? The link I followed didn't mention which particular group or site would be supported.

We will be able to start on my third computer when I am next in Utah (at the end of August). We will only be there for a few days, then not again until October some time ... hope that works for you.

Thanks again!

Ken

Edited by Ken Jacobs, 15 August 2007 - 09:31 PM.


#47 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 17 August 2007 - 03:07 PM

Hi again,

Is there way to designate the donation specifically to SywareInfo forums? The link I followed didn't mention which particular group or site would be supported.


The way this site is funded is complex, but rest assured any donation you give will contribute to the upkeep of this site, directly or indirectly, or else I wouldn't have raised the issue, and we're most grateful for anything received. Our time and - hopefully - expertise, we donate for free as we all believe passionately in what we do.

We will be able to start on my third computer when I am next in Utah (at the end of August)

That's fine, I'll leave this thread open.

Best wishes,

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#48 Ken Jacobs

Ken Jacobs

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 18 August 2007 - 12:21 PM

Thanks Jedi ... your professionalism, technical ability, volunteerism and devotion are all admirable. I have made a donation, and look forward to working with you on my third PC in a couple of weeks. Thanks!

Ken

#49 Ken Jacobs

Ken Jacobs

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 29 August 2007 - 08:57 PM

Hi Jedi ... I'm here at our second home and this computer is worse than I remembered. I had to boot up in SAFE MODE just to get here. I will post the HiJackThis log below, first in SAFE MODE, and then (if I can get it to work), in normal mode ...

The symptoms are SLOWSLOWSLOWNESS. Even window re-drawing won't work well (shadow windows). I can hardly do anything ...

We will only be here at this house till Saturday. I hope we can make LOTS of progress getting this computer right by then.

Thanks in advance for your help.

Here's the log from safe mode ...

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:52:59 PM, on 8/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
F:\Programs\Mozilla\Firrefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
F:\Downloads\HijackThis\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-proxy.us.oracle.com:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.oracle.com;*.oracleads.com;*.us.oracle.com;*.uk.oracle.com;*.ca.orac
e.com;*.oraclecorp.com;*.oracleportal.com;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Programs\SPYBOT~1\SDHelper.dll
O2 - BHO: IE7pro - {68C55168-E188-40DF-A514-835FCD78B1BF} - F:\Programs\IE7pro\IE7pro.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LantronixRedirector] C:\Program Files\Lantronix\Redirector\red32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\Integrity Client\iclient.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [iTunesHelper] "F:\Programs\Apple iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\programs\Quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Ken Jacobs.UTAH-DESKTOP\Application Data\Mozilla\Firefox\Profiles\s3h5rlco.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Ken Jacobs.UTAH-DESKTOP\Application Data\Mozilla\Firefox\Profiles/s3h5rlco.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - Startup: palmOne Registration.lnk = F:\Programs\Sony Clie\register.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = F:\Programs\Sony Clie\Hotsync.exe
O4 - Global Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\AiO\HPis\bin\matcli.exe
O4 - Global Startup: HPAiODevice(hp officejet d series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
O4 - Global Startup: HPAiODevice(hp officejet d series) - 3.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\MSOffice 2000 (Powerpoint)\Office\OSA9.EXE
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\Programs\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - F:\Programs\Kensington Bluetooth USB Adaptor\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: IE7pro - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - F:\Programs\IE7pro\IE7pro.dll
O9 - Extra 'Tools' menuitem: IE7pro Ctrl+Alt+7 - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - F:\Programs\IE7pro\IE7pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Programs\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Programs\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Programs\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - F:\Programs\Magic NetTrace\MTIE.exe
O9 - Extra 'Tools' menuitem: &Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - F:\Programs\Magic NetTrace\MTIE.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programs\Kensington Bluetooth USB Adaptor\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programs\Kensington Bluetooth USB Adaptor\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ProxToggle - {E6850551-1B82-47cd-BBF3-8E7D6099F9B3} - c:\windows\off.vbs
O9 - Extra 'Tools' menuitem: Proxy &Off - {E6850551-1B82-47cd-BBF3-8E7D6099F9B3} - c:\windows\off.vbs
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {00191E4B-49C2-48E2-A548-8F702D75622A} - https://strtc.oracle...jar/cnsload.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop...cpConnCheck.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.googl...g/GoogleNav.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp...oads/msxml4.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = us.oracle.com
O17 - HKLM\Software\..\Telephony: DomainName = us.oracle.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3038549-6D06-4A6B-A22E-427D70AD08D2}: NameServer = 130.35.249.41,130.35.249.52
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = us.oracle.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = us.oracle.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - F:\Programs\Adobe\Photoshop Elements\PhotoshopElementsFileAgent.exe
O23 - Service: Array SSL VPN Service 3,0,1,9 (ArraySSL_VPN_Service3,0,1,9) - Unknown owner - C:\Program Files\Array Networks\Array SSL VPN\3,0,1,9\arr_srvs3,0,1,9.exe
O23 - Service: Array Utility Service 4,0,1,3 (Array_Utility_Service4,0,1,3) - Unknown owner - C:\Program Files\Array Networks\Common\4,0,1,3\arr_isrv4,0,1,3.exe
O23 - Service: AutoExNT - Unknown owner - C:\WINDOWS\system32\AutoExNT.Exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - F:\Programs\Kensington Bluetooth USB Adaptor\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MyDesktopService (MyDesktopWindows) - Oracle Corporation - C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - F:\Programs\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - F:\Programs\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: QOS MyDesktop (QOSMyDesktop) - Oracle - C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 12426 bytes

And here is the HiJackThis log just after rebooting (and things seem "better" on this second reboot ... at least the performance is somewhat better. I couldn't even successfully reboot before!

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:07:20 PM, on 8/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Array Networks\Common\4,0,1,3\arr_isrv4,0,1,3.exe
F:\Programs\Adobe\Photoshop Elements\PhotoshopElementsFileAgent.exe
C:\Program Files\Array Networks\Array SSL VPN\3,0,1,9\arr_srvs3,0,1,9.exe
C:\WINDOWS\system32\cmd.exe
F:\Programs\Vantage QLink\WebPoint\Home.exe
F:\Programs\Kensington Bluetooth USB Adaptor\bin\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
F:\Programs\Network Magic\nmsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lantronix\Redirector\red32.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Zone Labs\Integrity Client\iclient.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
F:\Programs\Apple iTunes\iTunesHelper.exe
F:\programs\Quicktime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
F:\Programs\Kensington Bluetooth USB Adaptor\BTTray.exe
F:\Programs\Sony Clie\Hotsync.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
F:\Programs\KENSIN~1\BTSTAC~1.EXE
C:\PROGRA~1\HEWLET~1\AiO\HPis\common\MOTIVE~1.EXE
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
F:\Downloads\HijackThis\HiJackThis_v2.exe
F:\Programs\Mozilla\Firrefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-proxy.us.oracle.com:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.oracle.com;*.oracleads.com;*.us.oracle.com;*.uk.oracle.com;*.ca.orac
e.com;*.oraclecorp.com;*.oracleportal.com;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Programs\SPYBOT~1\SDHelper.dll
O2 - BHO: IE7pro - {68C55168-E188-40DF-A514-835FCD78B1BF} - F:\Programs\IE7pro\IE7pro.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LantronixRedirector] C:\Program Files\Lantronix\Redirector\red32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\Integrity Client\iclient.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [iTunesHelper] "F:\Programs\Apple iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\programs\Quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Ken Jacobs.UTAH-DESKTOP\Application Data\Mozilla\Firefox\Profiles\s3h5rlco.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Ken Jacobs.UTAH-DESKTOP\Application Data\Mozilla\Firefox\Profiles/s3h5rlco.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - Startup: palmOne Registration.lnk = F:\Programs\Sony Clie\register.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = F:\Programs\Sony Clie\Hotsync.exe
O4 - Global Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\AiO\HPis\bin\matcli.exe
O4 - Global Startup: HPAiODevice(hp officejet d series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
O4 - Global Startup: HPAiODevice(hp officejet d series) - 3.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\MSOffice 2000 (Powerpoint)\Office\OSA9.EXE
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\Programs\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - F:\Programs\Kensington Bluetooth USB Adaptor\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: IE7pro - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - F:\Programs\IE7pro\IE7pro.dll
O9 - Extra 'Tools' menuitem: IE7pro Ctrl+Alt+7 - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - F:\Programs\IE7pro\IE7pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Programs\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Programs\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Programs\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - F:\Programs\Magic NetTrace\MTIE.exe
O9 - Extra 'Tools' menuitem: &Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - F:\Programs\Magic NetTrace\MTIE.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programs\Kensington Bluetooth USB Adaptor\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programs\Kensington Bluetooth USB Adaptor\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ProxToggle - {E6850551-1B82-47cd-BBF3-8E7D6099F9B3} - c:\windows\off.vbs
O9 - Extra 'Tools' menuitem: Proxy &Off - {E6850551-1B82-47cd-BBF3-8E7D6099F9B3} - c:\windows\off.vbs
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {00191E4B-49C2-48E2-A548-8F702D75622A} - https://strtc.oracle...jar/cnsload.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop...cpConnCheck.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.googl...g/GoogleNav.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp...oads/msxml4.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = us.oracle.com
O17 - HKLM\Software\..\Telephony: DomainName = us.oracle.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3038549-6D06-4A6B-A22E-427D70AD08D2}: NameServer = 130.35.249.41,130.35.249.52
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = us.oracle.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = us.oracle.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - F:\Programs\Adobe\Photoshop Elements\PhotoshopElementsFileAgent.exe
O23 - Service: Array SSL VPN Service 3,0,1,9 (ArraySSL_VPN_Service3,0,1,9) - Unknown owner - C:\Program Files\Array Networks\Array SSL VPN\3,0,1,9\arr_srvs3,0,1,9.exe
O23 - Service: Array Utility Service 4,0,1,3 (Array_Utility_Service4,0,1,3) - Unknown owner - C:\Program Files\Array Networks\Common\4,0,1,3\arr_isrv4,0,1,3.exe
O23 - Service: AutoExNT - Unknown owner - C:\WINDOWS\system32\AutoExNT.Exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - F:\Programs\Kensington Bluetooth USB Adaptor\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MyDesktopService (MyDesktopWindows) - Oracle Corporation - C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - F:\Programs\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - F:\Programs\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: QOS MyDesktop (QOSMyDesktop) - Oracle - C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 14980 bytes

Edited by Ken Jacobs, 29 August 2007 - 09:27 PM.


#50 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 30 August 2007 - 10:12 AM

Hi again Ken,

OK, as we haven't much time, several steps in one go, firstly, the spyware check:

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
Next:

1. Download this file -
ComboFix
2. Double click ComboFix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply

Note:
Do not mouseclick ComboFix's window whilst it's running. That may cause it to stall

OK, post both those logs, then do the following:

Download: CCleaner (freeware)
http://www.majorgeek...wnload4191.html
Run the installer, and uncheck the option to install Yahoo toolbar (unless you want Yahoo toolbar).
Once installed, run CCleaner click the Windows [tab]
The following should be selected by default, if not, please select:
Posted Image
Next: click Options click the Settings tab
Uncheck: "Only delete files older than 48 hrs.", click Ok
Then click Run Cleaner (bottom right) then Exit

Next:

Do Start > My Computer.
Right-Click on Local Disk C.
Click Properties > Tools.
Under 'Error-Checking' click 'Check Now'.
Under 'Check Local Disk C’ check both boxes and click 'Start'. You will be prompted to restart. Do so. You will get a blue screen on restart, be patient, the error-check takes time, your PC will start normally when it is complete.

Next:

Do Start > My Computer.
Right-Click on Local Disk C.
Click Properties > Tools.
Click on 'Defragment now' and follow the prompts to defragment your disk.

Lastly, also post a fresh HiJackThis log, and tell me how the PC is running.

jedi :)
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button